son.of.the.morning Posted September 5, 2010 Share Posted September 5, 2010 I am using a login system in php and mySQL but only one page is potected. pages i am using: 1. login.php // inputing details (user name, password) 2. checkloginDetails.php // connect to db and check login details 3. logged_in.php // successfully login ...i need more than the one page protected for example; once the user has logged in there will be the main logged in page with other links, remove topics, add, user, remove user all these pages i want protecting but with out the user inputing his details again. Has anyone got an idear onhow i ould achive this? Quote Link to comment Share on other sites More sharing options...
mattheww Posted September 5, 2010 Share Posted September 5, 2010 You could use something like this... //If user has submitted data into username & password fields if ($username&&$password) { include('includes/connect.php'); //select user data from your user's table $query = mysql_query("SELECT username, password FROM users WHERE username='$username' LIMIT 1") or die(mysql_error()); $numrows = mysql_num_rows($query); //if the rows related to the query are more than zero if ($numrows > 0) { $row = mysql_fetch_assoc($query); $dbuser = $row['username']; // IF the username is equal to the username in the database, and the password is equal to the password in the database if ($username == $dbuser && $password == $row['password']) { //set a session of the users' username, and redirect them to a member page. $_SESSION['username'] = $dbuser; header("Location: logged_in.php"); } else echo "Username or Password is incorrect"; } else echo"Username not registered"; } else echo"Please fill in all fields"; Then on each protected page, you could have at the top: session_start(); $user = $_SESSION['username']; if(!$user){ die("You must be logged in to view this page"); } Quote Link to comment Share on other sites More sharing options...
son.of.the.morning Posted September 5, 2010 Author Share Posted September 5, 2010 I want kind of work around the code i already have, how would i go about keeping the existing code but modifying to the theory in which you have? Here is what i have checklogin.php <?php $host="xxxxxxxx"; // Host name $username="xxxxxxxxx"; // Mysql username $password="xxxxxxxx"; // Mysql password $db_name="a2820511_admin"; // Database name $tbl_name="members"; // Table name // Connect to server and select databse. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); // username and password sent from form $myusername=$_POST['myusername']; $mypassword=$_POST['mypassword']; // To protect MySQL injection $myusername = stripslashes($myusername); $mypassword = stripslashes($mypassword); $myusername = mysql_real_escape_string($myusername); $mypassword = mysql_real_escape_string($mypassword); $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1){ // Register $myusername, $mypassword and redirect to file "login_success.php" session_register("myusername"); session_register("mypassword"); header("location:login_success.php?id=$myusername"); } else { echo "Wrong username or password..."; } ?> login-success.php <? session_start(); if(!session_is_registered(myusername)){ header("location:main_login.php"); } $myusername; welcome ?> Quote Link to comment Share on other sites More sharing options...
wildteen88 Posted September 5, 2010 Share Posted September 5, 2010 When using/setting sessions makes sure you are calling session_start() at the top of all your PHP pages that use sessions. Also when you are setting a session variable do not use session_register(). This function is deprecated and should not be used. Instead use $_SESSION['myusername'] = $myusername; In replace of session_register("myusername") Now on every page you want to be protected. You place this at the top of the page <?php session_start(); if(!isset($_SESSION['myusername'])){ header("location:main_login.php"); exit; } ?> Quote Link to comment Share on other sites More sharing options...
son.of.the.morning Posted September 5, 2010 Author Share Posted September 5, 2010 How is it the session var (myusername) is passed to page to page? Quote Link to comment Share on other sites More sharing options...
PaulRyan Posted September 5, 2010 Share Posted September 5, 2010 Try this son.of.the.morning Filename: checklogin.php <?php session_start(); $host="mysql14.000webhost.com"; // Host name $username="a2820511_boss"; // Mysql username $password="dark666"; // Mysql password $db_name="a2820511_admin"; // Database name $tbl_name="members"; // Table name // Connect to server and select databse. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); // username and password sent from form $myusername=$_POST['myusername']; $mypassword=$_POST['mypassword']; // To protect MySQL injection $myusername = stripslashes($myusername); $mypassword = stripslashes($mypassword); $myusername = mysql_real_escape_string($myusername); $mypassword = mysql_real_escape_string($mypassword); $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1){ // Register $myusername, $mypassword and redirect to file "login_success.php" $_SESSION['myusername'] = $myusername; $_SESSION['mypassword'] = $mypassword; // Although sessioning a password is very dangerous header("location:login_success.php"); } else { echo "Wrong username or password..."; } ?> Filename: login-success.php <?PHP session_start(); if(!isset($_SESSION['myusername'])){ header("location:main_login.php"); exit; } ?> You can just add the above code to all of you protected pages. Paul. Quote Link to comment Share on other sites More sharing options...
son.of.the.morning Posted September 5, 2010 Author Share Posted September 5, 2010 // Although sessioning a password is very dangerous ??? would this have to be done? Quote Link to comment Share on other sites More sharing options...
PaulRyan Posted September 5, 2010 Share Posted September 5, 2010 No of course not, I was just using your code and appending it Just remove that whole line, unless you need to use password for something? Regards, Paul. Quote Link to comment Share on other sites More sharing options...
son.of.the.morning Posted September 5, 2010 Author Share Posted September 5, 2010 Ok, Thanks Paul, and wildTeen. Ille let you know how i get on. Quote Link to comment Share on other sites More sharing options...
son.of.the.morning Posted September 5, 2010 Author Share Posted September 5, 2010 Works fine guys, is it possible for one of use to explain how this $_sesion thingy works for futor refference? Quote Link to comment Share on other sites More sharing options...
PaulRyan Posted September 5, 2010 Share Posted September 5, 2010 Glad to hear it son.of.the.morning. Look here: http://php.about.com/od/advancedphp/ss/php_sessions.htm It may give you an insight how sessions work Paul. Quote Link to comment Share on other sites More sharing options...
wildteen88 Posted September 5, 2010 Share Posted September 5, 2010 This link will be more useful for how sessions work http://www.ruturaj.net/tutorials/php/how-sessions-work Quote Link to comment Share on other sites More sharing options...
son.of.the.morning Posted September 5, 2010 Author Share Posted September 5, 2010 That fantastic guys, much appreciated. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.