IrOnMaSk Posted December 10, 2011 Share Posted December 10, 2011 Hey guys, How do I check to see if the user has been login on the page that they are on? I have a login and I want users to login before then can go to other pages. thanks guys, Quote Link to comment Share on other sites More sharing options...
jj20051 Posted December 10, 2011 Share Posted December 10, 2011 There are 2 pieces: 1 ~ create a session variable and 2 ~ check for a session variable. So as an example when you've checked the user's username/password to see if they are correct set the username into a session: $_SESSION['username'] = $username; Then on the pages you want to prevent users who aren't logged in you'd use the code: $username = $_SESSION['username']; if($username != NULL){ // This is where your protected page's code belongs } else { // If the user isn't logged in take them to the login page instead header("Location: login.php"); } Quote Link to comment Share on other sites More sharing options...
IrOnMaSk Posted December 10, 2011 Author Share Posted December 10, 2011 Thanks for your reply jj, it makes sense. I'm not sure though to how I implement that into the script. So here's how I check to see if username/password match when user login. <?php // Connects to your Database mysql_connect("localhost", "Sopoan", "Javascrip1") or die(mysql_error()); mysql_select_db("member") or die(mysql_error()); //Checks if there is a login cookie if(isset($_COOKIE['ID_my_site'])) //if there is, it logs you in and directes you to the members page { $username = $_COOKIE['ID_my_site']; $pass = $_COOKIE['Key_my_site']; $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error()); while($info = mysql_fetch_array( $check )) { if ($pass != $info['password']) { } else { header("Location: members.php"); } } } //if the login form is submitted if (isset($_POST['submit'])) { // if form has been submitted // makes sure they filled it in if(!$_POST['username'] | !$_POST['pass']) { die('You did not fill in a required field.'); } // checks it against the database if (!get_magic_quotes_gpc()) { $_POST['email'] = addslashes($_POST['email']); } $check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error()); //Gives error if user dosen't exist $check2 = mysql_num_rows($check); if ($check2 == 0) { die('That user does not exist in our database. <a href=registration.php>Click Here to Register</a>'); while($info = mysql_fetch_array( $check )) { $_POST['pass'] = stripslashes($_POST['pass']); $info['password'] = stripslashes($info['password']); $_POST['pass'] = md5($_POST['pass']); //gives error if the password is wrong if ($_POST['pass'] != $info['password']) { die('Incorrect password, please try again.'); } else { // if login is ok then we add a cookie $_POST['username'] = stripslashes($_POST['username']); $hour = time() + 3600; setcookie(ID_my_site, $_POST['username'], $hour); setcookie(Key_my_site, $_POST['pass'], $hour); //then redirect them to the members area header("Location: members.php"); } } } else { // if they are not logged in ?> <form action="login.php" method="post"> <table border="0"> <tr><td colspan=2><h1>Login</h1></td></tr> <tr><td>Username:</td><td> <input type="text" name="username" maxlength="40"> </td></tr> <tr><td>Password:</td><td> <input type="password" name="pass" maxlength="50"> </td></tr> <tr><td colspan="2" align="right"> <input type="submit" name="submit" value="Login"> </td></tr> </table> </form> <?php } ?> Thanks Quote Link to comment Share on other sites More sharing options...
jj20051 Posted December 11, 2011 Share Posted December 11, 2011 You would add the first part ($_SESSION['username'] = $_POST['username'] after // if login is ok then we add a cookie and the second part goes on the pages you want to protect. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.