josephman1988 Posted August 22, 2008 Share Posted August 22, 2008 Hey guys, I i have an area of my site i want restricted from members. I want to use sessions to do this. What am i doing wrong here: <?php session_start(); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> ..... .... ... .. . <?php if ($_POST['Username'] !== "josephman1988" and $_POST['Password'] !== "password") { ?> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST"> Username : <input type="text" name="Username" id="Username" /><br /> Password : <input type="password" name="Password" id="Password" /><br /> <input type="submit" name="Admin" id="Admin" value="Admin" /> </form> <?php exit(); } ?> <?php if ($_POST['Username'] === "josephman1988" and $_POST['Password'] === "password") { ?> Entered Admin Zoooooone! <?php $_SESSION['Username'] = $_POST['Username']; $_SESSION['Password'] = $_POST['Password']; } ?> And for the restricted pages: <?php session_start(); if (!isset($_SESSION['Username']) ) { header("Location: http://www.projectfinalfantasy.com/admin/index.php"); exit (); } ?> So, i can go straight to a restricted page, without going through the login page. I think thats the underline problem, because i can try to login to the admin area with incorect details, and it works and says 'invalid details or whatever' but when i go to the restricted pages, i can still get in. Hope someone can solve this problem. Regards. [EDIT: I know alot of the <?php ?> are useless but i wanna solve this problem first.] Link to comment https://forums.phpfreaks.com/topic/120929-solved-sessions/ Share on other sites More sharing options...
BlueSkyIS Posted August 22, 2008 Share Posted August 22, 2008 have you quit your browser or in some other way unset $_SESSION['Username']? if not, it's probably still set since the first time you set it. you'll need to explicitly unset() it or quit and re-start your browser. Link to comment https://forums.phpfreaks.com/topic/120929-solved-sessions/#findComment-623373 Share on other sites More sharing options...
josephman1988 Posted August 22, 2008 Author Share Posted August 22, 2008 Ahhh, ok, my loutsession isn't working then. In the same page I have a link that is sent to a 'logout.php' file which include. <?php unset($_SESSION['Username'], $_SESSION['Password'] ); header('Location: http://www.projectfinalfantasy.com/admin/'); ?> Guess this file must be wrong in someway then? Thanks =] Link to comment https://forums.phpfreaks.com/topic/120929-solved-sessions/#findComment-623384 Share on other sites More sharing options...
JasonLewis Posted August 23, 2008 Share Posted August 23, 2008 Take a look at session_destroy(). Link to comment https://forums.phpfreaks.com/topic/120929-solved-sessions/#findComment-623445 Share on other sites More sharing options...
MasterACE14 Posted August 23, 2008 Share Posted August 23, 2008 on your logout page you basically just do it like this... <?php session_start(); session_destroy(); header("Location: homepage.php"); ?> Link to comment https://forums.phpfreaks.com/topic/120929-solved-sessions/#findComment-623449 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.