why does this work

[Reaper0167]

first off,,, sorry about all the questions... but in my login script i have

<?php
if($count==1)
{
session_start();
$_SESSION['auth'] = "yes";
$message = "Welcome $username. You are now logged in.";
header("location: home.php?error=" . urlencode($message));
}
?>

and on my members page i have this

<?php
session_start();
//Checking if user is logged in. If not, re-direct them to login form.
if (!isset($_SESSION['auth']))
{
header("Location: index.php");
}
?>

 

I did accomplish what i was trying to do. I wanted only a logged in user to be able to access my members page. If your logged in and and type the address in you can access the page. But if you close your browser and type in the address it takes you directly back to the login/register page... Which is great. Works perfect for me...Here is my question,,,,, i am setting my session auth to yes... so how is the !isset working with session auth set to yes... Basically could someone explain how the !isset is talking to the session being set to yes.....  The way i see it,,, i would do something like this...

if $_SESSION['auth'] != "yes"

{

      header ("Location: index.php");

}

 

How does that !isset work with a yes and a no like i have here????

Hopefully someone understands.

[trq]

How does that !isset work with a yes and a no like i have here?

 

isset doesn't care what $_SESSION['auth'] is set to, only that it is set to something.

[Mchl]

isset checks if there's anything in this variable. So even if you set $_SESSION['auth'] to "no", "123", 123, 3.14 or whatever you wish, it will return true. It will return false if and only if, the variable is not set (note, that empty variable and not set variable are not same thing).

[Reaper0167]

cool, thanks for the info

 

so is this an ok method for keeping people out of member only pages???

[Mchl]

Good start for sure. You can make it more secure by adding some more conditions to the if statement.