Jump to content

[SOLVED] Login Sessions

dean32

By dean32
in PHP Coding Help

 Share

Recommended Posts

dean32 Newbie

dean32

Posted
Posted

Hi, I am a novice when it comes to PHP. I have got my login to work but i am now having difficulty putting it to use. I am trying to only allow access to the admin page if logged in. I am trying to use this script:

 

<?

session_start();

session_register('username');

 

if($_SESSION['authorised'])

{

echo 'Welcome, you are logged in.';

 

}

else{

header( "Location: welcome_page.html" );

}

?>

 

Also tried.....

 

if(session_register('username'))

{

echo 'Welcome, you are logged in.';

 

}

else{

header( "Location: welcome_page.html" );

}

?>

 

Yet it accesses the page if user is logged in or not. Is there anything simple i could change here to only allow logged in users to access this page?

 

Thanks

Link to comment
https://forums.phpfreaks.com/topic/151914-solved-login-sessions/
Share on other sites
fanfavorite Member

fanfavorite

Posted
Posted

session_register('username') basically just sets the variable and you don't have a variable $username, unless you didn't post that part of the code.

 

Use $_SESSION['authorised'], but I would check it in your database of usernames to make sure it exists.  Try to play around by echoing out the $_SESSION['authorised'] to see if it is setting correctly. 

JonnoTheDev Regular Member

JonnoTheDev

Posted
Posted

session_register() is obsolete and should not be used at all.

 

Once your user has logged in correctly set a session to true. i.e.

// user has logged in correctly
$_SESSION['authorised'] = true;

 

On the page you want to check that a user is logged in:

if(!$_SESSION['authorised']) {
  // redirect to login
  header("Location:login.php");
  exit();
}

 

On your logout page destroy the session value:

unset($_SESSION['authorised']);

 

dean32 Newbie

dean32

Posted
  • Author
Posted

Hi I am getting the username and password from a database. Have used the code posted by neil.johnson, cheers but still nothing. keeps returning to my welcome page (where the log in form is)

 

Here is my log in script in my logIn.php page

 

i connect to and check database for username and password...etc, then

 

if ($record ==0)

{

echo "Invalid Username or Password";

}

else

{

echo "Log In Okay";

$_SESSION['authorised']='yes';

$_SESSION['username']=$username;

echo session_id();

}

 

(This seems to work and allows me to Log in fine)

 

yet-

 

Here is my script within the adminPage (the page i am trying allow only logged in users to access)

 

 

if(!$_SESSION['authorised']) {

  // redirect to login

  header("Location:welcome_page.html");

  exit();

}

 

 

Once i have logged in correctly i am told that i have sucessfully logged in but when i try to enter the adminPage It changes my logged in message to my invalid user message and returns me to the welcome page.

 

Is it right that i should have session_start(); at the top of my login php page?

 

Cheers for your help.  :)

mrMarcus Member

mrMarcus

Posted
Posted

Hi I am getting the username and password from a database. Have used the code posted by neil.johnson, cheers but still nothing. keeps returning to my welcome page (where the log in form is)

 

Here is my log in script in my logIn.php page

 

i connect to and check database for username and password...etc, then

 

if ($record ==0)

{

echo "Invalid Username or Password";

}

else

{

echo "Log In Okay";

$_SESSION['authorised']='yes';

$_SESSION['username']=$username;

echo session_id();

}

 

(This seems to work and allows me to Log in fine)

 

yet-

 

Here is my script within the adminPage (the page i am trying allow only logged in users to access)

 

 

if(!$_SESSION['authorised']) {

  // redirect to login

  header("Location:welcome_page.html");

  exit();

}

 

 

Once i have logged in correctly i am told that i have sucessfully logged in but when i try to enter the adminPage It changes my logged in message to my invalid user message and returns me to the welcome page.

 

Is it right that i should have session_start(); at the top of my login php page?

 

Cheers for your help.  :)

 

you should have session_start(); at the top of any page you intend to use sessions, yes.  easiest to just place it in an included file so it's present everywhere you go.

 

you must set $_SESSION['authorised'] to true in order for - if ($_SESSION['authorised']) - to work.  'cause it's checking if $_SESSION['authorised'] is set or not (true or false) .. it's not checking it against a value ('yes') or anything like that .. update your session variable to true instead of yes .. use no quotations either.

dean32 Newbie

dean32

Posted
  • Author
Posted

Thanks alot MrMarcus. Its took a while and alot of messing but with yours, neil.johnsons help and fiddling with the code its finally working.

I changed the $_SESSION['authorised']='yes'; to $_SESSION['authorised']=true;

but also if the username and password did not match i added $_SESSION['authorised']=false; into the if statement.

 

Thanks alot everyone :)

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.