Jump to content

Login


akrytus

Recommended Posts

Ok, I searched for this and found nothing to help me, so I appologize if this was posted before and I missed it. 

I have a company web page, www.nocrs.net, that I am working on and need a member login.  I have created it and it works but I think I found an alternative to what I should have done.

My way:

[code]
function index(){
  // Load standard index page}

function member(){
  // Load member page}

function invalid(){
  // Load invalid user page}

function checklogin(){
  // Check dbase for user validation}

function cookie(){
  // Create cookie if user login validated}



// Begin of PHP page
    if ($_SERVER['REQUEST_METHOD'] != 'POST'){index();}
else{
  if(isset($_COOKIE["login"])){cookie();}
  else{checklogin();}}
[/code]


Basically each funtion holds a webpage.  If the validation is met then load the member webpage, if not load the invalid webpage, if no submit, then load the index webpage.  So basically I have 3 pages using the same index.php file.

Could someone explain to me the way I should do this!  I know a little bit, like use session variables and cookies, and how they work, dont know how to get them to work.  When I try to use session variables, it always says session already open or sent cant remember. 

I guess I dont know how to load a new page once the validation has been done and what keeps people from browsing to restricted pages and restricting access to them with out proper validation.  Assume I am stupid and tell me everything you know,  PLEASE!!!!
Link to comment
Share on other sites

I don't care what anybody tells you, you have absolutely no reason to need to use cookies "with" sessions.  If you change the php ini settings to max session cookie lifetime, it automatically set's a cookie on the computer, then allows it to pass the session id around.  It traps it in the url when they come back to visit, and passes it around, you can test it for yourself, login's are really nothing, have 1 page that they login at.  check the db for username and password, (with hashign or whatever precautions you take.
if they match, register the sessions with
$_SESSION['whatever'] = whatever
php.net claims session_register as outdated so I wouldn't use it
then at the top of each page throw in
session_start();
I have 1 sessions normally called controller, set to true
then If i want something to display or not to display for people who are logged in or out I say
if ($_SESSION['controller'] == true) {
if I want it to display and
!= true if I don't want it to display, like if they can login, after that above login I put
if ($_SESSION['controller'] != true) {
// show login form, information to login with
}else {
// show link to logout, or whatever
}
when you are ready for them to logout
throw out
session_destroy();
on the logout page and that's it they can no longer go to the password protected pages.
Link to comment
Share on other sites

Ok, that helps me understand the sessions better, thankyou for your response.

I still have 2 questions:

1. What exactly protects the web pages from being visited without logging in? 

2. Once you find out that the member is validated you said start the session, but then how do you forward to the member page?  Put up a link for them to click on once validated?  Can you automate it?
Link to comment
Share on other sites

you can use header if you want to relocate, I just normally leave them on the homepage in the logged in form.  As far as password protected entire pages
if (isset($_SESSION['username']) {
// entire page

}else
// you are not logged in
}
for a quick way
2 other ways could be
at the top
if (empty[$_SESSION['username']) {
// exit the thing
then relocate them, or whatever
}
there are hundreds of ways to do it literally
and for the relocation

[code]header('Location: ' . $page);[/code]
WIth page being set to the url of the page you want them to go to, you can use relative url's as well.
in this situation, whenever the script hits that line though it automatically redirects, so be careful where you place it, or you can cut off some of the important parts of your script.
BUt that will redirect them to whatever page you want.
Link to comment
Share on other sites

I apparently am a little confused.

You said [quote]if (isset($_SESSION['username'])[/quote]

Now if this is on top of my protected web pages, wouldnt this always be true, because how else would have you gotten there without having started a session?  Should this be:

[code]
// Login
$_SESSION['whatever'] = "whatever"

[/code]

[code]
// Protected webpage
if($_SESSION['username']="whatever"){
  // entire page}

else {
  // Invalid User}
[/code]
Link to comment
Share on other sites

Ok, sorry to keep bothering you, I really appreciate your help, but..................

When I destroy the session on the protected page I get:

Warning: session_destroy() [function.session-destroy]: Trying to destroy uninitialized session

So I took your advice and put a start_session at the top of that page and i get:

Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started

Link to comment
Share on other sites

Ok, I have it all working, I log in and visit the secure page fine, but if I click on a link away, then try to revisit the secure page, I loose all the session data.  How do I prevent that? The idea is to login, view both secure and non-secure pages until user logs off. 
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.