JPark Posted June 24, 2009 Share Posted June 24, 2009 I want to have some php pages that retrieve database info. I only want these pages available to administrators that login. If someone who hasn't logged in tries to access a protected page, I want them to be redirected to some other (safe) page. This can be done through sessions, right? After someone tries to login, I have a checklogin page that verifies the login name and password. Situation 1: If successful, the person gets directed to the page to see the db info; if unsuccessful, they should be directed, they should be kicked out. Situation 2: If they try to access the db page directly (without logging in), they should be kicked out. I have been able to do Situation 1 fine: <? session_start(); ?> <html> <head>... // Connect to server and select databse. mysql_connect("$server", "$username", "$password")or die("cannot connect"); mysql_select_db("$database")or die("cannot select DB"); // username and password sent from form $myusername=$_POST['myusername']; $mypassword=$_POST['mypassword']; // To protect MySQL injection (more detail about MySQL injection) $myusername = stripslashes($myusername); $mypassword = stripslashes($mypassword); $myusername = mysql_real_escape_string($myusername); $mypassword = mysql_real_escape_string($mypassword); $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1){ // Register $myusername, $mypassword and redirect to file "login_success.php" session_register("myusername"); session_register("mypassword"); header("location:login_success.php"); } else { header("location:index.htm"); } However, I can't figure out Situation 2. <? // Check if session is not registered , redirect back to main page. // Put this code in first line of web page. session_name($login); session_start(); if(!session_is_registered(myusername)){ header("location:profile.php"); } else { header("index.htm"); } ?> <html> <head> <title>You are logged in</title> What am I doing wrong? What can I do? Thanks, Joe Link to comment https://forums.phpfreaks.com/topic/163517-solved-protecting-a-page-with-sessions/ Share on other sites More sharing options...
947740 Posted June 24, 2009 Share Posted June 24, 2009 As a side note, all of the session_register and similar functions are deprecated in newer versions of PHP. Why don't you just set $_SESSION['varname'] = varvalue? Instead of all that session register stuff. You might find that easier to work with. Try changing it, see what happens and then repost it. Link to comment https://forums.phpfreaks.com/topic/163517-solved-protecting-a-page-with-sessions/#findComment-862764 Share on other sites More sharing options...
PFMaBiSmAd Posted June 24, 2009 Share Posted June 24, 2009 Also, if you are using session_name($login); to set the session name, you must do so before every session_start() statement or the session_start() will be creating different named sessions and they won't match up. Link to comment https://forums.phpfreaks.com/topic/163517-solved-protecting-a-page-with-sessions/#findComment-862771 Share on other sites More sharing options...
JPark Posted June 25, 2009 Author Share Posted June 25, 2009 <? session_start(); ?> <html> <head> <title>TEST</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> </head> <body> <? echo "Test?"; if (isset($_SESSION['varname'])){ echo "Test worked."; } else { header("location:index.htm"); } ?> </body> </html> works like a charm! Thanks!! Link to comment https://forums.phpfreaks.com/topic/163517-solved-protecting-a-page-with-sessions/#findComment-863301 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.