Jump to content

pass login info through session but not available through direct URL

podarum

By podarum
in PHP Coding Help

Recommended Posts

podarum Newbie

podarum

Posted
Posted

Hi all,

 

Anyone know how I can pass login info (eg. username) on my index.php to my secured page call it abc.php with sessions but, and here's the tricky part, not allow anyone to view abc.php if they typed in the URL.. so only if they were directed and passed login credentials then can enter....

 

I have so far the whole login and direct if successful and not successful pages and all that neat stuff, I only want to know how to disallow anyone trying to type in the abc.php URL...

 

I tried something like (but didn't work)

 

<?php
if(!$_POST["form1"] || $_POST["form1"] != 'Submit') {
//came directly by typing URL - redirect
header("Location: index.php");
exit;
//}
if(!$_SESSION["username"]) {
//not registered - redirect
header("Location: ProfileForm2.php");
exit;
}
?>

 

thanks..

rajivgonsalves Newbie

rajivgonsalves

Posted
Posted

your above code has a syntax error it should be

 

<?php
if(!$_POST["form1"] || $_POST["form1"] != 'Submit') {
//came directly by typing URL - redirect
header("Location: index.php");
exit;
}
if(!$_SESSION["username"]) {
//not registered - redirect
header("Location: ProfileForm2.php");
exit;
}
?>

 

cannot say without seeing the other code what is going wrong

podarum Newbie

podarum

Posted
  • Author
Posted

Thsi is the code I have in the index.php page...

<?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
  session_start();
}
$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
  $_SESSION['PrevUrl'] = $_GET['accesscheck'];
}
if (isset($_POST['username'])) {
  $loginUsername=$_POST['username'];
  $password=$_POST['password'];
  $MM_fldUserAuthorization = "";
  $MM_redirectLoginSuccess = "ProfileForm2.php";
  $MM_redirectLoginFailed = "popup.html";
  $MM_redirecttoReferrer = true;
  mysql_select_db($database_home, $home);

  $LoginRS__query=sprintf("SELECT username, password FROM RSUsers WHERE username=%s AND password=%s",
    GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text")); 
   
  $LoginRS = mysql_query($LoginRS__query, $home) or die(mysql_error());
  $loginFoundUser = mysql_num_rows($LoginRS);
  if ($loginFoundUser) {
     $loginStrGroup = "";
    
    //declare two session variables and assign them
    $_SESSION['MM_Username'] = $loginUsername;
    $_SESSION['MM_UserGroup'] = $loginStrGroup;          

    if (isset($_SESSION['PrevUrl']) && true) {
      $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];    
    }
    header("Location: " . $MM_redirectLoginSuccess );
  }
  else {
    header("Location: ". $MM_redirectLoginFailed );
  }
}
?>
<div id="LoginBox"><form name="form1" method="POST" action="<?php echo $loginFormAction; ?>">
<table width="230" border="0" cellspacing="0" cellpadding="2">
<tr>
<td width="58" height="22">Username:</td>
<td width="164"><input name="username" type="text" id="username" size="10"></td>
</tr>
<tr>
  <td width="58" height="33"> Password:</td>
  <td><input name="password" type="password" id="password" size="10">
     <input type="submit" name="Submit" value="Submit" /></td>
</tr>
</table>
</form>

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.