simple login based authentication/prevent access to unauthorized users

[beemer832]

I am just starting to learn PHP and work on a personal project. My goal is to offer a Login page for a business owner to log into their website and then add/remove content in a certain section as needed (classified information, part information, used equipment, etc.)

 

I have a login script working successfully, but am trying to get pointed down the correct path where to start looking at the authenticated sessions and cookies to restrict unauthorized access.

 

The page now loads to index.php which then redirects to parts.php once the user has been authenticated. I need to make sure that any user cannot browse to parts.php and gain access.

 

Thanks

-Josh

[947740]

The easiset - and I believe most popular way is to simply use $_SESSION.

 

When they login I set $_SESSION['loggedin'] = "true";

 

I also set admin level through that so $_SESSION['admin'] = #; (# = some integer)

 

Then on the pages you want to make sure they are logged in on, do an if to see if the session values are the ones you need.

 

Also note you need session_start(); at the top of all pages using sessions.

[beemer832]

okay makes sense.

 

could you elaborate with the if statement for each page to ensure they are still logged in? Sorry I am learning as I go here.

 

Thanks

-josh

[Ken2k7]

Josh, after the user is logged in, a session variable is created to store a value stating the user is logged in. So, if the user were to go to another page, you must check if the user is logged in by checking the value of the session variable. Otherwise, how would you know if the user is logged in or not? Does this make sense?