More log in help neeeded

Butler · April 26, 2011

I have got athe user login gate and everything working well excrpt that i made it so when the user logs in they are redirected to there control panel. The only issue is that anyone can completely skip the login and just type in the url of the control panel to get to it. How do i make so the only way to get to these pages is to log in.

kney · April 26, 2011

post code pls

Butler · April 26, 2011

umm what code? i need code to make a page inaccessible to anyone but the logged in person.

PFMaBiSmAd · April 26, 2011

Each page that you want to protect must test the $_SESSION variable(s) that your login script sets to make sure that the visitor is logged in and is allowed to access that page.

Butler · April 26, 2011

Each page that you want to protect must test the $_SESSION variable(s) that your login script sets to make sure that the visitor is logged in and is allowed to access that page.

I am very new to all this..... Here is my log in code.

<?php

include ('connection.php');

$username = mysql_real_escape_string($_POST['username5']);

$password = mysql_real_escape_string($_POST['password5']);

$results = mysql_query("SELECT url FROM merchants WHERE username='$username' AND password='$password'");

if (mysql_num_rows($results)) {

$values = mysql_fetch_array($results);

$url = $values['url'];

header("Location: $url");

} else {

echo 'Wrong data yo!';

}

?>

PFMaBiSmAd · April 26, 2011

Once you leave that page, there is nothing that indicates that the visitor has authenticated him/her-self against your database table.

You need to set a $_SESSION variable that indicates the visitor is logged in (usually his id from your user (merchants) table.) You could store the URL into a session variable to indicate this.

kney · April 26, 2011

<?php
include ('connection.php');

$username = mysql_real_escape_string($_POST['username5']);

$password = mysql_real_escape_string($_POST['password5']);

$results = mysql_query("SELECT url FROM merchants WHERE username='$username' AND password='$password'");

if (mysql_num_rows($results)) {

$values = mysql_fetch_array($results);

$url = $values['url'];

header("Location: $url");

} else {

echo 'Wrong data yo!';

}

?>

So something like this:

<?php
include ('connection.php');

$username = mysql_real_escape_string($_POST['username5']);
$password = mysql_real_escape_string($_POST['password5']);

$results = mysql_query("SELECT * FROM merchants WHERE username='$username' AND password='$password'");
if (mysql_num_rows($results)) {
     $values = mysql_fetch_array($results);
     $url = $values['url'];
     $_SESSION['userID'] = $values['id'];
     header("Location: $url");
} else {
     echo 'Wrong data yo!';
}
?>

and on the other page where you check whether he can't view the page or not you do

<?php
      if(!isset($_SESSION['userID'])){
              // you can't watch the page
      }else{
             // you can watch the page
             // paste ur page code in here
      }
?>

Sign In

More log in help neeeded

Recommended Posts

Butler

Link to comment

Share on other sites

kney

Link to comment

Share on other sites

Butler

Link to comment

Share on other sites

PFMaBiSmAd

Link to comment

Share on other sites

Butler

Link to comment

Share on other sites

PFMaBiSmAd

Link to comment

Share on other sites

kney

Link to comment

Share on other sites

Archived

Browse

Activity

Important Information