Butler Posted April 26, 2011 Share Posted April 26, 2011 I have got athe user login gate and everything working well excrpt that i made it so when the user logs in they are redirected to there control panel. The only issue is that anyone can completely skip the login and just type in the url of the control panel to get to it. How do i make so the only way to get to these pages is to log in. Link to comment https://forums.phpfreaks.com/topic/234756-more-log-in-help-neeeded/ Share on other sites More sharing options...
kney Posted April 26, 2011 Share Posted April 26, 2011 post code pls Link to comment https://forums.phpfreaks.com/topic/234756-more-log-in-help-neeeded/#findComment-1206402 Share on other sites More sharing options...
Butler Posted April 26, 2011 Author Share Posted April 26, 2011 umm what code? i need code to make a page inaccessible to anyone but the logged in person. Link to comment https://forums.phpfreaks.com/topic/234756-more-log-in-help-neeeded/#findComment-1206403 Share on other sites More sharing options...
PFMaBiSmAd Posted April 26, 2011 Share Posted April 26, 2011 Each page that you want to protect must test the $_SESSION variable(s) that your login script sets to make sure that the visitor is logged in and is allowed to access that page. Link to comment https://forums.phpfreaks.com/topic/234756-more-log-in-help-neeeded/#findComment-1206404 Share on other sites More sharing options...
Butler Posted April 26, 2011 Author Share Posted April 26, 2011 Each page that you want to protect must test the $_SESSION variable(s) that your login script sets to make sure that the visitor is logged in and is allowed to access that page. I am very new to all this..... Here is my log in code. <?php include ('connection.php'); $username = mysql_real_escape_string($_POST['username5']); $password = mysql_real_escape_string($_POST['password5']); $results = mysql_query("SELECT url FROM merchants WHERE username='$username' AND password='$password'"); if (mysql_num_rows($results)) { $values = mysql_fetch_array($results); $url = $values['url']; header("Location: $url"); } else { echo 'Wrong data yo!'; } ?> Link to comment https://forums.phpfreaks.com/topic/234756-more-log-in-help-neeeded/#findComment-1206405 Share on other sites More sharing options...
PFMaBiSmAd Posted April 26, 2011 Share Posted April 26, 2011 Once you leave that page, there is nothing that indicates that the visitor has authenticated him/her-self against your database table. You need to set a $_SESSION variable that indicates the visitor is logged in (usually his id from your user (merchants) table.) You could store the URL into a session variable to indicate this. Link to comment https://forums.phpfreaks.com/topic/234756-more-log-in-help-neeeded/#findComment-1206406 Share on other sites More sharing options...
kney Posted April 26, 2011 Share Posted April 26, 2011 <?php include ('connection.php'); $username = mysql_real_escape_string($_POST['username5']); $password = mysql_real_escape_string($_POST['password5']); $results = mysql_query("SELECT url FROM merchants WHERE username='$username' AND password='$password'"); if (mysql_num_rows($results)) { $values = mysql_fetch_array($results); $url = $values['url']; header("Location: $url"); } else { echo 'Wrong data yo!'; } ?> So something like this: <?php include ('connection.php'); $username = mysql_real_escape_string($_POST['username5']); $password = mysql_real_escape_string($_POST['password5']); $results = mysql_query("SELECT * FROM merchants WHERE username='$username' AND password='$password'"); if (mysql_num_rows($results)) { $values = mysql_fetch_array($results); $url = $values['url']; $_SESSION['userID'] = $values['id']; header("Location: $url"); } else { echo 'Wrong data yo!'; } ?> and on the other page where you check whether he can't view the page or not you do <?php if(!isset($_SESSION['userID'])){ // you can't watch the page }else{ // you can watch the page // paste ur page code in here } ?> Link to comment https://forums.phpfreaks.com/topic/234756-more-log-in-help-neeeded/#findComment-1206409 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.