Help with protected pages and session register

simonjk · April 20, 2012

Hi,

I have built a registration and login system for a website, part of which I wish to protect certain pages.

The registration systems works well, as does the login BUT I am having difficulty with the next stage.

How do I then 'capture' the username and password that were entered by the user and get the PHP page I want to protect to check that these are valid? I guess it is a piece of code I need to put in the top of the protected page?

Here is the final piece of code (which then includes a link to the page I want to protect) from the login page which includes session_register, but then how can I use this information in the page I wish to protect?

//Now if everything is correct let's finish his/her/its login

session_register("username", $username);

session_register("password", $password);

echo "Welcome, ".$username." please continue onto our ".$sub." membership area...<a href=".$index.">click here</a>";

}

Thanks,

Simon

trq · April 20, 2012

session_register has long been deprecated and has since been removed in the latest version of PHP. Just use the $_SESSION array.

<?php

session_start();

echo $_SESSION['username'];
?>

Don't forget you also need a call to session_start on all pages that use sessions.

simonjk · April 20, 2012

Thanks for the pointer thorpe.

But I wonder if you can tell me what code I should use at the top of the page I want to protect, i.e index.php?

Sorry to ask what must be obvious questions...I've stared at this far to long and have now confused even myself!

Thanks,

Simon

trq · April 20, 2012

<?php

session_start();

if (!isset($_SESSION['username'])) {
  // use is not logged in
} else {
  // user is logged in
}

simonjk · April 20, 2012

Thanks thorpe, that is excellent.

Have a great weekend and I hope I can be of help sometime.

Simon

simonjk · April 20, 2012

Arrgghhhhh, just when I thought it had gone so well.

The piece of code seems to not recognise when a user is logged in or not, it does not seem to protect the page. Am I missing something? Here it is as entered at the top of index.php

<?php

session_start();

if (!isset($_SESSION['username'])) {

// user is not logged in

} else {

// user is logged in

}

?>

Sorry to trouble you again,

Simon

trq · April 20, 2012

You need to replace the comments with the code you want executed within those conditions.

simonjk · April 20, 2012

Again, I'm sorry to ask the obvious on a Friday afternoon, but I would like the user to just be able to see the page index.php if they are logged on, and to be taken back to login.php if they are not logged on?

Tried this but not working ;(

<?php

session_start();

if (!isset($_SESSION['username'])) {

header("location:login.php"); // user is not logged in

}

else { // user is logged in}

?>

Simon

trq · April 20, 2012

Have you set $_SESSION['username'] when your user logs in?

trq · April 20, 2012

You also need to call exit after header.

simonjk · April 20, 2012

Errr, no, have not set it.

Would that replace session_register? If so, how do I do it.

Head hurts...once I see how it's done it will no doubt seem obvious.

Simon

simonjk · April 20, 2012

Think I have it...have now set $_SESSION and added exit().

Thanks for all your help.

Simon

Sign In

Help with protected pages and session register

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Join the conversation

Important Information