scm22ri Posted August 17, 2012 Share Posted August 17, 2012 Hi Everyone, In the below URL example, before someone enters their information (name, last, email) I want that visitor to login before they submit their information. My first question is, how would I have that user be presented with a login page if they aren't logged in or have an account? My concern is this, I don't want any visitor typing in their name, last and email without being a member first. As it stands now, if a visitor typed in their first, last name and email without logging in the information they typed in would be submitted into the database (I don't want that). I want a visitor to first login and then type in their information. How would I do something like that? http://whatsmyowncarworth.com/auto-members/car-display/car-display-contact.php Thanks! Quote Link to comment https://forums.phpfreaks.com/topic/267233-do-i-need-to-use-a-session-not-quite-sure-on-what-to-do-next/ Share on other sites More sharing options...
xyph Posted August 17, 2012 Share Posted August 17, 2012 Sessions are the ideal way to track a user over multiple requests. There are many basic PHP user/pass tutorials on the net. Most seem out of date, or give overall bad advice. If you want to do it right, check out the article in my signature. It's a big read, and not exactly non-coder friendly though. If this is your first PHP application, it might be overwhelming. Quote Link to comment https://forums.phpfreaks.com/topic/267233-do-i-need-to-use-a-session-not-quite-sure-on-what-to-do-next/#findComment-1370212 Share on other sites More sharing options...
JonnoTheDev Posted August 17, 2012 Share Posted August 17, 2012 When a user logs into a website a session variable is set. This usually contains the database id of that user. Here is some psuedo code for login.php if login form is submitted if username & password fields have been completed if the username & password fields exist in the database get user id set session user id redirect user to relevent page else throw error else throw error end On pages where a user must be logged in you must check that the session variable exists. If it doesn't redirect them to login.php. i.e my-account.php if session variable user id does not exist redirect to login else continue Simple Quote Link to comment https://forums.phpfreaks.com/topic/267233-do-i-need-to-use-a-session-not-quite-sure-on-what-to-do-next/#findComment-1370214 Share on other sites More sharing options...
Christian F. Posted August 17, 2012 Share Posted August 17, 2012 A bit clearer and simpler way to write the above pseudo-code, and thus the code itself: if login form is submitted if NOT username & password fields have been completed Throw error Show form again (with username pre-filled). Exit function Retrieve user ID, password hash and salt from database, on username. if NOT the username exist in the database throw error about unknown username and/or password show form again exit function Hash user-submitted password. if NOT user-submitted hash equals database. throw error about unknown username and/or password show form again exit function Get user ID Set session user ID Redirect user to relevant page Kill script. Show form I've also added a couple of steps necessary to provide proper password security, as explained in the article linked to by xyph. Quote Link to comment https://forums.phpfreaks.com/topic/267233-do-i-need-to-use-a-session-not-quite-sure-on-what-to-do-next/#findComment-1370336 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.