Guest Posted August 17, 2012 Share Posted August 17, 2012 Hi Everyone, In the below URL example, before someone enters their information (name, last, email) I want that visitor to login before they submit their information. My first question is, how would I have that user be presented with a login page if they aren't logged in or have an account? My concern is this, I don't want any visitor typing in their name, last and email without being a member first. As it stands now, if a visitor typed in their first, last name and email without logging in the information they typed in would be submitted into the database (I don't want that). I want a visitor to first login and then type in their information. How would I do something like that? http://whatsmyowncarworth.com/auto-members/car-display/car-display-contact.php Thanks! Link to comment https://forums.phpfreaks.com/topic/267233-do-i-need-to-use-a-session-not-quite-sure-on-what-to-do-next/ Share on other sites More sharing options...
xyph Posted August 17, 2012 Share Posted August 17, 2012 Sessions are the ideal way to track a user over multiple requests. There are many basic PHP user/pass tutorials on the net. Most seem out of date, or give overall bad advice. If you want to do it right, check out the article in my signature. It's a big read, and not exactly non-coder friendly though. If this is your first PHP application, it might be overwhelming. Link to comment https://forums.phpfreaks.com/topic/267233-do-i-need-to-use-a-session-not-quite-sure-on-what-to-do-next/#findComment-1370212 Share on other sites More sharing options...
JonnoTheDev Posted August 17, 2012 Share Posted August 17, 2012 When a user logs into a website a session variable is set. This usually contains the database id of that user. Here is some psuedo code for login.php if login form is submitted if username & password fields have been completed if the username & password fields exist in the database get user id set session user id redirect user to relevent page else throw error else throw error end On pages where a user must be logged in you must check that the session variable exists. If it doesn't redirect them to login.php. i.e my-account.php if session variable user id does not exist redirect to login else continue Simple Link to comment https://forums.phpfreaks.com/topic/267233-do-i-need-to-use-a-session-not-quite-sure-on-what-to-do-next/#findComment-1370214 Share on other sites More sharing options...
Christian F. Posted August 17, 2012 Share Posted August 17, 2012 A bit clearer and simpler way to write the above pseudo-code, and thus the code itself: if login form is submitted if NOT username & password fields have been completed Throw error Show form again (with username pre-filled). Exit function Retrieve user ID, password hash and salt from database, on username. if NOT the username exist in the database throw error about unknown username and/or password show form again exit function Hash user-submitted password. if NOT user-submitted hash equals database. throw error about unknown username and/or password show form again exit function Get user ID Set session user ID Redirect user to relevant page Kill script. Show form I've also added a couple of steps necessary to provide proper password security, as explained in the article linked to by xyph. Link to comment https://forums.phpfreaks.com/topic/267233-do-i-need-to-use-a-session-not-quite-sure-on-what-to-do-next/#findComment-1370336 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.