eldan88 Posted December 6, 2012 Share Posted December 6, 2012 Hey. I have created a simple login page, and a function to check if the user has logged in, and if the user isn;t logged in redirect him back to the login page. However there are some pages in my site that I don't want the user acessing. How do I set up a function in order to prevent the user from accessing other content on my site. Below is the funciton i used. <?php session_start(); ?> <?php function confirm_logged_in(){ return isset($_SESSION['user_id']); } function logged_in() { if (!confirmed_logged_in()) { redirect_to("login.php"); } } ?> I have put the function logged_in() in the pages where I want to confirm if the user has logged in. Below is the code for the login page <?php require("include/db_connection.php"); require("include/functions.php"); require("include/admin_functions.php"); ?> <?php if(isset($_POST['submit'])) { $username = $_POST['username']; $password = $_POST['password']; $hashed_password = sha1($password); $query = "SELECT table_column1,table_column2 "; $query .= "FROM table "; $query .= "WHERE username = {$username} "; $query .= "AND hashed_password = {$hashed_password}"; $query .= " LIMIT 1 "; $result = mysql_query($query); confirm_query($result); if(mysql_num_rows($result) == 1) { $found_user = mysql_fetch_array($result); $_SESSION['user_id'] = $found_user['id']; $_SESSION['username'] = $found_user['username']; redirect_to("linkgoeshere.php?store_name=" . $found_user['store_name'] . ""); // Success } else { // Incorrect username and password } $message = "Sorry your username or password is incorrect<br />"; $message .= "Please contact Simplemenu.com at 646-397-5751 for assistance"; } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title>Simplemenu.com Login</title> </head> <body> <?php if(!empty($message)) {echo $message;} ?> <form action="login.php" method="post"> Username: <input type="text" name="username" value="" /><br /> Password <input type="password" name="hashed_password" value="" /><br /> <input type="submit" name="submit" value="submit" /> </form> </body> </html> Link to comment https://forums.phpfreaks.com/topic/271681-need-help-restricting-certain-pages-when-user-logged-in/ Share on other sites More sharing options...
MDCode Posted December 6, 2012 Share Posted December 6, 2012 You can create a user access level, user, admin, etc. And just verify them as an int in sql, 0 user 1 admin or whatever. If the user shouldn't be browsing it, you can redirect based on that Link to comment https://forums.phpfreaks.com/topic/271681-need-help-restricting-certain-pages-when-user-logged-in/#findComment-1397882 Share on other sites More sharing options...
eldan88 Posted December 7, 2012 Author Share Posted December 7, 2012 You can create a user access level, user, admin, etc. And just verify them as an int in sql, 0 user 1 admin or whatever. If the user shouldn't be browsing it, you can redirect based on that Thanks. Helped alot! Link to comment https://forums.phpfreaks.com/topic/271681-need-help-restricting-certain-pages-when-user-logged-in/#findComment-1398037 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.