eldan88 Posted December 6, 2012 Share Posted December 6, 2012 (edited) Hey. I have created a simple login page, and a function to check if the user has logged in, and if the user isn;t logged in redirect him back to the login page. However there are some pages in my site that I don't want the user acessing. How do I set up a function in order to prevent the user from accessing other content on my site. Below is the funciton i used. <?php session_start(); ?> <?php function confirm_logged_in(){ return isset($_SESSION['user_id']); } function logged_in() { if (!confirmed_logged_in()) { redirect_to("login.php"); } } ?> I have put the function logged_in() in the pages where I want to confirm if the user has logged in. Below is the code for the login page <?php require("include/db_connection.php"); require("include/functions.php"); require("include/admin_functions.php"); ?> <?php if(isset($_POST['submit'])) { $username = $_POST['username']; $password = $_POST['password']; $hashed_password = sha1($password); $query = "SELECT table_column1,table_column2 "; $query .= "FROM table "; $query .= "WHERE username = {$username} "; $query .= "AND hashed_password = {$hashed_password}"; $query .= " LIMIT 1 "; $result = mysql_query($query); confirm_query($result); if(mysql_num_rows($result) == 1) { $found_user = mysql_fetch_array($result); $_SESSION['user_id'] = $found_user['id']; $_SESSION['username'] = $found_user['username']; redirect_to("linkgoeshere.php?store_name=" . $found_user['store_name'] . ""); // Success } else { // Incorrect username and password } $message = "Sorry your username or password is incorrect<br />"; $message .= "Please contact Simplemenu.com at 646-397-5751 for assistance"; } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title>Simplemenu.com Login</title> </head> <body> <?php if(!empty($message)) {echo $message;} ?> <form action="login.php" method="post"> Username: <input type="text" name="username" value="" /><br /> Password <input type="password" name="hashed_password" value="" /><br /> <input type="submit" name="submit" value="submit" /> </form> </body> </html> Edited December 6, 2012 by eldan88 Quote Link to comment Share on other sites More sharing options...
MDCode Posted December 6, 2012 Share Posted December 6, 2012 (edited) You can create a user access level, user, admin, etc. And just verify them as an int in sql, 0 user 1 admin or whatever. If the user shouldn't be browsing it, you can redirect based on that Edited December 6, 2012 by SocialCloud Quote Link to comment Share on other sites More sharing options...
eldan88 Posted December 7, 2012 Author Share Posted December 7, 2012 You can create a user access level, user, admin, etc. And just verify them as an int in sql, 0 user 1 admin or whatever. If the user shouldn't be browsing it, you can redirect based on that Thanks. Helped alot! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.