Members Only Pages

[amin1982]

Hi Guys;

I have a login in system. Where users login into to view my site. However I haven't been able to encrypte the pages which I want members only to view. For example if they knew the URL of a hidden page they could type this in and they will be taken to the page.

I want a system where they are taken back to the home page when they do this. And when they click on a link which leads to a members I'd like a pop up which says "Members Only - Please Login" unless they are logged in and they are then taken to the page.

Any ideas?

My login scripts are:

buffer.php used on all pages.
[code]

<?php
ob_start();
session_start();
?>
[/code]

Login.php used to verify the user information.

[code]
<?php

require_once ('../includes/config.inc.php');


if (isset($_POST['submitted'])) { // Check if the form has been submitted.

require_once ('./includes/mysql_connect.php');

.
if (!empty($_POST['email'])) {
$e = escape_data($_POST['email']);
} else {
echo '<p class="BlueMenuText"><font color="red" size="+1">You forgot to enter your email address!</font></p>';
$e = FALSE;
}

if (!empty($_POST['password'])) {
$p = escape_data($_POST['password']);
} else {
$p = FALSE;
echo '<p class="BlueMenuText"><font color="red" size="+1">You forgot to enter your password!</font></p>';
}

if ($e && $p) { // If everything's OK.


$query = "SELECT id, f_name FROM members WHERE (email='$e' AND password='$p' AND status=1) ";
$result = mysql_query ($query) or trigger_error("Query: $query\n<br />MySQL Error: " . mysql_error());

if (@mysql_num_rows($result) == 1) { // A match was made.


$row = mysql_fetch_array ($result, MYSQL_NUM);
mysql_free_result($result);
mysql_close(); // Close the database connection.
$_SESSION['f_name'] = $row[1];
$_SESSION['id'] = $row[0];


$url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']);

f ((substr($url, -1) == '/') OR (substr($url, -1) == '\\') ) {
$url = substr ($url, 0, -1);
}

$url .= '/index.php';

ob_end_clean();
header("Location: $url");
exit();

} else { /
echo '<p class="BlueMenuText">><font color="red" size="+1">Your password and email login didn\'t match. Please try again and ensure you have activated your account.</font></p>';
}

} else {
echo '<p><font color="red" size="+1">Please try again.</font></p>';
}

mysql_close();

}
?

[/code]

any suggestions or help would be appreciated!

Thanks!

[hitman6003]

http://www.phpfreaks.com/tutorials/65/0.php

[amin1982]

hey hitman,

thanks for that. I did have a look at the tutorial and I tried altering my script but i couldn't work it.

I'm editing this part:

[code]
<?php
echo '<div class="MainText">Welcome';
if (isset($_SESSION['f_name'])) {
echo ", <b>{$_SESSION['f_name']}!</b>";
}
echo '</div>';
?>
[/code]

Basically if the user is logged in then they receive a welcome message. however i need to add an if empty f_name then redirect to the home page with a message that pops up "Members Only"...

Thoughy just not sure how to do this. I try a few things but no luck.

Any ideas?!...

Thanks,

Amin

[CheesierAngel]

You can use the function header() for this.
- [url=http://php.belnet.be/manual/en/function.header.php]http://php.belnet.be/manual/en/function.header.php[/url]

[code]
<?php
echo '<div class="MainText">Welcome';
if (isset($_SESSION['f_name'])) {
echo ", <b>{$_SESSION['f_name']}!</b>";
} else {
header('Location: noAccessGranted.php');
}
echo '</div>';
?>
[/code]

MODIFICATION:

You can also take a look at the HTTP_AUTHENTICATION:
- [url=http://php.belnet.be/manual/en/features.http-auth.php]http://php.belnet.be/manual/en/features.http-auth.php[/url]