Jump to content

Sessions? How to secure pages for only logged in users


FatesCall
Go to solution Solved by jcbones,

Recommended Posts

 

#continue from above *CHROMIUM AHHHHHH*

 
process.php
 


<?php //no whitespace, no BOM must come before this line.
session_start();  //start the session.
define('MYSITE' , $_SERVER['SERVER_NAME']); //define what our site is.
$_SESSION['login'] = false; //we are NOT logged in.
if($_SERVER['REQUEST_METHOD'] == 'POST') { //if a POST request has been made.
$_POST = array_map('trim',$_POST); //trim the data.
if(!empty($_POST['user']) && !empty($_POST['password'])) { //if the user and password are NOT empty.
$users = ["User1" => "123", "User2" => "1234", "User3" => "1235"]; //list our users in array.
if(isset($users[$_POST['user']]) && $users[$_POST['user']] == $_POST['password']) { //if the password matches for the user entered.
$_SESSION['login'] = true; //log the user in.
header('Location: http://' . MYSITE . '/login.php'); //send the user to panel.php
exit(); //stop further execution of script.
} else { //if the username and/or password is wrong.
header('Location: http://' . MYSITE .'/error.php?reason=wp'); //send them to login_error.php with a reason code.
exit(); //stop the script.
}
}
header('Location: http://' . MYSITE . '/error.php?reason=nv'); //if the user or password was empty, send to login_error.php with reason code.
exit(); //exit the script.
}
 
error.php
 


<?php
if(isset($_GET['reason'])) { //if there is a reason to be here (should be the only reason we are here).
switch($_GET['reason']) { //run a switch.
case 'nv': //if the reason is nv (not valid).
$message = 'You must enter a username and a password.'; //set the message.
break; //break the switch to keep it from going further.
case 'wp': //wp (wrong password/username).
$message = 'You entered a wrong username and/or password.';
break;
}
}
//echo the message, redirect in 5 seconds.
echo '<html><head><meta http-equiv="refresh" content="5;URL=login.php"></head><body><div>' . $message . '</div></body></html>';

 

THANK YOU SO MUCH IT WORKS PERFECTLY LIKE I WANT IT TOO :D :D :D :D :D 

Link to comment
Share on other sites


FatesCall, here is something to play with, fully commented, and working.

Maybe this will help you understand flow

 

login.php

<?php //No white space or BOM before this tag.
session_start(); //start the sesson.
if(isset($_SESSION['login']) && $_SESSION['login'] == true) { //if the session is set, and session login is set to true.
echo 'Thank you for logging in!'; //tell them that they are logged in.
$_SESSION['login'] = false; //for testing purposes, I then disable the login.
} else { //if we haven't logged in, then show the form.
?><form method="post" id="login-form" name="login-form" action="process.php"><div class="login">
            <input type="text" placeholder="username" name="user" required><br>
            <input type="password" placeholder="password" name="password" required><br>
            <input type="submit" name="login" id="login" value="login" />
        </div></form>
<?php 
}
?>  

Although, is there a way to force them to log in every time instead of the auto login?

 

EDIT: and also to prevent people from directly going to www.mysite.com/panel.php and getting in

Edited by FatesCall
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.