FatesCall Posted June 7, 2015 Author Share Posted June 7, 2015 #continue from above *CHROMIUM AHHHHHH* process.php <?php //no whitespace, no BOM must come before this line. session_start(); //start the session. define('MYSITE' , $_SERVER['SERVER_NAME']); //define what our site is. $_SESSION['login'] = false; //we are NOT logged in. if($_SERVER['REQUEST_METHOD'] == 'POST') { //if a POST request has been made. $_POST = array_map('trim',$_POST); //trim the data. if(!empty($_POST['user']) && !empty($_POST['password'])) { //if the user and password are NOT empty. $users = ["User1" => "123", "User2" => "1234", "User3" => "1235"]; //list our users in array. if(isset($users[$_POST['user']]) && $users[$_POST['user']] == $_POST['password']) { //if the password matches for the user entered. $_SESSION['login'] = true; //log the user in. header('Location: http://' . MYSITE . '/login.php'); //send the user to panel.php exit(); //stop further execution of script. } else { //if the username and/or password is wrong. header('Location: http://' . MYSITE .'/error.php?reason=wp'); //send them to login_error.php with a reason code. exit(); //stop the script. } } header('Location: http://' . MYSITE . '/error.php?reason=nv'); //if the user or password was empty, send to login_error.php with reason code. exit(); //exit the script. } error.php <?php if(isset($_GET['reason'])) { //if there is a reason to be here (should be the only reason we are here). switch($_GET['reason']) { //run a switch. case 'nv': //if the reason is nv (not valid). $message = 'You must enter a username and a password.'; //set the message. break; //break the switch to keep it from going further. case 'wp': //wp (wrong password/username). $message = 'You entered a wrong username and/or password.'; break; } } //echo the message, redirect in 5 seconds. echo '<html><head><meta http-equiv="refresh" content="5;URL=login.php"></head><body><div>' . $message . '</div></body></html>'; THANK YOU SO MUCH IT WORKS PERFECTLY LIKE I WANT IT TOO :D :D Quote Link to comment https://forums.phpfreaks.com/topic/296622-sessions-how-to-secure-pages-for-only-logged-in-users/page/2/#findComment-1513387 Share on other sites More sharing options...
FatesCall Posted June 7, 2015 Author Share Posted June 7, 2015 (edited) FatesCall, here is something to play with, fully commented, and working. Maybe this will help you understand flow login.php <?php //No white space or BOM before this tag. session_start(); //start the sesson. if(isset($_SESSION['login']) && $_SESSION['login'] == true) { //if the session is set, and session login is set to true. echo 'Thank you for logging in!'; //tell them that they are logged in. $_SESSION['login'] = false; //for testing purposes, I then disable the login. } else { //if we haven't logged in, then show the form. ?><form method="post" id="login-form" name="login-form" action="process.php"><div class="login"> <input type="text" placeholder="username" name="user" required><br> <input type="password" placeholder="password" name="password" required><br> <input type="submit" name="login" id="login" value="login" /> </div></form> <?php } ?> Although, is there a way to force them to log in every time instead of the auto login? EDIT: and also to prevent people from directly going to www.mysite.com/panel.php and getting in Edited June 7, 2015 by FatesCall Quote Link to comment https://forums.phpfreaks.com/topic/296622-sessions-how-to-secure-pages-for-only-logged-in-users/page/2/#findComment-1513388 Share on other sites More sharing options...
FatesCall Posted June 7, 2015 Author Share Posted June 7, 2015 Never mind figured it out Quote Link to comment https://forums.phpfreaks.com/topic/296622-sessions-how-to-secure-pages-for-only-logged-in-users/page/2/#findComment-1513390 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.