[SOLVED] login/register help

[thisisnuts123]

Hello guys,

I have got the register page and login page to work.

only problem is users can just type url/main.php and bypass the login page

 

what script do i need to include in there to make sure user logs in

[PHP_PhREEEk]

You need to use sessions or cookies to make login pages 'valid' or 'invalid'. Your script should do the checks, and then deliver the page to valid users, or deny to anyone else. Read the PHP Freaks tutorials on how to accomplish this.

 

PhREEEk

[thisisnuts123]

kk thanks!!

[thisisnuts123]

hey so i found the following tutorial

 

http://www.phpfreaks.com/tutorials/17/1.php

 

can i make this work with my script?

 

<?php
$connection = mysql_connect(localhost', ''username, 'pass');
$password = $_POST[password];
$pass = md5($password);
$db = mysql_select_db('game', $connection);
$sql = "SELECT id FROM user WHERE username='$_POST[username]' AND password='$pass'";

$result = mysql_query($sql);
$num = mysql_num_rows($result);

if ($num > 0) {
        //USER AND PASS ARE CORRECT
$id = mysql_fetch_assoc($result);

setcookie("auth", "yes", time()+3600);
setcookie("id", $id['id']);
setcookie("username", $id['username']);


header ("Location: main.php");

}else {

header ("Location: incorrect.php");

};

?> 

[PHP_PhREEEk]

All of the Tutorials on PHP Freaks have been pretty thoroughly tested, and seem to work well on a majority of server configurations, but of course YMMV is in full effect.

 

Also, these Tutorials are examples, and written with very simplistic, if not insecure in some cases, coding. You should use the code to 'guide you' on getting it integrated with your existing code. Once you have it doing what you expect, then appropriately 'harden' it for security concerns.

 

PhREEEk