login/session question

[burge124]

hi

 

i have successfully created a login/logout page and register pages that work fine... what im wondering is if a user logs in then moves to another page does php recognize that the user is still the same user or do i have to include code at the top of everypage? such as session etc....

 

thanks

[deansatch]

You will have to include session_start() and your "is user logged in?" verification code on every page that is just for registered users, otherwise anyone can view them.

 

As long as you don't kill the session, they should be able to navigate away to other non-registered pages of your site and come back and still be logged in.

[burge124]

hi further to my original question i have this login checker....

 

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

$UserName=$_POST['UserName'];
$Password=$_POST['Password'];

$_SESSION["UserName"] = $user["UserName"];

$sql="SELECT * FROM $tbl_name WHERE username='$UserName' and password='$Password'";
$result=mysql_query($sql);
if($result){
}

 

on another page i want to just echo the current users name got

session_start(); 

at the top then is it

echo "your username is "$_SESSION["UserName']";    or

echo $user['UserName'];

i need to put or is it something else? thanks

 

[deansatch]

your username is "$_SESSION["UserName']";

 

But make sure you put a "logged in check" at the start of each page as well.

[burge124]

how do i create a logged in check?

[conker87]

At the top of your pages you want to protect, use:

 

session_start();
$sql="SELECT * FROM $tbl_name WHERE username='{$_SESSION['UserName']}'";
$result=mysql_query($sql);
if($result){
// Your user is logged in, page here.
}
else {
// Your user is not logged in, display error.
}

 

I hope you're encrypting your password and sanitise your inputs.