Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to make an page only accessible when logged in PHP

Tags:

php

Currently I'm working on a little project for a dummy login/register page and now I want to add a page that is only accessible when you're logged in. So the question is how do I make a session or cookie and retrieve them? And how do I block not logged in users.

I'm currently using these codes for the login.php and member_area.php: Login.php:

<?php
    session_start();





    if(isSet($_POST['login'])) {
        include('db.php');

        $username = mysql_real_escape_string($_POST['username']);
        $password = sha1($_POST['password'] );

        $query = mysql_query("SELECT * FROM tab WHERE username='".addSlashes($username)."' AND password='".addSlashes($password)."'");
        $res = mysql_num_rows($query);

        if ($res == 1) {
            $_SESSION['username'] = $username;
            $_SESSION['password'] = $password;
            $_SESSION['userobj'] = mysql_fetch_assoc($query);

            header('Location: http://localhost/member_area.php');
            exit;
        } else {
            echo 'Data does not match <br /> RE-Enter Username and Password';
        }
    } else {

?>
    <html>
    <head><link rel="stylesheet" type="text/css" href="css.css"></head>
        <body>
                <div id="div1">

                <a href="index.php" id="home">Home</a>
                <a href="Login.php" id="login2">Login</a>
                <a href="register.php" id="register">Register</a> 


        </div>
            <table width="200" border="0" cellspacing="1" align="center">
                <form id="form1" method="post" action="login.php">
                <tr>
                    <td colspan="2"><h2>Members login</h2></td>
                </tr>
                <tr>
                    <td>Username: </td>
                    <td>
                        <input type="text" name="username" id="username"/>
                    </td>
                </tr>
                <tr>
                    <td>Password: </td>
                        <td><input type="password" name="password" id="password"/> </td>
                </tr>
                <tr>
                    <td colspan="2" align="center">
                        <input type="submit" name="login" id="login" value="login" />
                    </td>
                </tr>
                </form>
            </table>
            </body>
    </html>
    <?php
    }


?>

Member_area.php:

<?php

?>
<html>
<head><link rel="stylesheet" type="text/css" href="css.css"></head>
    <body>
            <div id="div1">

                <a href="index.php" id="home">Home</a>
                <a href="Login.php" id="login2">Login</a>
                <a href="register.php" id="register">Register</a> 


        </div>
        <form action="/Log_out.php" method="get">
            <input type="submit" name="submit" value="Log Out." action="http://localhost/Log_out.php" id="Logout">
        </form>
    </body>
</html>
<?php

?>

Please note that I'm completely new to PHP so some directions where to put the code with if possible a little explanation.

like image 414
Elmar Luijmes Avatar asked Feb 26 '13 11:02

Elmar Luijmes


People also ask

How to display user data after login in PHP?

The register. php page asks for the desired username, email, and password of the user, and then sends the entered data into the database, once the submit button is clicked. After this, the user is redirected to the index. php page where a welcome message and the username of the logged-in user is displayed.

Which PHP function is used to make a user logged out from a website?

That is, the $_SESSION[“member_id”] is set to manage the logged-in session. It will remain until log out or quit the browser. While logout, we unset all the session variables using the PHP unset() function.

How to know which user is logged in PHP?

If you have two PHP applications on a webserver, both checking a user's login status with a boolean flag in a session variable called 'isLoggedIn', then a user could log into one of the applications and then automagically gain access to the second without credentials.


2 Answers

Add this at the top of Member_area.php:

session_start();
if(!isset($_SESSION['username'])){
   header("Location:Login.php");
}

It checks whether the session is set or not, if not it will redirect the user to login page.

like image 121
Prasanth Bendra Avatar answered Oct 20 '22 00:10

Prasanth Bendra


 <?php
    if(!isset($_SESSION['username'])) {
    die("Please login");
}

?>
<html>
<head><link rel="stylesheet" type="text/css" href="css.css"></head>
    <body>
            <div id="div1">

                <a href="index.php" id="home">Home</a>
                <a href="Login.php" id="login2">Login</a>
                <a href="register.php" id="register">Register</a> 


        </div>
        <form action="/Log_out.php" method="get">
            <input type="submit" name="submit" value="Log Out." action="http://localhost/Log_out.php" id="Logout">
        </form>
    </body>
</html>
<?php

?>

That should be it :)

like image 41
Dhamesh Makwana Avatar answered Oct 20 '22 00:10

Dhamesh Makwana