Currently I'm working on a little project for a dummy login/register page and now I want to add a page that is only accessible when you're logged in. So the question is how do I make a session or cookie and retrieve them? And how do I block not logged in users.
I'm currently using these codes for the login.php and member_area.php: Login.php:
<?php
session_start();
if(isSet($_POST['login'])) {
include('db.php');
$username = mysql_real_escape_string($_POST['username']);
$password = sha1($_POST['password'] );
$query = mysql_query("SELECT * FROM tab WHERE username='".addSlashes($username)."' AND password='".addSlashes($password)."'");
$res = mysql_num_rows($query);
if ($res == 1) {
$_SESSION['username'] = $username;
$_SESSION['password'] = $password;
$_SESSION['userobj'] = mysql_fetch_assoc($query);
header('Location: http://localhost/member_area.php');
exit;
} else {
echo 'Data does not match <br /> RE-Enter Username and Password';
}
} else {
?>
<html>
<head><link rel="stylesheet" type="text/css" href="css.css"></head>
<body>
<div id="div1">
<a href="index.php" id="home">Home</a>
<a href="Login.php" id="login2">Login</a>
<a href="register.php" id="register">Register</a>
</div>
<table width="200" border="0" cellspacing="1" align="center">
<form id="form1" method="post" action="login.php">
<tr>
<td colspan="2"><h2>Members login</h2></td>
</tr>
<tr>
<td>Username: </td>
<td>
<input type="text" name="username" id="username"/>
</td>
</tr>
<tr>
<td>Password: </td>
<td><input type="password" name="password" id="password"/> </td>
</tr>
<tr>
<td colspan="2" align="center">
<input type="submit" name="login" id="login" value="login" />
</td>
</tr>
</form>
</table>
</body>
</html>
<?php
}
?>
Member_area.php:
<?php
?>
<html>
<head><link rel="stylesheet" type="text/css" href="css.css"></head>
<body>
<div id="div1">
<a href="index.php" id="home">Home</a>
<a href="Login.php" id="login2">Login</a>
<a href="register.php" id="register">Register</a>
</div>
<form action="/Log_out.php" method="get">
<input type="submit" name="submit" value="Log Out." action="http://localhost/Log_out.php" id="Logout">
</form>
</body>
</html>
<?php
?>
Please note that I'm completely new to PHP so some directions where to put the code with if possible a little explanation.
The register. php page asks for the desired username, email, and password of the user, and then sends the entered data into the database, once the submit button is clicked. After this, the user is redirected to the index. php page where a welcome message and the username of the logged-in user is displayed.
That is, the $_SESSION[“member_id”] is set to manage the logged-in session. It will remain until log out or quit the browser. While logout, we unset all the session variables using the PHP unset() function.
If you have two PHP applications on a webserver, both checking a user's login status with a boolean flag in a session variable called 'isLoggedIn', then a user could log into one of the applications and then automagically gain access to the second without credentials.
Add this at the top of Member_area.php:
session_start();
if(!isset($_SESSION['username'])){
header("Location:Login.php");
}
It checks whether the session is set or not, if not it will redirect the user to login page.
<?php
if(!isset($_SESSION['username'])) {
die("Please login");
}
?>
<html>
<head><link rel="stylesheet" type="text/css" href="css.css"></head>
<body>
<div id="div1">
<a href="index.php" id="home">Home</a>
<a href="Login.php" id="login2">Login</a>
<a href="register.php" id="register">Register</a>
</div>
<form action="/Log_out.php" method="get">
<input type="submit" name="submit" value="Log Out." action="http://localhost/Log_out.php" id="Logout">
</form>
</body>
</html>
<?php
?>
That should be it :)
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With