FRIHOSTFORUMSFAQTOSBLOGSDIRECTORY
You are invited to Log in or Register a Frihost Account!

Need Help in PHP

   Frihost Forum Index -> Scripting -> Php and MySQL
 


abhinav_shah
I am currently developing a mysql database and using php to connect to the database.
Now, I have a login page, where users log in using their usernames and passwords. Now, I want only the logged in users to access the database.
Consider this , the log-in page is called login.php.
Now I want that when a user logs in successfully some kind of global variable is set for the user using which I can test whether the user has logged in or not ?

Please help me out...
raver
ok you should have something like this:

Code:

$query = "SELECT * FROM users
         WHERE user='$user' AND password='$password'";

$result = mysql_query($query, $connect) or die('error');
   $affected_rows = mysql_num_rows($result);

if($affected_rows == 1) {
      print 'you are logged in';
      //add the user to our session variables
               //you can put other variables too
      $_SESSION['user_name'] = $user;
   }
   else {
      print 'user non-existent';
   }

//include this on every page you want to protect
<?php
   session_start();
   if(empty($_SESSION['user_name'])) {
             die('An error has ocurred. It may be that you have not logged in,
                  or that your session has expired.
                  Please try <a href="login.php">logging in</a>;
   }
..and here you have the restricted page....
?>


hope this helped...or you could set up a $_SESSION['logged_in'] = 1
and then if $_SESSION['logged_in'] !=1 restrict the user....

good luck with it
kv
also put the code in the beginning of every page. This way you will be protecting your entire site. A better way is to have a main page which checks for login and uses an argument to include relavent the php file.
JustaMin
kv wrote:
also put the code in the beginning of every page. This way you will be protecting your entire site. A better way is to have a main page which checks for login and uses an argument to include relavent the php file.


rather than adding that code to the start of every page, save it as session.php and just add the line:

Code:
include_once("session.php");


at the top of every page you need to protect. Also do not under any circumstances just pass the username and password variables straight to the login function. You MUST make them safe first or you will be likely to be vunerable to SQL injections. Pass all user-typed content through this function before you use it:

Code:
function make_safe($variable) {
  $variable = addslashes(trim($variable));
  return $variable;
}
salman_500
the most easiest way to make a website protected and stuff is to use
"Macromedia Dreamweaver 2004" or "NUV" or is it NVU...somthin like that...these are the best programs for website designing as far as i think....they are extremely easy to use and with just a few clicks you can make a login page, a members only page, and a connection to database to show the content to members only on the members only page.....this is wat i suggest it depends on you wat u wanna do....

I can help u in usin dreamweaver......but after a week frm now....pm me if interested.. Smile
abhinav_shah
raver wrote:
ok you should have something like this:

Code:

$query = "SELECT * FROM users
         WHERE user='$user' AND password='$password'";

$result = mysql_query($query, $connect) or die('error');
   $affected_rows = mysql_num_rows($result);

if($affected_rows == 1) {
      print 'you are logged in';
      //add the user to our session variables
               //you can put other variables too
      $_SESSION['user_name'] = $user;
   }
   else {
      print 'user non-existent';
   }

//include this on every page you want to protect
<?php
   session_start();
   if(empty($_SESSION['user_name'])) {
             die('An error has ocurred. It may be that you have not logged in,
                  or that your session has expired.
                  Please try <a href="login.php">logging in</a>;
   }
..and here you have the restricted page....
?>


hope this helped...or you could set up a $_SESSION['logged_in'] = 1
and then if $_SESSION['logged_in'] !=1 restrict the user....

good luck with it

I tried this code. But this isn't working for me. When I don't log in I can't access the restricted page, that's fine. After I log in I can access the restricted page. But the problem is that when I log out using session_destroy; and then access the restricted page I can still access it. But when I delete my browsers cache and cookies , then I can't access the restrcited page. Please help me out
mathiaus
Are you destrying just the data or the whole session? If just the data I would suggest deleting the actual session by deleting the cookie as shown on this page
http://uk.php.net/manual/en/function.session-destroy.php

Otherwise fancy showing us your logout page?
Reply to topic    Frihost Forum Index -> Scripting -> Php and MySQL

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2007 Frihost, forums powered by phpBB.