loggin question

rtown

looking for some insight, I am a newbie at most of this, starting to get the hang of things but...I have a login script, but I am unsure as to how I would check to make sure that that user is logged in on all subsequent restricted pages...I have an actual login page, that would then send you to where it was that you attempted to get to originally, I didn't use the code as an include like maybe I should've but I found it to confusing to try and work it into my existing page layout as includes, so I just made a flat page with the script. So on the rest of the site that is restricted, I need to verify they are signed in and if not redirect them back to the login.php page....I know this may be easy for some, but please humour (and hopefully help) me

rIkLuNd

The way I do it is by using sessions. Put session_start(); at the top of each page, and when the user logs in, you register a session variable, like this:

$_SESSION['user'] = $username;

Then you can validate a user like this:

if(isset($_SESSION['user']))
{
   echo "Logged in...";
}
else
{
   echo "Not logged in...";
}

rtown

that helps, but in your if/else can that be a redirect back to my login page from those pages that I will put that mini-block in? Rather than echo "Logged In..."; can it be a automatic skip back to login.php??

Thanks for the quick reply...

rtown

in my login.php script I have a part where I register those session variables...
session_register("username");
session_register("password");
...the way that you set the variable with "_session['user']=..." would I still have to do that part in my other documents?? or would I just do the if/else with the "isset"?...but I would still need the session_start on each page though right?

rIkLuNd

yes, you can have a redirect in the if statement, and you only have to do the $_SESSION thing in the login page!