Sessions: Check Login Script

sir_laugh_alot

Yo, I want to have a login page, and then have a script that verifies the user logged in correctly on all other pages. My assumption is to use a session variable, and check to see if the variable was set to the value 1. Can't seem to get it to work. How do you check to see that variable? Below is my checklogin script:

<?
if($_SESSION["match"] == 1) {
echo "login successful";
} else {
$msg="You must login before proceeding into the training.";
$msg=urlencode($msg);
header ("location:index.php?msg=$msg");
exit;
}
?>

cgraz

please don't triple post.

Cgraz

sir_laugh_alot

it was an accident to triple post, not intentional

rklapwijk

Put this on every page that needs to be protected:

<?php
session_start();

if (!IsSet($_SESSION["match"]) || $_SESSION["match"] != "1") header("location: login.php");
?>

// after validating the login data set the session:

session_start();
$match = "1";
session_register($match);

sir_laugh_alot

Still doesn't work for me...no matter what method I use for the session variables, I can't seem to get them to work properly. Therefore, the only way I can achieve what I'm trying to do is to check if the session is started. Of course that limits a lot, since I can not use session variables...

$user = "u";
$pass = "p";

//Removes whitespace and makes all lowercase
function prep_for_compare($string) {
$string = trim($string);
$string = strtolower($string);
return $string;
}

$user_entered = prep_for_compare($form_user);
$pass_entered = prep_for_compare($form_pass);

if(($user==$user_entered) && ($pass==$pass_entered)) {
session_name('UNC_Orientation');

session_start();
header ("location:welcome.php");
exit;

} else {
$msg="You entered an invalid login combination. Please try again.";
$msg = urlencode($msg);
header ("location:index.php?msg=$msg");
exit;
}

CHECKLOGIN PAGE:

if($UNC_Orientation) {
//session_start();
echo $UNC_Orientation;
} else {
$msg="You must login before proceeding into the training.";
$msg=urlencode($msg);
header ("location:index.php?msg=$msg");
exit;
}

andesa

Try this:

ANY PAGE YOU WANT TO VERIFY SESSIONS INFO

// Start session
session_start();

// Check for User ID and Password
if ( !IsSet( $SESSION['validated'] ) ) {
header( "Location: login.php?error_cd=5" );
exit;
} else if ( $SESSION['validated'] == FALSE ) {
header( "Location: login.php?error_cd=5" );
exit;
}

<?PHP

// Start session
session_start();

// SET INITIAL VALUES
$validated = FALSE;

// SET SESSION VARIABLES
$_SESSION['validated'] = $validated;

$error_cd = $_GET['error_cd'];

if ( strlen( $error_cd ) > 0 ) {
$error_string = "";
if ( $error_cd == 1 ) {
$error_string .= "User ID is blank, please try again.";
} else if ( $error_cd == 2 ) {
$error_string .= "Password is blank, please try again.";
} else if ( $error_cd == 3 ) {
$error_string .= "User ID not found in our system.";
} else if ( $error_cd == 4 ) {
$error_string .= "Password incorrect.";
} else if ( $error_cd == 5 ) {
$error_string .= "Your are not logged in. You must login before you can use the system.";
} else if ( $error_cd == 6 ) {
$error_string .= "User ID and Password are blank.";
}
} else {
$error_string = "";
}