Making a members area.. Need help.

Discord

Hi,
I'm getting pretty good at php but I still have yet to master making a login area with it. Here is where i'm at so far

User registration is done and i store there username and password in a database. When the user comes to the main page i have a form with username and password and a submit button.. On submit it calls a script called login.php that runs a select query against the database to figure out if they are members or not, if not they go back to the login page if so.....
here is where i snag... I've tried sending them to the members page then checking the $HTTP_REFERER but that never works.. for some reason it never the login.php script. So what i'd like to do is figure out how to do this with sessions...

I've never used sessions before so if someone could just walk me through how to setup a members area in it i'd appreciate it.. I've looked at some examples here so far and they all seem to be in 1 page.. I'm linking across 2.. where do i need to start the session? How do i end it? ect.. I just need a little help.. If anybody has some examples or an alternative "secure" way of creating a members area i'd appreciate a response.

ph8edsicness

I'm in the same boat but since I have a very limited number of members I'm not utilizing a database... it was working perfectly until I swapped the default submit and reset buttons for custom images... it's pissing me off.

I simply store the usernames and passwords in an array that the form will check itself against and either redirect to a secure page or reload the form with an error message.

cheese

I have used this, with the database behind it;

Log In Page

<H1>Login</H1>
<P ALIGN=JUSTIFY>Please enter your username and password in the boxes below and login.</P>
<form action='validate.php' method='POST'>
<CENTER>
<table CELLPADDING=0 CELLSPACING=0 CLASS=NOBORDER WIDTH=300>
<tr><td>Username</td><td><input type=text value="" name="Username" SIZE=18></td></tr>
<tr><td>Password</td><td><input type=password value="" name="Password" SIZE=18></td></tr>
<tr><td colspan=2 align=center>
<input type='submit' value='Login'></td></tr></table>
</form>

Validate Page

<html><body><?php
/ Connecting, selecting database /
$link = mysql_connect("localhost", "DATABASENAME", "")
or die("Could not connect");
print "Connected successfully";
mysql_select_db("DATABASENAME") or die("Could not select database");

/* Performing SQL query - to allow names to appear on screen later */
$query = "SELECT `Username` , `FirstName` , `Password` FROM `users` WHERE 1 AND `Username` = '$_POST[Username]' AND `Password` = '$_POST[Password]';";
$result = mysql_query($query) or die("Query failed");

/* Printing results in HTML Change index2.php for your page*/
print "<form action='INDEX2.php' method='POST'><select name='names'>\n";
while ($line = mysql_fetch_array($result, MYSQL_ASSOC)) {
    foreach ($line as $col_value) {
        print "\t\t<option value='$col_value'>$col_value</option>\n";
    }
    print "\t\n";
}
print " <input type='submit' value='Submit Data'></form>\n";

$num_of_rows = mysql_num_rows ($query);
/ Free resultset /
mysql_free_result($result);
$query = "SELECT Username , Password , FirstName FROM users WHERE 1 AND Username = '$POST[Username]' AND Password = '$POST[Password]';";
$result = mysql_query($query) or die("Query failed");
while ($line = mysql_fetch_array($result, MYSQL_ASSOC)) {
foreach ($line as $col_value) {
print "\t\t<input type=hidden value='$col_value'>\n";
$user = $line[Username];
$pass = $line[Password];
$name = $line[FirstName];
print "$col_value";
}
print "\t\n";
}
$info = $result->fields;
$num_of_rows = mysql_num_rows ($query_result_handle);
print "$line[Username]";
/ Closing connection /
mysql_close($link);
if ($num_of_rows = 1) {
print "we have 1 row!!!!!";
}

print $name;
print "<BR><BR>$user<BR>$pass";
if ($name == '') {
header("Location: index2.php");
} Elseif ($user == '') {
header("Location: index2.php");
} Elseif ($pass == '') {
header("Location: index2.php");
} Else {
setcookie("testcookie", "Logged In");
setcookie("user", "$user");
setcookie("pass", "$pass");
header("Location: index2.php");
}
echo "$testcookie";
echo "$HTTP_COOKIE_VARS[testcookie]";
echo $pass;
echo $user;
echo $POST[Username];
echo $POST[Password];
?>

<?php

header("Location: index6.php");

?>
</body>
</html>

ANY OTHER PAGES - Redirects other to login page from any page that you want to restrict to members.

<?php
if ($HTTP_COOKIE_VARS[testcookie]=="Logged In") {
} else {
header("Location: login.php");
}
?>

I hope this is of use.

Regards,

Neil.