login

e39m5

im going to make a login but how can make it so if u goto the site by just putting in the url it doesn't work?

Hitoshi

ok.. firstly you must make a session.
After this.. u have to add session start to the ABSOLOUTE BEGINNING of every page.
Here's a script I made to retrieve a users details for the page so I can use them if I have to. It also blocks anyone who's not logged in (IE: no session present).

<?php
session_start();
$user = $_SERVER['PHP_AUTH_USER'];
require_once ('mysql_connect.php');
$sql = "SELECT * FROM users WHERE username = '$user'";    

$res = mysql_query($sql) or die("Query Error: ".mysql_error());    

$data = mysql_fetch_array($res) or die("YOU MUST LOG IN".mysql_error());  

$HP = $data[HP];
$AT = $data[AT];
$DF = $data[DF];
$LV = $data[LV];
$posts = $data[posts];
$sig = $data[info];
$gold = $data[G];
$email = $data[email];
$username = $data[username];
?>

e39m5

my info is being stored i na flatfile database, any suggestions, wat is that code doing?

Hitoshi

Sorry, I have no idea how to use the flat file thing. I was just assuming you meant sql

e39m5

ummm, a flatfile is a txt file or a .php file, i use php files becuz i have the die feature

daveyboy

to do this, typically i write an authentication library with a function to check a username and password against the db (flatfile, mysql, whatever) and return true or false. if that succeeds, i call a function to set up a session and session vars (username, sig, useful user data). there is also a function to destroy the session.
there is a function 'require_login()' which i call at the top of every protected page. if it can't find $_SESSION['username'] (or some other test) it will redirect to the login page with header('Location: http://www.example.com/login.php') and exit().
login.php has a form to collect username and password and checks the data against the authentication library, initializing a session if it succeeds.