Protecting page

Nairb

What I want to do is have user1.php (the page the user logs into) protected so only the user loging in can go to that page but I don't want any thing to complicated. Here is my code:

login.php

<?php

session_start();

if (($username == 'user1') && ($password == 'pass1'))
{
    $_SESSION['username'] = $username;
    header('location: user1.php');
}
elseif (($username == 'user2') && ($password == 'pass2'))
{
    $_SESSION['username'] = $username;
    header('location: user2.php');
}
elseif (($username == 'user3') && ($password == 'pass3'))
{
    $_SESSION['username'] = $username;
    header('location: user3.php');
}
else
{
    header('location: error.html');
}

?>

cnperry

I assume you're asking how to authenticate:

from login.php you will need an HTML form with username and password fields whose action is to post to your restricted-access page.

Your access control logic is basically good, but what you need to do is set your variables for the username and password to the appropriate $POST variables.
$username=$POST[username];
and $password=$_POST[pass];

Nairb

sorry I forgot to post the html form, here it is below. Now would I need to put any code in the user1.php, user2.php and user3.php for their protection?

login.html

<form name="signin" action="login.php" method="post" onsubmit="return go()">

Username: <input type="text" name="username" class="form"><br>
Password: <input type="password" name="password" class="form"><br>
<input type="submit" name="signin" value="login">

</form>

cnperry

Truthfully I'm not very familiar with the header() function, but from a quick look at the PHP documentation you are basically drawing output from other pages.

You should put some code in the user pages (user1.php ...) because if somebody were to figure out that you basically had a bunch of protected pages called user##.php, they could easily load them up directly unless there was some additional way to keep it locked.

you can protect the entire page by adding a few lines of code (ex: user1.php):

if($_SESSION[username]=="user1")
{
content
}
else include("error.html");

That way, if somebody were to directly access user1.php, they would only see the error page, not the actual content.

Nairb

Thank you for all the help, everything seems to be working untill I enter my HTML to user1.php. I get and error message that says: "Parse error: parse error, unexpected '<' in /home/virtual/site34/fst/var/www/html/user1.php on line 8" Here's the code:

user1.php:

<?php

session_start();

if($_SESSION[username]=="user1")
{

<html>
<head>

<title>Welcome</title>

</head>
<body>

Welcome user1

</body>
</html>

}
else include("restricted.html");

?>

Nairb

Nevermind I fixed the problem