Only access to page after login

BIOSTALL

Hey, i have 3 pages:

Login.html - Contains login form
Login.php - Verifies Username and pw are correct and redirects accordingly
Members.php - Members page

Now, i want it so u can only access Members.php if the username and pw are entered correctly. At the moment though, u can just enter members.php in the address bar and it will bypass the login form. Is there anyway i can make it so that you MUST go through login.html and if you do type members.php in the address bar, it wont allow access. Hopefully that makes sense.

Cheers, BIOSTALL

wilku

This is really something you should be able to find yourself (using google or board search). The keywords are: php authentication, sessions. authentication script and so on...

rachel2004

Probably one of the most common ways of doing it is using sessions. What you'll want to do is in your Login.php page is assign a value to a $_SESSION variable if a user has successfully logged in. You need to make sure you call session_start() at the top of every page where you want to work with sessions. So at your login.php page:

<?php 
// login.php
session_start();

// do some stuff for validating user input
// blah, blah,
// blah, blah

/* if 'username' and 'pw' are correct, the user has authenticated, so assign him a $_SESSION variable */
$_SESSION['logged_in'] = TRUE;
?>

At any other page that you want to restrict to just logged in visitors, you would need something like:

// membersOnly.php
session_start();
// check if the visitor is not logged in:
if (!isset($_SESSION['logged_in'])) {
    exit("Sorry, you are not logged in!");
}

/* rest of the page follows, which the user will be allowed to see if he is logged in */

BIOSTALL

Its still letting me go straight to Members.php

This is my code on Login.php:

<?php
session_start();
$username = ($_POST['username']);
$password = ($_POST['password']);

if ($username=="scarred" and $password=="cob"){
	$_SESSION['logged_in'] = TRUE;
	header('location:Member.php');
}else{
	header('location:Login.htm');
}
?>

This is my code on Members.php:

<?php
session_start();
if (!isset($_SESSION['logged_in'])) {
	header("location:Login.htm");
}
?>

I get no errors or anything, it just skips straight to it without redirecting to the Login form :-S

Once you've logged in once, is there chance its keeping the session open, so if i go to a page with nothing to do with members or anything, will it remember that i've logged in previously. If so, is there a way to kind of 'end' the seeion??

wilku

I don't know if it will help, but I've read about some problems with sessions and redirecting using header here.
Here's some quotation:

For the problem of session lost after of redirect with header location...

Try with this:
<?
session_start();
$_SESSION['mySession'] = "hello";

header ("Location: xpage.php");
exit(); //This sentence do the magic
?>

BIOSTALL

Used session_destroy() 😉

Thanks for your help anyway 🙂

BIOSTALL