Session Check If/Else

chriscitrix

I am using a PHP script ( http://www.mpdolan.com/login_redirect.htm ) to secure some pages on our Intranet, and I am looking to do the following:

On all non-secured pages, offer a place to enter the username/password
On all secured pages, offer the username that is logged in, and a logout link.

Basically what I am looking for is some code that would check for a session, and if a session does not exist - display the login prompts. If a session does exist - display the username and logout link.

The code that is placed at the top of each page that is secured is this (if this helps):

<?php

//prevents caching
header("Expires: Sat, 01 Jan 2000 00:00:00 GMT");
header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
header("Cache-Control: post-check=0, pre-check=0",false);
session_cache_limiter();
session_start();

require('C:\Websites\custcare\www\auth\config.php');

require('C:\Websites\custcare\www\auth\functions.php'); 

//this is group name or username of the group or person that you wish to allow access to
// - please be advise that the Administrators Groups has access to all pages.
if (allow_access(Administrators) != "yes")
{ 
include ('C:\Websites\custcare\www\noauth.php'); 
exit;
}
?>

leatherback

What have you tried so far?

bpat1434

Basically you'd want this as an add-in script to each script you want.

<?php
// Session_start needs to be called before ANY headers are sent
session_start();

if(empty($_SESSION) || !isset($_SESSION['username']) || empty($_SESSION['username']))
{
    echo '<form action="login.php" method="post">
  <label for="in_username"><strong>Username:</strong></label>
  <input type="text" name="username" id="in_username" value="" />
  &nbsp;&nbsp;
  <label for="in_password"><strong>Password:</strong></label>
  <input type="password" name="password" id="in_password" value="" />
  &nbsp;&nbsp;
  <input type="submit" name="login" value="Log In" />
</form>';
}
else
  echo 'Welcome <strong>' . $_SESSION['username'] . '</strong>.  <a href="logout.php">Log Out</a>';
?>

If you include that short script at the top of every page you should get either a form, or the "Welcome bpat1434. Log Out". Now, when you log the user in, you'd have to supply a $SESSION['username'] value so that you can call on that. Also, it helps check to make sure the session is valid. If there is a username key in the $SESSION array, they should be logged in. Otherwise, if the key is empty, they should be logged out.

chriscitrix

Thanks for that info!