Open link with user credentials

phprooky

Hi Everyone,
I have 3 php pages that I use to allow a user to login and be able to enter newsletters or messages. The 3rd. one is the one where I have a link to open the php page where the user insert the newsletters, but I don't know how to use the users credentials to open that page using a link.
These are my 3 files:
1) Where users login:

<table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
  <tr>
  <form name="form1" method="post" action="checklogin.php">
  <td>
  <table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
  <tr>
  <td colspan="3"><strong>Member Login </strong></td>
  </tr>
  <tr>
  <td width="69">Username</td>
  <td width="4">:</td>
  <td width="202"><input name="myusername" type="text" id="myusername"></td>
  </tr>
  <tr>
  <td>Password</td>
  <td>:</td>
  <td><input name="mypassword" type="password" id="mypassword"></td>
  </tr>
  <tr>
  <td>&nbsp;</td>
  <td>&nbsp;</td>
  <td><input type="submit" name="Submit" value="Login"></td>
  </tr>
  </table>
  </td>
  </form>

2) Here I check the login

$host=""; // Host name 
$username=""; // Mysql username 
$password=""; // Mysql password 
$db_name=""; // Database name 
$tbl_name=""; // Table name 
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");
// username and password sent from form 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword']; 
// To protect MySQL injection
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
$_SESSION['myusername'] = TRUE;
header("location:login_success.php");
}
else
{
	$_SESSION['mypassword'] = FALSE;
	echo "Wrong Username or Password";
}

3) In this other php page is where I have the link to open the php page to insert the newsletters or messages.

session_start();

<table width="441" border="1" cellspacing="1">

                <td width="100"><a href="upload_news.php">add news</a></td>
                <td width="140">edit / delete news</td>
                <td width="128">go to last news</td>
                <td width="43"><a href="logout.php">logout</a></td>
                </tr><tr>
                  <td>add announce</td>
                  <td>edit / delete announce</td>
                  <td>go to last announce</td>
                  <td>&nbsp;</td>
                </tr>
              </table>

If (!isset($_SESSION['myusername']) && !isset($_SESSION['mypassword'])==TRUE) {
echo "Login Successful! Please choose one of the options above.";
}else{
header("location:main_login.php");
}

The php I want to open using the user credentials is upload_news.php.

halojoy

I suggest you use only one SESSION variable to control login/logout:
$_SESSION['myusername']
.. and forget about the other (mypassword)

if($count==1){

// Register $myusername, $mypassword and redirect to file "login_success.php"
$_SESSION['myusername'] = TRUE; //same as login this person
header("location:login_success.php");
exit(); //always make exit(); after one header-location   
}
else
{
    if(isset($_SESSION['myusername'])){
        unset($_SESSION['myusername']); //same as logout this person
    }
    echo "Not a Valid Login";
}

This was the login part.
You have very good code. And you are close to soon make it all work 🙂

You will get other helping posts to tell you
how to best make a good checking for THE LOGGED IN USER
and so for who will see your menu here:

<table width="441" border="1" cellspacing="1">

                <td width="100"><a href="upload_news.php">add news</a></td>
                <td width="140">edit / delete news</td>
                <td width="128">go to last news</td>
                <td width="43"><a href="logout.php">logout</a></td>
                </tr><tr>
                  <td>add announce</td>
                  <td>edit / delete announce</td>
                  <td>go to last announce</td>
                  <td>&nbsp;</td>
                </tr>
              </table>

phprooky

Hi halojoy,
Can you please help and give me an example on how to pass the user information if I click on the link?

bradgrafelman

You shouldn't need to 'pass' anything; if the two scripts are on the same domain, then simply set the $_SESSION variable(s) that the 'upload_news.php' script checks to ensure a user is logged in (or, as halojoy suggests, modify one of the scripts so that both use the same variable(s)).

phprooky

Hi bradgrafelman,
I made the changes suggested by halojoy, but where I'm confuse is: When I type the whole address of my login_success.php page I am able to go there without typing the user credentials. How can I block this part.