I have 3 pages have html code similar to just example
<!DOCTYPE html>
<html>
<body>
<div>
html code
</div>
<div>
html code
</div>
<div>
html code
</div>
</body>
</html>
and have 2 php files login.php and logout.php , is it possible to strict access to the 3 pages only to login users
First, Put in header page this session_start();, Ofcourse the header page is included||required in every php page you have.
Second, When the user Login using your Login page, Put the sessions if his data are valid
<?php
if($user && password_verify($password, $user['password'])){
$_SESSION['id'] = $user['id'];
}
?>
In this one we used his id inside session, Now all you have to do is checking if this session is active, If it is not active, You redirect the visitor using header() to the index||404 page like this
<?php
if(!isset($_SESSION['id'])){
die(header("location: 404.php"));
}
?>
and remove the ! for signup & login pages, Since you don't want a logged in user to access the login or register page again.
Third, For logout page, Just put
<?php
session_start();
session_unset();
session_destroy();
header("location: index.php");
exit();
?>
inside it
This answer assumes that you have 3 php files and not html. You need to save those files as .php if you want to manage this using PHP.
Yes you can manage that using a variable or session.
You can redirect the user if they are not logged in. Or, you can show the part of the text and link only if they are logged in.
<?php
if($logged_in) {
?>
Only for logged in users
<?php
}
?>
You need to use session to do it in PHP, it will be like this.
$_SESSION(id)
You can see some tutorial in google.
Refer the below link http://www.makeitsimple.co.in/PHP_loginexmp.php
Related
I'm starting a session and redirect after successful login to a home.php
now my question is how can i let access the users more pages. i thought about:
<?php
session_start();
if(isset($_SESSION['user_session'])!="")
{
header("Location: home.php");
header("Location: home2.php")
}
?>
this page should only useable to the users. First the user should be redirected to home.php and then the user should get access to another page like home2.php but a non-user shouldn't get access to this page.
When the user is at home.php i thought about a simple <a></a> redirect with html to home2.php
Create a session and make an <a></a> Tag that only registered useres can see.
You have to session_start() in every site and Theo redirect if the User is already logged in
how do i create the below php that the user stays on the index page after logging in ? It seems it will direct the user to the logonprocess.php after clicking the submit button.
I'm also trying to find out how will the logout button appear after the user login successfully. The logout will also need to work the same as login which will stay on the same page.
I have read that ajax was one way but i have not yet read or understand ajax. I'm still trying to learn on the php portion first.
Index.php
<?php
ini_set("session.save_path", "sessionData");
session_start();
?>
<?php if (!isset($_SESSION['uName'])) { ?>
<form method="post" action="logonProcess.php">
<div>Username <input type="text" name="userName" placeholder="Username"></div>
<div>Password <input type="password" name="pwd" placeholder="Password"></div>
<div><input type="submit" value="Logon"></div>
</form>
<?php } else { }?>
<?php if (isset($_SESSION['uName'])) {
$username = $_SESSION['uName'];
echo "<p>Welcome $username</p>\n";
?>
Logout
<?php } else { }?>
Logout.php
<?php
session_start();
if(session_destroy()) // Destroying All Sessions
{
header("Location: index.php"); // Redirecting To Home Page
}
?>
At the end of your logonProcess.php file:
header('Location: index.php');
If you login from different pages use the $_SERVER['HTTP_REFERER'] variable.
header('Location: ' . $_SERVER['HTTP_REFERER']);
If you want to redirect somewhere after a certain script has been executed you could ofcourse always use PHP's header() function which allows you to specify a Location which would look like this
header('Location: index.php');
After that your part two of the question is "How do I remove the logout button when the user login successfully?" I think with login you must mean logout since you'll want to be able to actually logout once logged in.
To do this you check wether or not a $_SESSION
A $_SESSION in PHP is simply an array containing values that are remembered across page reloads so as you can imagine - it is a very good place to store your user ID.
The reason that usually just an ID is saved is so that while a hacker might still be able to compromise your users' cookie he / she will not be able to see any data he / she shouldn't have like a password, email address, phone number etcetera so all damage done will be on the website itself, not the users personal life ^.^
When you create a $_SESSION in PHP you simply set it in your logonProces.php file after all the authentication checks for the user passed.
This would look something like this (semi-psuedo code)
if ($user_verified_in_db) {
$_SESSION['user'] = $user['ID']; //note - non of this will probably exist yet in your script, DONT use it its an EXAMPLE.
header('Location: index.php');
}
The above snippet should be placed somewhere appropiate in the procesLogon.php file so that the session will be set.
Now in HTML you'll have a link somehwere right?
Logout
Imagine that is your link being displayed somewhere on the page, now what you want to do is check if the $_SESSION['user'] is set using isset().
Your code would look something like this:
<?php if (isset($_SESSION['user'])) { ?>
Logout
<?php } ?>
this will check if the session is set or not, if it isn't set it won't display the link, if it is it will since you'll need an option to logout.
NOTE this is psuedo code - you still have to build this construction using your variables and your login script, my tiny piece of code doesn't do anything for you at that except show you an example of how this is commonly handled.
Good luck!
EDIT (5-11-2015)
As per the comment of the OP,
If you want to hide items in general, like the logout link example above, all you have to do is wrap the divs you want to hide in the if statement.
e.g.
<?php if (isset($_SESSION['user'])) { ?>
<!-- this can be any HTML element showing stuff for logged in users. -->
<?php } ?>
when you wrap elements within this if statement - if you check the expression: isset($_SESSION['user']) - it will evaluate to true if $_SESSION['user'] is set which you are in your login script.
You can keep reusing this check whenever and wherever you need to show / hide elements from the user.
if you would put a ! (exclamation mark) in front of the expression so that it turns out like this: !isset($_SESSION['user']) you reverse the process so if you have the following statement
<?php if (isset($_SESSION['user'])) { ?>
<!-- everything here is shown when user is logged in -->
<?php } else { ?>
<!-- everything here is shown when user is logged out -->
} ?>
this is the positive if check checking if your user is logged in or not, you can decide to put in the else for what to do when the user isn't logged in but you can also modify the expression slightly to reverse or invert the situation e.g.
<?php if (!isset($_SESSION['user'])) { ?>
<!-- everything here is shown when user is logged out -->
<?php } else { ?>
<!-- everything here is shown when user is logged in -->
} ?>
for instance. This will allow you to gain control over what users see on your webpages, use them whenever you need to show or hide something.
Also note that the else clause is ofcourse, optional and doesn't have to be included, you can use the ! example without the else as well as the one without the exclamation mark.
You can put this code end of php file logonprocess.php too.
echo "<script>window.location='index.php'</script>"
You will have to add the echo "<script>window.location=\'index.php\'</script>" to an if/else statement within your logonProcess.php so that once they "submit" the information it processes and redirects to index.php.
I have a code to log in to a database system and do some simple tasks like view user details, edit user details kind of tasks. After logging in, a user should have the ability to log out. My question arise here. I need to redirect to a page which display some text(logoff.php page) and then redirect to the index page. But once I click the logout link it directly goes to the index page which is the login page.
a user is redirected to the log off page from a page and my logoff.php code is this
<?php
session_start();
if (isset($_SESSION["uname"])) {
unset($_SESSION["uname"]);
}
header("Location:../index.php");
exit;
?>
<html>
<head>
<title>Logged Off</title>
</head>
<body>
<br><br>
<div align="">
<h2>You are now logged off</h2>
home</div>
</body>
</html>
It should show the text if a user is redirected to here. But I am sure that it comes to this page since it shows the text inside html tags when I remove the php part of the code. I think the problem is with $_SESSIONcode segment. Doesn't it authenticate the user? Is that the reason why I am redirected to the index page with out listing the content of the logoff page?
My index page which is used for logging is this.
<?php
session_start();
$mess="";
if(isset($_POST["submit"])&&$_POST["submit"]=="Sign in") {
//conncet to the database
require_once("./dbcon/user.php");
include("./dbcon/dbcon.php"); //database connection function
$user=$_POST["uname"];
$password=md5($_POST["password"]);
//retriving data from db
$query = "SELECT user_name FROM user_info WHERE user_name = '$user' AND password ='$password'";
$result=mysql_query($query);
while($row=mysql_fetch_array($result)) {
$name=$row["0"];
}
if(mysql_affected_rows()==0) {
$mess = "<font color=purple size=2><b>Wrong username or password.<br>Please try again.</b></font>";
} else {
$_SESSION["uname"]=$name;
header("Location:./user/user1.php");
exit;
}
}
?>
<html>
<!-- html form -->
</html>
In this case do I need to include index.php page into the logoff.php page because SESSION variable is created in the index.php page? Is that the reason or any other?
Thanks!
The answer is in that line, and is a feature, not a bug :
header("Location:../index.php");
This does the redirection server side so that your user never gets to see the page body as he only receives this header, telling the browser to go the that URL.
instead of doing this, you should either use a javascript redirect function with setTimeout() , or use the meta-refresh which is really indicated in this case I guess :
<meta http-equiv="refresh" content="10;URL=yourindexpage.php" />
Note the 10 in the line here above, it indicates the delay in seconds before the redirection occurs.
You can do like this
<?php
session_start();
if (isset($_SESSION["uname"])) {
unset($_SESSION["uname"]);
}
?>
<html>
<head>
<title>Logged Off</title>
</head>
<body>
<br><br>
<div align="">
<h2>You are now logged off</h2>
home</div>
</body>
</html>
i have a html login form on my site that submits to login.php.
within login.php is a header redirect with a session message which echo's out onto the next page home.php.
what i am trying to do is make it so that this message only runs once and doesnt show again until the user logs in again. at the moment what is happening is the message is showing on each page refresh.
can someone please show me what i can do to sort this, thanks.
code in login.php:
<?php
if (logged_in())
{
$_SESSION['login_message']="<div class=\"login-overlay\">
<h1>Login You In Securely</h1>
</div>";
header("Location:home.php");
}
?>
code in home.php:
<?php session_start();
if(isset($_SESSION['login_message'] ))
echo $_SESSION['login_message'];
unset($_SESSION['loginframe2']) ;
?>
Simply unset the login message once it has been displayed.
if(isset($_SESSION['login_message'] )) {
echo $_SESSION['login_message'];
unset($_SESSION['login_message']);
}
Now if a user has seen the message, it won't be in the session anymore. And once he logs in again, login.php will set the variable again.
Just use and track a variable like $_SESSION['message_displayed']. Set it to true when you first display the message, and only display it if !array_key_exists('message_displayed', $_SESSION)
My session don't seem to be saved. I have a log in page that saves the users id as a session. But when I leave the page and click on another page the sessions are not saved.
Here are my code. I have a main page called index.php that look like this:
<?php
if(!isset($_SESSION)){
session_start();
}
?>
<!DOCTYPE html> <HTML> <HEAD> </HEAD> <BODY>
<?php
$page_content = 'startpage.php';
if (isset($_GET['link']) && !empty($_GET['link']) ) {
$page_content = $_GET['link'];
}
include "$page_content";
include 'menu.php';
include 'footer.php';
?>
To login I use this page called admin.php. Within this page I have loggin code that works fine.
If the user has written right username and password then this happens:
$_SESSION['user_id'] = $user_id;
print_r($_SESSION);
The code above shows the current sessions variables. But as soon one click on another page the variables are left empty.
At the bottom of index.php are the footer.php page included, and it looks like this:
<?php
if(!isset($_SESSION['user_id']) ){
echo "The sessions are not initiated. ";
}
if (empty ($_SESSION['user_id']) ) {
echo "The sessions are empty. ";
}
echo "<a href='index.php?link=admin.php'>Administration</a>";
?>
In this footer I have put two if questions to check the sessions.
After I have succeded to logg in and clicked on an another page the if questions detect that my session are empty and not initiated.
How should I get the sessions to work?
Perhaps I should add that I use a rent database that use MySql.
Before you can use $_SESSION you should always start it with:
session_start()
Also, session_start() must always be called before you output anything on the page, otherwise it will not work properly