I want to make my php page like the following scenarios:
If I click the "my account", it will link me to login page if I'm
not logged into the site.
If I click the "my account" and I'm
already logged to the site, it will take me to the user account.
You can PHP Sessions for this purpose.Have a look at the below example
Login With Session
You must set a session variable
Login Page: login.php
e.g.
<?php
// Start the session
session_start();
?>
<!DOCTYPE html>
<html>
<body>
<?php
if(($_POST['username']=="myusername") && ($_POST['password']=="password"))
{
$_SESSION["mysession"] = $_POST['username'];
}
else {
?>
<form action="" method="post">
User Name:<br>
<input type="text" name="firstname" value="">
<br>
Password:<br>
<input type="password" name="password" value="">
<br><br>
<input type="submit" value="Submit">
</form>
<?php }
?>
My Account Page:
<?php
// Start the session
session_start();
if (isset($_SESSION['mysession'])){
echo $_SESSION['mysession'];
}
else
{
header("Location: http://example.com/login.php");
die();
}
?>
Related
Suppose, I have two pages login.php and index.php. In index.php I have two buttons Login and register.After clicking the buttons ,the user is directed to login.php.
If I want to implement a login functionality using PHP, something related to facebook such that the if a user has logged in before, then it bypasses the index page once the username and password are set and directly lands into the login page. Is $_SESSION a proper way of doing it.
For example:
<?php
session_start();
?><!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8" />
<title>Ayu</title>
</head>
<body>
<?php if (isset($_SESSION["user"])) { ?>
<h1>Hi <?php echo $_SESSION["user"]; ?></h1>
Logout
<?php } else { ?>
<h1>Login</h1>
<?php echo (isset($_GET["error"])) ? '<p>You idiot!</p>' : ""; ?>
<form action="new-user.php" method="post">
<div>
<label>
<strong>Username</strong>
<input type="text" name="username" />
</label>
</div>
<div>
<label>
<strong>Password</strong>
<input type="password" name="password" />
</label>
</div>
<input type="submit" value="Log In" />
</form>
<?php } ?>
</body>
</html>
In the login functionality, I am setting the $_SESSION values
<?php
session_start();
if (count($_POST))
if ($_POST["username"] == "ayu" && $_POST["password"] == "shee") {
$_SESSION["user"] = "Ayushi";
header("Location: ./");
} else {
unset($_SESSION["user"]);
header("Location: ./?error");
}
?>
Yes using and creating ($_SESSION) session is the correct way to check logged in users.
$_SESSION is a 'superglobal', or automatic global, variable. This
simply means that it is available in all scopes throughout a script.
There is no need to do global $variable; to access it within functions
or methods.
Check for session on very top of a page, if found redirect to index else to login page.
if(!isset($_SESSION['login_user'])){
header("location:login.php");
}
Refer this simple login example using my sql in php Here
EDIT
As requested by OP - if you want to hide a particular section in index.php page based on session value or say if a user is logged in or not that can be done like:
<?php
if(isset($_SESSION['login_user'])){
?>
<form>
<input type="submit" name="whatever" />
<!-- Other Fields -->
</form>
<?php
}
?>
Html Form in the above code will only be shown if a user is logged in else it will be hidden.
Yes, Session is best way to implement the same. You can use the below php code to solve your problem
<?php
session_start();
if (!empty($_POST))
if ($_POST["username"] == "ayu" && $_POST["password"] == "shee") {
$_SESSION["user"] = "Ayushi";
header("Location: ./");
} else {
if($_SESSION["user"]!=''){
unset($_SESSION["user"]);
}
header("Location: ./?error");
}else{
/* Write code for form */
}
?>
Helloo, I have a mutistep form functionality where
in "Step1" ( page 1 ) i have a form with three radioButton
And in step 2 (page2 ) I have another form.
So, My problem is that I want to restrict access to page2 via URL like if I type in Browser Addressbar : localhost/page1.php then it should load page1.php but when I write localhost/page2.php then it should restrict user to have access for page2 and I would like to be redirected to localhost/page1.php
so i tried this :
page1 :
<form class="type" action="page2.php" method="post">
<label style="text-align:center;"> Type de compte : </label>
</br> </br>
<input type="radio" name="typeCompte" value="enseig" required>
Enseignant </br>
<input type="radio" name="typeCompte" value="etud" required>
Etudiant </br>
<input type="radio" name="typeCompte" value="admin" required>
Adminstrateur </br>
</br></br>
<input type="submit" class="make" name="submit" value="Valider">
</form>
<?php
if(isset($_POST['submit']))
{
$_SESSION['log']=1;
}
?>
page 2 :
<?php
session_start();
if($_SESSION['log']!=1)
header("location: page1.php");//redirecting to first page
?>
Try putting session variable as bool like...
In Page1.php
<?php
session_start();
if($_POST['submit']){
$_SESSION['log'] = "true";
header("Location: page2.php");
}
?>
Then In Page2.php
if(!isset($_SESSION['log']) && $_SESSION['log'] == "false"){
//send them back
header("Location: page1.php");
}
else{
//your logic if any.
}
I think in Php session might be working on true false basis only..
to check for session you can use isset command
<?php session_start();
//if ! means not isset check if the session is active
if(!isset($_SESSION['log']))
header("location:page1.php");
?>
in your page where you assign the session for log you can use it to assign any value for the user that you might need later. however do some reading about .htaccess and put your limited access file in a different dir
on page 1
$t='1';
$_SESSION['log']=$t;
and very very important on the first line after <?php on page 1 you must have
session_start();
edit try this that i wrote only spend 5 min so it is not much but i tested it and it works make 2 file test1.php and test2.php
test1.php
<?php
session_start();
if(isset($_POST['set'])){
$log='1';
$_session['log']=$log;
include_once("test2.php");
exit;
}
if(isset($_POST['dontset'])){
include_once("test2.php");
}
?>
<html>
<body>
<form action="" method="post">
<input type="submit" name="set" value="set">
<input type="submit" name="dontset" value="dontset">
</form>
</body>
</html>
test2.php
<?php
session_start();
if (!isset($_session['log'])){
echo 'you are not authorised';
header("location:test1.php");
}
if (isset($_session['log'])){
echo 'you are authorised';
}
?>
<html>
<body>
<form action="" method="post">
<input type="submit" name="destroy" value="destroy">
</form>
</body>
</html>
<?php
if(isset($_POST['destroy'])){
session_destroy();
include_once("test2.php");
exit;
}
?>
it also shows you how to logout the user using sessions
At the top of every page I have a header (header.inc.php) that has a login field that I add with
include 'login.php';
The code there is:
<?php
include 'checkPassword.php';
if (isset($_POST['login'])) {
if (checkLogin($_POST['username'], $_POST['password'])) {
session_start();
$_SESSION['isLoggedIn'] = true;
header("Refresh:0");
exit();
} else {
echo '<h1>nope</h1>';
}
}
?>
<div id="login"> <!-- Login field with link to registration -->
<fieldset>
<form method="POST" action="login.php">
<Legend>Login</Legend>
Username <input type="text" name="username" <?php if (isset($username)) {echo "value=$username";} ?>>
Password <input type="password" name="password"/>
<input type="submit" name="login">
<div id="register">
Not a member? Click here to register!
</div>
</form>
</fieldset>
</div>
I've seen a few different methods for using header() to load a certain page, but the login appears at the top of every page, therefore I'd like a way for the PHP to refer to itself. However, all the methods I've found so far refer to 'login.php', instead of the page the overall page that contains the header and login.
try this one
<?php
include 'checkPassword.php';
if (isset($_POST['login'])) {
if (checkLogin($_POST['username'], $_POST['password'])) {
session_start();
$_SESSION['isLoggedIn'] = true;
header("Refresh:0");
exit();
} else {
echo '<h1>nope</h1>';
}
}
?>
It refreshes your current page, and if you need to redirect it to another page, use following:
header("Refresh:0; url=page2.php");
echo meta tag like this: URL is the one where the page should be redirected to after refresh.
echo "<meta http-equiv=\"refresh\" content=\"0;URL=upload.php\">";
I want to allow the user to input some text, then use that text as their session username and then echo a welcome "username" at the top of each page, and then a logout button which will end the session and allow for the user to input a new username
Currently the code will allow the user to input a name, and then a Welcome will appear for that name, but it will be destroyed if the user changes pages, and the textfield to input a name never disappears either - This is the master page in codeigniter
<form action="" method="POST">
<input type="text" name="input_value">
<input type="submit" name ='in' value="LogIn">
</form>
<?php
if (session_status() == PHP_SESSION_NONE) {
session_start();
$_SESSION['userses'] = '';
}
if(session_status() == PHP_SESSION_ACTIVE && $_SESSION['userses']=='' ){
$_SESSION['userses'] = $_POST['input_value'];
echo "Welcome, ".$_SESSION['userses']."!";
}
else{
echo "Welcome, ".$_SESSION['userses']."!";
}
?>
<form action="<?php session_destroy(); ?>" method="POST">
<input type="submit" name='out' value="LogOff">
</form>
You have to change
if(session_status() == PHP_SESSION_ACTIVE && $_SESSION['userses']=='' )
to
if(isset($_POST['in']) ){
$_SESSION['userses'] = $_POST['input_value'];
}
so when he submits username, this if will catch the post request and then add input to your username
you don't need to check session_status
edit:
and as the comments said, put session_start(); at the beginning of every page
example of code :
<?php session_start();
if(isset($_SESSION['userses'])) echo "Welcome".$_SESSION['userses'];
?>
<form action="" method="POST">
<input type="text" name="input_value">
<input type="submit" name ='in' value="LogIn">
</form>
<?php
if(isset($_POST['in']) ){
$_SESSION['userses'] = $_POST['input_value'];
}
?>
<form action="<?php session_destroy(); ?>" method="POST">
<input type="submit" name='out' value="LogOff">
</form>
You are using codeigniter, why not use session library :
https://www.codeigniter.com/user_guide/libraries/sessions.html
I'm developing a simple member management system with php, and I've met a problem:
The user logs in and it is redirected to a main page and the user ID is saved in the session; there are some links to other pages in the main page, after the user clicks and is trying to go back to main by pressing browser "Back" button, sometimes the user ID in the session is lost.
I've checked the session save path, a new session file is created when I click "Back" button, so I assume the session_start() creates a new session for it; but I still don't know why, it's a random case...
Is there any way to solve it?
main.php:
<?php session_start(); ?>
<?php
$echo_string = '
<body>
a
b
</body>';
if (!empty($_SESSION['user']))
echo $echo_string;
else
header("Location: login.php");
?>
login.php:
<?php
session_start();
if (isset($_POST['userLogin'])) {
$_SESSION['user'] = $_POST['userLogin'];
// check userLogin in db
...
}
header("Location: main.php");
?>
<form novalidate="" method="post" action="login.php">
<label class="hidden-label" for="Username">Username</label>
<input id="Username" name="userLogin" type="text" placeholder="Username" value="" spellcheck="false" class="">
<label class="hidden-label" for="Passwd">Password</label>
<input id="Passwd" name="userPassword" type="password" placeholder="Password" class="">
<input id="signIn" name="signIn" class="rc-button rc-button-submit" type="submit" value="Log in">
</form>
a.php:
<?php session_start(); ?>
<!DOCTYPE html>
<html lang="en">
<head>...</head>
<?php
$echo_string = '...'; // a html format string
if (!empty($_SESSION['user']))
echo $echo_string;
else
header("Location: login.php");
?>
</html>
b.php is almost same as a.php
Thanks.
BR,
Sean
session_start()-docs:
"session_start() creates a session or resumes the current one based on a session identifier passed via a GET or POST request, or passed via a cookie."
so you see, that when a session exists it doesnt create a new, that means when you set something like $_SESSION['logged_in'] = true; you should check before if $_SESSION is already filled with your infos