I am currently working on a project where I have two pages: a login page and a home page. The home page is after the login page, whenever the user inputs his username and password correctly in the login page he will be directed to the home page. Here is the problem, if i input the url of the home page in the browser, it will open even if i did not go through the login page. How do i put restrictions in the home page? How do i put a message saying "you are restricted to access this page, please go back to login page" and then it redirects the user to the login page. If you know some website with tutorials or vidoes of tutorials please include them, it will be a great help. Thank you
This is what sessions are for. You need to validate/authenticate your user before allowing them access to the home page.
On both your login and home pages, you need to start a session with this being at the very top of both scripts:
session_start();
Now when your user logs in successfully, you need to add a session value:
$_SESSION['username'] = $username;
Now in your home page, you need to authenticate that session.
session_start();
if(!isset($_SESSION['username']) || empty($_SESSION['username'])) {
die(header("Location: login.php"));
}
The above code essentially says: IF user session not set OR user session is empty -> KILL THE SCRIPT & GO TO THE LOGIN Page
when your password and username is correct you must set a session.. in my case the session['logged_in'] = 1.
if(!$_SESSION['logged_in'] == '1'){
header('location:login.php');
}else{
//your home page..
}
you must have a session... depending on your need.. I've used the mysql procedural... it's deprecated though.. just giving you the idea. =) you can either use PDO or mysqli... btw, put that code in your home.php page.
Related
I have recently started web development on my WAMP server and was trying to build a simple login page using php and MySQL. What I simply did was on successful authentication I redirected the user to a new page using : header("Location: locahost/redirect.php"); in my php script.
redirect.php is a simple page which shows that you have successfully logged in.
What I want to ask is that I can simply go to redirect.php by typing localhost/redirect.php in my address bar. Is there any way in which only the user who have been authenticated can visit the page...just like it works on facebook and other websites, we cannot enter into someone's profile by just typing a URL in our address bar.
It is called URL Manipulation.
Validate the information like session in the profile page.
+
do NOT use header('Location: ...') without exit; after it. Always do exit after redirect.
header("Location: locahost/redirect.php");
exit;
Otherwise it'll load the page content and redirects. If somebody avoid the redirect he can see page contents there.
Well, you could add create a Cookie if a user was logged in successfully.
(and maybe set the value to an md5 hash of the date, username and password for example, and also write that to your database so you can check later of somebody "cheated" that Cookie or not)
Then on your redict.php you just have to look if that Cookie exists (and maybe check the value with your database?).
Also if you set your cookie expire value you can control if the user should be logged in only in that session or for example a full month.
I'm sorry I have not done that before, but maybe I could help you with that idea
You can make a PHP code inside the redirect.php page, and make a conditional statement:
If the user is logged in, keep him in the page.
If the user is not logged in, redirect him to the login page.
You have to add this function to redirect.php
function logged_in(){
return (isset($_SESSION['user_id'])) ? true :false;
}
Then add this
if (logged_in()===false){
header('Location: whateverpageyouwant.php');
exit();
}
You can create session on successfully authentication and check this on redirect.php page.
If you dont find session on this page then redirect user back to the login page.
In this way you can restrict direct access to the redirect.php page
Thanks
I just want to now the script for redirecting after logging in on my webpage and the script that i put on all the webpages on my website for redirecting to member's page if you are already logged in, like in Facebook if i refresh the page I am still connected.
There are a hundred ways of doing it, but you can start by setting a session value right after a successful login attempt, such as:
$_SESSION["loggedin"] = true;
Now in your member pages you can check if the user is authenticated like so:
if(!isset($_SESSION["loggedin"]))
{
//redirect user to login form
}
//Member page
In the example above, if the user is not logged in, you must redirect him to the login form.
Every place in your app where you desire to use $_SESSION, you must have session_start(); at the beginning of your script. If you don't have, it won't work.
i have a login page on my mobile website as index.html so the user has to either login , which will take them to the main site, or register, which will let them register, and then login and gain access to the main site.
bit like a mobile app login page.
how can i block this page being accessed again by the user once they are logged in? as they can simply press the back button on their phones to go back to this page.
ideally i want if they try and access this index.php page once they are logged in to be redirected back to the home.php page.
started work on site here - http://m.cutecupcak.es
Use a session or cookie.
You would set the session upon the login and check your index.php page if the session is set or not.
Basic useage of a session
<?php
session_start();
// Set the session
$_SESSION["loggedin"] = "yes";
// Check if the session exists or doesn't, in this case, it does.
isset($_SESSION['loggedin']){
echo "You're logged in";
}else{
echo "You're not logged in";
}
?>
To build upon Jacob's answer.
Set a cookie or session upon logon and upset it upon logout.
In the index page. Check that the user is already logged in, and redirect the to the members page if they are.
Also it is a good idea to use the header function and disable caching of the page so that it is checked against the server every time.
I am currently working on developing a simple web system, so an user first will be directed to a login page, then a processing page. If its account data provided is correct, it will be directed to the main page, so it can carry out some actions, at last it can logout.
So what I want to ask is: how can I prevent user to access the processing, main or logout page before they login, I mean, if I do not limit it, the login action is by some means useless. I am using wamp to develop the web system.
I have considered making use of the session variable, however, I have no idea how to check the value of the variable. If I start a session at the login page, so if I skip the login page but directed go to the main page, do I have those session variable present in the main page?
1) Add session_start(); at the top of the php page to initialize sessions.
2) Add if statement
if($_SESSION['logged_in'] == 1) { ..show page.. } else { show login page }
3) Create a login form which validates data, if data is correct then it adds $_SESSION['logged_in'] = 1; and redirects to profile page with logout button.
That's all :)!
I suggest that you check some tutorials, since it will give you some more information how to do that - http://www.intechgrity.com/create-login-admin-logout-page-in-php-w/ or any other link via google - "How to create login/logout functions with SESSIONS".
About your question, in each page you will put session_start(); at the start of the file, they will have all sessions you have specified for user.
EDIT:
Added few useful links -
http://www.php.net/manual/en/book.session.php
http://www.tizag.com/phpT/phpsessions.php/
http://www.w3schools.com/php/php_sessions.asp
well,this is what i will do. Check with an if statement if a session variable that holds, for example, the username from the login page exists, then if it doesn't show an error 404 page, or redirect the user to any error page...you might want to create that yourself anyway (so that it redirects them back to the login page).
<?
session_start();
if(!$_SESSION['username']){
header("Location: HTTP/1.1 404 File Not Found", 404);
exit;}
?>
You could also create a new file and place this code there so that you call it on everypage that will require a user to login before accessing it....
but try to access non login page for the first time then you will be redirected to login page then try to access the same non login page for the second time you'll have the access already even you didn't log-in.
hello everybody
i have been asked to design a general login page (and others) for a website. what i need is when any user simply clicks on the website's name; the user is directly taken to the login page. the site is designed so that one cannot enter without being logged in. any help will be appreciated.
thanks in advance
Not 100% sure what you are asking for here. From a quick read of the OP question, it appears you are wanting to direct people to the login page if they visit the main page and are not logged in.
To do this, all you need do is, in the main page, test whether the user is logged in. If they are not, then you redirect them to the login page.
<?php
// Within the INDEX.PHP file, at the very top
// - nothing can be infront of the opening tag for this PHP section.
session_start();
if( $_SESSION['loggedIn']!=true ){
header( 'Location: login.php' );
die();
}
This will redirect anyone viewing index.php to the login.php page, if they are not logged in. So long as, when they are logged in, you set $_SESSION['loggedIn'] to true (otherwise everyone, everytime, will be sent to the login page).