I like to know how to use a condition on php sessions
in this code if the user is not loged in page will redirect to login.php.
<?
session_start();
if(!session_is_registered(username)){
header("location: login.php");
}
?>
what i want is to redirect user to another php if the user is loged in. if not stay on the same page. like if user is not loged in keep the user in index page and if user is loged in redirect the user to user.php
for the login script im using a code fount in this site :http://www.phpeasystep.com/phptu/6.html
thanks in advance.
Set a variable in $_SESSION when you have logged in.
i.e. in login.php:
if ( $passWordCorrect ) {
session_start();
$_SESSION['loggedIn'] = true;
}
in index.php:
session_start();
if ( !empty( $_SESSION['loggedIn'] ) ) {
// User logged in; do magic.
} else {
header('Location: user.php');
}
<?
session_start();
if(!$_SESSION['username]){
header("location: login.php");
}
?>
And in login page you asign the variable like this:
<?php
session_start();
$_SESSION['username']='JohnDoe';
?>
The code is on the same page as the tutorial you linked to:
<?php
session_start();
if(!session_is_registered(myusername)){
header("location:main_login.php");
}
?>
But really you should be using the $_SESSION variable. On the login page:
<?php
session_start()
$_SESSION['username'] = $username;
?>
And then on the other pages:
<?php
session_start()
if (!isset($_SESSION['username'])) {
header('location: login.php')
}
?>
UPDATE
It is better to not use short tags (i.e. <?php instead of ?>)
Related
I have been using $_SESSION forever and never had an issue. Tonight things are not working when I'm trying to build a new app using the same session logic. I've been trying to debug this for hours looking online to no avail. The session.php keeps redirecting me to the login page. I feel stupid.
login.php
session_start();
$_SESSION['user_id'] = 'superUser';
header("Location: dashboard.php");
exit();
session.php
<?php
session_start();
if ( isset( $_SESSION['user_id'] ) ) {
// do something here
} else {
// Redirect them to the login page
header("Location: login.php");
exit();
}
?>
dahsboard.php
<?php
include_once 'session.php';
echo 'dashboard';
Suppose, I have a login page located at https://www.example.com/a/login.php. After successful login, user redirects to https://www.example.com/a/admin.php. I have another login page located at https://www.example.com/b/login.php and after successful login user redirects to https://www.example.com/b/admin.php. Now suppose, In a browser, a user successfully logs in to https://www.example.com/a/login.php. and redirects to admin.php page. If another user tries to access the page https://www.example.com/b/admin.php directly without login page in the same browser in another tab, then he easily bypasses the login and reaches the admin.php page. My sample code is :
login.php
<?php
session_start();
// if user successful login
$_SESSION['user_id'] = $users_id
// we redirect user to member page
if (isset($_SESSION['user_id']){
header("Location:admin.php");
}else{
header("Location:login.php");
}
?>
admin.php
<?php
session_start();
if (!isset($_SESSION['user_id']){
header("Location:login.php");
}
echo "welcom user : {$_SESSION['user_id']}";
?>
Is there any way so that if the second user tries to access https://www.example.com/b/admin.php, in another tab of same browser, then he will be redirect to https://www.example.com/b/login.php ?
Try setting another $_SESSION variable..
So like this:
<?php
session_start();
// if user successful login
$_SESSION['user_id'] = $users_id
$_SESSION['url'] = "a"; // a if https://www.example.com/a/login.php, b if https://www.example.com/b/login.php
// we redirect user to member page
if (isset($_SESSION['user_id']){
header("Location:admin.php");
}else{
header("Location:login.php");
}
?>
And at your https://www.example.com/a/admin.php , you should set it like this;
<?php
session_start();
if (!isset($_SESSION['user_id'])){
header("Location:login.php");
}
elseif (!isset($_SESSION['url'])){
header("Location:login.php");
}
elseif ($_SESSION['url'] != "a"){
header("Location:login.php");
}
echo "welcome user : {$_SESSION['user_id']}";
?>
And then at your https://www.example.com/b/admin.php , you should set it like this;
<?php
session_start();
if (!isset($_SESSION['user_id'])){
header("Location:login.php");
}
elseif (!isset($_SESSION['url'])){
header("Location:login.php");
}
elseif ($_SESSION['url'] != "b"){
header("Location:login.php");
}
echo "welcome user : {$_SESSION['user_id']}";
?>
Hope this helps you!
So, I have a registration and login system working perfectly using PHP and MySQL. My logout isn't working. I have my logout button linked to this script, when I click it the page refreshes but i'm still logged in. Any suggestions
<?php
session_start();
if (!isset($_SESSION['Name'])) {
header("Location: ../index.php");
} else if(isset($_SESSION['Name'])!="") {
header("Location: Home.php");
}
if (isset($_GET['Name'])) {
unset($_SESSION['Name']);
session_unset();
session_destroy();
header("Location: ../index.php");
exit;
}
?>
You have to correct the line
else if(isset($_SESSION['Name'])!="")
to
else if(isset($_SESSION['Name']) && $_SESSION['Name'] !="")
Otherwise it tries to compare a boolean with a string.
I want to clear the session variables when the tab is closed but I could not find any solutions so far. here user without login they will enter the url dashboard.php means it will redirect to index.php, this condition is working fine, now user successfully login means it will go to dashboard.php page after that user close this tab and again they will enter dashboard.php page means i want to redirect the page in index.php, how can do this
<?php
session_start();
date_default_timezone_set('Asia/Kolkata');
include('dbconfig.php');
$email=$_POST['email'];
$password=$_POST['password'];
$password=md5($password);
$sql=mysql_query("SELECT id,username,email,password,is_user_type FROM login WHERE email='$email' AND password='$password'");
list($id,$username,$email,$pwd,$is_user_type)=mysql_fetch_row($sql);
if($pwd==$password){
$_SESSION['username']=$username;
$_SESSION['email']=$email;
$_SESSION['is_user_type']=$is_user_type;
$_SESSION['current'] = basename($_SERVER['PHP_SELF']);
header("Location:dashboard.php");
}
else{
echo "error";
}
?>
dashboard.php
<?php
session_start();
if(!isset($_SESSION['email']) && empty($_SESSION['email'])) {
header("Location:index.php");
}
if (isset($_SESSION['current'])) {
if (basename($_SERVER['PHP_SELF']) != $_SESSION['current']) {
session_destroy();
}
}
?>
First, your xyz.php file set a unique variable in the $_SESSION array which will act as a mark that the user has been on this page
$_SESSION['previous'] = basename($_SERVER['PHP_SELF']);
Then, add the following code on all pages, before any output to check if the user is coming from xyz.php
if (isset($_SESSION['previous'])) {
if (basename($_SERVER['PHP_SELF']) != $_SESSION['previous']) {
session_destroy();
unset($_SESSION['previous']);
}
}
To remove particular session data , try this
if($_SESSION[sessionvaribale] )
{
unset($_SESSION[sessionvaribale]);
}
To destroy all session data - try session_destroy()
Its already discussed by Stackoverflow
Refer Session destroy when logout
I'm using the following code. Session is working on the same page; on the next page it is not showing the session variable value. Please let me know what I'm doing wrong?
<?php
session_start();
$_SESSION['emailaddress']=$emailAddress;
header("Location: $success "); /* Redirect browser */
exit;
?>
use session_start() in the page that you are redirecting to, as well ($success), before accessing the session values there
So that the "success.php" page looks something like:
<?
session_start();
print_r($_SESSION);
?>
<?php
if(some_condition is true)
{
session_regenerate_id();
session_start();
$_SESSION['emailaddress']=$emailAddress;
header("location: member-index.php");
exit();
}
on secure page:
<?php
//Start session
session_start();
//Check whether the session variable is present or not
if(!$_SESSION['emailAddress'])
{
header("location: access-denied.php");
exit();
}
?>
<p>This is secured page with session: <b><?php echo $_SESSION['emailAddress']; ?></b>