shadowline
PHP Sessions and Logins, Protecting the Family Jewels...
Title : PHP Sessions and Logins, Protecting the Family Jewels...
Author : Jeremy Tymes.

Alright, so you have a section on your website that you want to keep private but you don't feel like messing around with htaccess to keep people from getting in without knowing, well here's is a simple login system using the power of PHP sessions.

Requirements
General PHP Knowledge is a plus, and you will need PHP on your server for sure. Optional is a little knowledge of Javascript for focusing the text box.

Functions Used
session_start() -- Used to start sessions
session_register(variable) -- Register one or more global variables with the current session
session_id() -- Set/Get the session ID
session_unset() -- Free all session variables
session_destroy() -- Destroys all data registered to a session

The good stuff
Ok, now that we have everything setup, let's get started.

First, we will need to create a page with a form on it, so the person can login. Because I'm a big fan of using one page for my forms (viewing and processing), we will use one page as a form (not too hard).

<?php
//if they haven't pressed the submit button, then show the form
if (!isset($_POST['submit']))
{
?>

<html>
<head>
<title>My Login Form</title>
</head>
<body>
<form action="<?$_SERVER['PHP_SELF']?>" method="post">
<div>
Username: <input type="text" name="username" /><br />
Password: <input type="password" name="password" /><br />
<input type="submit" name="submit" value="Login" /><br />
</div>
</form>
</body>
</html>

<?php
}
else //otherwise, let's process this stuff
{
if($_POST['username'] == "user" && $_POST['password'] == "mypass") //if they got it right, let's go on
{
session_start();
session_register("mysessionvariable"); //set a variable for use later
$id = session_id(); //let's grab the session ID for those who don't have cookies
$url = "Location: page2.php?sid=" . $id;
header($url);
}
else //they got something wrong and we should tell them
{
?>

<html>
<head>
<title>My Login Form</title>
</head>
<body>
<span style="color:#ff0000;">Password/Username Is Invalid</span><br />
<form action="<?$PHP_SELF?>" method="post">
<div>
Username: <input type="text" name="username" /><br />
Password: <input type="password" name="password" /><br />
<input type="submit" name="submit" value="Login" /><br />
</div>
</form>
</body>
</html>

<?php
}
}
?>

Alright, now there's a lot of stuff there, but it's really quite simple.
If they haven't seen the form, show it to them.
Check if they have the right username and password.
If it was right, continue to next page with the session ID attached.
If not, show them an error message.

That's pretty much it on this page and it wasn't that difficult or complicated now was it?

Moving on to page 2

On this page and any other page that you would like to include with the session data, you need to check to see if the session exists, and if it does, then allow the code to continue, otherwise, bring them back to the login page.

<?php
session_start ();
if (! session_is_registered ( "mysessionvariable" ) ) //if your variable isn't there, then the session must not be
{
session_unset (); //so lets destroy whatever session there was and bring them to login page
session_destroy ();
$url = "Location: page1.php";
header ( $url );
}
else //otherwise, they can see the page
{
?>

Hi, you are in the session...

<?php
}
?>

This is pretty staright forward. For every page that you want to contain session data, just put the top part into it or put the top part into a file that you can include and there ya go .... but what about logging out of the site? Yet another simple step...

<?php
//let's completely teminate the session and bring them to login page
session_start(); //yes, you still have to start the session
session_unset();
session_destroy();
$url = "Location: page1.php";
header ($url);
?>

And I would name that logout.php and link to it on all the pages that you have session data on....

I hope that this tutorial was easy enough for you to understand and that it will be informational enough for you to be able to use it in real scripts.
PHP Sessions and Logins, Protecting the Family Jewels...
shadow

Advertise in the banner along the top, Click here!

Valid XHTML 1.0 Transitional Valid CSS! Text Link Ads
shadow
shadow