hi
i have a login page which is allowing only registered user .it is working too......
but when the second page URL is typed it is getting displayed i want the all the user to enter through the first page.......when the second page URL is typed it should not get displayed............

When login you store the values to SESSION variable. then

try this code

$user_id=$_SESSION;
if(!$user_id)
{
echo "<meta http-equiv=refresh content=0;url=index.php>";
exit;
}

this will help for you

Edited 3 Years Ago by happygeek: fixed formatting

sorry it is not working....i tried like this

login form

<form method="post" action="start1.php">
<body>
<form name="form1" method="post" action="checklogin.php">
Username<input name="myusername" type="text" id="myusername">
Password<input name="mypassword" type="password" id="mypassword">
<input type="submit" name="Submit" value="Login">
</form>

login code

<?php

$myusername=$_POST['myusername'];
$_session['name']=$myusername;
$mypassword=$_POST['mypassword'];

if ($myusername=="" && $mypassword=="")
{
print "<script language=\"JavaScript\">";
print "window.location = 'http://www.ho.com/aa/viewuser.php'";
print "</script>";
}
else
{
print "<script language=\"JavaScript\">";
print "window.location = 'http://www.ho.com/aa/start.php'";
print "</script>";
}
?>

view user page

<?php
   session_start();
  

$user_id="aletheia.loco"; 
if(!$user_id)
{
echo "<meta http-equiv=refresh content=0;url=start.php>";
exit;
}
?>

Heres my code....
Loginform.php

<table>
<tr><td></td><td>
<?php

if(isset($_SESSION['group'])){
echo "You are logged in as: <b>";
echo $_SESSION['username'];
}
else { ?>
<table>
<form name="loginform" method="post" action="login.php">
<tr><td>Username:</td><td><input type="text" name="username"></td><td>Password:</td><td><input type="password" name="password"></td><td></td><td><input type="submit" value="Submit"><input type="reset" value="Clear"></td></tr>
</form>
</table>
<?
}
?>

Code above first checks if the session is set in my case "group" and if it is simple message saying you are logged in as "username" (another seshion I have set up) and they do not see the login form. If it is not set, they will see a basic login form.

Then the actul loging in process and setting up the seshions

<?php

$host="localhost";
$username="username";
$password="password";
$db_name="dbname";
$tbl_name="tablename";

//Connect to the serve and select database
mysql_connect("$host", "$username", "$password") or die ("Cannot connect to server");
mysql_select_db("$db_name") or die ("cannot select database");


//Taking information from the form
$username=$_POST['username'];
$password=$_POST['password'];


//browsing the database for a match
$sql="SELECT user_username, user_password, user_groupid, company_id, user_id FROM $tbl_name WHERE user_username='$username' and user_password='$password'";
$result=mysql_query($sql);


//count table row
$count=mysql_num_rows($result);


//If correct username and password result should equal 1
if($count==1){
$Groupid=mysql_result($result,'', 'user_groupid');
$Companyid=mysql_result($result,'','company_id');
$Userid=mysql_result($result,'','user_id');
session_start();
$_SESSION['userid'] = $Userid;
$_SESSION['username'] = $username;
$_SESSION['group'] = $Groupid;
$_SESSION['usercompanyid'] = $Companyid;

basicly searches the database for a match with the login details, and if found starts the seshions.

For the pages you only want logged in users to see, simply rework what I showed you with the login form. Only allowing users with your seshion set, or with a specific value.

Not the safest of scripts, pretty sure someone will show you abetter one, but it will work.

This article has been dead for over six months. Start a new discussion instead.