hi all,
i have a login page and a couple of other php pages. what i want is that nobody should be able to view my other php pages without logging in. i have tried with sessions but sadly session is not working with me. can anybody tell me of other ways to do it?
thanks in advance

Recommended Answers

All 25 Replies

hi all,
i have a login page and a couple of other php pages. what i want is that nobody should be able to view my other php pages without logging in. i have tried with sessions but sadly session is not working with me. can anybody tell me of other ways to do it?
thanks in advance

Authentication is the best solution. So write one controller and store user details and log-in details. Check these details for every request.

Authentication is the best solution. So write one controller and store user details and log-in details. Check these details for every request.

can you elaborate it a little bit

please post your code with the session thing so we can edit it to make it work.

what you could do is setup your site so it asks for BASIC authentication as soon as you visit the site, and set a flag (marker) in a mysql table to show that they are logged in so the user doesnt get asked for a login everytime they visit a page.

hope this helps a bit

please post your code with the session thing so we can edit it to make it work.

login.php

<?php
session_start();
ob_start();
?>
<?php
mysql_connect("IP addr","username","pssword") or die(mysql_error());



mysql_select_db("database") or die(mysql_error());

//if login form is submitted

if(isset($_POST['submit'])) { //if form is submitted

//check whether all the fields are filled or not

if(!$_POST['username'] | !$_POST['pass']) {
die('You did not fill all the fields.');
}

//verifies against database
$_POST['username']=md5($_POST['username']);
if(!get_magic_quotes_gpc()) {
$_POST['username']=addslashes($_POST['username']);
}



$check=mysql_query("SELECT * FROM users WHERE username='".$_POST['username']."'") or die(mysql_error());
//gives error if user doesnot exist
//{

$check2=mysql_num_rows($check);
if($check2==0) {
die('User does not exist');
}
while($info=mysql_fetch_array($check))
{


$_POST['pass']=stripslashes($_POST['pass']);


$info['password']=stripslashes($info['password']);
$_POST['pass']=md5($_POST['pass']);


//gives error if password is wrong

if($_POST['pass'] !=$info['password']) {
die('incorrect password,please try again.');
}
else
//if login is ok then direct them to options page
{
$_SESSION['views'] = 1;	
header("Location:option1.php");	
ob_flush();

?>
<!META HTTP-EQUIV="Refresh" CONTENT="0; URL=option1.php">
<?php

}
}
}
else
{
//if they are not logged in

?>

<form action="<?PHP echo $_SERVER['PHP_SELF']?>" method="post">
<table border="0">
<tr><td>Username:</td><td>
<input type="text" name="username" maxlength="50">
</td></tr>
<tr><td>Password:</td><td>
<input type="password" name="pass" maxlength="50">
</td></tr>
<tr><td colspan="2" align="right">
<input type="submit" name="submit" value="Login">
</td></tr>
</table>
</form>
<?php
}
?>

option1.php

<?php 
session_start();
ob_start();
if(isset($_SESSION['views']))
$_SESSION['views']=$_SESSION['views']+1;
else
{
//header("Location:message.php"); 
echo "session not set"."</br>";	
print_r($_SESSION);
}
?>

evrytime i am getting session not set

Try out a simple example.

<?php
session_start();
$_SESSION['name']="something";
echo $_SESSION['name'];
?>

Tellme if that works.

Try out a simple example.

<?php
session_start();
$_SESSION['name']="something";
echo $_SESSION['name'];
?>

Tellme if that works.

it works. i have checked earlier,it shows that in the same page it works but in different pages it doesn't work.

How bout another simple example.

<?php //page1.php
session_start();
$_SESSION['name']="something";
echo $_SESSION['name'];
header("location: page2.php");
?>
<?php //page2.php
session_start();
echo $_SESSION['name'];
?>

Does this work ?

How bout another simple example.

<?php //page1.php
session_start();
$_SESSION['name']="something";
echo $_SESSION['name'];
header("location: page2.php");
?>
<?php //page2.php
session_start();
echo $_SESSION['name'];
?>

Does this work ?

for page2.php my code is

<?php if(isset($_SESSION['name'])) echo $_SESSION['name']; esle echo "session not set"; ?> also i added ob_start() and ob_flush() in the page1.php code. but sadly the output i get is session not set :'( :'([code=php]
<?php
if(isset($_SESSION))
echo $_SESSION;
esle
echo "session not set";
?>
also i added ob_start() and ob_flush() in the page1.php code. but sadly the output i get is
session not set :'( :'(

huh! Check this link. Maybe you will find your answer in that thread !

can it be done with some other way then sessions?

You can do it with cookies, i guess. I haven't used cookies much, so I am not much aware of its functions.
Can you show us whats in your php.ini ? (in [session] part)

[Session]
; Handler used to store/retrieve data.
session.save_handler = files

; Argument passed to save_handler. In the case of files, this is the path
; where data files are stored. Note: Windows users have to change this
; variable in order to use PHP's session functions.
session.save_path = /var/lib/php/session

; Whether to use cookies.
session.use_cookies = 1

; This option enables administrators to make their users invulnerable to
; attacks which involve passing session ids in URLs; defaults to 0.
; session.use_only_cookies = 1

; Name of the session (used as cookie name).
session.name = PHPSESSID

; Initialize session on request startup.
session.auto_start = 0

; Lifetime in seconds of cookie or, if 0, until browser is restarted.
session.cookie_lifetime = 0

; The path for which the cookie is valid.
session.cookie_path = /

; The domain for which the cookie is valid.
session.cookie_domain =

; Handler used to serialize data. php is the standard serializer of PHP.
session.serialize_handler = php
; Define the probability that the 'garbage collection' process is started
; on every session initialization.
; The probability is calculated by using gc_probability/gc_divisor,
; e.g. 1/100 means there is a 1% chance that the GC process starts
; on each request.

session.gc_probability = 1
session.gc_divisor = 1000

; After this number of seconds, stored data will be seen as 'garbage' and
; cleaned up by the garbage collection process.
session.gc_maxlifetime = 1440

; PHP 4.2 and less have an undocumented feature/bug that allows you to
; to initialize a session variable in the global scope, albeit register_globals
; is disabled. PHP 4.3 and later will warn you, if this feature is used.
; You can disable the feature and the warning separately. At this time,
; the warning is only displayed, if bug_compat_42 is enabled.

session.bug_compat_42 = 0
session.bug_compat_warn = 1

; Check HTTP Referer to invalidate externally stored URLs containing ids.
; HTTP_REFERER has to contain this substring for the session to be
; considered as valid.
session.referer_check =

; How many bytes to read from the file.
session.entropy_length = 0

; Specified here to create the session id.
session.entropy_file =

;session.entropy_length = 16
;session.entropy_file = /dev/urandom

; Set to {nocache,private,public,} to determine HTTP caching aspects.
; or leave this empty to avoid sending anti-caching headers.
session.cache_limiter = nocache

; Document expires after n minutes.
session.cache_expire = 180

; trans sid support is disabled by default.
; Use of trans sid may risk your users security.
; Use this option with caution.
; - User may send URL contains active session ID
; to other person via. email/irc/etc.
; - URL that contains active session ID may be stored
; in publically accessible computer.
; - User may access your site with the same session ID
; always using URL stored in browser's history or bookmarks.
session.use_trans_sid = 0

; The URL rewriter will look for URLs in a defined set of HTML tags.
; form/fieldset are special; if you include them here, the rewriter will
; add a hidden <input> field with the info which is otherwise appended
; to URLs. If you want XHTML conformity, remove the form entry.
; Note that all valid entries require a "=", even if no value follows.
url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"


anything fishy?????????

if(isset($_SESSION))
echo $_SESSION;
esle
echo "session not set";

you might want to change esle to 'else' :)

What browser are you using? Is it set to accept cookies?
You can check if the sesssioncookie is written by looking in your cookies folder.
IE7 has a special option to 'always accept session cookies' this option is standard disabled, so enable it.
IE7 also has a bug in it, that it won't accept cookies from domains with some special chars in the name ( even underscores ).

Could you check your php.ini for your default-charset? I've heard from some people that UTF-8 might place some invisible Char's infront of sesssion_start(), so it won't work.

Niek

Also check if /var/lib/php/session exists. The rest seems to be ok!

Also check if /var/lib/php/session exists. The rest seems to be ok!

in /var/lib php dir doesn't exist..

/var/lib/php/session Create a folder called php and under that, create session. Then try !

/var/lib/php/session Create a folder called php and under that, create session. Then try !

i have tried that but not much success. earlier i had tried to give my own path, but still it was the same

Again, check the file you are changing. Because, if you change the values of php.ini, it *has* to change. If it doesn't, then you are changing the wrong file.

but now i have created the dir as specified in my php.ini

Please tell us what browser you are using to view the site and if it accepts cookies

Niek

[edit] Off-topic: whoohoo 700 posts, I'm a master poster! [/edit]

restart your apache and try again ! If that doesn't work, then please check what niek_e has posted.

i got it. After creating the directory i gave 0777 permissions to session dir. now everything is working fine.
thankyou guys

Great!

@niek_e congrats :)

i got it. After creating the directory i gave 0777 permissions to session dir. now everything is working fine.
thankyou guys

Oh duh... I've should have seen that coming

@Naveen: thanks!

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.