can any body help me how to create a site with session on when the user login and without session when the guest visit the front page?
please pass me the sample code..

consider these following are my codes:
this is purely secured only authorized people can login.
now i want guests to visit only link_1.php and for link_2.php they need to be authorized or sign up.

index.php

<?
// Login & Session example by sde
// index.php

// connect to database
include("inc/connect.php");

// include auth and nav
include("inc/auth.php");

// begin content
include("inc/nav.php");

echo "This is my home page.";

// close mysql connection
mysql_close();
?> 

link_1.php

<?
// Login & Session example by sde
// link_1.php

// connect to database
include("inc/connect.php");

// include auth and nav
include("inc/auth.php");

// begin content
include("inc/nav.php");

echo "This is my Link 1.";

// close mysql connection
mysql_close();
?> 

link_2.php

<?
// Login & Session example by sde
// link_2.php

// connect to database
include("inc/connect.php");

// include auth and nav
include("inc/auth.php");

// begin content
include("inc/nav.php");

echo "This is my Link 2.";

// close mysql connection
mysql_close();
?> 

logout.php

<?
// Login & Session example by sde
// logout.php

// you must start session before destroying it
session_start();
session_destroy();

echo "You have been successfully logged out.

<br><br>
You will now be returned to the login page.

<META HTTP-EQUIV=\"refresh\" content=\"2; URL=index.php\"> ";
?> 

inc/auth.php

<?
// Login & Session example by sde
// auth.php

// start session
session_start();

// convert username and password from _POST or _SESSION
if($_POST){
  $_SESSION['username']=$_POST["username"];
  $_SESSION['password']=$_POST["password"];  
}

// query for a user/pass match
$result=mysql_query("select * from users 
  where username='" . $_SESSION['username'] . "' and password='" . $_SESSION['password'] . "'");

// retrieve number of rows resulted
$num=mysql_num_rows($result); 

// print login form and exit if failed.
if($num < 1){
  echo "You are not authenticated.  Please login.<br><br>

  <form method=POST action=index.php>
  username: <input type=text name=\"username\">
  password: <input type=password name=\"password\">
  <input type=submit>
  </form>";

  exit;
}
?>

inc/connect.php

<?
// Login & Session example by sde
// connect.php

// replace with your db info
$hostname="localhost";
$mysql_login="root";
$mysql_password="admin";
$database="test";

if (!($db = mysql_connect($hostname, $mysql_login , $mysql_password))){
  die("Can't connect to mysql.");    
}else{
  if (!(mysql_select_db("$database",$db)))  {
    die("Can't connect to db.");
  }
}
?>

inc/nav.php
..
..
..

Edited 3 Years Ago by mike_2000_17: Fixed formatting

At link one just take off the following code :

// connect to database
include("inc/connect.php");
// include auth and nav
include("inc/auth.php");

The guess will not require authorize login and the session will not generated.

And your inc/auth.php can write like this to start a login session:

$num=mysql_num_rows($result); 


if ($num==1){
$_SESSION['username'] = $_POST['username'];
header('Location: http://localhost/link2.php');

else{
header('Location: http://localhost/index.php');
}

Add into the top of link1 - $secureArea = false; and link 2 - $secureArea = true;

then in auth.php:

<?
// Login & Session example by sde
// auth.php
// start session
session_start();
// convert username and password from _POST or _SESSION
if($_POST){// if($_POST['submit'] == 'Login'){ ?
    //doing this only if post is set means you cannot have any other post page on your site
    //as it will log the person out when they submit

    //also make sure you escape these variables eg imagine $_POST['username'] = "' OR 1";
    $_SESSION['username']=$_POST["username"];
    $_SESSION['password']=$_POST["password"];
}
if(isset($_SESSION['username']) && isset($_SESSION['password'])){
    $result=mysql_query("select * from users where username='" . $_SESSION['username'] . "' and password='" . $_SESSION['password'] . "'");
    $num=mysql_num_rows($result);
    if($num < 1){
        $loggedin = false;
    }else{
        $loggedin = true;
    }
}
if(!isset($secureArea)){$secureArea = false;}//default allow people to view page if $secureArea is not set(compatibility for old pages)
if($secureArea && $loggedin === false){
    echo "You are not authenticated.  Please login.
  <form method=POST action=index.php>
  username: <input type=text name=\"username\">
  password: <input type=password name=\"password\">
  <input type=submit>
  </form>";
    exit;
}else{
    //$loggedin available to see if the user is logged in or not
}
?>

Edited 4 Years Ago by Biiim: 1 more thing

This article has been dead for over six months. Start a new discussion instead.