PHP User Authentication

dihan · #1 (**permalink**) 07-01-04, 11:26 AM

Gooday people.

I read up this tutorial on how to create a user authenticaon script but then I realised how bad it is. It uses the following method to authenticate. This works well. But the tutorail had no info on how to protect the pages it self. You could go to the page direct adn they would obviously work.

PHP Code:


			
//LOG IN AREA

$sql = "SELECT * FROM `promoter` WHERE 1 AND `Email` = '$email' AND `Password` = '$password'";

$resultAuth = mysql_query($sql) or die ("Unable to get results.");

$num = mysql_numrows($resultAuth) or die ("<meta http-equiv='refresh' content='1; url=error.php'>");

$resultAuth2 = mysql_query($sql) or die ("Unable to get results.");



if ($num == 1) {



echo'

<title>Blah blah blah</title>';



}

Now querying this databqse is great as I can use one of the variables ( resultAuth2['idname'] ) to query the main page that the login page redirects to.

I read somthing about global variables or somthing but that tutoral just dont make sence to me but sounds like what I need.

Q1. How can I get a variable to the next php page.
Q2. How can I redirect them to the login page if they try to find the main page without them login in.

Bonzo · #2 (**permalink**) 07-01-04, 11:46 AM

You could use sessions; have a bit of code to check the session variable at the top of the page and if not set send them to the login page.

// Login page
session_start();
session_register($variable);
// Set the variable '$variable' in the form

// Other pages
session_start();
if ($variable not equal - I dont know this bit - '1' )
{ header login page }

I have just made this up from memory; my memory is not very good but this should give you the gist of it.

Anthony

infinitylimit · #3 (**permalink**) 07-01-04, 01:03 PM

Yeah for more detailed information goto www.php.net/sessions

I use php.net for all my questions. It's a wonderful resource.

dihan · #4 (**permalink**) 07-01-04, 03:09 PM

Thats great.. I had a read and got the following but I just cannot find a simple solution for the pages yet. All the forums have really complicated methods.

PHP Code:


			
//page1.php

session_start();

$_SESSION['promoter'] = 'PROMOTER';

echo "<meta http-equiv='refresh' content='1; url=page2.php'>";



//page2.php

session_start();

$promoter = $_SESSION['promoter'];

This works but I need somthing like what Bonzo mentioned in order to send it to page1.php if someone have not logged in and tried to get on to page2.php

had a read through php.net but I still dont know enough to understand the functions that people post on there.

Bonzo · #5 (**permalink**) 07-01-04, 03:38 PM

The only other way I can think of doing it using an alert box or include a box saying not logged in and click here to go to login page. I find the header a bit of a pain as it has to be output first.

Anthony