Title : PHP Sessions and Logins, Protecting the Family Jewels...
Author : Jeremy Tymes.
Alright, so you have a section on your website that you want to keep private but you don't feel like messing around with htaccess to keep people from getting in without knowing, well here's is a simple login system using the power of PHP sessions.
Requirements
General PHP Knowledge is a plus, and you will need PHP on your server for sure. Optional is a little knowledge of Javascript for focusing the text box.
Functions Used
The good stuff
Ok, now that we have everything setup, let's get started.
First, we will need to create a page with a form on it, so the person can login. Because I'm a big fan of using one page for my forms (viewing and processing), we will use one page as a form (not too hard).
Alright, now there's a lot of stuff there, but it's really quite simple.
If they haven't seen the form, show it to them.
Check if they have the right username and password.
If it was right, continue to next page with the session ID attached.
If not, show them an error message.
That's pretty much it on this page and it wasn't that difficult or complicated now was it?
Moving on to page 2
On this page and any other page that you would like to include with the session data, you need to check to see if the session exists, and if it does, then allow the code to continue, otherwise, bring them back to the login page.
This is pretty staright forward. For every page that you want to contain session data, just put the top part into it or put the top part into a file that you can include and there ya go .... but what about logging out of the site? Yet another simple step...
And I would name that logout.php and link to it on all the pages that you have session data on....
I hope that this tutorial was easy enough for you to understand and that it will be informational enough for you to be able to use it in real scripts.
Author : Jeremy Tymes.
Alright, so you have a section on your website that you want to keep private but you don't feel like messing around with htaccess to keep people from getting in without knowing, well here's is a simple login system using the power of PHP sessions.
Requirements
General PHP Knowledge is a plus, and you will need PHP on your server for sure. Optional is a little knowledge of Javascript for focusing the text box.
Functions Used
| session_start() | -- Used to start sessions |
| session_register(variable) | -- Register one or more global variables with the current session |
| session_id() | -- Set/Get the session ID |
| session_unset() | -- Free all session variables |
| session_destroy() | -- Destroys all data registered to a session |
The good stuff
Ok, now that we have everything setup, let's get started.
First, we will need to create a page with a form on it, so the person can login. Because I'm a big fan of using one page for my forms (viewing and processing), we will use one page as a form (not too hard).
<?php
//if they haven't pressed the submit button, then show the form
if (!isset($_POST['submit']))
{
?>
<html>
<head>
<title>My Login Form</title>
</head>
<body>
<form action="<?$_SERVER['PHP_SELF']?>" method="post">
<div>
Username: <input type="text" name="username" /><br />
Password: <input type="password" name="password" /><br />
<input type="submit" name="submit" value="Login" /><br />
</div>
</form>
</body>
</html>
<?php
}
else //otherwise, let's process this stuff
{
if($_POST['username'] == "user" && $_POST['password'] == "mypass") //if they got it right, let's go on
{
session_start();
session_register("mysessionvariable"); //set a variable for use later
$id = session_id(); //let's grab the session ID for those who don't have cookies
$url = "Location: page2.php?sid=" . $id;
header($url);
}
else //they got something wrong and we should tell them
{
?>
<html>
<head>
<title>My Login Form</title>
</head>
<body>
<span style="color:#ff0000;">Password/Username Is Invalid</span><br />
<form action="<?$PHP_SELF?>" method="post">
<div>
Username: <input type="text" name="username" /><br />
Password: <input type="password" name="password" /><br />
<input type="submit" name="submit" value="Login" /><br />
</div>
</form>
</body>
</html>
<?php
}
}
?>
//if they haven't pressed the submit button, then show the form
if (!isset($_POST['submit']))
{
?>
<html>
<head>
<title>My Login Form</title>
</head>
<body>
<form action="<?$_SERVER['PHP_SELF']?>" method="post">
<div>
Username: <input type="text" name="username" /><br />
Password: <input type="password" name="password" /><br />
<input type="submit" name="submit" value="Login" /><br />
</div>
</form>
</body>
</html>
<?php
}
else //otherwise, let's process this stuff
{
if($_POST['username'] == "user" && $_POST['password'] == "mypass") //if they got it right, let's go on
{
session_start();
session_register("mysessionvariable"); //set a variable for use later
$id = session_id(); //let's grab the session ID for those who don't have cookies
$url = "Location: page2.php?sid=" . $id;
header($url);
}
else //they got something wrong and we should tell them
{
?>
<html>
<head>
<title>My Login Form</title>
</head>
<body>
<span style="color:#ff0000;">Password/Username Is Invalid</span><br />
<form action="<?$PHP_SELF?>" method="post">
<div>
Username: <input type="text" name="username" /><br />
Password: <input type="password" name="password" /><br />
<input type="submit" name="submit" value="Login" /><br />
</div>
</form>
</body>
</html>
<?php
}
}
?>
Alright, now there's a lot of stuff there, but it's really quite simple.
If they haven't seen the form, show it to them.
Check if they have the right username and password.
If it was right, continue to next page with the session ID attached.
If not, show them an error message.
That's pretty much it on this page and it wasn't that difficult or complicated now was it?
Moving on to page 2
On this page and any other page that you would like to include with the session data, you need to check to see if the session exists, and if it does, then allow the code to continue, otherwise, bring them back to the login page.
<?php
session_start ();
if (! session_is_registered ( "mysessionvariable" ) ) //if your variable isn't there, then the session must not be
{
session_unset (); //so lets destroy whatever session there was and bring them to login page
session_destroy ();
$url = "Location: page1.php";
header ( $url );
}
else //otherwise, they can see the page
{
?>
Hi, you are in the session...
<?php
}
?>
session_start ();
if (! session_is_registered ( "mysessionvariable" ) ) //if your variable isn't there, then the session must not be
{
session_unset (); //so lets destroy whatever session there was and bring them to login page
session_destroy ();
$url = "Location: page1.php";
header ( $url );
}
else //otherwise, they can see the page
{
?>
Hi, you are in the session...
<?php
}
?>
This is pretty staright forward. For every page that you want to contain session data, just put the top part into it or put the top part into a file that you can include and there ya go .... but what about logging out of the site? Yet another simple step...
<?php
//let's completely teminate the session and bring them to login page
session_start(); //yes, you still have to start the session
session_unset();
session_destroy();
$url = "Location: page1.php";
header ($url);
?>
//let's completely teminate the session and bring them to login page
session_start(); //yes, you still have to start the session
session_unset();
session_destroy();
$url = "Location: page1.php";
header ($url);
?>
And I would name that logout.php and link to it on all the pages that you have session data on....
I hope that this tutorial was easy enough for you to understand and that it will be informational enough for you to be able to use it in real scripts.
