Code Snippets

PHP Source Code

Welcome to Dream.In.Code
	Become a PHP Expert! Join 137,226 PHP Programmers for FREE! Get instant access to thousands of PHP experts, tutorials, code snippets, and more! There are 2,037 people online right now. Registration is fast and FREE... Join Now! Chat LIVE With a PHP Expert

Login using Sessions in PHP

This is some code for "securing" your pages using Sessions in PHP. By securing I mean pages that can only viewed by a logged in user This "snippet" actually consists of 3 snippets, first is what to put in login_check.php, second is what to put in login.php, third is what to put in each page in your site that must be secured (only a logged in user can view)

Submitted By: PsychoCoder

Actions:

Rating:

Views: 2,949

Language: PHP

Last Modified: February 18, 2008

Instructions: 1) Add the first snippet to a page named login_check.php

2) Add the 2nd snippet to a page named login.php

3) Add the 3rd snippet to any page that needs to be secured

4) Make sure you login form's form tag looks like this

You can change the database query, this is just the way I chose to do it

Snippet

/* Snippet #1 */
<?php
// login_check.php
define("server", "your_server");
define("user", "your_name");
define("password", "your_pass");
define("name", "your_dbname");
var $connection;
$this->connection = mysql_connect(server,user,pass) or die(mysql_error());
mysql_select_db(name, $this->connection) or die(mysql_error());
function is_logged_in () {
if (!($_SESSION["id"]) || ($_SESSION["id"] == "") || ($_SESSION["id"] == 0)) {
Header("Location: ./login.php");
exit();
}
}
function clean_input($input) {
$clean = array("\\",'<','>','`',':',';','/','(',')','{','}','[',']');
//$with = array();
return str_ireplace($clean,'', $input);
}
function login_check ($forms) {
$error = "";
$username = clean_input($forms["username"]);
$password = clean_input($forms["password"]);
if (trim($username) == "") $error .= "<li>Your username is empty.</li>";
if (trim($password) == "") $error .= "<li>Your password is empty.</li>";
/* from here, do your sql query to query the database to search for existing record with correct username and password */
$query = "SELECT password, username FROM users WHERE username = '".mysql_real_escape_string($username)."' AND password = '".mysql_real_escape_string($password)."'";
$result = mysql_query($query, $this->connection);
if(!$result || (mysql_numrows($result) < 1)) {
$error = "Invalid username or password";
}else
{
$error = "";
}
if (trim($error)!="") return $error;
}
function login ($forms) {
$username = clean_input($forms["username"]);
$password = clean_input($forms["password"]);
/* do your sql query again, but now returning the id of member */
$query = "SELECT member_id FROM users WHERE username = '".mysql_real_escape_string($username)."' AND password = '".mysql_real_escape_string($password)."'";
$result = mysql_query($query, $this->connection);
$result = mysql_query($query, $this->connection);
if(!$result || (mysql_numrows($result) < 1)) {
$id = 0;
}else
{
$id = $result;
}
return $id;
}
?>
/* Snippet #2 */
<?php
// login.php
session_start();
include ("login_check.php");
if ($_POST) {
$error = login_check($_POST);
if (trim($error)=="") {
$_SESSION["id"] = login($_POST);
Header("Location: ./index.php") /* Redirect validated member */
exit();
} else {
print "Error:$error";
}
}
?>
/* Snippet #3 */
<?php
// index.php
include("login_check.php");
session_start();
is_logged_in();
?>

Copy & Paste

/* Snippet #1 */
<?php
// login_check.php
define("server", "your_server");
define("user", "your_name");
define("password", "your_pass");
define("name", "your_dbname");

var $connection;
$this->connection = mysql_connect(server,user,pass) or die(mysql_error());
mysql_select_db(name, $this->connection) or die(mysql_error());

function is_logged_in () {
  if (!($_SESSION["id"]) || ($_SESSION["id"] == "") || ($_SESSION["id"] == 0)) {
    Header("Location: ./login.php");
    exit();
  }
}

function clean_input($input) {

$clean = array("\\",'<','>','`',':',';','/','(',')','{','}','[',']');
  //$with = array();
  return str_ireplace($clean,'', $input);
}

/* Snippet #2 */
<?php
// login.php
session_start();
include ("login_check.php");
if ($_POST) {
  $error = login_check($_POST);
  if (trim($error)=="") {
    $_SESSION["id"] = login($_POST);
    Header("Location: ./index.php") /* Redirect validated member */
    exit();
  } else {
    print "Error:$error";
  }
}
?>

/* Snippet #3 */
<?php
  // index.php
  include("login_check.php");
  session_start();
  is_logged_in();
?>

Comments
no2pencil 2008-02-18 13:24:38
Sessions is one of the harder concepts to server side programming. Thank you for your snippet, I'm sure a lot of readers will find this information useful!
realwish 2008-11-18 14:15:56
thanks a lot