5 Replies - 652 Views - Last Post: 09 September 2010 - 11:26 AM Rate Topic: -----

#1 Sayid Ahmed  Icon User is offline

  • D.I.C Head

Reputation: 11
  • View blog
  • Posts: 156
  • Joined: 20-August 08

Creating Restricted Pages

Posted 09 September 2010 - 10:17 AM

Hello,

It's been years since I've done any simple PHP so forgive me for forgetting. I'm trying to create a function page called 'security.php' which restricts access to pages if no user is logged in.

I've added the following code at the begginning of all pages i want restricted:

require_once('security.php'); // restrict access to logged users


And for security.php I attempted the following code but it doesn't work. I tried to make it fetch information from the rows corresponding to the username logged in, if the amount of information = 0 then there must be no user logged in and the pageviewer is redirected to the login page. It gives me an error as you'll notice it's sending out headers too early. I also get the feeling I've over complicated it:

<?php
require_once('global.php'); // session start
require_once('conn.php'); // db connection

$username = $_SESSION['username'];
$username = mysql_real_escape_string($username);
$match = mysql_query("SELECT Username FROM tblusers WHERE username = '$username'")or die(mysql_error());
$row = mysql_fetch_array($match); 
$security = count($row);

if ($security == 0 ) {
header("Location: login.php");
}else{
}
?> 


Is there a simpler way of restricting access?

Thank you

This post has been edited by Sayid Ahmed: 09 September 2010 - 10:19 AM


Is This A Good Question/Topic? 0
  • +

Replies To: Creating Restricted Pages

#2 KuroTsuto  Icon User is offline

  • D.I.C Head
  • member icon

Reputation: 42
  • View blog
  • Posts: 182
  • Joined: 13-February 09

Re: Creating Restricted Pages

Posted 09 September 2010 - 10:35 AM

I haven't taken too in-depth of a look at your code, yet, but right off hand, one thing that you should note is that MySQL column names are case-sensitive by default, so this

$match = mysql_query("SELECT Username FROM tblusers WHERE username = '$username'")or die(mysql_error());



may well be returning empty sets as you are attempting to SELECT the Username column from a table where the username column = whatever. Not quite sure if that's your problem, but it's worth a shot ;).

EDIT:

On another thought, there is indeed a simpler way. Simply check to see if $_Session['username'] is set on your restricted pages, and if not, boot them back to login. The only time you should need to interact with the database is when a user logs in. After that, the session data should be set, so you should be able to simply check if the session data exists, yeah?

Cheers, and Good Luck!
~KuroTsuto

This post has been edited by KuroTsuto: 09 September 2010 - 10:38 AM

Was This Post Helpful? 1
  • +
  • -

#3 Sayid Ahmed  Icon User is offline

  • D.I.C Head

Reputation: 11
  • View blog
  • Posts: 156
  • Joined: 20-August 08

Re: Creating Restricted Pages

Posted 09 September 2010 - 10:43 AM

View PostKuroTsuto, on 09 September 2010 - 05:35 PM, said:

On another thought, there is indeed a simpler way. Simply check to see if $_Session['username'] is set on your restricted pages, and if not, boot them back to login. The only time you should need to interact with the database is when a user logs in. After that, the session data should be set, so you should be able to simply check if the session data exists, yeah?

Cheers, and Good Luck!
~KuroTsuto


Yes that's exactly what I need, it's just I forgot how to check if the session data exists or not. I thought I'd take a more long-winded method but it doesn't work.
Was This Post Helpful? 0
  • +
  • -

#4 RPGonzo  Icon User is offline

  • // Note to self: hmphh .... I forgot
  • member icon

Reputation: 151
  • View blog
  • Posts: 954
  • Joined: 16-March 09

Re: Creating Restricted Pages

Posted 09 September 2010 - 10:43 AM

instead of doing the fetch_array just execute the query than run $security = mysql_num_rows($match);

as far as simpler, you could always just set a session variable in the session array on login to say that the user is logged in

// in the login code
$_SESSION['is_logged_in'] = true;

// than check it later
if ($_SESSION['is_logged_in'] != true) {
   // they are not valid remove them
}

// they are good keep computing


Was This Post Helpful? 1
  • +
  • -

#5 Sayid Ahmed  Icon User is offline

  • D.I.C Head

Reputation: 11
  • View blog
  • Posts: 156
  • Joined: 20-August 08

Re: Creating Restricted Pages

Posted 09 September 2010 - 10:52 AM

OK I've made security.php the following:

<?php
require_once('global.php'); // session start
if ($_SESSION['is_logged_in'] != true) {
header("Location: login.php");
}
?> 


But my login page gives me after i log in "Warning: Cannot modify header information - headers already sent....."

EDIT: oh i realised i had placed a requirement for security.php on the login function page. sorted it out and now it works :)

This post has been edited by Sayid Ahmed: 09 September 2010 - 10:57 AM

Was This Post Helpful? 0
  • +
  • -

#6 KuroTsuto  Icon User is offline

  • D.I.C Head
  • member icon

Reputation: 42
  • View blog
  • Posts: 182
  • Joined: 13-February 09

Re: Creating Restricted Pages

Posted 09 September 2010 - 11:26 AM

View PostSayid Ahmed, on 09 September 2010 - 09:52 AM, said:

EDIT: oh i realised i had placed a requirement for security.php on the login function page. sorted it out and now it works :)


Solid, my man! Glad to hear it ;)
~KuroTsuto
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1