How to secure pages to require login to access them

Changed thread title to better describe the problem (did you know that threads whose titles that do not follow the Posting Guidelines actually get FEWER responses?).

Heya, silmana.

How you implement this is largely up to you. The generally-accepted way to do this is to put some kind of logged-in indicator in the _SESSION, which you would then check for when loading a restricted page.

For example, you might set $_SESSION['logged_in'] = true when the User logs in.

Then, when loading a restricted page, you can add this code at the top:
[code=php]
session_start() ;
if(empty($_SESS ION['logged_in']))
{
header('Locatio n: http://' . $_SERVER['HTTP_HOST'] . '/login.php');
exit;
}
[/code]

Hi

For the security purpose you can use md5 function.

md5 is an on way encryption algo, Before storing data into database encrypt it using md5, and at the time of login validate it.

i dont know where you mean i should put this code, do you mean in the welcome page or? cuz i tried and it dosent work, cant you do for me a "demo" page with the correct full scripts for the private login page?
thanks.

Heya, silmana.

You put that code at the very top of any page that you want to secure. For example:
[code=php]
<?php
session_start() ;
if(empty($_SESS ION['logged_in']))
{
header('Locatio n: http://' . $_SERVER['HTTP_HOST'] . '/login.php');
exit;
}

echo 'You will only see this if you are logged in.';
?>
[/code]

sorry dosent work.

here is the site that i want to secure
the code for the site : [code=php]
<?php
session_start() ; // Alltid överst på sidan

// Kolla om inloggad = sessionen satt
if (!isset($_SESSI ON['sess_user'])){
header("Locatio n: index.php");
exit;
}

?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type"
content="text/html; charset=iso-8859-1">
<title>V&auml;l kommen</title>
<style type="text/css">
<!--
#Layer1 {
position:absolu te;
left:160px;
top:12px;
width:571px;
height:26px;
z-index:1;
background-color: #99CC00;
}
-->
</style>
</head>
<body>

<div id="Layer1">
<table width="572" border="1" bordercolor="#0 00000" bgcolor="#99CC3 3">
<tr>
<td width="61"><str ong>Hem</strong></td>
<td width="162"><st rong>Forum </strong></td>
<td width="142"><st rong>G&auml;stb ok</strong></td>
<td width="63"><a href="welcome.p hp?logout="><st rong>Bråk</strong></a></td>
<td width="110"><a href="index.php ?logout="><stro ng>Logga ut</strong></a></td>
</tr>
</table>
</div>
<strong>V&auml; lkommen <?php echo $_SESSION['sess_user']; ?></strong><br>
<br>
</body>
</html>[/code]

pliz show me how to do, reply back with codes.
thanks

Heya, silmana.

Please use CODE tags when posting source code. See the REPLY GUIDELINES on the right side of the page next time you post.

Instead of checking for isset() use empty() instead. isset() will return true when $_SESSION['sess_user'] is false, which is probably not desirable.

Which problem are you having?

Are you unable to view the page when you are logged in?
Or are you able to view the page even if you are not logged in?

okey did that now its working but, how do i know that when the user logs in he has a private page is there anything that i can add , cuz i want that all the user will only see the same design but not the same information, ? could someone help me with that could i get som script for that

Heya, silmana.

So what you're trying to do is to show one set of content if the User is logged in, but a different set of content if he is not?

yeah you know like the regular communitys, you logg in and have your profile(private site, info) but the desing is the same for all the users, can you help me with that? send me the codes please.

Heya, Silmana.

Ok. Instead of redirecting to the login page if the User is not logged in, you simply not show certain content.

For example:

[code=php]
if( empty($_SESSION['logged_in']) )
{
// echo stuff that a not-logged-in User sees.
}
else
{
// echo stuff that a logged-in User sees.
}
[/code]

Hi pbmods;

thanks for ur previous info.It is useful for me too.
but if my case is like one administrator is control all the user in the application..us er got many level.different level perform different task.

If i am user like data entry..so i can go to all the page relate with my data entry limitation.So i can't go to other page like finance page..How to i block it?

Thanks

Heya, Wish.

The simplest way to do this would be to set up access groups, and then only allow members of a particular group to access each page.

For example, you might create a 'Data Entry' group, and then you could put code similar to this at the top of every data entry page:
[code=php]
// Only allow Data Entry and Management to access this page.
if( empty($_SESSION['groups']['Data Entry']) || empty($_SESSION['groups']['Management']) )
{
header('Locatio n: login.php');
}
[/code]

When the User logs in, you would look up any and all groups that the User is a member of and then set them as keys to $_SESSION['groups']:
[code=php]
$_sql = "SELECT * FROM( `Map_User_Group ` LEFT JOIN `Data_Groups` USING( `ID_Group` ) ) WHERE `ID_User` = '$userid'";
$_res = mysql_query($_s ql);

$_SESSION['groups'] = array();
while( $_row = mysql_fetch_ass oc($_res) )
{
$_SESSION['groups'][$_row['Name_Group']] = $_row['ID_Group'];
}
mysql_free_resu lt($_res);
[/code]

Hello,
I have similar issue as Silmana had. I am able to view the logged-in information directly by entering in the url when i am not logged-in. Please help me with code.
Below is my Logged-in Page. This is where i have a welcome message and the employee name then i have a bunch of links that open on new tab. This is strictly for logged-in users only. How can i achieve the following if someone copies or bookmarks a link that is on the Logged-in page it should redirect them to the login page first.