Check if user is logged in?

**Markus** · Mar 13 '08, 02:14 PM

Originally posted by Moman

Hello guys,

I am new to PHP and I thought I want to ask, Say I created a login page and if the user/pass match the datbase one it will proceed to admin.php else it will give you a red error "wrong user / pass " but if I try to access admin.php without login script it also works. What's the way to restrict non-logged in users to see this page?

Regards,
Moman

When someone logs in you should set a session
[php]
$_SESSION['logged_in'] = true;
[/php]
then on the admin page you check to see if this is set
[php]
if(isset($_SESS ION['logged_in']))
{
# logged in
}
else
{
# not logged in
}
[/php]

**Moman** · Mar 13 '08, 02:44 PM

Originally posted by markusn00b

When someone logs in you should set a session
[php]
$_SESSION['logged_in'] = true;
[/php]
then on the admin page you check to see if this is set
[php]
if(isset($_SESS ION['logged_in']))
{
# logged in
}
else
{
# not logged in
}
[/php]

Hi Markus,

I tried it and it's still not working - here is my login.php

[php]<?php
$host="localhos t";
$username="root ";
$password="root ";
$db_name="data" ;
$tbl_name="logi n";

mysql_connect(" $host", "$username" , "$password" )or die("Unable to connect");
mysql_select_db ("$db_name") or die("Unable to select database");

$username=$_POS T['username'];
$password=$_POS T['password'];

$username = stripslashes($u sername);
$password = stripslashes($p assword);
$username = mysql_real_esca pe_string($user name);
$password = mysql_real_esca pe_string($pass word);

$sql="SELECT * FROM $tbl_name WHERE username='$user name' and password='$pass word'";
$result=mysql_q uery($sql);

$count=mysql_nu m_rows($result) ;

if($count==1){
session_registe r("username") ;
session_registe r("password") ;
header("locatio n:login_success .php");
}
else {
echo "Wrong Username or Password, Please be careful when typing them.";
}

ob_end_flush();
?>[/php]

**Markus** · Mar 13 '08, 02:56 PM

I changed it a little bit.
log in:
[php]<?php
session_start() ; # start up the session

$host="localhos t";
$username="root ";
$password="root ";
$db_name="data" ;
$tbl_name="logi n";

mysql_connect(" $host", "$username" , "$password" )or die("Unable to connect");
mysql_select_db ("$db_name") or die("Unable to select database");

$username=$_POS T['username'];
$password=$_POS T['password'];

$username = stripslashes($u sername);
$password = stripslashes($p assword);
$username = mysql_real_esca pe_string($user name);
$password = mysql_real_esca pe_string($pass word);

$sql="SELECT * FROM $tbl_name WHERE username='$user name' and password='$pass word'";
$result=mysql_q uery($sql);

$count=mysql_nu m_rows($result) ;

if($count==1)
{
$_SESSION['logged_in'] = true;
header("locatio n:login_success .php");
}
else
{
echo "Wrong Username or Password, Please be careful when typing them.";
}

?>[/php]

What code do you have for admin.php?

**Moman** · Mar 13 '08, 04:39 PM

Originally posted by markusn00b

I changed it a little bit.
log in:
[php]<?php
session_start() ; # start up the session

$host="localhos t";
$username="root ";
$password="root ";
$db_name="data" ;
$tbl_name="logi n";

mysql_connect(" $host", "$username" , "$password" )or die("Unable to connect");
mysql_select_db ("$db_name") or die("Unable to select database");

$username=$_POS T['username'];
$password=$_POS T['password'];

$username = stripslashes($u sername);
$password = stripslashes($p assword);
$username = mysql_real_esca pe_string($user name);
$password = mysql_real_esca pe_string($pass word);

$sql="SELECT * FROM $tbl_name WHERE username='$user name' and password='$pass word'";
$result=mysql_q uery($sql);

$count=mysql_nu m_rows($result) ;

if($count==1)
{
$_SESSION['logged_in'] = true;
header("locatio n:login_success .php");
}
else
{
echo "Wrong Username or Password, Please be careful when typing them.";
}

?>[/php]

What code do you have for admin.php?

[PHP]<?php
if(isset($_SESS ION['logged_in']))
{
#logged in
}
else
{
# not logged in
}
?>
<html>

<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1256">
<title>Admin Menu</title>
</head>

 
 
 
 
 
 
<table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCC C">
<tr>
<form name="form1" method="post" action="checklo gin.php">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFF F">
<tr>
<td align="center" bgcolor="#CCCCC C"><stron g>Administrato r 
<f ont face="Verdana" size="1">Menu</td>
</tr>
<tr>
<td width="294" align="center" height="28"> Add
News</td>
</tr>
<tr>
<td align="center" height="29"> Edit News</td>
</tr>
<tr>
<td align="center">  Logout </td>
</tr>
</table>
</td>
</form>
</tr>
</table>
 © 2008 Moman - All rights
reserved

</html>

</html>
[/PHP]

**Markus** · Mar 13 '08, 04:46 PM

Try this:
[PHP]<?php
if(isset($_SESS ION['logged_in']))
{
?>
<html>

<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1256">
<title>Admin Menu</title>
</head>

 
 
 
 
 
 
<table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCC C">
<tr>
<form name="form1" method="post" action="checklo gin.php">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFF F">
<tr>
<td align="center" bgcolor="#CCCCC C"><stron g>Administrato r 
<f ont face="Verdana" size="1">Menu</td>
</tr>
<tr>
<td width="294" align="center" height="28"> Add
News</td>
</tr>
<tr>
<td align="center" height="29"> Edit News</td>
</tr>
<tr>
<td align="center">  Logout </td>
</tr>
</table>
</td>
</form>
</tr>
</table>
 © 2008 Moman - All rights
reserved

</html>
<?php
}
else
{
echo "not logged in";
}
?>
[/PHP]

Check if user is logged in?

Check if user is logged in?

Comment

Comment

Comment

Comment

Comment