On all pages of your site that you want to secure, you'll need to check if
the user was successfully logged on or not. After all, what's to stop non members
from simply typing the address of the page in their browsers? If you haven't
set any checks, then the page will load, whether they are a member or not. To
stop this happening, you can check the session variable that you set up on the
login page.
If you open up the page called
page1.php (in your
scripts folder),
you'll see this complex code at the top:
<?PHP
session_start();
if (!(isset($_SESSION['login']) && $_SESSION['login']
!= '')) {
header ("Location: login.php");
}
?>
This checks to see if the session called login is set, and that it's not a
blank string. If it is, then the user is redirected to the login page. In the
script, you first start the session:
session_start();
Next comes a complex If statement:
if () {
header ("Location: login.php");
}
In between the round brackets of the If statement, we have the NOT operator.
This is followed by the inbuilt
isset() function:
if ( !(isset( ) ) {
}
This says, "If NOT isset". Or, "if the value of the isset function
is false ... " If the value in the round brackets of isset is indeed false,
then the code between the curly brackets { } gets executed. That code, for us,
was the redirection line. What we have between the round brackets of isset is
this:
($_SESSION['login'])
That's just our session variable from the login page. Is the user has logged
in successfully, a value of 1 will be set inside of this variable.
But we also need to check the session variable for a blank string. So we have
and AND part to the statement:
&& $_SESSION['login'] != ''
This says, "AND session login DOES NOT EQUAL a blank string". In
other words, we check to see if a session variable has been set, and that it's
not a blank string.
If everything is OK then the user will see the HTML code below the PHP at the
top. If it's not, you can send them somewhere else. But you need to put that
PHP code at the top of every page that you want to protect. And it needs to
go before any HTML code. You can't put it in the head section, otherwise you'll
get "header" errors.
0 comments:
Post a Comment
Click to see the code!
To insert emoticon you must added at least one space before the code.