If you open up the page called page1.php (in your scripts folder), you'll see this complex code at the top:
<?PHP
session_start();
if (!(isset($_SESSION['login']) && $_SESSION['login']
!= '')) {
header ("Location: login.php");
}
?>
This checks to see if the session called login is set, and that it's not a
blank string. If it is, then the user is redirected to the login page. In the
script, you first start the session:
session_start();
Next comes a complex If statement:
if () {
header ("Location: login.php");
}
In between the round brackets of the If statement, we have the NOT operator.
This is followed by the inbuilt isset() function:
if ( !(isset( ) ) {
}
This says, "If NOT isset". Or, "if the value of the isset function
is false ... " If the value in the round brackets of isset is indeed false,
then the code between the curly brackets { } gets executed. That code, for us,
was the redirection line. What we have between the round brackets of isset is
this:
($_SESSION['login'])
That's just our session variable from the login page. Is the user has logged
in successfully, a value of 1 will be set inside of this variable.But we also need to check the session variable for a blank string. So we have and AND part to the statement:
&& $_SESSION['login'] != ''
This says, "AND session login DOES NOT EQUAL a blank string". In
other words, we check to see if a session variable has been set, and that it's
not a blank string.If everything is OK then the user will see the HTML code below the PHP at the top. If it's not, you can send them somewhere else. But you need to put that PHP code at the top of every page that you want to protect. And it needs to go before any HTML code. You can't put it in the head section, otherwise you'll get "header" errors.
0 comments:
Post a Comment