Hey guys; I'm confused, after reading several tutorials,
on how I'd go about making a "members only" area.
Basicly right now, I have a script to check
the mySQL db to see if the user/pass exists;
if so, it'll let them in, if not says 'CHEATING SOB!' lol.
But point is-- how do I make it, so that
when you click 'submit', if the info is correct,
it'll make a cookie and then how would I use PHP
to say "does the cookie exist? cool, show the site...NO!?!?!? NO VIEW 4 U!"...?
index.php - login form:
<?php
require('header.php');
?>
<div align="center">
<form method="post" action="indexp.php">
<b>Your User Name</b>:
<br>
<input type="text" name="uname">
<Br><Br>
<b>Your User Password</b>:
<br>
<input type="password" name="upassword">
<br><Br>
<input type="submit" value="Login"> - <input type="reset" value="Clear">
</div>
<?php
require('footer.php');
?>
indexp.php - login processing:
<?php
require('header.php');
mysql_pconnect ("$host", "$user", "$password") or die ('I cannot connect to the database because: ' .mysql_error());
mysql_select_db ("$db");
$uname = $HTTP_POST_VARS['uname'];
$upassword = $HTTP_POST_VARS['upassword'];
$query = "select name,password,id from admin where name='$uname'";
$result = mysql_query($query);
while ($passwords = mysql_fetch_array($result)){
$password = $passwords['password'];
$id = $passwords['id'];
$name = $passwords['name'];
}
if ($password==$upassword){
echo "Correct! You are now being forwarded to the Admin CP; click <a href=http://www.htmlforums.com/archive/index.php/\"admincp.php\">here</a> ";
echo "if you do not want to wait.";
echo "<meta http-equiv=\"Refresh\" content=\"2; url=admincp.php\">";
} else {
echo "ERROR! CANNOT ACCESS GD ACP";
}
require('footer.php');
?>
Any help? Totally lost
sort of got it.I include a session check at the top of each of my pages that need athentication.
<?php // Session Check
//if no session redirect
if(!isset($_SESSION['first_name'])) {
header ("Location: <!-- m --><a class="postlink" href="http://">http://</a><!-- m -->" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/index.php");
exit(); // quit script
}
?>
Just check for a session name each time. Mine redirects to index.php, but you could put some cheating page up. Only thing with that is you could end up showing that message to a legit user if their session expired.Of course the user would have no valid session if they did not log in properly.
on how I'd go about making a "members only" area.
Basicly right now, I have a script to check
the mySQL db to see if the user/pass exists;
if so, it'll let them in, if not says 'CHEATING SOB!' lol.
But point is-- how do I make it, so that
when you click 'submit', if the info is correct,
it'll make a cookie and then how would I use PHP
to say "does the cookie exist? cool, show the site...NO!?!?!? NO VIEW 4 U!"...?
index.php - login form:
<?php
require('header.php');
?>
<div align="center">
<form method="post" action="indexp.php">
<b>Your User Name</b>:
<br>
<input type="text" name="uname">
<Br><Br>
<b>Your User Password</b>:
<br>
<input type="password" name="upassword">
<br><Br>
<input type="submit" value="Login"> - <input type="reset" value="Clear">
</div>
<?php
require('footer.php');
?>
indexp.php - login processing:
<?php
require('header.php');
mysql_pconnect ("$host", "$user", "$password") or die ('I cannot connect to the database because: ' .mysql_error());
mysql_select_db ("$db");
$uname = $HTTP_POST_VARS['uname'];
$upassword = $HTTP_POST_VARS['upassword'];
$query = "select name,password,id from admin where name='$uname'";
$result = mysql_query($query);
while ($passwords = mysql_fetch_array($result)){
$password = $passwords['password'];
$id = $passwords['id'];
$name = $passwords['name'];
}
if ($password==$upassword){
echo "Correct! You are now being forwarded to the Admin CP; click <a href=http://www.htmlforums.com/archive/index.php/\"admincp.php\">here</a> ";
echo "if you do not want to wait.";
echo "<meta http-equiv=\"Refresh\" content=\"2; url=admincp.php\">";
} else {
echo "ERROR! CANNOT ACCESS GD ACP";
}
require('footer.php');
?>
Any help? Totally lost
sort of got it.I include a session check at the top of each of my pages that need athentication. <?php // Session Check
//if no session redirect
if(!isset($_SESSION['first_name'])) {
header ("Location: <!-- m --><a class="postlink" href="http://">http://</a><!-- m -->" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/index.php");
exit(); // quit script
}
?>
Just check for a session name each time. Mine redirects to index.php, but you could put some cheating page up. Only thing with that is you could end up showing that message to a legit user if their session expired.Of course the user would have no valid session if they did not log in properly.