Neverside

So you can login...

So i followed a tutorial, chopped it up and added some of my own flavor and it works like a charm. i can login and out, register, do everything i want to. So what now?

I would like to restrict access to certain links if you are not logged in, how would i go about doing this? I used cookies for the script, i was thinking about checking for a cookie and if cookie == true a href=page.php else a href=not permitted!.php - somthing along the lines of this, if you guys see any tutorials around that would help point me in the right direction please share!

- Doom Champ!

This is what i use, feel free to play around with it.

PHP:

<?php

include("sources/config.php");

global $HTTP_COOKIE_VARS;

$connection = mysql_connect ($db['host'], $db['user'], $db['pass']);

$user_from_cookie = $_COOKIE['username2'];

if($user_from_cookie == "")
{
    header("location: /?ez=bad_login");
    exit;

}

$user_name_from_cookie = $_COOKIE['username2'];

$query = "SELECT * FROM members WHERE username = '$user_name_from_cookie'";
$result = mysql_db_query($db['name'], $query, $connection) or die(mysql_error());

while ($row = mysql_fetch_array($result))
{
    $db_password = $row['password'];
}

if($_COOKIE['password'] == $db_password) 
{

    return true;

  } else {

    header("location: /?ez=bad_login");
    exit;

}

?>

The idea is to put this in a security file, so lock.php then all the protected pages which are members-only you would include it on.

does your config file have anything to do with the code? whats it do? and also, could you please explain what the global $HTTP_COOKIE_VARS; and header("location: /?ez=bad_login" are doing? I am not quite sure what $ez is. or what the header function is doing, maybe sending you to a file? iono, im trying to learn a bit of php i dont know everything just yet

the header() thing is redirecting you if you are not authenticated to access the page. It is forwarding you to your homepage with the querystring of ez=bad_login, so on your homepage you could have a thing that says

PHP:

<?php
if(isset($_GET['ez']) && $_GET['ez'] == 'bad_login'){
    echo 'You werent allowed to access that page biatch';
}
?>

and im not sure what the global $http stuff is for cause that is deprecated.

___________________

Neverside Development Director
PHP Snippets
BigToach.com - IT WORKS, TOACHY!

All the config file includes are the connection varibles:

PHP:

<?php
$db['host'], $db['user'], $db['pass']
?>

Then the cookie var

PHP:

<?php
$user_from_cookie = $_COOKIE['username2'];
?>

Stores the username

Originally posted by thefallen:

PHP:

<?php

global $HTTP_COOKIE_VARS;

?>

This is what im talkin about, whats this mean ;x

Forget cookies ... base it around sessions. Just set a session var when the user logs in and then you can use some simple code to "restrict links". For example, we'll say that an Admin has a user level of 10 and everyone else 2:

PHP:

<ul id="some_list">
<li><a href="#">Link 1</a></li>
<li><a href="#">Link 2</a></li>
<?php
if($_SESSION['authLevel'] == 10) {
 echo "<li><a href=\"#\">Admin only link</a></li>";
}
?>
<li><a href="#">Link 3</a></li>
</ul>

___________________

sixminutes.ca

yeh.. iono what im going to do but thanks for the replies ill try n get cookies to work since i've already started doing it, if i cant get it right ill throw in some sessions