Faqts : Computers : Programming : Shopping For You : PHP

+ Search
Add Entry AlertManage Folder Edit Entry Add page to http://del.icio.us/
Did You Find This Entry Useful?

7 of 8 people (88%) answered Yes
Recently 7 of 8 people (88%) answered Yes

Entry

I want to to auth users, then show the rest of the page. What is the best way to do this?

Nov 27th, 2008 14:27
healthy man, dman, PHP Man, Nick Brandt, D S,


http://www.faqts.com/knowledge_base/index.phtml/fid/51
Your best bet is to use PHP's built-in session handling 
(http://www.php.net/manual/en/ref.session.php) which is enabled by 
default when PHP is installed.
Make a log in form and process the submitted username and password:
// check submitted user name/password against your database of members
   $qry = "SELECT id, user_name, password
               FROM members
               WHERE user_name = '$user_name'
               AND password = '$password' ";
      if (! ($result = mysql_query ($qry)) ) {
         echo "Query: $qry<br>Error:".mysql_error();
         die("");
      }
   if (mysql_num_rows($result) == "1") {
// If query returns 1 we have a valid member
// Start session, here we set a variable named SESSION_ID and use
// the users id as value so we know who he/she is during the session.
      session_start();
      session_register("SESSION_ID");
      $SESSION_ID = $id;
   } //End of basic log in
 On *each* page and before *any* output is sent, you must initialise
 the session.
// Start session
      session_start();
// If session is not registered, chuck out the visitor
      if (!session_is_registered("SESSION_ID")) {
         $exit_page = "$url" . "index.php";
         header ("Location: $exit_page"); 
         exit;
      }
If you need a log out function, you may add this to the top of the log 
out page:
// destroy session data
session_start();
session_destroy();
There are some more stuff to keep in mind, one is security, you need 
to 
do some more verification, I normally add the visitors IP address to a 
DB as he logs in and check against that too, avoids session hijacking.
=====
openldap.org/lists/openldap-devel/200306/msg00056.html
hope that helps.
http://www.healthdothealth.com
http://www.healthxhealth.com
http://www.mesotheliomainmesothelioma.com
http://www.healthfirewall.com
http://www.flathealth.com
http://www.healthbodyguard.com