This topic is locked

Securing members pages and the logout?

6/21/2006 7:05:27 AM
PHPRunner General questions
B
bmak author

Hello,
Do you have any tutorials/information on how I secure pages in, say, a membership area from people who are not logged in but may know the direct url path to a members page?
How do i create a 'logout' link in my pages?
Thanks for your help with this.
Regards
bmak

Alexey admin 6/21/2006

Hi,
put this code to the beginning of your page to secure it:

if(!@$_SESSION["UserID"])

{

$_SESSION["MyURL"]=$_SERVER["SCRIPT_NAME"]."?".$_SERVER["QUERY_STRING"];

header("Location: login.php?message=expired");

return;

}


Here is the code for logout link:

<a href="login.php?a=logout">Log out</a>

B
bmak author 6/21/2006

Hi,

put this code to the beginning of your page to secure it:
Here is the code for logout link:


Hello and thanks for the help. One question. The reason I had asked about the logout function was because I thought it had to clear a session or somesuch (sorry for the vagueness - I'm not a php programmer and that's why I am trying your software).
Regards
bmak

Alexey admin 6/21/2006

sure, login.php clears session when you pass it a=logout parameter.

B
bmak author 6/21/2006

Hello,
Thanks again for the code. Can you help with the syntax please?
Does your code for securing the pages go inside PHP braces, or is it placed in the body somewhere?
Thanks
bmak

B
bmak author 6/22/2006

Hello Alexa,
Sorry to bug you, but could you advise on my last question regarding the syntax of this code please?

Alexey admin 6/22/2006

Hi,
this is PHP code:

if(!@$_SESSION["UserID"])

{

$_SESSION["MyURL"]=$_SERVER["SCRIPT_NAME"]."?".$_SERVER["QUERY_STRING"];

header("Location: login.php?message=expired");

return;

}


Sure, it should be placed inside PHP braces.

B
bmak author 6/22/2006

Hi,

this is PHP code:
Sure, it should be placed inside PHP braces.


Hello Alexa,
I must be doing something wrong with this. I installed the code on a page that should only be accessible to a logged-in user. I then logged in as a valid user and was taken to the page protected by the code (this is the page that the login goes to once a suceessful login has been achieved. Unfortunately it automatically returns me to the login page.
Any idea what I am doing wrong?
bmak

Alexey admin 6/22/2006

Try to put a call to session_start() function to the beginning of your file.

I.e. use this code:

session_start();

if(!@$_SESSION["UserID"])

{

$_SESSION["MyURL"]=$_SERVER["SCRIPT_NAME"]."?".$_SERVER["QUERY_STRING"];

header("Location: login.php?message=expired");

return;

}

B
bmak author 6/23/2006

Hi Alexa,
Yep, that seems to have done it. Thanks for your help.
bmak