Results 1 to 4 of 4

Thread: disable pages

  1. #1
    Join Date
    Jun 2002
    Posts
    173

    Unanswered: disable pages

    How can I completely disable a page if a user is not logged into my site? I currently have a login page that keeps the user record in a session. I'd like something like commerce/banking sites where you get a "Page Expired" warning if you try to book mark a page and then return to it without logging in.

  2. #2
    Join Date
    Mar 2004
    Posts
    2

    Re: disable pages

    Originally posted by leeroy
    How can I completely disable a page if a user is not logged into my site? I currently have a login page that keeps the user record in a session. I'd like something like commerce/banking sites where you get a "Page Expired" warning if you try to book mark a page and then return to it without logging in.

    try this code , but comes complete with the user authentication function :

    PHP Code:

    <?php
    // *** Validate request to login to this site.
    session_start();

    $loginFormAction $_SERVER['PHP_SELF'];
    if (isset(
    $accesscheck)) {
      
    $GLOBALS['PrevUrl'] = $accesscheck;
      
    session_register('PrevUrl');
    }

    if (isset(
    $_POST['username'])) {
    //note that post variables from the html form are username , password
      
    $loginUsername=$_POST['username'];
      
    $password=$_POST['password'];
      
    $MM_fldUserAuthorization "";
    //if the login succeed, it'll go to file main.php, else it'll go to failed.php :
      
    $MM_redirectLoginSuccess "main.php";
      
    $MM_redirectLoginFailed "failed.php";
      
    $MM_redirecttoReferrer false;
    //this is selecting the database from mysql, 
    //which I've defined in a  connections script in another file to be  included with  this php  file :
      
    mysql_select_db($database_name$name);
    //this is the login sql query from my database  table called emp 
      
    $LoginRS__query=sprintf("SELECT * FROM emp WHERE USER_ID='%s' AND PWD='%s'",
        
    get_magic_quotes_gpc() ? $loginUsername addslashes($loginUsername), get_magic_quotes_gpc() ? $password addslashes($password)); 
       
      
    $LoginRS mysql_query($LoginRS__query$arsip) or die(mysql_error());
      
    $loginFoundUser mysql_num_rows($LoginRS);
      
    $row=mysql_fetch_assoc($LoginRS);

    // this is when user is found and password is correct
      
    if ($loginFoundUser) {
         
    $loginStrGroup "";
        
        
    //declare two session variables and assign them
        
    $GLOBALS['MM_Username'] = $loginUsername;
        
    $GLOBALS['MM_UserGroup'] = $loginStrGroup;     
        
    $empid $row["USER_ID"]; 
        
    $klp $row["KK"];  
        
    $unit $row["UK"]; 
        
    $pl=$row["UP"];
    //here i use cookies with the session 
         
    setcookie("uname",$empid);
         
    setcookie("kd_klp",$klp);
         
    setcookie("kd_unit",$unit);
         
    setcookie("kd_pl",$pl);
             

        
    //register the session variables
        
    session_register("MM_Username");
        
    session_register("MM_UserGroup");

        if (isset(
    $_SESSION['PrevUrl']) && false) {
          
    $MM_redirectLoginSuccess $_SESSION['PrevUrl'];    
        }
        
    header("Location: " $MM_redirectLoginSuccess );
      }
    //this is when login fails : 
      
    else {
        
    header("Location: "$MM_redirectLoginFailed );
      }
    }
    ?>
    NOTE : check you php.ini configuration, make sure this settings are enabled :
    - registerglobals=on
    - magicquotesGPC=on
    - all sessions & cookies related settings are on / enabled

    second step, is to include this php script in all of the php pages that you want the user to login first before they can access , i named it check.php :

    PHP Code:
    <?php
    session_start
    ();
    $MM_authorizedUsers "";
    $MM_donotCheckaccess "true";

    // *** Restrict Access To Page: Grant or deny access to this page
    function isAuthorized($strUsers$strGroups$UserName$UserGroup) { 
      
    // For security, start by assuming the visitor is NOT authorized. 
      
    $isValid False

      
    // When a visitor has logged into this site, the Session variable MM_Username set equal to their username. 
      // Therefore, we know that a user is NOT logged in if that Session variable is blank. 
      
    if (!empty($UserName)) { 
        
    // Besides being logged in, you may restrict access to only certain users based on an ID established when they login. 
        // Parse the strings into arrays. 
        
    $arrUsers Explode(","$strUsers); 
        
    $arrGroups Explode(","$strGroups); 
        if (
    in_array($UserName$arrUsers)) { 
          
    $isValid true
        } 
        
    // Or, you may restrict access to only certain users based on their username. 
        
    if (in_array($UserGroup$arrGroups)) { 
          
    $isValid true
        } 
        if ((
    $strUsers == "") && true) { 
          
    $isValid true
        } 
      } 
      return 
    $isValid
    }

    $MM_restrictGoTo "failed.php";
    if (!((isset(
    $_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers$_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {   
      
    $MM_qsChar "?";
      
    $MM_referrer $_SERVER['PHP_SELF'];
      if (
    strpos($MM_restrictGoTo"?")) $MM_qsChar "&";
      if (isset(
    $QUERY_STRING) && strlen($QUERY_STRING) > 0
      
    $MM_referrer .= "?" $QUERY_STRING;
      
    $MM_restrictGoTo $MM_restrictGoTo$MM_qsChar "accesscheck=" urlencode($MM_referrer);
      
    header("Location: "$MM_restrictGoTo); 
      exit;
    }
    ?>
    to be honest , this isn't my own script, i got it from a friend ... but it works for me
    well just give it a shot ....
    i use PHP 4.3.4 , Windows 2000, Apache 1.3 , Mysql 4.0 nt
    let me know if this doesn't work ..
    cheers :-))

  3. #3
    Join Date
    Jun 2002
    Posts
    173
    I currently have a login session id created when using the site. I am trying to use the following script to put on each page to verify the session has been created and will redirect if the user has not logged in, but it doesn't redirect to the index.php(log in page), it just gives a warning message. Does anyone know why it doesn't redirect? I've included the php warning as well.

    <?php
    session_start();
    if(!$_SESSION['col1']) {
    header("Location: http://192.168.1.42/test/index.php");
    exit;
    }
    ?>


    Warning: Cannot modify header information - headers already sent by (output started at c:\inetpub\wwwroot\test\3.php:3) in c:\inetpub\wwwroot\test\3.php on line 4

  4. #4
    Join Date
    Mar 2004
    Posts
    17
    Is this an include file? if it is, make sure the source file doesn't use "echo", "print" or html tags before including the file.

    hope it helps.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •