Security page using session

Posted under » PHP on 25 October 2009

Click here for an intro on sessions.

Put this on top of every page you want to password protect.

<¿php
ob_start();
session_start();
// if no session ask to login
if($_SESSION['logged'] != '7ede8dhas5'){
	header("location:login.php");
	exit;
}
?>

Session thingies is all you need to know. If not sessioned, redirect to login.

login.php looks something like below.

<¿php
// Start Sessions
ob_start();
session_start();
// Show the login form
$kontent = "
";
$kontent .= "";
$kontent .= "";
$kontent .= "";
$kontent .= "";
$kontent .= "";
$kontent .= "
Username:
Password:
 
";
$kontent .= "
";

// Check login
if($_POST['action']=='1'){

// Get form data
$_username = $_POST['username'];
$_password = $_POST['password'];

// Open file
$_filename = "logindata.php";
$_handle = fopen($_filename, "r");
$_contents = fread($_handle, filesize($_filename));
fclose($_handle);

// Divide all the users
$_divide = explode("&", $_contents);

// Check for the username
$_array = 0;
while($_divide[$_array] != ''){
list($username, $password, $email, $admin) = explode(";", $_divide[$_array]);

	if($username == $_username){
		if($password == $_password){
			// Set sessions and redirect
			$_SESSION['logged'] = '7ede8dhas5';
			$_SESSION['username'] = $_username;
			header("location:contentslist.php");
		}else{
$kontent .= "
Your username or password is incorrect.
 ";
		}
	}else{
$kontent .= "
Your username or password is incorrect.
 ";
	}

$_array++;
 }
}

// Logout data
if($_GET['do'] == 'logout'){
$_SESSION['logged'] = '';
$_SESSION['username'] = '';
$_SESSION['admin'] = '';
$kontent .= "
You have logged out.
";
}

?>

Here is the logindata.php.

<¿php /*&hanafi;bradpit;asd@asf.com;1&bob;Dempsey;rd@bobassociates.com;0&*/?>

Please do not use old method of session_register() and session_unregister(). It is depreciated and will no longer be available in PHP6.