Security page using session

Posted under » PHP on 25 October 2009

Click here for an intro on sessions.

Put this on top of every page you want to password protect.

<¿php
ob_start();
session_start();
// if no session ask to login
if($_SESSION['logged'] != '7ede8dhas5'){
	header("location:login.php");
	exit;
}
?>

Session thingies is all you need to know. If not sessioned, redirect to login.

login.php looks something like below.

<¿php
// Start Sessions
ob_start();
session_start();
// Show the login form
$kontent = "
"; $kontent .= ""; $kontent .= ""; $kontent .= ""; $kontent .= ""; $kontent .= ""; $kontent .= "
Username:
Password:
 
"; $kontent .= "
"; // Check login if($_POST['action']=='1'){ // Get form data $_username = $_POST['username']; $_password = $_POST['password']; // Open file $_filename = "logindata.php"; $_handle = fopen($_filename, "r"); $_contents = fread($_handle, filesize($_filename)); fclose($_handle); // Divide all the users $_divide = explode("&", $_contents); // Check for the username $_array = 0; while($_divide[$_array] != ''){ list($username, $password, $email, $admin) = explode(";", $_divide[$_array]); if($username == $_username){ if($password == $_password){ // Set sessions and redirect $_SESSION['logged'] = '7ede8dhas5'; $_SESSION['username'] = $_username; header("location:contentslist.php"); }else{ $kontent .= "

Your username or password is incorrect.
 "; } }else{ $kontent .= "

Your username or password is incorrect.
 "; } $_array++; } } // Logout data if($_GET['do'] == 'logout'){ $_SESSION['logged'] = ''; $_SESSION['username'] = ''; $_SESSION['admin'] = ''; $kontent .= "
You have logged out.
"; } ?>

Here is the logindata.php.

<¿php /*&hanafi;bradpit;asd@asf.com;1&bob;Dempsey;rd@bobassociates.com;0&*/?>

Please do not use old method of session_register() and session_unregister(). It is depreciated and will no longer be available in PHP6.

web security linux ubuntu GIT svn Raspberry apache mysql php drupal cake symfony javascript Ajax css