I am creating a content management website with a login page at the back end.
I have created a working login page for the main menu of the content management system.
The below images show my code.
1st Step - User visits the URL of main menu for content management system: Code shown below.
<?php
session_start();
echo $_SESSION['valid_user'];
if(!isset($_SESSION['valid_user']))
{
$URL="error.php";
header("Location: $URL");
}
?>
Two things can happen. 1 if they have not logged in before they will be directed to an error page. They can then select to visit the login page and login using their user name and pswd.
i have declared ?php start_session();? at the top
<?php
$login = $_POST['name'];
$loginpass =$_POST['password'];
if((isset($login)) || (isset($loginpass))){
//echo "<p> form has been submitted</p>";
include("connect.php");
$query = "select * from logins where
username='$login' and pswd=MD5('$loginpass')";
$result = mysql_query($query) or die($query."<br/><br/>".mysql_error());
$count=mysql_num_rows($result);
echo $count;
if($count > 0){
echo "<p>you are logged in as $login please
go to <a href='home2.php'>edt home</a>.</p>";
echo "<p><a href='logout.php'>log out</a> $login?</p>";
$_SESSION['valid_user'] = $login;
}else{
echo "<p>sorry login failed</p>";
}
}else{
//echo "<p> form hasn't been submitted</p>";
//Visitor needs to enter a name and password
echo "<h1>Please Log In</h1> <form method='post' action='index2.php'>";
echo "<p>Username: <input type='text'name='name'></p>";
echo "<p>Password: <input type='password' name='password'></p>";
echo "<p><input type='submit' name='submit' value='Log In'></p></form>";
}
?>
So far all of that functionality works fine for me.
However, I want to make sure that if the user bypasses the home url and decides to jump straight to a section within the edit menu, they will be either forced to login, if they have not already, or, the php will check their credentials if they have logged in.
This is an example of the code I have at the top of the page I want to place my validation ont. I'm not sure if already have a database table connection at the top will affect the session variable.
<?php
include("connect.php");
//echo "all good here";
//grab the data from the table 'designs'
$query ="SELECT * FROM designs ORDER BY id";
//send SQL statement to MySQL server
$display = mysql_query($query);
$num = mysql_numrows($display);
mysql_close();
?>
I know i want to place php scripts on all of the php pages that check the 'vaild_user' session variable is set and also give the user the ability to logout by pointing to the logout.php file. Im just not sure how to go about doing it at this point.
I am very new to all this and generally understand following a clear guide, like most people I'm sure.
Any help anyone could give would be greatly appreciated
Thanks again!.