Restricting Access to Pages

[MikeKohler]

Hi I have a question about sessions. In order to restrict access to a page I have seen the following code:

// Protected webpage
if($_SESSION['username']="whatever"){
// entire page}

else {
// Invalid User}

My question is, what happens if you have php code within the body of your page. How do you restructure this code so it takes into account there already being the tags <?php and ?> in the body. I have a section in a table that lists the contents of a folder. I want it so that someone has to login so that they can access this page.
Thank you,
Michael Kohler

 

[jpadie]

shove an exit() or header redirect in the authentication failure part of the condition. so long as the code is at the top of the page that should be ok.

 

[vacunita]

You are not limited to one block of PHP code.
So you can

<html>
...
<?PHP
if($_SESSION[]...)
{
o.k
}

else
{
//invalid user
either redirect to another page or just not show the page contents.
}

?>
<body>
...

<?PHP
some more php code here
?>

</body>
</html>

----------------------------------
Ignorance is not necessarily Bliss, case in point:
Unknown has caused an Unknown Error on Unknown and must be shutdown to prevent damage to Unknown.

 

[MikeKohler]

Thanks for the replies, I used the following code:

<?php
require ('header.html');
session_start();
if ($_SESSION['username'] != "seal") {
header ('Location: index.php');
exit();
}
else
{


}
?>

But for some reason I get the following error, when I have logged in,
Parse error: parse error, unexpected $ in /var/vhosts/bsstrpa/public_html/bio_index.php on line 225
But line 225 is outside of my php code areas. It is a line of html that is </div>.

 

[vacunita]

Since the code you posted looks o.k,
I am inclined to believe that it is a problem elsewhere in your code.

Look for the closest PHP code line to that position.
You might be missing a ";" semicolon close to the end.

----------------------------------
Ignorance is not necessarily Bliss, case in point:
Unknown has caused an Unknown Error on Unknown and must be shutdown to prevent damage to Unknown.

 

[jpadie]

and why are you including the header file before testing for authorisation?

the error is probably unexpected $ end. which usually means you have forgotten to close curly braces somewhere.

 

[Dhagaxtuur]

The first line of your code has to be

session_start();

 

[zeland]

Dhagaxtuur: "The first line of your code has to be session_start();"

This is not true. session_start() can be called anywhere in your php code. As an example, If I store a class object in session variable and If I call session_start() BEFORE I call require('members.class'), my session variable will not return anything. It was this type of mental "conditioning" that left me stumped for a good 3 hours when I first started using classes.

--== Anything can go wrong. It's just a matter of how far wrong it will go till people think its right. ==--

 

[Dhagaxtuur]

Actaully this tutorial is doing great job of you having problem with in the session part. Check it and test the code on your server. If that does not work, than samething is wrong with your server.

http://pctalknet.com/php/session.php

Check this tutorial.

 

[Dhagaxtuur]

You might be right zeland but I try various times to call sessin_start() another line of code and never worked for me.