Here's the way I do it . I started using a cookie, but switched to session
as I wanted the authentication to expire when the user closed the browser.
The UserLogin function is in User_login.php. FetchUsrData checks the names
and password against the database and returns either 1 (true) or 0 (failure).
function UsrLogin( $first_name, $last_name, $pass )
{
/***********************************
Seek username and Password in subscriber table
If found, set cookie AllNS & redisplay page,
with swtiches to show bidding section.
If not display "Sorry couldn't find you ..." and return
************************************/
global $cMsgNotFound, $member_id ;
$nFetchResult = FetchUsrData( $first_name, $last_name, $pass, $member_id );
if( $nFetchResult == 1 )
{
//setcookie ("AllNS", $member_id, time()+3600,'/' );
session_start();
session_register( "member_id" );
$ReaderOK = 1;
}
else
{
$ReaderOK = 0;
}
return $ReaderOK;
}
Each page then has the following code at its head:
<? session_start();
if( !session_is_registered( "member_id" ) )
{
header("Location: user_logon.php\n");
}
?>
At the VERY TOP, with NOT A SPACE before it. Obviously if there's no
session with member_id, the user is directed to the login page, user_logon.php.
This scheme was used because the client wanted a custom login page. Rasmus
Lerdorf wrote up a scheme that uses Apache's built in authentication
dialog, although still authenticating against a database. Can't remember if
it's in the webmonkey or devshed archives.
Hope this helps,
Miles Thompson
At 05:10 PM 4/30/01 -0600, James McLaughlin wrote:
>Hello,
>
>I am attempting to build a series of pages that are only visible to people
>logged in through the auth script I wrote using a MySQL db to hold the auth
>users.
>
>login.php--Login script that takes username and password from user.
>myhome.php--If username and password check out myhome.php displays
>information that is authed by thier account.
>other.php-- *concept* if username and password still check out then this
>page will display blah blah and blah3.
>
>I can login just fine and myhome.php displays correctly. But when I go to
>look at other.php it kicks me back to the login.php screen asking for my
>username and password again.
>
>In the other.php page what and how do I ask the database if someone is still
>logged in or not logged in so that the authorized information will show?
>
>
>
>Any help would be appreciated
>
>Thanks
>
>Kat
>
>
>--
>PHP Database Mailing List (http://www.php.net/)
>To unsubscribe, e-mail: [EMAIL PROTECTED]
>For additional commands, e-mail: [EMAIL PROTECTED]
>To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
