I have a website that i locked with a login page. The login page takes you to page1.html if you log in correctly. But if i just type in the website.com/page1.html you can see the page.
I discovered I can use Session_Start(), but what I got working but also affecting genuine login(s) also.So is there some code I can put up on the top to check to see if you came from the login page.
you have to make your page .php
and top of the page
after
on the page you have to check for sesssion variable are initailized at top of page
<?php session_start(); if(!isset($_SESSION['username']) && !isset($_SESSION['sid'])) { header('Location:login.php'); } ?>you can make a single php file any name with the above checking code and include it to any page you want to show to only registered users
@abrarazeem, I have done something like this but it is not allowing both genuine logins, it only returns my error message and execute the location target and the kind of login system i have is one whereby the accounts are differents from one another and so are the pages.
So I have decided to post my login code maybe that will help out.
Thank you for your response
All you need to do is:
Change the file name for “page1.html” to “page1.php”
Create a new file with the name ‘authcheck.php’.
Copy the following code into the file.
`
`
`
@Doctorfox, I have tried the code but I noticed that it is not allowing both genuine and fake login.
Can u please help check the code again
Is there no one in this place that can solve this issue for me? Woops
You still on this matter?
Anyway, what error are you getting?
@OLSylas, the code is not allowing genuine logins
Are you encrypting your password before you save it in the database? If not, then you shudn’t use md5() fro password. Just try the easy way first;
`
@OLSyla. The password field in the database is set md5 but the issue i have i sthat even with all this code It is not allowing genuine logins
What am saying is this.
Try the whole process without a password encryption first. unset md5 for DB store password and the verification passed password. Am even wondering how you want to decrypt a md5 password whilst verifying.
@OLsylas, If I get you right, u want me to remove every verification processes, at that the pages are going, also the username and password are created by the admin all the user can do is to login. the md5 for the password has already been set in the dbase
@adeleke06, thought this had been solved since.
Try replacing the double == in the first code snippet I posted with a single =.
i.e.
`
`
Remember that you should only include the following code in the files you wish to restrict access to.
`
`
@doctorfox, thanks for your response but it is still d same issue. The issue is that by typing d address directly it will not allow login all it does is that it redirect u to d index page. But d issue is that you cannot login to d page irrespective of ur account type from d login page. @doctorfox that is the issue i have concerning d process. expecting ur reply soon. tks
@doctorfox, thanks for your response but it is still d same issue. The issue is that by typing d address directly it will not allow login all it does is that it redirect u to d index page. But d issue is that you cannot login to d page irrespective of ur account type from d login page. @doctorfox that is the issue i have concerning d process. expecting ur reply soon. tks
first i think you need to tell us what the problem is more clearly, my guess is your redirect page (the one that holds the codes u posted) doesn’t redirect, i suggest you remove the ’
’ on the first line, this can prevent the header from redirecting