Hello all. I’m currently experimenting with PHP and I am tweaking around with lines of code from a registration system that I have downloaded. I’m in the process of editing the way it checks if the user is authenticated and what to do if he/she is not. Before I start this off I’ll link you guys to the reg-system which can be found, here http://www.olate.co.uk/articles/185.

The original form of the system uses the following to hide pages from non-authenticated users:
[php] <?php
include ‘init.php’;
if (!is_authed()) {
die (‘You are not permitted to view this page, click here to go back.’);
}
// Restricted articles code here
?>
[/php]

Instead of having to paste the if-statement on every page i want to be hidden, i have created my own function:
[php]
function page_protect() {
// Check if the encrypted username is the same
// as the unencrypted one, if it is, it hasn’t been changed
if (isset($_SESSION[‘username’]) && (md5($_SESSION[‘username’]) == $_SESSION[‘encrypted_name’])) {
return true;
}
else {
die(‘You are not allowed to see this page!’);
}
}
[/php]
I can just call this function at the top of every page I want hidden instead of pasting the if-statement (I based the function off of a more complicated login script… since I chose a very primitive one so i can get familiar with PHP better).

The authentication function works fine. I made a sample page to test it out on and if the user is not logged in it will not display the content of the page and instead will display the error. Unfortunately, neither will it display the rest of my page after the content section. The sample website I created has two columns… my content is in my first column and my navigation is in my second column. Since my function has die() the navigation column is cut off. I have tried with exit() as well but since both are similar functions it produces the same result.

One last thing that may help you is that my sample website is displayed using the $_GET[‘page’] and switch($page) gateway. I have always used this to layout websites as it made it a lot easier to manage the content. I know now that it isn’t a very good way to layout websites when they include reg-systems and the such because of all the header output errors I get. Anyways, here is the sample hidden page called articles.php:
[php]

<?php page_protect(); ?>

_Main Content

You should not be able to see this page if you are not logged in.

[/php] According to my function, if the user is not logged in then it will exit() and not display the content underneath it. It does it but it also does not display the rest of my page which is located on my "index.php"... which contains the navigation column. Is there a way I can have my function not display the content underneath it.. only on the page it is called? Or is the only solution to layout my website another way using includes and requires to avoid this?

Sorry for the long post just wanted to be as specific as possible. If you need me to post anything else… such as my index.php file just let me know. Thanks in advance.

Is there a way I can have my function not display the content underneath it.. only on the page it is called?

I believe your navigation column is also outputted underneath your page_protect() function, right? So according to logic of your script it is working properly. Even if you place navigation column code above this function, the die() will break the html code (closing tags for navigation elements, as well as etc.)

I would recommend to modify your function to not die() but echo error for non-authenticated visitors, and have it return false if user is not authenticated. And you will still have to include if… else… control structure, to hide part of content that is protected. Because otherwise program will not know which part of page is for authenticated users, and which is just navigation column available any time for all.

Thank you for taking the time to reply to my issue. Yes, my navigation is outputted underneath the content section that I want hidden. I have used several different methods to try and hide the content without removing the code underneath it but no success. I think I understand what you recommended to me… but no success:
[php]
function page_protect() {
// Check if the encrypted username is the same
// as the unencrypted one, if it is, it hasn’t been changed
if (isset($_SESSION[‘username’]) && (md5($_SESSION[‘username’]) == $_SESSION[‘encrypted_name’])) {
return true;
}
else {
echo “You are not allowed to see this page!”;
return false;
}
}
[/php]
There is one solution I think is foolproof and that is what I posted in my original post. I stated that I’m using PHP-Templating using $_GET[‘page’] and switch[‘page’]. This has caused a lot of problems when I try and start a session and when I try and redirect the user to another page using header(). What are some templating techniques that most webdevelopers use… would it be using includes similar to what they explained on this website’s tutorial located here?

I think I understand what you recommended to me... but no success:

But did you tried to use your modified function in the if… then… construct, like below:

[php]

<?php if(page_protect()){ ?> <?php } ?>

[/php]

Ohh. I understand now. I tried it out and it worked perfectly… I also added a couple of things here and there to make it look better visually(in terms of keeping the text formatted with padding, size, etc). Here is what I did:

New articles.php:
[php]
<?php if (page_protect()) { ?>

_Main Content

You should not be able to see this page if you are not logged in.

<?php } ?>
[/php]

New page_protect()
[php]
function page_protect() {
// Check if the encrypted username is the same
// as the unencrypted one, if it is, it hasn’t been changed
if (isset($_SESSION[‘username’]) && (md5($_SESSION[‘username’]) == $_SESSION[‘encrypted_name’])) {
return true;
}
else {
echo “

_ERROR

\n”;
echo “

You are not logged in.

”;
}
}
[/php]
Thanks a lot for your help. I have just one more question and it is about my last post:

...I stated that I'm using PHP-Templating using [b]$_GET['page'][/b] and [b]switch['page'][/b]. This has caused a lot of problems when I try and start a session and when I try and redirect the user to another page using [b]header()[/b]. What are some templating techniques that most webdevelopers use... would it be using includes similar to what they explained on this website's tutorial located [url=http://www.phphelp.com/forum/../tutorial/making-the-most-of-site-wide-headers-and-footers.html]here[/url]?

Yes, using headers and footers via includes is good practice. But if you want to redirect user to another page with the header() function, you need to do this before any content is outputted to browser. For example, you can not do this:

[php]

<?php if (page_protect()) { header("Location: login.php"); exit; } else { echo '

Welcome back, Membername!

'; } ?> [/php]

because by the moment when you redirecting user to login page, the and tags are already sent to browser. Correct code is this:

[php]

<?php if (page_protect()) { header("Location: login.php"); exit; }

Welcome back, Membername!

[/php] And make sure there is no any chars (space etc.) before opening <?php tag, otherwise sending header will produce error.

Alright sounds good. I’m going to try and layout my website content using includes rather than use switch as a gateway. Thanks for all of your help! I really appreciate that you took time to not only answer my questions but post examples as well!