Preventing Unregistered Users From Viewing Some Pages.

Good Day my friends. Please I need Help. I have a website that required registration, before user can be able to view the pages. Now the problem with my work is that if a user manage to forge the link in my webpage example google.com/user.html, it will be accessed where that page should only be seen by login user not vistor that forge the link or users that haven’t logged in. So what i want is how to protect a webpage from being seen by guest, rather when they try to access the user page it should redirect them to the login page. That means everyone must login to see any page except the login. I was hoping i could get a php code or javascript or css or html code that will help do that. Someone please help me. Thanks in advance.

You should do this server side as you cant trust javascript.

[php]<?php
if (!$_SESSION[‘someSessionVariableThatIsSetForLoggedInUsers’]) {
// redirect somewhere
}[/php]

thanks alot u re d best. I want to try now thanks again

it works but they login it will redirect them to the login,ie it is protected against even login user. Please Help me

Please post some code. The login code where you setbsession variables and the check protecting another file

You would need to set that session variable when the person logs in, then on the pages you want to protect, you would check for that instance.
[php]//example.php
session_start();
if(!isset($_SESSION[‘loggedin’])) {
header(“Location: login.php”);
}[/php]
The pages have to be .php if you’re going to do this.

when i try to print my session it display
array
(
[captcha]=>002dda103…
)
1
dat z wot i got

Then you must add some user data for logged in users to the session after validating their credentials / logging them in.

You can always put something this in an utilities.inc.php (a php file that usually put at the top of the page file).

[php]// Check for a user in the session:
$user = (isset($_SESSION[‘user’])) ? $_SESSION[‘user’] : NULL;
[/php]

then all you have to do in the file that you want to protect:

[php]if (!$user) {
header(“Location:index.php”); // redirect the user to a non-member page
exit;
} [/php]

You still have to set the $_SESSION in login page or script.

For example here is my login script check (ignore the OOP, I’m just showing this as an example):

[php] if (!empty($result)) { // Check User’s password against stored password and redirect if they match:
$stored_user_data->clearPass(); // Once User is authenticated there is no need to store password in $_SESSION[‘user’]:

    $_SESSION['user'] = $stored_user_data; // Store user's info (minus password) in the session:
    $_SESSION['action_token'] = generate_secure_token();

    header("Location:index.php"); //Redirect:
    exit;
}[/php]

It’s the basically the same thing, but for me it’s easier for me to do it this way and with me having more grey matter it’s also easier for me to remember. :smiley:

thanks a lot for all ur support am very greatful am blessed to have gurus like u as forum mate. Thanks again

Sponsor our Newsletter | Privacy Policy | Terms of Service