Redirect if not logged in

I was wondering if any of the regulars would be able to help me with a small issue i’m having…

I’ve made certain pages on my website available to people who are registered in my database but am having a problem.

Since i’ve put an include on the page to display a nav bar it isn’t redirecting to the login page when a user tries to load the page without being logged in.

All that happens is that the image used for the nav background is displayed… None of the links in the nav bar, just the image…

I’ve included an example of one of the pages here… Any ideas?

Also, when i set a session at login time, how would i set it to automatically close the session after say 30 minutes?

I have included an example of the code that starts the original session…

Thanks,
Andrew

Secure Page: (Any ideas why this page doesn’t redirect when a user isn’t logged in? Instead it displays the image in the background image for manage_nav.php)
[php]

<?php include "manage_nav.php"; ?>
<?php

session_start();

// Are we logged in?
if (!isset($_SESSION[‘db_is_logged_in’])
|| $_SESSION[‘db_is_logged_in’] !== true) {

// If we’re not logged in, piss off to the login page
header(‘Location: login.php’);
exit;
}

// Connect to the database and run the query
$dbid = mysql_connect (‘localhost’, ‘username’, ‘password’);
mysql_select_db(‘database’,$dbid)
or die (“Cannot find database”);

  $query = "SELECT * FROM ad_enqs ";
  $result = mysql_query($query,$dbid) 
    or die("SELECT error:".mysql_error());

// Fetch the data from the selected table
echo ‘Advertising Enquiries:

’;
echo "










“;while($row = mysql_fetch_array($result))
{
echo “”;
echo “”;
echo “”;
echo “”;
echo “”;
echo “”;
echo “”;
echo “";

echo “

”;
}
echo “
SID Company Name Contact Name Address Telephone Email Edit
” . $row[‘aid’] . “” . $row[‘company_name’] . “” . $row[‘contact_name’] . “” . $row[‘address’] . “” . $row[‘telephone’] . “” . $row[‘email’] . “<a class=“manage” href=“add_signup.php?sid=” . $row[‘sid’] . “”>” . Insert .”,<a class=“manage” href=“delete_signup.php?sid=” . $row[‘sid’] . “”>" . Del ."
”;mysql_close($dbid);

?>

[/php]

Session Code: (Is there anything i can add that would cause the user to not be logged in after 30 minutes of inactivity?)
[php]
session_start();
$errorMessage = ‘’;
if (isset($_POST[‘txtUserId’]) && isset($_POST[‘txtPassword’])) {

$user_name = $_POST[‘txtUserId’];
$password = $_POST[‘txtPassword’];

// check if the user id and password combination exist in database
$dbid = mysql_connect (‘localhost’, ‘username’, ‘password’);
mysql_select_db(‘database’,$dbid)
or die (“Cannot find database”);

  $query = "SELECT user_id FROM auth_user WHERE username = '$user_name' AND user_password = PASSWORD('$password')";
  $result = mysql_query($query,$dbid) 
    or die('Query failed. ' . mysql_error()); 

if (mysql_num_rows($result) == 1) {
// the user id and password match,
// set the session
$_SESSION[‘db_is_logged_in’] = true;

  $_SESSION['username'] = $user_name;
  // after login we move to the main page
  header('Location: secure_area.php');
  exit;

} else {
$errorMessage = ‘Sorry, wrong user id / password’;
}

}
[/php]

  1. nav error:

no output befor session_start or header:
[php]

<?php session_start(); // Are we logged in? if (!isset($_SESSION['db_is_logged_in']) || $_SESSION['db_is_logged_in'] !== true) { // If we're not logged in, piss off to the login page header('Location: login.php'); exit; } ?>
<?php include "manage_nav.php";
<?php // Connect to the database and run the query $dbid = mysql_connect ('localhost', 'username', 'password');


[/php]

  1. session timeout:
    [php]
    ini_set(‘session.cookie_lifetime’, 30);
    session_start();

    [/php]

Lesson learned, i should have known that! :-(

Thanks for the help.

Sponsor our Newsletter | Privacy Policy | Terms of Service