PHP Login System with Admin Features

This forum was created to talk about the PHP Login System with admin features created by jpmaster77 on evolt's website


    Protecting Pages

    Share
    avatar
    Fred-Eric

    Number of posts : 63
    Registration date : 2007-05-13

    Protecting Pages

    Post  Fred-Eric on Sat Feb 21, 2009 8:11 pm

    Code:
    <?
    include("include/session.php");

    if($session->logged_in){
      echo "You are viewing the protected page";
    }
    else{
      echo "You are not allowed to view this page";
    }
    ?>

    empecc

    Number of posts : 12
    Registration date : 2009-02-24

    Re: Protecting Pages

    Post  empecc on Tue Feb 24, 2009 3:04 am

    Another option.


    Code:

    <?
    include("include/session.php");


    /*    I'm using a " ! " in front of the "$session" that means "NOT".
     */  So, if session is NOT logged in...
     
    if(!$session->logged_in){

    /* This line will send the "not" logged in users to another page.
     *  However,  I tried this on many locations inside my code, with errors.
     */ I believe you can never put this "header" code AFTER a "echo".

      header("Location: redirection_webpage_here.php"; 
      }
    else
      {
      echo "You are allowed to view this page if you are logged in";
      }
    ?>

    empecc

    Number of posts : 12
    Registration date : 2009-02-24

    Re: Protecting Pages

    Post  empecc on Tue Feb 24, 2009 3:25 am

    I also use the $session->IsAdmin
    Or when user has level 9 rights.
    You can change "$session->userlevel == 9" into "$session->isAdmin"

    For email adresses. So not everyone can see registered users email adresses.


    This code is for userinfo.php

    Code:

    /* $session->isAdmin tells the browser; IF you are logged in as admin.
     */ show this, "else" (otherwise"  show this


    if($session->isAdmin){

    // show this when you are logged in as Admin.
                         
    echo "<b>Username: ".$req_user_info['username']."</b><br>";
    echo "<b>Email:</b> ".$req_user_info['email']."<br>";
    echo "<b>Age:</b> ".$req_user_info['age']."<br>";
    echo "<b>Real name:</b> ".$req_user_info['realname']."<br>";
    echo "<b>Country:</b> ".$req_user_info['country']."<br>";
       }
    else

    // Show this when you are logged in as Admin, user, or just a guest.

       {
    echo "<b>Username: ".$req_user_info['username']."</b><br>";
    echo "<b>Age:</b> ".$req_user_info['age']."<br>";
    echo "<b>Real name:</b> ".$req_user_info['realname']."<br>";
    echo "<b>Country:</b> ".$req_user_info['country']."<br>";
       }
    avatar
    Linchpin311

    Number of posts : 220
    Age : 32
    Localisation : Long Island
    Registration date : 2007-05-14

    Re: Protecting Pages

    Post  Linchpin311 on Tue Feb 24, 2009 8:34 am

    I believe you can never put this "header" code AFTER a "echo"
    You are correct. the header function outputs HTML header information to the browser so this MUST be done before you do anything else.

    Actually i think you can get around this with output buffering, but if you are just looking to display a certain page depending on whether a user is logged in or not (or even by a users user level) after you have sent some HTML to the browser you may want to look into the include function.

    consider the following...
    Code:
    <?php include('session.php'); ?>
    <html><head>

    <title>My page.</title>

    </head><body>

    <div class="header">The Header</div>

    <?php

    if($session->IsAdmin){
        include('page for administrators only');
    }
    elseif($session->logged_in){
        include('page for regular users');
    }
    else{
        include('page for not logged in users');
    }

    ?>

    <div class="footer">The Footer</div>

    </body></html>

    Doing things this way allows you to use the same page for headers and footers and still have the content be user specific. If you are trying to put
    Code:
    header("Location: redirection_webpage_here.php");
    in the middle of your page and you get that "Headers Already Sent By:" error, you may want to try this alternative


    _________________
    in the end, the universe tends to unfold as it should...

    Also note that it is your responsibility to die() if necessary.
    avatar
    Admin
    Admin

    Number of posts : 18
    Registration date : 2007-05-12

    Re: Protecting Pages

    Post  Admin on Tue Feb 24, 2009 8:59 am

    I like what Linchpin have just write, it is true that you cannot send header ('Location: somepage.html'); after echo's are already sent.

    An other technique that I use is to create a variable $output then send the result at the end of each page like this

    Code:
    <?php


    $output = <<< eoe
    <html>
    <head>
    <title></title>
    </head>
    <body>
    eoe;

    //if user is logged_in
    if($session->logged_in){
    print <<< eoe
    <h1>You are logged in seeing page if looged in only</h1>
    eoe;
    }

    //Only admin
    else if($session->IsAdmin){
    print <<< eoe
    <h1>You are logged in as admin seeing by an admin only</h1>

    eoe;
    //this way you will be able to put header here inside your code
    header('Location: redirected_page_here.html');
    }

    //every body else
    else
    {
    print <<< eoe
    <h1>You must logged in to view this page</h1>

    eoe;
    }


    $output .= <<< eoe
    </body></html>
    eoe;


    //lastline of output here
    $print $output;
    ?>

    Sponsored content

    Re: Protecting Pages

    Post  Sponsored content


      Current date/time is Mon Nov 20, 2017 9:38 am