CODEWITHSUNDEEP
phpsession
nanjero echizen
nanjero echizen

Reputation: 231

PHP- How can I restrict access to a page?

I have multiple pages that needs to be protected depending on the user privilege. I have a php to check the current session variable upon page load.

page being tested; the php code is placed above the !DOCTYPE. this code is suppose to check for unlogged in customers. if not logged in or no session variable set redirect to error page otherwise do nothing and load page normally

<?php
if (!isset($_SESSION["username"])){
    header("location: error.php");
}
?>

my session variables are only set after logging in, after logging in the user is redirected to the page referred to above:

if (mysqli_num_rows($results6) < 1) {  //$results6 is a query to check if the user exits in the users database
    $logInMsg = "invalid log in";
} else {
    session_start();
    $_SESSION["username"] = $uName;  //$uName is a user input user name
    header("location: pageabove.php");
}

the problem is that even after logging in I still get redirected to the error page

Upvotes: 1

Views: 11153

Answers (1)

Darren
Darren

Reputation: 13128

That would be because you haven't started the session yet. You need to specify a session start on each page that you intend to use sessions in (Read more about session_start()):

<?php
session_start(); // start session

// do check
if (!isset($_SESSION["username"])) {
    header("location: error.php");
    exit; // prevent further execution, should there be more code that follows
}

This is for everything. On your login page and all. Anywhere you want to harness the sessions, you need to start it, otherwise it's "lost in the wind".

Upvotes: 8

Related Questions