Re: User Authentication and password protection of several files

Troy Handle wrote:
On Mon, 13 Apr 2009 20:09:45 -0400, Jerry Stuckle
<jstucklex@xxxxxxxxxxxxx> wrote:

Troy Handle wrote:
Hopefully someone can assist me putting this all together. I am
fairly new to PHP/MySQL but am reading all I can on this subject, so
please bear with me.

1. Login.php
I need a login page where user inputs a password and an email address.
The password is given to the user beforehand and is also stored in the
database. Call this: login.php

2. mainpage.php
Once user logs in with valid password, mainpage.php opens with a bunch
of links to click on.

3. video1.php
User clicks on one of the l inks in mainpage.php and watches a video
on video1.php. User clicks on 'back' button at end of video1.php page
and gets directed back to mainpage.php to pick another link. (there
are about 10 links and video1., video2, video3.php etc pages )

All pages in this setup a) need to be protected, incl. the 10 separate
video pages and when user gets access to the mainpage.php, he/she can
watch as many times and browse around this setup without having to
re-enter password. Also... password is stored in the data base and
will be verified against that.

I haven't been able to do that. I can get the password installed,
create the submit form, and all that works but... after user watches
the first video and gets 'back' to mainpage.php, it asks again for
password.

What is the best method to go about this? I would really appreciate
some assistance.

Some coding please and a short explanation so I can learn this better.

Thank you as always
T.C..


When the user logs in, set a value in the $_SESSION array. Check this value on every page where it needs to be checked. When the user logs out, clear the variable.

Thank you for your response Jerry. Let's assume the password is
"videos". What I need is once that password is input correctly, the
mainpage.php opens up and then all pages linked there can be viewed.
Now.. all pages incl. all sub-video pages (minus the login page
probably) need to be protected, so they can't be accessed outside of
this setup. Any time I go 'back' to the mainpage.php, it asks for
password again... Can yuo shed some further light onto this?

thanks much
T.C.



Just like I said above. When the person logs in (it doesn't matter what the password is), set a value in the $_SESSION array - i.e.

$_SESSION['logged_in'] = 1;

At the beginning of each page, check to see if this value is set (you do need to call session_start() before testing and before ANY output to the client), i.e. if ($_SESSION['logged_in'] == 1) ...

If the test passes, continue processing. If not, send them back to the main page.

On the main page, display the login prompt only if this value is not set.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@xxxxxxxxxxxxx
==================
.