PHP - securing pages.

+1 Jad Samadi · October 26, 2014
So hey there guys thanks for your support in previous problems.
So thanks to you and buckys tutorials (i do need to thank him for the free education) i was able to make a website where now any one can register and his info would be saved in the database so he could log in again and then be greeted and given the chance logout .
But of course what is the use of a login system if any one can do any thing on the site ? so i was wondering if any one can help me to build a function to protect pages or content so that guests for example are forbidden from seeing these pages content and only logged in users could see them.
Thanks for any help .
PS : if you need me to provide any kind of codes or so please tell me by a reply.

Post a Reply


Oldest  Newest  Rating
0 Godspower Onedo · October 27, 2014
You wana protect the whole page or some content?
0 Jad Samadi · October 29, 2014
i pretty much want to protect content from other users or to say pretty much i want to protect the content of the page . When a guest try for example to open   a page an error appears : You are forbidden from seeing this page's content ... etc ....
Thanks for the reply :)
+1 Ron Butcher · October 30, 2014
Here is a really good tutorial on creating a secure login page:

In a nutshell, when your user logs in and passes the username and password test, you set a couple of session variables.

$_SESSION['valid'] = 1;
$_SESSION['username'] = $username; // this variable holds the logged in users name

Really in this example only the 'valid' variable is necessary, but I use the 'username' variable to give a custom feel (i.e. "Hello $username" at the top of page).

The following function would normally be put in an include file that holds functions that are common to all pages (it would be included in every page you build), it can also be manually inserted at the top of every page.

//  Function will check if user is logged in
function isLoggedIn()
// This will see if both the 'valid' variable is set, and if it is true (1 = true)
if(isset($_SESSION['valid']) && $_SESSION['valid'])
return true;
return false;

For every page that only logged in users should see put in the following code at the top of the page:

//  Checks the isLoggedIn function, if a false is returned, do the following
// Redirects user to login page - or a forbidden page if that is what you want.
header('Location: /login.php');

// Rest of php code. If a true is returned from the isLoggedIn function, the rest of the code will display.
0 Jad Samadi · October 30, 2014
Alright thanks for you help after iv red the article i made the function and it worked ! Thanks a lot :)
  • 1



Server-side, HTML embedded scripting language used to create dynamic Web pages.