I'm working on implementing a basic php registration and login script from evolt.org http://www.evolt.org/article/PHP_Login_System_with_Admin_Features/17/60384/index.html. I have it up and running on my server, and it works fine. However, I'm a little uncertain how to protect a page from non-registered users. Once a user registers, they can access a certain page.
What I have in mind is simply allowing a user to register, and once registered, allowing that user access to another form where that information entered into that form is entered into the database under that users name. Like a contest where you have to be registered to play the contest, and once you are registered you can submit your answers.
I have the login authentication and registration working, but am stuck on how to do the above.
Here's the main.php script that a user is greeted with:
<? /** * Main.php * * This is an example of the main page of a website. Here * users will be able to login. However, like on most sites * the login form doesn't just have to be on the main page, * but re-appear on subsequent pages, depending on whether * the user has logged in or not. * * Written by: Jpmaster77 a.k.a. The Grandmaster of C++ (GMC) * Last Updated: August 26, 2004 */ include(\"include/session.php\"); ?>
<? /** * User has already logged in, so display relavent links, including * a link to the admin center if the user is an administrator. */ if($session->logged_in){ echo \"<h1>Logged In</h1>\"; echo \"Welcome <b>$session->username</b>, you are logged in. <br><br>\" .\"[<a href=\\"userinfo.php?user=$session->username\\">My Account</a>] \" .\"[<a href=\\"useredit.php\\">Edit Account</a>] \"; if($session->isAdmin()){ echo \"[<a href=\\"admin/admin.php\\">Admin Center</a>] \"; } echo \"[<a href=\\"process.php\\">Logout</a>]\"; } else{ ?>
<h1>Login</h1> <? /** * User not logged in, display the login form. * If user has already tried to login, but errors were * found, display the total number of errors. * If errors occurred, they will be displayed. */ if($form->num_errors > 0){ echo \"<font size=\\"2\\" color=\\"#ff0000\\">\".$form->num_errors.\" error(s) found</font>\"; } ?> <form action=\"process.php\" method=\"POST\"> <table align=\"left\" border=\"0\" cellspacing=\"0\" cellpadding=\"3\"> <tr><td>Username:</td><td><input type=\"text\" name=\"user\" maxlength=\"30\" value=\"<? echo $form->value(\"user\"); ?>\"></td><td><? echo $form->error(\"user\"); ?></td></tr> <tr><td>Password:</td><td><input type=\"password\" name=\"pass\" maxlength=\"30\" value=\"<? echo $form->value(\"pass\"); ?>\"></td><td><? echo $form->error(\"pass\"); ?></td></tr> <tr><td colspan=\"2\" align=\"left\"><input type=\"checkbox\" name=\"remember\" <? if($form->value(\"remember\") != \"\"){ echo \"checked\"; } ?>> <font size=\"2\">Remember me next time <input type=\"hidden\" name=\"sublogin\" value=\"1\"> <input type=\"submit\" value=\"Login\"></td></tr> <tr><td colspan=\"2\" align=\"left\"><br><font size=\"2\">[<a href=\"forgotpass.php\">Forgot Password?</a>]</font></td><td align=\"right\"></td></tr> <tr><td colspan=\"2\" align=\"left\"><br>Not registered? <a href=\"register.php\">Sign-Up!</a></td></tr> </table> </form>
<? }
/** * Just a little page footer, tells how many registered members * there are, how many users currently logged in and viewing site, * and how many guests viewing site. Active users are displayed, * with link to their user information. */ echo \"</td></tr><tr><td align=\\"center\\"><br><br>\"; echo \"<b>Member Total:</b> \".$database->getNumMembers().\"<br>\"; echo \"There are $database->num_active_users registered members and \"; echo \"$database->num_active_guests guests viewing the site.<br><br>\";
I'm working on implementing a basic php registration and login script from evolt.org http://www.evolt.org/article/PHP_Login_System_with_Admin_Features/17/60384/index.html. I have it up and running on my server, and it works fine. However, I'm a little uncertain how to protect a page from non-registered users. Once a user registers, they can access a certain page.
What I have in mind is simply allowing a user to register, and once registered, allowing that user access to another form where that information entered into that form is entered into the database under that users name. Like a contest where you have to be registered to play the contest, and once you are registered you can submit your answers.
I have the login authentication and registration working, but am stuck on how to do the above.
Here's the main.php script that a user is greeted with:
Any suggestions?