PHP for Beginners by a Beginner: Simple Login, Logout, and Session Handling - Moving It Around

(Page 4 of 5 )

Let’s begin by taking a look at our checkLogin.php page:

<?php

//start the session
session_start();

//check to make sure the session variable is registered
if(session_is_registered('username')){

//the session variable is registered, the user is allowed to see anything that follows

echo 'Welcome, you are still logged in.';

}
else{

//the session variable isn't registered, send them back to the login page
header( "Location: http://www.yourdomain.com/login.htm" );
}

?>

At the very top, we see the session_start() function. Not only is this used to begin a new session, it is also used to continue an already active one, which is what we’re doing here. Now we will check to make sure that username is registered as it should be for a user to access this page. If it isn’t, then the user isn’t properly logged in, and we want them redirected back to the login page.

Note: If a user has logged in and accessed this page, if we hadn’t included session_start() at the beginning, they would be redirected back to the login page. For any pages you want protected from someone who isn’t authorized, ‘session_start()’ and ‘if(session_is_registered()){…’ should be at the very top of your code. You can make this a little easier by putting it in a separate PHP page and ‘include’ it. Includes are outside the scope of this article, though, so we won’t be going into them here.

Once it is verified that the user is logged in (the session variable is registered), they will be able to continue on with whatever you want them to see from this point.

Wrapping It Up

When the user is done, we want them to log out, so let’s create our logout.php page:

<?php
//start the session
session_start();

//check to make sure the session variable is registered
if(session_is_registered('username')){

//session variable is registered, the user is ready to logout
session_unset();
session_destroy();
}
else{

//the session variable isn't registered, the user shouldn't even be on this page
header( "Location: http://www.yourdomain.com/login.htm" );
}
?>

Again, at the very top, we see session_start() and if(session_is_registered(){… Remember, in order for the user to be able to do anything during their session this needs to be in place, and even though the user is logging out, this still also protects the page from unauthorized access.

Because we’ve registered a session variable, we’re going to get rid of it by using the session_unset() function. This will remove the variable from the session. And to completely close the session, we will use the session_destroy() function. This destroys any data associated with the session.

Next: Conclusion >>
 

More PHP Articles
More By James Ruttan

Comments On: PHP for Beginners by a Beginner: Simple Login, Logout, and Session Handling

· Hi James,a very clear and well-described article, thankyou. I have looked at...    · It can be so hard to find a true "beginners" tutorial, but this explains it all very...    · Hello there,I've been trying to use your tutorial and first it seemed excellent....    · ok, I've checked these through and after reading it over and over again I found out...    · You have to use $_REQUEST['username'] and $_REQUEST['password'] at the top of the...    · very good and usefull article, but you could have included some reasons if your...    · I've seen too many retarded login tutorials today, and I have to say, yours is the...    · I am one of those coders who prefers to be able to doublecheck things for myself....    · Well spotted chaps... a little oversight by James, but nonetheless a very good...   >>> Post your comment now!