Home arrow PHP arrow Page 4 - PHP for Beginners by a Beginner: Simple Login, Logout, and Session Handling
PHP

PHP for Beginners by a Beginner: Simple Login, Logout, and Session Handling


In this article, James presents a very simple way to add login/logout security in PHP using session handling.

Author Info:
By: James Ruttan
Rating: 4 stars4 stars4 stars4 stars4 stars / 478
February 09, 2003
TABLE OF CONTENTS:
  1. · PHP for Beginners by a Beginner: Simple Login, Logout, and Session Handling
  2. · Building It Up
  3. · Breaking It Down
  4. · Moving It Around
  5. · Conclusion

print this article
SEARCH DEVARTICLES

PHP for Beginners by a Beginner: Simple Login, Logout, and Session Handling - Moving It Around
(Page 4 of 5 )

Let’s begin by taking a look at our checkLogin.php page:

<?php

//start the session
session_start();

//check to make sure the session variable is registered
if(session_is_registered('username')){

//the session variable is registered, the user is allowed to see anything that follows

echo 'Welcome, you are still logged in.';

}
else{

//the session variable isn't registered, send them back to the login page
header( "Location: http://www.yourdomain.com/login.htm" );
}

?>


At the very top, we see the session_start() function. Not only is this used to begin a new session, it is also used to continue an already active one, which is what we’re doing here. Now we will check to make sure that username is registered as it should be for a user to access this page. If it isn’t, then the user isn’t properly logged in, and we want them redirected back to the login page.

Note: If a user has logged in and accessed this page, if we hadn’t included session_start() at the beginning, they would be redirected back to the login page. For any pages you want protected from someone who isn’t authorized, ‘session_start()’ and ‘if(session_is_registered()){…’ should be at the very top of your code. You can make this a little easier by putting it in a separate PHP page and ‘include’ it. Includes are outside the scope of this article, though, so we won’t be going into them here.

Once it is verified that the user is logged in (the session variable is registered), they will be able to continue on with whatever you want them to see from this point.

Wrapping It Up

When the user is done, we want them to log out, so let’s create our logout.php page:

<?php
//start the session
session_start();

//check to make sure the session variable is registered
if(session_is_registered('username')){

//session variable is registered, the user is ready to logout
session_unset();
session_destroy();
}
else{

//the session variable isn't registered, the user shouldn't even be on this page
header( "Location: http://www.yourdomain.com/login.htm" );
}
?>


Again, at the very top, we see session_start() and if(session_is_registered(){… Remember, in order for the user to be able to do anything during their session this needs to be in place, and even though the user is logging out, this still also protects the page from unauthorized access.

Because we’ve registered a session variable, we’re going to get rid of it by using the session_unset() function. This will remove the variable from the session. And to completely close the session, we will use the session_destroy() function. This destroys any data associated with the session.
blog comments powered by Disqus
PHP ARTICLES

- Removing Singletons in PHP
- Singletons in PHP
- Implement Facebook Javascript SDK with PHP
- Making Usage Statistics in PHP
- Installing PHP under Windows: Further Config...
- File Version Management in PHP
- Statistical View of Data in a Clustered Bar ...
- Creating a Multi-File Upload Script in PHP
- Executing Microsoft SQL Server Stored Proced...
- Code 10x More Efficiently Using Data Access ...
- A Few Tips for Speeding Up PHP Code
- The Modular Web Page
- Quick E-Commerce with PHP and PayPal
- Regression Testing With JMeter
- Building an Iterator with PHP

Watch our Tech Videos 
Dev Articles Forums 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us 
Weekly Newsletter
 
Developer Updates  
Free Website Content 
Contact Us 
Site Map 
Privacy Policy 
Support 

Developer Shed Affiliates

 




© 2003-2017 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap
Popular Web Development Topics
All Web Development Tutorials