espfutbol98
New Member
- Messages
- 200
- Reaction score
- 2
- Points
- 0
This tutorial will show how to protect a page by redirecting to a login page with a return url and if logging out, will show the username that you logged in with. The return url function is standard in ASP.Net but it took me a while to find it in php. This tutorial will not actually show the logging, just redirection and echoing the name in the login page.
1. First on the protected page, include a securing script. An example is:
2. In the login.php page, you add something like this:
3. On any link to logout.php:
4. On logout.php:
5. Go back to login.php and insert this php code in the value of the unsename <input>. It should look somthing like this:
If there are any questions, please ask me. I don't really know how well I explained it. Also, if there are any suggestions or mistakes, please inform me. I had a really huge script and just taking this little part out is a little difficult. What is shown above has not been tested alone but does work properly in my site.
Enjoy.
1. First on the protected page, include a securing script. An example is:
PHP:
<?php
session_start();
if ((isset($_SESSION['uname']) &&
$_SESSION['uname'] != "") ||
(isset($_SESSION['upass']) &&
$_SESSION['upass'] != "")) {
//If there is a username and a password that is not null, do nothing.
} else {
$redirect = base64_encode($_SERVER['PHP_SELF']); //encodes the location of the page
header("Location: login.php?redirect=$redirect");
die();
}
$redirect = base64_encode($_SERVER['PHP_SELF']);
$name = base64_encode($_SESSION['uname']); //used later in logging out
?>2. In the login.php page, you add something like this:
PHP:
<?php
if (isset($_GET['redirect'])) {
$redirect = $_GET['redirect'];
} else {
$redirect = base64_encode("index.php"); //If there is no redirect, set it to the homepage
}
//Your login script
//If login true:
header ("Location: ". base64_decode($_POST['redirect'] ." "));
?>
PHP:
<?php
//make sure a securing script like in step 1 is included
echo "logout.php?redirect='. $redirect .'&name='. $name .'";
?>
PHP:
<?php
session_start();
unset($_SESSION['uname']);
unset($_SESSION['upass']);
//Gets rid of sessions
if (isset($_GET['redirect'])) {
$redirect = $_GET['redirect'];
} else {
$redirect = base64_encode("index.php");
}
//If logout.php does not have a "redirect=" in the url, it makes one with the location to index.php.
if (isset($_GET['name'])) {
$name = $_GET['name'];
} else {
$name = base64_encode("");
}
//$name is the username in the session that will be echoed in the login form
header("Location: login?redirect=$redirect&name=$name");
?>
PHP:
Username: <input type="text" value="<?php
if (isset($_GET['name'])) {
$name = base64_decode($_GET['name']); //this decodes the "name" from the url
echo "$name";
}
else { echo ""; //if it's not set, don't echo anything
} ?>
" />Enjoy.