I'm trying to create a simple members only section. With the following code, I'm able to log in and get redirected to a page (that simply says: "hello") if the login is correct. If I then copy the URL from the page to which I was redirected, open up IE, and then paste the copied URL into the browser window, I'm told to log in. I would like to add a full web page of HTML (so that I can take advantage of CSS functionality and because I'm not that adept at PHP) to the redirected page, keeping it as a .php file, of course. Can someone help?
The current code is:
EXAMPLE_SESSION_FUNCTIONS.php
<?php
ini_set( 'session.name', 's' );
/* the URL to the login page*/
define( 'URL_LOGIN_PAGE', 'EXAMPLE_LOGIN.php' );
// start the session...
session_start();
/* check for valid user */
if( !defined('LOGGING_IN') )
{
verify_if_valid_user();
}
function match_user_in_db( $user, $pass )
{
$host="localhost"; // Host name
$username="a"; // Mysql username
$password="b"; // Mysql password
$db_name="c"; // Database name
$tbl_name="d"; // Table name
// Connect to server and select databse.
$conn = mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// Define $myusername and $mypassword
$myusername=$_POST['username'];
$mypassword=$_POST['password'];
// To protect MySQL injection
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT username FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);
if( mysql_num_rows($result)==1 )
{
$_SESSION['valid_user'] = mysql_result( $result, 0, 0 );
Echo "<a href=http://www.myURL.com/EXAMPLE_TEST_PAGE.php</a>" ;
}
else
{
Echo "Invalid login";
Echo "<a href=http://www.myURL.com/EXAMPLE_LOGIN.php>Login again!</a>" ;
}
}
function process_login()
{
$username = mysql_escape_string( trim($_POST['username']) );
$password = ($_POST['password']);
match_user_in_db( $username, $password );
}
function process_logout()
{
/* used ONLY in the LOGOUT page. */
session_destroy();
unset( $_SESSION );
Echo "You are logged out.";
}
function verify_if_valid_user()
{
if( !isset($_SESSION['valid_user']) )
{
// user not logged in yet!
// re-direct them to the login page
Echo "You are not logged in.";
Echo "<a href=http://www.myURL.com/EXAMPLE_LOGIN.php>Login now!</a>" ;
}
}
?>
EXAMPLE_LOGOUT.php
<?php
// FILENAME: EXAMPLE_LOGOUT.PHP
// ---------------------------------------
include_once( 'EXAMPLE_SESSION_FUNCTIONS.php' );
process_logout();
?>
EXAMPLE_LOGIN.php
<?php
if( isset($_POST['user_login']) )
{
define( 'LOGGING_IN', true );
// include the 'session functions' file
include_once( 'EXAMPLE_SESSION_FUNCTIONS.php' );
process_login();
}
else
{
?>
<html>
<head>
<title>Login Page</title>
</head>
<body>
<h1>Login Here</h1>
<form name="loginform" id="loginform" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<p>
<input name="username" type="text" id="username" size="30" maxlength="30" />
Username</p>
<p>
<input name="password" type="password" id="password" size="30" maxlength="30" />
Password</p>
<p>
<input type="submit" name="user_login" value="Submit" />
</p>
</form>
</body>
</html>
<?php
}
?>
EXAMPLE_TEST_PAGE.php
THIS IS WHERE I WANT TO ADD A FULL HTML PAGE, REPLACING THE "echo "Hello";" with a full page of HTML code so that the only way to access that HTML page is to log in.
<?php
include_once( 'EXAMPLE_SESSION_FUNCTIONS.php' );
?>
<html>
<head>
<title>TEST PAGE</title>
</head>
<body>
<?php
if ($_SESSION['valid_user'])
{
echo "Hello";//WANT TO REPLACE WITH A FULL HTML PAGE TO ACHIEVE RESULTS SPECIFIED ABOVE
}
session_destroy();
?>
</body>
</html>