You will need to give session_start () on all protected pages, with a fragment of the type:
<?php
session_start();
if(!isset($_SESSION["autenticado"]))
{
header("Location: login.html")
}
?>
If the $_SESSION["autenticado"]
variable does not exist in the session, it redirects to the login page that has a login form. The action of this form checks the validity of the login data and if the login is successful,
you should create this variable $_SESSION["autenticado"]
and redirect it to the protected page.
Example of login with PHP using session
index.php
<?php
session_start();
if(!isset($_SESSION["autenticado"]))
{
header("Location: login.html");
}
else
{
header("Location: protegida1.php");
}
This is the home page. It checks to see if the user is already logged in. If it is sent to the internal page of the system, if not, send the user to the login form.
login.html
<h2>Por favor, efetue o login para acessar o sistema</h2>
<form action="processa_login.php" method="post">
Login: <input type="text" name="login"><br>
Senha: <input type="password" name="senha">
<input type="submit" value="Logar">
</form>
login.html is a form that sends the login data to be verified by the processa_login.php script. Note that the form has the method post and the following script will use $ _POST to check the submitted data. Use test and password 12345 to test.
processa_login.php
<?php
if(!isset($_POST["login"]) || !isset($_POST["senha"]))
{
header("Location: login.html");
}
if($_POST["login"]=="teste" && $_POST["senha"]=="12345")
{
session_start();
$_SESSION["autenticado"] = true;
header("Location: protegida1.php");
}
else
{
header("Location: login.html");
}
First of all, check if login variables have been sent. It is then checked whether the login pair and password indicate a valid login. If it is a valid login, log in, create the $ _SESSION ["authenticated"] variable and send it to the protected1.php page, otherwise return to the login form.
protected1.php
<?php
session_start();
if(!isset($_SESSION["autenticado"]))
{
header("Location: login.html");
}
?>
<h2> Página protegida 1</h2>
<p>Lorem ipsum dolor sit amet.</p>
<a href="protegida2.php">Ir para a página protegida 2</a>
<br><br>
<a href="deslogar.php">Sair do sistema(logoff)</a>
This is the first page on the system after login. If a user attempts to access this page directly without first logging in correctly, they will be redirected to the login form.
protected2.php
<?php
session_start();
if(!isset($_SESSION["autenticado"]))
{
header("Location: login.html");
}
?>
<h2> Página protegida 2</h2>
<p>Lalala lerolero lolololol.</p>
<a href="protegida1.php">Voltar para a página protegida 1</a>
<br><br>
<a href="deslogar.php">Sair do sistema(logoff)</a>
protected2.php is another page protected only to show that the login remains.
deslogar.php
<?php
// Limpa a sessão
session_unset();
session_destroy();
session_write_close();
setcookie(session_name(),'',0,'/');
session_regenerate_id(true);
header("Location: login.html");
This session cleanup code is really cake recipe to kill the user session.
If this answer helped you, mark it as you accept and give +1 to give me reputation points.
Any questions we are talking about here in the comments below.
A big hug.