Block pages using login and session

Question

Block pages using login and session

Navigation

#1 by (2 votes)
#2 by (1 votes)
#3 by (1 votes)
#4 by (0 votes)

0

I'm developing a site that has an administrative panel. This panel has a login, my problem is that I can enter inside the panel through the link, or is not sure, anyone is able to enter if you know the name of the files. Example:

http://localhost/om/admin/Painel.php

I do not have any code, I just have a file called _config.php that is being called in all the panel files.

php

asked by anonymous 04.09.2014 / 13:05

4 answers

syntax error, unexpected ',', expecting ')' - Rails 4 SQL SELECT return

score 2 · Answer 1

This problem is very common and it is up to you to define who can access the page or not. The @Carlos example illustrates how to solve the problem.

The logic behind this is: All users have access to all pages of your application, so you should set a level of access to each page. In this example above the suggested was to test whether the user has previously logged in and allowed access. If you have not logged in, it gives you an error message. Many web-sites redirect the user to the login screen again if the user does not have permission.

I recommend reading the php header function. With this function you can redirect the user to another page.

Important notes:

Remember that when using session you should always call the session_start () before working with the super global variable $ _SESSION;

When you use the header function to redirect a user you must be careful not to send any output to the browser, be it a space, an enter, or any HTML tag.

score 1 · Answer 2

I have taken the liberty of creating this class start that meets the requirements.

In this way, in the future, all the logic required for your project will be added by adding a method to the class.

It's a start ....

class Auth {

    public static function handleLogin(){
        session_start();
        if (!isset($_SESSION['user_logged_in'])) {

            header('location: ' . URL);
            exit();
        }
    }
}

At the beginning of each page, just put ...

Auth::handleLogin

In order to work you have to start URL variable for example ...

define('URL', 'http://localhost/');

And once the credentials are validated you should:

$_SESSION['user_logged_in']=true;

score 1 · Answer 3

In the file that checks user information, store the user ID in a session.

<?php
session_start(); // Inicia a sessão

// Pega os dados do usuário
$stmt = $con->prepare("SELECT usuarioId FROM usuarios WHERE login = ? AND senha = ?");
$stmt->bind_param('ss', $login, $senha);
$stmt->execute()
$res = $stmt->get_result();

// Verifica se encontrou o usuário
if ($res->num_rows){
    $row = $res->fetch_array(MYSQLI_ASSOC);
    $_SESSION['user'] = $row['usuarioId']; // Marca a global para verificar se o usuário está logado.
    header('Location: http://localhost/sitema/inicio.php'); // Página do sistema
    exit; // Encerra a execução do script
} else {
   // Se não encontrou o usuário, manda de volta para o form de login
   header('Location: http://localhost/sitema/login.php'); // Página do sistema
   exit; // Encerra a execução do script
}

Create the file: restrito.php

<?php
session_start();
// Se o usuário não está logado, manda para página de login.
if (!isset($_SESSION['user'])) header("Location: http://localhost/sistema/login.php");
exit; // Encerra a execução do script

Include the file at the beginning of all the pages you want to block for those who are not logged in.

Warning : The restrito.php file should be the first expression on your page, before anything else. Example:

<?php require_once('caminho/para/restrito.php');?><DOCTYPE html>...

You can not even have a blank%% (space) before.

score 0 · Answer 4

When you log in, you play the information in a session, then on all the pages, it checks whether the session exists before displaying the page otherwise it redirects to the login.

Note: If it is not clear, let me know which add-on.