7/19/15

Login Password Protected Page using Sessions | PHP

This Tutorial will teach you to control and protect the access of any web page using PHP Sessions. We basically store some reference or item in the web browser and it is used every time when the user navigates from one web page to other web page , both pages of the same website. So for the first time the user has to go through login and later the user have to login only if browser content is cleared or the user's session expires.

Login Password Protected Page using PHP Sessions


Agenda : 

  1. Set Session Global Variable in your PHP Login Page .
  2. Create checkSession() Function to Validate user is already logged in or not.
  3. PHP Script that is added to every Web Page that you want to Protect from unauthorized Access

Set Session Global Variable in your PHP Login Page .

Just go to your Login Page . Add session_start(); function before all of the other Codes . 

Login Password Protected Page using PHP Sessions

 Next we store item like username or email etc in the Global Session variable .

If your using MySQL Database or any Similar Database to check the Login credentials. Write a query to get username or email or any other item that you want to store in your Session.

For example : If I Want to Store Username in the Session Variable ,please see the below Code.

 $query_session = "SELECT username FROM Table_Name WHERE (email='".$email."' AND password='".$password."')";
 $result = mysql_query($query_session);
 $result_session = mysql_fetch_array($result);
 //Assign the result of this query to SESSION Global Variable named username
 $_SESSION['username']=$result_session['username'];


Session Global Variable $_SESSION['username'] or $_SESSION['email'] is used to Store with Database retrieved Data .

Now save your Login Page as .php file .Any other format will not work or render properly . Don't Worry if it is in .html format or any other format ,the (PHP) Server will render html format or any other format as-well .

Create checkSession() Function to Validate user is already logged-in or not 

<?php
// This is a Generic Session Function to check Session username or Email or variable
function checkSession()
{
if(!isset($_SESSION)){ session_start(); }

         $username=$_SESSION['username'];
         
         if(empty($username))
         {
            return true;
         }
         return false;
}
?>

Save the Above Code as Session.php . If  $_SESSION['username'] or $_SESSION['email'] or any other reference or item that you've store in the step 1 is empty  then return true or else return false.

PHP Script that is added to every Web Page that you want to Protect from unauthorized Access


<?PHP
require_once("session.php");
if(checkSession())
{
    header("Location: http://your_Login-in_page.php");
    exit;
}
?>

Above Code must be added to first Line of any Web Page that you want to protect it from unauthorized access. The checkSession() will return true if $_SESSION['username']; is empty which means the user is not logged-in ,So send that user to Log-in Page . If checkSession() functions returns false then the user is logged-in which means $_SESSION['username']; Global Session Variable is not empty . Please See the Image below .

Login Password Protected Page using PHP Sessions

Please note :Save your file as .PHP format.

All done .Now any Web Page which has checkSession() PHP script installed is protected from unauthorized access .

Updated :

Disclaimer: Storing username & password directly as plain-text is not good practice and may lead to security threats , so MD5 (encrypt) them then store it .
This is just a plain simple concept of using sessions with PHP .


Also Read :  How to Extract the IP Address of the Visitor (Client)

3 comments:

  1. A great and important piece of information imparted by you. I am sure that this might be beneficial for numerous seekers either newbies or experienced. Thank you for the share. Keep blogging.
    Website Design Agency | Website design company

    ReplyDelete
  2. This comment has been removed by a blog administrator.

    ReplyDelete