1

I have created a member login page and now I am working on a restricted 'Member's Only Section'. I am fairly new to mySQL and I am also practically trying to teach myself. My question is related to authorizing someone who has just logged in, to allow them to go to that restricted section. Vice versa, if they are not logged in, they should not be able to access it or find an error. Below is the code that I have from my login page and also the code for the restricted section... 

echo "Welcome."; //Successful 
echo "<br>";
echo "<a href='thankspage.html'> Click here </a> to continue to the Member Page."; // creates a link to go to.
$sql = " INSERT INTO Login (loginName,loginTime) 
VALUES ('$username', NOW() ) "; // creates the login time.
$result = $mysqli->query($sql) or die ($mysqli->error); // shoots an error if i did something wrong.
$_SESSION[‘logname’] = $userlogin;
$_SESSION[‘auth’]=”yes”;

Below is the code for the information section:

if ($_SESSION[‘auth’] != “yes”)
{
    header("Location: membership.php");
    exit();
}

$mysqli = new mysqli(HOST, USER, PASSWORD, DATABASE)
or die("Failed to connect");
$sql = "SELECT firstName,lastName FROM Member 
WHERE loginName=’{$_SESSION['logname']}’ ";
$result = $mysqli->query($sql) or die($mysqli->error);

My main issue is that I can access this page whether I am logged in or not... is the variable $_SESSION['auth'] not a global variable?

Improve this question
8
  • 1
    Do you have session_start() at the beginning of both scripts? Commented Nov 4, 2013 at 17:22
  • It looks like you're using "smart quotes" in your scripts. I don't think PHP allows that, you have to use ASCII single quotes. Commented Nov 4, 2013 at 17:24
  • Yes, I do. I placed it above my variables for $mysqli = new mysqli(HOST, USER, PASSWORD, DATABASE), so I did not want to add that in my code. But it is there. Commented Nov 4, 2013 at 17:24
  • What does var_dump($_SESSION) show when someone goes to the second page when not logged in? Commented Nov 4, 2013 at 17:27
  • How is $username generated, may be better to prepared statements. Commented Nov 4, 2013 at 17:30

1 Answer 1

Reset to default
1

you are using smart quotes, the result will be unexpected, and not 'yes' :

Following example:

session_start(); 
$_SESSION[‘auth’]=”yes”;    
echo "var=".$_SESSION[‘auth’];

prints var=â€yesâ€

Replace the single and double smart quotes with dump quotes

$_SESSION['logname'] = $userlogin;
$_SESSION['auth']="yes";

and also when you check:

if ($_SESSION['auth'] != "yes")
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

So, just change $_SESSION[‘auth’]=”yes”; to $_SESSION[‘auth’]='yes';
you have to be more specific than that. add echos to see the variable values

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.