Home/ Questions/Q 6390995
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-25T03:37:03+00:00

Couple questions here: My end goal is to password protect the file logged_in.php. Note:

  • 0

Couple questions here: My end goal is to password protect the file logged_in.php.

Note: I’m only a beginner/intermediate programmer so i would like clear explanations, please.

First off, i have set a username and password within a database table.

  1. I have two pages: login.php and logged_in.php(names are just for example purposes). How do i “require” a user to first go through login.php(the log in process) in order to gain access to logged_in.php(if the entered username/password are correct)?

  2. Is this the best way to password protect a page?

What i’ve tried:

Login.php:

<?php
            $db_host="host";
            $db_user="user";
            $db_pass="pass";
            $db_name="name";
            $db_table="table";
            $user = mysql_real_escape_string(strip_tags($_POST['user']));
            $pass = mysql_real_escape_string(strip_tags($_POST['pass']));

            mysql_connect($db_host, $db_user, $db_pass) or die(mysql_error());
            mysql_select_db($db_name) or die(mysql_error());

            if(isset($user) && isset($pass))
            {
                $sql = "SELECT * FROM $db_table WHERE username='$user' AND password='$pass'";
                $result = mysql_query($sql);
                $count = mysql_num_rows($result);
                if($count == 1)
                {
                    header("location:logged_in.php");
                }
                else
                    header("location:bad_login.html");
            }
        ?>

  • The problem with my code at the moment is that, someone can directly type in the URL of logged_in.php and access the page without being “required” to go through login.php first(i’m sure this is obvious to everyone..).

  • I put require(login.php); at the top of logged_in.php; however, that didn’t work out.

  • I’ve checked google for some good tutorials on this topic, unfortunately i couldn’t find any that had clear explanations.

  • I also saw a few other questions regarding this topic on stackoverflow, but they didn’t really help me out.

I’m also interested in being able to pass-protect my page using the method phpMyAdmin uses(when you type in the URL and press enter it drops down a menu from the top of the browser asking for a username/password). I don’t know how that works. If someone can tell me how that works i’m willing to completely disregard the method i’m attempting to use at the moment(if the phpMyAdmin method is secure enough and is fairly easy to implement).

Thanks in advance!

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Use $_SESSION variable:

    <?php

            session_start();

            $db_host="host";
            $db_user="user";
            $db_pass="pass";
            $db_name="name";
            $db_table="table";

            mysql_connect($db_host, $db_user, $db_pass) or die(mysql_error());
            mysql_select_db($db_name) or die(mysql_error());

            $user = mysql_real_escape_string(strip_tags($_POST['user']));
            $pass = mysql_real_escape_string(strip_tags($_POST['pass']));

            if(isset($user) && isset($pass))
            {
                $sql = "SELECT * FROM $db_table WHERE username='$user' AND password='$pass'";
                $result = mysql_query($sql);
                $count = mysql_num_rows($result);
                if($count == 1)
                {
                    $_SESSION['username'] = $user;
                    header("location:logged_in.php");
                    exit();
                }
                else
                    header("location:bad_login.html");
                    exit();
            }
        ?>

    logged_in.php:

    <?php

session_start();

// check if $_SESSION was setting before
if (!isset($_SESSION['username']))
{
    header("Location: login.php?e=access_denied");
    exit();
}
?>

    The phpMyAdmin login is different because use the MySQL username and password to login, so phpMyAdmin does not need to create a database and table to login like your code

    Also you need the logout:

    logout.php

    <?php

session_start(); // <-- Oops!!

// unset all $_SESSION variables
session_unset();
session_destroy();
header("Location: logged_in.php?m=logout_success");
exit;

?>
    • 0