Don't need to login - Printable Version +- Support Forums (https://www.supportforums.net) +-- Forum: Categories (https://www.supportforums.net/forumdisplay.php?fid=87) +--- Forum: Coding Support Forums (https://www.supportforums.net/forumdisplay.php?fid=18) +---- Forum: PHP The Hypertext Preprocessor (https://www.supportforums.net/forumdisplay.php?fid=21) +---- Thread: Don't need to login (/showthread.php?tid=24739) |
Don't need to login - Strafeness - 01-21-2012 Hello, I just made a login system. But I want to give users the ability to view pages that is for admin only. I tried a cookie, but I got this error: PHP Code: Warning: Cookie names cannot contain any of the following '=,; \t\r\n\013\014' in /home/crystal/public_html/hwid/admin.php on line 17 Does anyone has a better method ? I was thought session is a good way. Should I use $_SESSION ? RE: Don't need to login - AceInfinity - 01-21-2012 For viewing pages that have admin functions, just make it so that it parses the Admin functions onto the page if their session matches that of the Admin credentials. I've provided an example of a fully functional $_SESSION Admin page here: http://tech.reboot.pro/showthread.php?tid=1056&highlight=PHP+login The MySql inserts are a bit sloppy, but that's not the part you're going to be looking at. Look at where I use the $_SESSION variable to define admin pages. RE: Don't need to login - Strafeness - 01-21-2012 Hello, I wrote this, can you please tell me what I did wrong ? PHP Code: if ($admin == '1'){ RE: Don't need to login - AceInfinity - 01-21-2012 Right here: PHP Code: $_SESSION['username'] = $username; Then you go and use the Session variable itself without username for some reason, but you don't check it's input directly. PHP Code: if (isset($_SESSION['username'])) Not good... RE: Don't need to login - Strafeness - 01-21-2012 (01-21-2012, 08:06 AM)AceInfinity Wrote: Right here:My bad, I forgot to copy the $username PHP Code: $username = htmlspecialchars($_POST['username'], ENT_QUOTES); Of course I also made a textbox with the name 'username' Never mind, fixed it with this: if (isset($_SESSION['username']) == $username) RE: Don't need to login - AceInfinity - 01-21-2012 That's still not very good to do. Review my expample one more time, you'll see Gaijin i'm sure would tell you what's wrong as well. |