Black Friday sale is now on! 50% off Laravel: The Modular Way. Learn more

Simple Member Only Page

David Carr

Demos PHP & MySQL Tutorials

  • Putting in all together:
  • Here's a quick way to secure a page so only logged in users can access it otherwise the user is shown a login page.

    This system will be using sessions and using headers to redirect the user. Enable sessions and output buffering at the top of the file.

    Demo

    • Username: demo
    • Password: demopassword
    session_start();
    ob_start();

    To log a user out destroy the session and refresh the page.

    if(isset($_GET['logout'])){
        session_destroy();
        header('Location: '.$_SERVER['PHP_SELF']);
        exit;    
    }

    To show the page contents to logged in users a check is made against the session if authorised is set then show the contents.

    if(isset($_SESSION['authorised'])){

    Otherwise show a login form.

    <fieldset>
        <legend>Login</legend>
        <form action='' method='post'>
            <p>Username: <input type='text' name='username' value=''></p>
            <p>Username: <input type='password' name='password' value=''></p>
            <p><input type='submit' name='loginsubmit' value='Login'></p>
        </form>
    </fieldset>

    If the form has been submitted then capture the username and password from the form check against a defined username and password if they match create the session and refresh the page otherwise create an error message and save it to a variable called $error.

    if(isset($_POST['loginsubmit'])){
    
        $username = $_POST['username'];
        $password = $_POST['password'];
    
        if($username == 'demo' && $password == 'demopassword'){
            //correct username and password
            $_SESSION['authorised'] = true;
            header('Location: '.$_SERVER['PHP_SELF']);
            exit;
        } else {
            $error = '<p style="color:#ff0000;">Sorry wrong username or password</p><p>Please try again</p>';
        }
    }

    If the error has been created then show it.

    <?php if(isset($error)){ echo $error; }?>

    At the bottom of the file clear the buffer by calling ob_flush();

    Putting in all together:

    <?php
    session_start();
    ob_start();
    
    if(isset($_GET['logout'])){
        session_destroy();
        header('Location: '.$_SERVER['PHP_SELF']);
        exit;    
    }
    
    ?>
    
    <!doctype html>
    <html lang="en">
    <head>
      <meta charset="utf-8">
      <title>Member Only Page</title>
    
    </head>
    <body>
    
    <?php
    
    //already logged in
    if(isset($_SESSION['authorised'])){
    ?>
    
        <h1>Member Only Page<h1>
        <p>This page can only be seen when logged in.</p>
        <p><a href="?logout">Logout</a></p>
    
    
    <?php 
    } else { //user needs to login
    
        if(isset($_POST['loginsubmit'])){
    
            $username = $_POST['username'];
            $password = $_POST['password'];
    
            if($username == 'demo' && $password == 'demopassword'){
                //correct username and password
                $_SESSION['authorised'] = true;
                header('Location: '.$_SERVER['PHP_SELF']);
                exit;
            } else {
                $error = '<p style="color:#ff0000;">Sorry wrong username or password</p><p>Please try again</p>';
            }
        }
    
        ?>
    
        <div style='margin:auto; width:300px; margin-top:20px;'>
            
            <?php if(isset($error)){ echo $error; }?>
    
            <fieldset>
                <legend>Login</legend>
                <form action='' method='post'>
                    <p>Username: <input type='text' name='username' value=''></p>
                    <p>Username: <input type='password' name='password' value=''></p>
                    <p><input type='submit' name='loginsubmit' value='Login'></p>
                </form>
            </fieldset>
            
    
        </div>
    
    <?php } ?> 
    </body>
    </html>
    <?php ob_flush(); ?>

     

    Laravel Modules Book by David Carr

    Help support the blog so that I can continue creating new content!

    Subscribe to my newsletter

    Subscribe and get my books and product announcements.

    © 2009 - 2022 DC Blog. All code MIT license. All rights reserved.