Here's a quick way to secure a page so only logged in users can access it otherwise the user is shown a login page.
This system will be using sessions and using headers to redirect the user. Enable sessions and output buffering at the top of the file.
session_start();
ob_start();
To log a user out destroy the session and refresh the page.
if(isset($_GET['logout'])){
session_destroy();
header('Location: '.$_SERVER['PHP_SELF']);
exit;
}
To show the page contents to logged in users a check is made against the session if authorised is set then show the contents.
if(isset($_SESSION['authorised'])){
Otherwise show a login form.
<fieldset>
<legend>Login</legend>
<form action='' method='post'>
<p>Username: <input type='text' name='username' value=''></p>
<p>Username: <input type='password' name='password' value=''></p>
<p><input type='submit' name='loginsubmit' value='Login'></p>
</form>
</fieldset>
If the form has been submitted then capture the username and password from the form check against a defined username and password if they match create the session and refresh the page otherwise create an error message and save it to a variable called $error.
if(isset($_POST['loginsubmit'])){
$username = $_POST['username'];
$password = $_POST['password'];
if($username == 'demo' && $password == 'demopassword'){
//correct username and password
$_SESSION['authorised'] = true;
header('Location: '.$_SERVER['PHP_SELF']);
exit;
} else {
$error = '<p style="color:#ff0000;">Sorry wrong username or password</p><p>Please try again</p>';
}
}
If the error has been created then show it.
<?php if(isset($error)){ echo $error; }?>
At the bottom of the file clear the buffer by calling ob_flush();
<?php
session_start();
ob_start();
if(isset($_GET['logout'])){
session_destroy();
header('Location: '.$_SERVER['PHP_SELF']);
exit;
}
?>
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Member Only Page</title>
</head>
<body>
<?php
//already logged in
if(isset($_SESSION['authorised'])){
?>
<h1>Member Only Page<h1>
<p>This page can only be seen when logged in.</p>
<p><a href="?logout">Logout</a></p>
<?php
} else { //user needs to login
if(isset($_POST['loginsubmit'])){
$username = $_POST['username'];
$password = $_POST['password'];
if($username == 'demo' && $password == 'demopassword'){
//correct username and password
$_SESSION['authorised'] = true;
header('Location: '.$_SERVER['PHP_SELF']);
exit;
} else {
$error = '<p style="color:#ff0000;">Sorry wrong username or password</p><p>Please try again</p>';
}
}
?>
<div style='margin:auto; width:300px; margin-top:20px;'>
<?php if(isset($error)){ echo $error; }?>
<fieldset>
<legend>Login</legend>
<form action='' method='post'>
<p>Username: <input type='text' name='username' value=''></p>
<p>Username: <input type='password' name='password' value=''></p>
<p><input type='submit' name='loginsubmit' value='Login'></p>
</form>
</fieldset>
</div>
<?php } ?>
</body>
</html>
<?php ob_flush(); ?>
Subscribe to my newsletter for the latest updates on my books and digital products.
Find posts, tutorials, and resources quickly.
Subscribe to my newsletter for the latest updates on my books and digital products.