ProgrammingThis forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hi,
How do I do a website you can log in to? I've read up on cookies in PHP, but I still find the above scenario a bit hard to implement. Can anyone help me?
You don't hold the details on a cookie but as part of the session variable. It can be as simple as a boolean variable held in the session variable, call it $_SESSION['loggedIn'] and set it to false. Once the user has successfully logged in change it to true. Wherever in your code you need to know if the user is logged in check this session variable.
That's the basics, obviously there is lots you can do once the basic code is in place, such as an activity check to log the user out after a certain amount of inactivity.
Cookies are generally used to maintain the login once the user has closed the browser. Sessions are generally used to maintain the login for the current... session!
So - if you are ok with just the current session (ie, user has to log in each time) then you just need to set up the session.
You will want some code to process the login, check the username/pass against a database probably and then if the credentials are ok, load the various values you want into the session variables.
I find it's often useful to create a page called "session.php" and then include() that at the top of every page I want to be secure. The code in very simplistic terms would be along the lines of:
Code:
if (!isset($_SESSION['username']))
reDirect("./login.php"); // << I usually code a redirection function rather than writing the headers each time.
Hi,
How do I do a website you can log in to? I've read up on cookies in PHP, but I still find the above scenario a bit hard to implement. Can anyone help me?
Thanks.
PHP makes sessions easy for you. Here is an online tutorial:
Please keep in mind though, that if you want to program your web site in some language other than PHP, you probably want to learn the sessions system for that language. Many popular languages have session modules or libraries (like Perl's CGI::Session, for example). Best to pick your favorite language now, rather than have to adapt your code to a new language later.
[Side note: you usually don't want to simply use Apache authentication as bigearsbilly mention, because using a real sessions system allows you down the road to store other session information about the user fairly easily.]
Distribution: Ubuntu 11.4,DD-WRT micro plus ssh,lfs-6.6,Fedora 15,Fedora 16
Posts: 3,233
Rep:
note you probably also would want to use a mysql database as a backend user accounts
create database for your site with a 'users' table and include a bare minimum
the user id
an md5 hash of their password
then have your login script verify against the database to see if a user is valid or not
recomended also to add some sort of privilege flag to indicate what level of access the user has to your site (either full admin access, standard access, banned etc..)
additional information can be included but not mandatory such as full name, contact info etc..
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.