Let us discuss how to make the password protected pages. We will use PHP. Usually there is no need of such pages in simple websites. But in advanced websites like membership websites, where each member will have a separate user area, there is the need of this concept. Only members can explore their pages after authentication. No one else is allowed to access the page even he knows the exact URL of the page. But how this can be done? There are various techniques. Today we will discuss the use of sessions for this purpose.
Before writing this tutorial it is assumed that you are familiar with the basic HTML, PHP and MYSQL concepts. Although care is taken so that even a novice can understand and do the things. For the PHP code to execute you must have PHP and MYSQL installed on your local computer. Or you may have a testing LINUX server where you may upload the PHP files to execute.
Let me elaborate my code by breaking it into steps, so that it can be understood easily.
Creating MYSQL Tables
This table will store the each user’s information. This information will be user name, user unique email address, user password and user id (auto-increment, primary key). This table will also be used to authenticate the valid user. The email address will be unique so that no duplicate email addresses will be allowed.
CREATE TABLE 'users' (
'id' INT( 100 ) NOT NULL AUTO_INCREMENT ,
'name' VARCHAR( 255 ) NOT NULL ,
'email_address' VARCHAR( 255 ) NOT NULL ,
'password' VARCHAR( 255 ) NOT NULL ,
PRIMARY KEY ('id' ),
UNIQUE (
'email_address'
)
) TYPE = MYISAM;
Create An Example Protected Page:
Let us create an example protected page say, “prot-page.php”. At this stage it will be a simple HTML page. We will add the PHP code in it later.
Just copy this code to make this page:
Register The Session Variables For the Authenticated Users:
This is the crucial step. Now let us consider that there is a login page that accepts the user email and password for the authentication. This page checks the user by looking at the “users” table that we have created above. If the user is not valid, the error message displays.
If the user login info is verified by looking at the users table, the user info is stored in the sessions. The code is as follows:
session_start();
session_register("id", "password");
$_SESSION['id'] = $email_address;
$_SESSION['password'] = $password;
The first line indicates the session start. We need to write this code whenever we want to start working with sessions. This is important.
The second line is registering 2 session variables called “id” and “password”.
The third and fourth lines are just initializing the above session variables. The id variable is storing the user’s unique email address and password is storing the user’s password.
The session variables are special variables that are alive on all the pages. You dont need to GET or POST them to access on any page. You can access and retrive their values on any page of your application. There life is finished when their life time is ended (this session-time is stored in PHP.INI file).
Authenticating The User On Prot_page.php:
Now again consider the example protected page that we had created above. Now as the last step we are going to insert the crucial PHP code that will check for the user sessions. NOw the protected page will be like this after inserting the PHP code:
session_start();
if(empty($_SESSION['id']) OR empty($_SESSION['password']) ) {
header('Location: login.php?login=access_denied' );
}
Look at the top PHP code. This piece of code is doing the magic. It checks if the user id and password sessions are empty or have the value. If these sessions are empty, it means that the user had not completed the login process so that user will be redirected to the login page in order to login again.
And if the session variables are not empty then it means the user was successfully login and is allowed to access this page. The code will allow to access the rest of the page for this user now.
I hope you will find this article very helpful :-).