J'ai une table mysql qui reçoit les données insérées et supprimées à l'aide des formulaires sur mes pages php. Tout ça fonctionne Maintenant, je veux que les utilisateurs puissent voir index.php (page d'accueil qui affiche la table et toutes ses données) mais s'ils cliquent sur delete ou ajoutent, ils doivent demander à eux de se connecter avant que les pages add.php ou delete.php ne s'affichent leur. J'ai écrit un script login.php ci-dessous, mais je ne sais pas comment forcer la page à le vérifier avant de les laisser passer. De plus, si l'utilisateur ne vous connecter, vous lui faudra à la page qu'il a cliqué sur ou tout simplement revenir à index.phpExiger que l'utilisateur de se connecter pour certaines pages
EDIT Mise à jour le Code Comme demandé
login.php
<?php
if (isset($_SESSION['SESS_MEMBER_ID']) && !empty($_SESSION['SESS_MEMBER_ID'])) {
header("location:add.php"); // if user is logged in don't show the form take them were they need to be
} else {
?>
<?php
//Start session
session_start();
//Unset the variables stored in session
unset($_SESSION['SESS_MEMBER_ID']);
unset($_SESSION['SESS_FIRST_NAME']);
unset($_SESSION['SESS_LAST_NAME']);
?>
<form name="loginform" action="login_exec.php" method="post">
<table width="309" border="0" align="center" cellpadding="2" cellspacing="5">
<tr>
<td colspan="2">
<!--the code bellow is used to display the message of the input validation-->
<?php
if(isset($_SESSION['ERRMSG_ARR']) && is_array($_SESSION['ERRMSG_ARR']) && count($_SESSION['ERRMSG_ARR']) >0) {
echo '<ul class="err">';
foreach($_SESSION['ERRMSG_ARR'] as $msg) {
echo '<li>',$msg,'</li>';
}
echo '</ul>';
unset($_SESSION['ERRMSG_ARR']);
}
?>
</td>
</tr>
<tr>
<td width="116"><div align="right">Username</div></td>
<td width="177"><input name="username" type="text" /></td>
</tr>
<tr>
<td><div align="right">Password</div></td>
<td><input name="password" type="text" /></td>
</tr>
<tr>
<td><div align="right"></div></td>
<td><input name="" type="submit" value="login" /></td>
</tr>
</table>
</form>
<?php
}
?>
Login_exec.php
<?php
//Start session
session_start();
//Include database connection details
require_once('connection.php');
//Array to store validation errors
$errmsg_arr = array();
//Validation error flag
$errflag = false;
//Function to sanitize values received from the form. Prevents SQL injection
function clean($str) {
$str = @trim($str);
if(get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
return mysql_real_escape_string($str);
}
//Sanitize the POST values
$username = clean($_POST['username']);
$password = clean($_POST['password']);
//Input Validations
if($username == '') {
$errmsg_arr[] = 'Username missing';
$errflag = true;
}
if($password == '') {
$errmsg_arr[] = 'Password missing';
$errflag = true;
}
//If there are input validations, redirect back to the login form
if($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
header("location: login.php");
exit();
}
//Create query
$qry="SELECT * FROM member WHERE username='$username' AND password='$password'";
$result=mysql_query($qry);
//Check whether the query was successful or not
if($result) {
if(mysql_num_rows($result) > 0) {
//Login Successful
session_regenerate_id();
$member = mysql_fetch_assoc($result);
$_SESSION['SESS_MEMBER_ID'] = $member['mem_id'];
$_SESSION['SESS_FIRST_NAME'] = $member['username'];
$_SESSION['SESS_LAST_NAME'] = $member['password'];
session_write_close();
header("location: index.php");
exit();
}else {
//Login failed
$errmsg_arr[] = 'user name and password not found';
$errflag = true;
if($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
header("location: login.php");
exit();
}
}
}else {
die("Query failed");
}
?>
index.php
<center>
<html>
<head>
<title>Extension List</title></head><body>
<?php
$db_host = 'localhost';
$db_user = 'root';
$db_pwd = '****';
$database = 'list';
$table = 'users';
if (!mysql_connect($db_host, $db_user, $db_pwd))
die("Can't connect to database");
if (!mysql_select_db($database))
die("Can't select database");
// sending query
$result = mysql_query("SELECT * FROM {$table}");
if (!$result) {
die("Query to show fields from table failed");
}
$fields_num = mysql_num_fields($result);
echo "<table border='1'><tr>";
// printing table headers
for($i=0; $i<$fields_num; $i++)
{
$field = mysql_fetch_field($result);
echo "<td>{$field->name}</td>";
}
echo "</tr>\n";
// printing table rows
while($row = mysql_fetch_row($result))
{
echo "<tr>";
// $row is array... foreach(..) puts every element
// of $row to $cell variable
foreach($row as $cell)
echo "<td>$cell</td>";
echo "</tr>\n";
}
mysql_free_result($result);
?>
<br>
<h1> Alpine Motors Extension List</h1>
<h2><a href="add.php">Add Extension</a>
<br>
<br>
<a href="delete.php"> Delete Extension</a></h2>
<br> <br>
</h3>
</body>
</html>
</center>
<?php
}
?>
delete.php
<?php
require ("database.php");
?>
<?php
$this_Stud_ID =$_REQUEST['id'];
// sending query
mysql_query("DELETE FROM users WHERE id = '$this_Stud_ID'")
or die(mysql_error());
if($_POST['action'])
header("Location: index.php");
?>
<center><form action="<?php echo $_SERVER['php_self'] ?>" method="post">
Enter ID Number :<br><input type="text" name="id"><br />
<br><input type="submit" name="action" value="Delete!">
<br> <br>
<h3>
<a href="index.php"> Main Menu </a>
</h3>
</form>
</center>
Est-ce moi ou vous ne protégez pas les mots de passe? – AymDev
c'est juste une page web locale im testing. Ne va pas être serré sur la sécurité pour l'instant – RedZ
Quel est le problème? Chaque fois que l'utilisateur cliquera '' 'add.php''' &' '' delete.php''' vérifier USER "SESSION S existe ou non. Si pas alors rediriger l'utilisateur vers la page de connexion et afficher le contenu par défaut. – mi6crazyheart