<?php
$name=$_GET['var'];
if($_SESSION["loginvalue"]==1)
{
echo "Welcome,$name";
echo " <a href='login.php'>Logout</a>";
}
?>
This is code i have used to maintain session in the page. What i want is if some enter local/project/cms.php url in web browser then it should not open. I want cms.php to be open only if someone login first otherwise it should not be opened.
You may modify your code like this:
<?php
session_start();
$name=$_GET['var'];
if($_SESSION["loginvalue"]==1)
{
echo "Welcome, ". htmlentities($name, ENT_QUOTES, "UTF-8");
echo " <a href='login.php'>Logout</a>";
}else{
//Redirect user to login page.
header("location: /login.php");
}
?>
not 100% sure what you mean; but...
Firstly there are some issues with the code given, where's session_start(), your code is also open to XSS attack on the $name var because your not escaping input, you need to use htmlentities() user input if your going to display it back to the user. Also you need to check variables are set before using to avoid PHP undefined index warnings. Other then that, you basically check if user is logged in, if there not then you redirect them, to your login page.
<?php
session_start();
$name = isset($_GET['var']) ? $_GET['var'] : null;
if(isset($_SESSION["loginvalue"]) && $_SESSION["loginvalue"]==1)
{
echo "Welcome,".htmlentities($name, ENT_QUOTES);
echo ' <a href="./login.php">Logout</a>';
}else{
//Redirect user to login page if not logged in.
exit(header("location: ./login.php"));
}
?>