Protecting Pages

Code:

<?
include("include/session.php");

if($session->logged_in){
  echo "You are viewing the protected page";
}
else{
  echo "You are not allowed to view this page";
}
?>

Another option.

Code:


<?
include("include/session.php");


/*    I'm using a " ! " in front of the "$session" that means "NOT".
 */  So, if session is NOT logged in...
 
if(!$session->logged_in){

/* This line will send the "not" logged in users to another page.
 *  However,  I tried this on many locations inside my code, with errors.
 */ I believe you can never put this "header" code AFTER a "echo".

  header("Location: redirection_webpage_here.php"; 
  }
else
  {
  echo "You are allowed to view this page if you are logged in";
  }
?>

I also use the $session->IsAdmin
Or when user has level 9 rights.
You can change "$session->userlevel == 9" into "$session->isAdmin"

For email adresses. So not everyone can see registered users email adresses.


This code is for userinfo.php

Code:


/* $session->isAdmin tells the browser; IF you are logged in as admin.
 */ show this, "else" (otherwise"  show this


if($session->isAdmin){

// show this when you are logged in as Admin.
                     
echo "<b>Username: ".$req_user_info['username']."</b><br>";
echo "<b>Email:</b> ".$req_user_info['email']."<br>";
echo "<b>Age:</b> ".$req_user_info['age']."<br>";
echo "<b>Real name:</b> ".$req_user_info['realname']."<br>";
echo "<b>Country:</b> ".$req_user_info['country']."<br>";
   }
else

// Show this when you are logged in as Admin, user, or just a guest.

   {
echo "<b>Username: ".$req_user_info['username']."</b><br>";
echo "<b>Age:</b> ".$req_user_info['age']."<br>";
echo "<b>Real name:</b> ".$req_user_info['realname']."<br>";
echo "<b>Country:</b> ".$req_user_info['country']."<br>";
   }

I believe you can never put this "header" code AFTER a "echo"

You are correct. the header function outputs HTML header information to the browser so this MUST be done before you do anything else.

Actually i think you can get around this with output buffering, but if you are just looking to display a certain page depending on whether a user is logged in or not (or even by a users user level) after you have sent some HTML to the browser you may want to look into the include function.

consider the following...

Code:

<?php include('session.php'); ?>
<html><head>

<title>My page.</title>

</head><body>

<div class="header">The Header</div>

<?php

if($session->IsAdmin){
    include('page for administrators only');
}
elseif($session->logged_in){
    include('page for regular users');
}
else{
    include('page for not logged in users');
}

?>

<div class="footer">The Footer</div>

</body></html>

Doing things this way allows you to use the same page for headers and footers and still have the content be user specific. If you are trying to put

Code:

header("Location: redirection_webpage_here.php");

in the middle of your page and you get that "Headers Already Sent By:" error, you may want to try this alternative

I like what Linchpin have just write, it is true that you cannot send header ('Location: somepage.html'); after echo's are already sent.

An other technique that I use is to create a variable $output then send the result at the end of each page like this

Code:

<?php


$output = <<< eoe
<html>
<head>
<title></title>
</head>
<body>
eoe;

//if user is logged_in
if($session->logged_in){
print <<< eoe
<h1>You are logged in seeing page if looged in only</h1>
eoe;
}

//Only admin
else if($session->IsAdmin){
print <<< eoe
<h1>You are logged in as admin seeing by an admin only</h1>

eoe;
//this way you will be able to put header here inside your code
header('Location: redirected_page_here.html');
}

//every body else
else
{
print <<< eoe
<h1>You must logged in to view this page</h1>

eoe;
}


$output .= <<< eoe
</body></html>
eoe;


//lastline of output here
$print $output;
?>