hi,

I wish to load a separate webpage if the username of the person loggin is is admin and a totally separate web page for all other usernames..... this is wat i tried but doesnt work.......i want to know why this doesnt work.


<?
session_start();
if(!$_SESSION['myusername']{
header("location:main_login.php");
}
else if($_SESSION['myusername'] == 'admin'){
header("location:admin.php");
}
else

{
header("location:simple.php");
}
?>


Another doubt i have is even though i have used sessions to protect un authorized users to enter a page name directly at the url it doesnt quite work well. If i enter a authentic login name and password and enter in and then open another tab or another explorer window i am able to access any page by typing in the URL..... coz the session is set.... do i have to change some settings in my php.ini file?

You did not enclose one of your first tags. Also, you need to use the isset() function.

<?php
session_start();
if(!isset($_SESSION['myusername'])){
header("Location: main_login.php");
}
else if($_SESSION['myusername'] == 'admin'){
header("Location: admin.php");
}
else{
header("Location: simple.php");
}
?>

You did not enclose one of your first tags. Also, you need to use the isset() function.

<?php
session_start();
if(!isset($_SESSION['myusername'])){
header("Location: main_login.php");
}
else if($_SESSION['myusername'] == 'admin'){
header("Location: admin.php");
}
else{
header("Location: simple.php");
}
?>


Yup i do realise about the closing, but i had figured that out. Why is it necessary to use the isset function? The other question is once one user logs in successfully and a session is set if i open another tab or browser window then i can type in any page in the url and it successfully loads the page becoz the session has been set.
I have used the following code at the begining of every page.

<?php session_start();
if(!isset($_SESSION['myusername']))
header("Location: main_login.php"); ?>

Since you did not post that code, there was no way for me to know that it had been checked.

Since you did not post that code, there was no way for me to know that it had been checked.

Hi,
I guess i havent put forward my question correctly. Let me explain. Suppose after verifying a user with his username and password i set the session variable 'myusername'. Now lets say i have four pages in side my website which can be viewd only by validated users, so to check that a user is valid i put the following code at the begining of the four web pages in side my website.


<?php session_start();
if(!isset($_SESSION['myusername']))
header("Location: main_login.php"); ?>


Now if i open my browser and enter a valid username and passwords and then open another tab or a browser window becoz from the previous user entering a valid username and password the session was set, so now if i type in the url for one of those four webpages in side my website the page loads but it should actually take me to the login page. Do i have my setting wrong in php.ini.

2. I still dint get why i have to use the isset function?

I would suggest creating one file that has all the authentication code and just use that in an includes statement at the top of every page.

I still dint get why i have to use the isset function?
You need to use isset() to make sure that the variable does, in fact, exist. If it does not, then you know that no session variable was created. Also, it will throw no errors to the PHP error log.

Do i have my setting wrong in php.ini.
No, php.ini has nothing to do with this. It is only a configuration file. It has nothing to do with authentication.

Your problem is that you haven't specified any session id or name. The server will automatically recognize any session started as the same session. So, the only way to distinguish is to set a name or id. I suggest looking at one of my examples (http://www.peejavery.com/coding/php/authentication.php) of authentication on my website. Here is the jist of it.

<?php
if(@$_COOKIE['COOKIE_NAME'] == ''){
$sesid = 'COOKIE_NAME' . mt_rand(0, 9999999);
setcookie("COOKIE_NAME", $sesid);
}
else{$sesid = $_COOKIE['COOKIE_NAME'];}
session_id($sesid);
session_start();

// I set the variable to 'mustlogin' so that I can keep from destroying a session
// Instead just set the value to 'mustlogin' when a user logs out
if(!isset($_SESSION['user']) || @$_SESSION['user'] == 'mustlogin'){
header('Location: login.php');
exit;
}
?>