MySQL & PHP: user accounts - Part 4

In the sign up and log in process we created the session user id, this is created for user access control purposes. We do not want someone to be able to access the member.php page if they are not a member or the success.php page if they have not signed up.

signup_process.php

$_SESSION['userid'] = "0";
header('Location: success.php');

login_process.php

$row = mysql_fetch_assoc($data);
$_SESSION['userid'] = $row['userid'];

//PHP code

header('Location: member.php');

We create two separate php files and include them at the top of the member and success PHP files. We include them using the PHP function require_once(). The PHP file for the success.php page is called auth_success.php. The PHP file for the member.php page is called auth_member.php.

member.php

<?php
 require_once('auth_member.php');
?>

success.php

<?php
 require_once('auth_success.php');
?>

auth_success.php

In the auth_success.php file we start the session first, then we create an if construct, if the session userid has not been created, is empty, or does not equal 0, terminate the script to deny access. Notice the not equal to 0, if the user id is equal 0, the user is a newly signed up user that has not logged in yet. So the user is able to access the success page upon a successful sign up. If someone has already signed up, they would not be able to access this page because there user id is not 0. They would log in and be redirected to the member.php page and then there userid will change to there actually user id given to them. Notice how we used the PHP trim() function, this removes white spaces and other predefined characters.

<?php

//Start session
session_start();
 
//Check whether the session variable userid has been created, not equal to 0, or is empty
if(!isset($_SESSION['userid']) || (trim($_SESSION['userid']) != '0') ||(trim($_SESSION['userid']) == '') )  {

header("location: access-denied.php");
exit();
  
 }
?>

auth_member.php

In the auth_member.php file we start the session first, then we create an if construct, if the session userid has not been created, is empty, or the session userid equals 0, terminate the script to deny access. Remember, in the signup process we set the userid to 0 before the user logs in. When the user logs in the userid will change to there actually user id given to them so it will not be equal 0. Remember, in the MySQL table we set the userid to auto increment, so it always changes.

<?php
//Start the session
session_start();
 
//Check whether the session variable userid has been created, equals 0, or empty
if(!isset($_SESSION['userid']) || (trim($_SESSION['userid']) == '0') || (trim($_SESSION['userid']) == '') )  {

header("location: access-denied.php");
exit();
 }

?>

That sums up the user account tutorial, if you have any questions feel free to ask.

Posted in: Web Development