Hi. I'm not sure I follow exactly what you're needing without more details. But for starters

1) when user is directly entering the path of any other page with out login he is able to access suspenseful & also able to run php server scripts tag to that option:Which is not acceptable in my case so help me to solve this....

I would assume you are setting a session var upon successful login. One solution would be to check for the session var being set at the top of every page and if it's not (meaning the user is not logged in) then denie access to the page.
I.E.

<?php if(!isset($_SESSION['login']))
{
die('Access denied!');
} ?>

This will cause the page to stop loading at that point and show access denied if the session var 'login' doesn't exist.

As far as your number 2 and number 3, you may want to post a little code where you think the problem is. Where is the form action pointing? Where is the script? Same page? Different page? Are you setting redirects?

And welcome to webmasterworld.

HI Cffrost,

Thanks for the help, on point 2 & 3 which are already resolved. now just waiting for the point 1, As you suggested I will try to update my script and post back results...In between as I already mention the build i am working for is to project a ticket details by click & update them as well. Now I am stuck here, I have created a DB with all the headers (Columns) for which I need them to be projected on HTML but when I am particularly running this query $sql="show columns FROM $tbl_name"; It is showing only headers as a result but not the data entered against it ...can I pleas request you for some code help to solve the same.

For example:

I have created a below table in the db.

P_IdLastNameFirstNameAddressCity
1HansenOlaTimoteivn 10Sandnes
2SvendsonToveBorgvn 23Sandnes
3PettersenKariStorgt 20Stavanger
4NilsenJohanBakken 2Stavanger
5TjessemJakobNissestien 67Sandnes

By using above query it is projecting only P_IdLastName,FirstName,Address,City but not all the details of 1,2,3,4,5.....as I have almost 29 headers(columns)in my DB I would not be able to created sql command with where function and project here can any other way to solve this ?

please advise.
Thanks a head...

Regards,
Nani

HI Cffrost,

Also still I am getting accesses to the pages after adding code in the first line.

For Example:

I have a logout.php file in the folder which is accessible via URL after adding the above code..

Can you suggest me where I am doing wrong in this below:

<?php
if(!isset($_SESSION['myusername']))
{
die('Access denied!');
}
else
session_start();
session_destroy();
?>

Hi. If you truly have not set the myusername session var anywhere already, then that should work. I would suggest that you clear all your session vars, then try to reach the page via a direct URL. And just to point out, you should be able to reach the page ok but nothing should execute. The only thing that you should see is the 'Access Denied'.

Hope that helps.

$sql="show columns FROM $tbl_name";

headers as a result but not the data entered against it

Ok. I'm assuming that you want to list the data from the table rows and not the column names, correct?

If so, the query you're using will not work. You need to use a SELECT statement to get the data and then display it.

$query = mysql_query("SELECT * FROM $tbl_name");
while($result = mysql_fetch_array($query))
{
echo $result['col_name'].' '.$result['col_name2'].' '.$result['col_name3'].'<br>';
}

The WHILE loop will loop through each row from row 1 till the last row displaying each row as you have in the echo statement. You can even drill the rows down by adding a WHERE clause. "WHERE col_mane = 'something'".

There is a lot more you can do here but this is a stripped down way to achieve what I think you need to do and hopefully get you going in the right direction.

Hope this helps.

HI Cffrost,

I am sorry I really did not understand the session Var which your talking (I think this take some time to me to understand) about so, I though if I share my login code it would help you understand where I am doing wrong

<?php
$host="localhost"; // Host name
$username=""; // Mysql username
$password=""; // Mysql password
$db_name=""; // Database name
$tbl_name=""; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){

// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword");
header("location:login_success.php");
}
else {
//echo "Wrong Username or Password";
header("location:wrong.html");
}
?>

Ok. For starters, the session_register function is depreciated as of php5. You should switch to setting you session variables like this:

$_SESSION["myusername"] = $myusername; 
$_SESSION["mypassword"] = $mypassword; 
header("location:login_success.php"); 

Then at the top of every page you don't want access granted to non logged in users put:

if(!isset($_SESSION["myusername"]))
{
die('Access Denied');
}

I hope that makes sense.

Cffrost2,

Yes your write this should work because in the login_sucess.php page i am have use $session to hold the connection but not in the above scrip now I will change & post back with reviews to you.

I have kind request to you to help me on another PHP based SQL thing, I will come back in the next post.

Thanks :)

--Nani

Cffrost2,

Still this code is not working below:

<?php
if(!isset($_SESSION["myusername"]))
{
die(header("location:index.html"));
}
else
{
session_start();
$_SESSION['myusername'] = 'myusername';
{
header("location:ticket.html");
}
}
?>

Please advise if I am doing anything wrong:

Result it is showing redirect to index.html although login is scusess full I think it is not executing next half function pls help....

else
{
session_start();
$_SESSION['myusername'] = 'myusername';
{
header("location:ticket.html");
}
}

Looks like you have an unneeded pair of curley brackets after else. Should be

else 
{ 
session_start(); 
$_SESSION['myusername'] = 'myusername'; 
header("location:ticket.html"); 
} 

Also, when using sessions, you need to have session_start() at the very top of each page before you can set a session var or access a session var. you are starting the session in the else block. That should be at the very top of the page. And at the very top of you login page. And why are you setting the myusername session var in the else block? That should already be set from being logged in like in the login code changes I gave earlier.

Hope that helps.

cffrost2,

I have added in every page at top but it is by default giving Access denied even I have try to use If else still it throws the same error pls help me.

if(!isset($_SESSION["myusername"]))
{
die('Access Denied');
}

I hope that makes sense.

this suppose to be solved now .....but have some glitches on other pages.....

Confirmed solved :)