Little script is missing?

[jelleke60]

At the tutorial of a complete php memb system (BioRUST.com :: Tutorials >> A Complete Membership System) Is a little thing missed i think. Whats the code to put on each page that is member only?And that will redirect you to login.php when you are not logged in?

Jelleke60

[basicwe]

On the member.php the code to check if a member is logged in is

PHP Code:

<?php
session_start();
if($_SESSION['s_logged_n'] == 'true'){
include 'process.php';
?>

In the login file the code to check if they are logged and to send them back to the main page is

PHP Code:

<?php
session_start();
include 'config.php';

if(isset($_POST['login']))
{

$username = trim(addslashes($_POST['username']));
$password = md5(trim($_POST['password']));

$query = mysql_query("SELECT * FROM Users WHERE Username = '$username' AND Password = '$password' LIMIT 1") or die(mysql_error());

$row = mysql_fetch_array($query);

// now we check if they are activated

if(mysql_num_rows($query) > 0)
{

if($row['Activated'] > 0)
{

$_SESSION['s_logged_n'] = 'true';
$_SESSION['s_username'] = $username;
$_SESSION['s_name'] = $row['Name'];

header("Location: member.php");

[huncyrus]

for logging must use a little security trick... for username the trimming and the stripslashed is nice thing but not enought. use the strip_tags() function too

Code:

 example: $username = strip_tags($_POST["loginedname"]);

[Gjbphp]

Also make sure that if you are sending any information to a database, then use the

PHP Code:

mysql_real_escape_string() 


function, it's the best way to ensure that your database will not be harmed by a malicious user.