php-session-tutoria-by-rasyue

PHP $_SESSION: Using $_SESSION to create restricted page or pages

By Rasyue | On September 26, 2021

PHP Session can be created using $_SESSION which is a global variable in PHP.

$_SESSION is a super global variable that is used to store any information about a session.

So what is a PHP Session?

With PHP, every time a User comes to our website, we can start or create a Session. When we start a Session, we can store any kind of information regarding a Session which will be saved as an array in the variable $_SESSION.

PHP Session: What kind of data that are usually save in the PHP $_SESSION?

Now, imagine yourself as User, you go to a website that provides you a service that requires you to log in.

Essentially, when you go to a website, a Session is started, then you log in, upon successful login, a data is saved to the Session to identify you as a logged in User.

Then you can proceed to use any services the website is providing to user who has login only. This is one example of the many things you can do with PHP $_SESSION

Let’s get down to coding

We will be creating some restricted pages that are only accessible to logged in User.

Create a new file, index.php and paste the following.

<?php 
@session_start();
?>

<!doctype html>
<html>
    <head>
    
    </head>
    <body>
        
        <form action = 'backend.php' method = "POST">
            <input type ='text' placeholder = "Username.." name = 'username' />
            <input type ='password' placeholder = "Password.." name = 'password' />
            <button type ='submit' value = 'submit' name = 'submit'>Login</button>
        </form>
    </body>
</html>

So, in the index.php, we have created a really simple form with 2 inputs.

Next, create another file, name it backend.php and paste the following.

<?php

if($_POST && isset($_POST)){
    //$admin = array("username" => "adminsite", "password" => "admin123");
    $normal_user = array("username" => "normaluser", "password" => "123456");

    print_r($normal_user);
    
    $username = $_POST['username'];
    $password = $_POST['password'];  
  
    // check if username and password match 
    if($username ==  $normal_user['username'] && $password == $normal_user['password'] ){
       
        //if match, start the session()
        @session_start();
        $_SESSION['username'] = $username;
        $_SESSION['user_type'] = 'normal';
        header("Location: /rasyue.php");

    }else{
        header("Location: /");
        die();
        return; 
    }

}else{
    die();
    return;
}


?>

This PHP script will serve as our simple login authentication, we are just going to hardcode the correct username and password to login.

In reality, in this part, we usually have to talk to the database and verify if the user inputs(username and password) exist in the database.

If both inputs match with our hardcoded data, we start the Session and set the appropriate key and value in our $_SESSION array.

The script will then redirect back to rasyue.php

Go ahead and create another file and name it rasyue.php

<?php
@session_start();
if(!isset($_SESSION['username'])){
    header("Location: /");
    die();
}

?>


<!doctype html>
<html>
<body>
    <h1>This is a restricted page</h1>
</body>
</html>

In this file, what we did was that we started the session with @session_start() and the we wrote a logic to check if the user is logged in based on whether the key username is set in the $_SESSION array.

See how simple we can create restricted page using $_SESSION.

Now, think broader, you can set any kind of key value in the $_SESSION array and do things like how to recognize whether logged in user is a normal user or admin.

PHP Session The End..

And with that, you can now continue with your super cool project and implement this feature. See you in the next tutorial.

Take a look on this PHP Login Tutorial to learn more how we can use PHP Session.

Or if you are the type that loves to read and love challenges, read this PHP OOP.

Leave a Reply

Your email address will not be published.

*

*
*