php-session-tutoria-by-rasyue

PHP $_SESSION: Using $_SESSION to create restricted page or pages

By Rasyue | On September 26, 2020

This tutorial is written for beginners who are still picking up or are still confused with PHP super global variable : $_SESSION

$_SESSION is a super global variable that is used to store any information about a session.

So what is a PHP Session?

With PHP, every time a User comes to our website, we can start or create a Session. When we start a Session, we can store any kind of information regarding a Session which will be saved as an array in the variable $_SESSION.

What kind of data that are usually save in the PHP $_SESSION?

Now, imagine yourself as User, you go to a website that provides you a service that requires you to log in.

Essentially, when you go to a website, a Session is started, then you log in, upon successful login, a data is saved to the Session to identify you as a logged in User.

Then you can proceed to use any services the website is providing to user who has login only. This is one example of the many things you can do with PHP $_SESSION

Let’s get down to coding

We will be creating some restricted pages that are only accessible to logged in User.

Create a new file, index.php and paste the following.

<?php 
@session_start();
?>

<!doctype html>
<html>
    <head>
    
    </head>
    <body>
        
        <form action = 'backend.php' method = "POST">
            <input type ='text' placeholder = "Username.." name = 'username' />
            <input type ='password' placeholder = "Password.." name = 'password' />
            <button type ='submit' value = 'submit' name = 'submit'>Login</button>
        </form>
    </body>
</html>

So, in the index.php, we have created a really simple form with 2 inputs.

Next, create another file, name it backend.php and paste the following.

<?php

if($_POST && isset($_POST)){
    //$admin = array("username" => "adminsite", "password" => "admin123");
    $normal_user = array("username" => "normaluser", "password" => "123456");

    print_r($normal_user);
    
    $username = $_POST['username'];
    $password = $_POST['password'];  
  
    // check if username and password match 
    if($username ==  $normal_user['username'] && $password == $normal_user['password'] ){
       
        //if match, start the session()
        @session_start();
        $_SESSION['username'] = $username;
        $_SESSION['user_type'] = 'normal';
        header("Location: /rasyue.php");

    }else{
        header("Location: /");
        die();
        return; 
    }

}else{
    die();
    return;
}


?>

This PHP script will serve as our simple login authentication, we are just going to hardcode the correct username and password to login.

In reality, in this part, we usually have to talk to the database and verify if the user inputs(username and password) exist in the database.

If both inputs match with our hardcoded data, we start the Session and set the appropriate key and value in our $_SESSION array.

The script will then redirect back to rasyue.php

Go ahead and create another file and name it rasyue.php

<?php
@session_start();
if(!isset($_SESSION['username'])){
    header("Location: /");
    die();
}

?>


<!doctype html>
<html>
<body>
    <h1>This is a restricted page</h1>
</body>
</html>

In this file, what we did was that we started the session with @session_start() and the we wrote a logic to check if the user is logged in based on whether the key username is set in the $_SESSION array.

See how simple we can create restricted page using $_SESSION.

Now, think broader, you can set any kind of key value in the $_SESSION array and do things like how to recognize whether logged in user is a normal user or admin.

PHP $_SESSION..

And with that, you can now continue with your super cool project and implement this feature. See you in the next tutorial.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

*
*