Page can be visited without logging in

Question

I have a 'Login' page. When people log in with the right combination of username and password from the database, they will be directed to another page ('input.html'). When the combination is wrong, they get an error.

Without logging in, I simply can change the name of the web address (from 'login.php' to 'input.html') and access the page. I want only Admin and Users to visit the page, not just 'visitors' without an account.

My code for my 'login.php'.

<?php
session_start();

$host = "localhost";
$user = "332547";
$pass = "cvEsbduv";
$db = "332547db";

mysql_connect($host, $user, $pass);
mysql_select_db($db);




if (!empty($_POST)) {
    $username = $_POST['username'];
    $password = $_POST['password'];
            $sql = "SELECT * FROM inloggen2 WHERE username='".$username."'      AND password='".$password."' LIMIT 1";




            $res = mysql_query($sql);
            if(mysql_num_rows($res) == 1) {
                header('location: input.html');
                exit ();
            }else {

                echo "Niet goed ingelogd. Keer alstubliefd terug naar de vorige pagina.";

                header('location: foumelding.php');
                exit();
            }
}
?>




<html>

<head>
<title>Inloggen</title>
</head>

<body>
<table border="1">
  <tr>
    <td align="center">Inlogggen</td>
  </tr>
  <tr>
    <td>
      <table>

        <form method="post" action="login.php">
    Gebruikersnaam: <input type="text" name="username" required/> <br /><br />
    Wachtwoord: <input type="password" name="password" required/> <br /><br />
<input type="submit" name="submit" value="Log in" />
</form>
        </table>
      </td>
    </tr>
</table>
</body>
</html>

set a session variable. ON every page you want logged in users to visit check whether the session variable is present. If not redirect them using header. — Preeti Maurya, Apr 23 '15 at 13:28
You'll have to check if the user is authenticated in **input.html** which you are going to change to **input.php**. This verification can be done by session or cookies. — Answers_Seeker, Apr 23 '15 at 13:28
Have a look at it http://phppot.com/php/php-login-script-with-session/ — Praveen Dabral, Apr 23 '15 at 13:30
simple use session in php , you can found lots script on google — Hardy Mathew, Apr 23 '15 at 13:32

score 1 · Answer 1 · answered Apr 23 '15 at 13:28

1

You need to convert your index.html to a php file and add a check for a logged in user.

You should read a bit more about php, and maybe read some tutorials about a simple login system in php: https://www.google.de/search?q=php+simple+login+system

answered Apr 23 '15 at 13:28

Florian

2,796
1
15
25

score 0 · Answer 2 · edited May 23 '17 at 12:29

You need to use php code on index.~~html~~ php

More specific: Sessions

I see you're already using session_start(); on this page. Also use it on index.php and then proceed with learning/using Sessions.

OFFTOPIC:

You are open to mysql injection.
Dont use mysql use mysqli or PDO instead
Dont store passwords as plain text. Hash them etc...(Just google how to store passwords in a database).
You have a lot of typo's (I assume) like:

echo "Niet goed ingelogd. Keer alstublief~~d~~t terug naar de vorige pagina.";

and(probably):

header('location: foumelding.php'); shouldn't it be: header('location: foutmelding.php');?

and:

<td align="center">Inlogggen</td> shouldn't it be: <td align="center">Inloggen</td>?

If you dont know how to use Sessions, dont make another question asking about it. It will be closed as a duplicate. You should find enough questions/answers about sessions on Stackoverflow/Google — Loko, Apr 23 '15 at 13:52

Page can be visited without logging in

2 Answers2