Hmmmm,

I double-checked both example_login.php and example_logout.php for any whitespace before and after <?php ?>, and found out that my host's user interface automatically adds one blank line to the end of the file on every save.

So if I modify a clean example_logout.php five times and save after each modification, example_login.php will have 5 blank lines at the end of the file.

So instead I modified these files on my desktop and uploaded them, instead of modifying them through the host's user interface. That was the 'save file' button on the host GUI wouldn't work its line-adding activity.

Unfortunately, I still get the same error when I try to login on a previously used browser or simply try to logout of the application.

Is anybody else getting this error message, or is it just me?

Thanks,

samtediou

I'll try to upload a set to my website and see if I can reproduce the error; otherwise you're on your own buddy!

BTW, there's something you can do to quickly get rid of this warning in the meantime. Just stick this line in at the top of example_session_functions.php:

Excellent! The password-protected pages are working perfectly now! It's good to learn a bit about output buffering. Thanks so much.

Samtediou

Thanks for posting this stuff here. I have it working nicely now.

I just thought I'd share a couple of things I found while testing on my setup.

The define of URL_LOGIN_PAGE should come before session_start(). Otherwise the verify valid user stuff can't send you back to the login page like it should. You can try this out by pointing your browser directly at one of the secret pages.

While I was trying to figure out the previous thing I discovered the part of the php manual dealing with the header function. To be super correct I changed all my header redirects to the following:

die( header("Location: http" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . URL_LOGIN_PAGE) );

This simply generates an absolute reference to the page you are redirecting to. Apparently this is more portable.

If I've made any stupid errors here please forgive as PHP and I are celebrating our 1 week anniversary

Hello BurtNoir,

We wrote, tested and discussed this a while back so I cannot really confirm your comment below. However, I did edit the code to reflect the change you suggested - since it does make more sense just following the natural flow of the script.

The following is just a matter of personal preference. I personally prefer to keep my links 'relative', while some others, like yourself, prefer otherwise - there is no such thing as being super correct in this situation.

Thank you for your feedback, I appreciate it. :)

Hello, I am Sam. I am eager to learn PHP. How do I make multiply passwords and usernames using the codes from PHP sessions to password-protect web pages.

Thank you very much for helping me out. :-)

Nice tutorial, JdS. I found it really helpful. In fact, it prompted me to join the forums here.

I came across an interesting anomaly regarding the subject that you and BurtNoir were discussing in the quotes below. I found that if I used an absolute reference to the initial 'secret page' in the 'EXAMPLE_SESSION_FUNCTIONS.PHP' script, that I would have to logon twice to access the protected page. It was as if the first login didn't take at all. Once I changed the page's reference to a relative path, it worked the first time, every time.

I'm fairly new to PHP and can't begin to explain why using a relative path worked better in my case. I just thought I'd share my observation in case somebody else finds it helpful.

Hello BurtStark,

Thank you for the feedback. I am glad the example PHP script helped you understand a little bit of what you're trying to do yourself. I am also glad that you took the trouble to register, activate your account, login and reply to this thread just to say so.

About the "relative vs. absolute" thingy, I never really looked into it since I am not much of a "detail" person, unless it's something I am writing for myself

I can however tell you that using relative paths (as in the example) is the normal thing to do.

JdS,

Just wanted to say thanks for all the information. I'm new to PHP etc and its v. difficult to learn whilst trying to produce a working site for your customers in a hurry! I'm kinda learning backwards, but its a start.

One quick question - is it possible to echo a comment on the login page if a user submits incorrect (or blank) details? e.g. "please complete all requied fields"

Thanks again.

Hi - I came across this post yesterday and it does 90% of what i need to do and it was very easy to implement so thank you for posting it.

I was wondering if it is possible to somehow set something somewhere (maybe on the mysql database) to tell the system that the user is logged in and then if someone tries to log in using the same details then they would get an error. I am pretty sure i can do this by adding a logged in field to my database and when the user logs in this action sets the field to true and when the user logs out sets it back to false. I am having trouble though figuring out what to do if the user just closes down their browser as the field would stay set and then they would not be able to log in again until I reset it.

Can anyone come up with any solution/suggestion for me please?

Many thanks in advance,

Mark