Easy-to-follow video tutorials help you learn software, creative, and business skills.Become a member
In the last movie, we added the ability for users to login. But that's not meaningful until we start requiring that users be logged in, in order to see a page. To go back to our initial ticket metaphor, we don't yet have a doorman or a bouncer checking for hand stamps before we give people access. We need to add enforcement. We need to check for authorization. Let's start by just adding authorization to our admin menu page. So, just the admin menu page is going to require that you be logged in. At the moment, that's not required. We are logged in, we know that because we ran our login successfully, and it knows my user name, and we haven't logged out since then.
But what we want to do is add something at the top of this that's going to make sure someone is logged in. So how would we do that? Let's think about that for a moment. Let's go right here before we get to the header. And we have our functions. We have our session loading. So what do we want to do here? We want to write some PHP that is going to check, if not is set. And then check the session. For the admin id. That's it, so if not set, if we haven't set something for that admin id, then they're not logged in.
Now I'm not actually checking to make sure that the id is valid. I'm not making sure that it matches anything. I could do those additional steps and if I wanted more security, I could. Certainly if the user had certain things like if they were only allowed to be logged in until a certain date. Well then I'd have to go to the database probably and look that date up and make sure that it was still accurate. But in this case it's just enough to make sure that it's set. If it is set, then they're allowed to be logged in. But if it's not set, then what we want to do, we want to redirect them to login.php.
So it's that easy. If they're not logged in, redirect them to the login page, otherwise keep going. So, now I'm going to want to put this at the top of every single page where I want this kind of enforcement. So, let's put it in a function so that it makes it easy to do that. I'm just going to cut that and instead, let's just create a function called confirm. Logged in. And that's it. We'll just do confirmed log in up at the top, and after we confirm that they're logged in it'll run the function. The function will either redirect them, or it'll do nothing. Let's go over here to our functions, and after attempt log in, and put our new one.
Function confirm. Logged in. It's not going to take any arguments, because it's going to be looking at the session, so it's going to make sure that the session has them logged in. Now, this would work on its own. There is one other improvement that I want us to make, though. On our site, the pages are either for logged in admins or they're for the non-logged in public, and there's a real distinction between the two. A lot of times, on other websites you're going to build, you're going to have pages that are going to be for both logged in and logged out users. You're just going to want some features to display differently if the person's logged in.
For example, you might just have a simple link up in the header, that says log in if you're not logged in. And then switches to be logged out if you're not logged out. Amazon.com is a good example of this. You can browse the entire Amazon.com website whether you're logged in or not. But the personalization features only happen if you're actually logged in. So, instead of just having this one simple method, let's make another one that's just called logged in. And logged in is just going to take this part right here, I'm going to cut that out and I'm just going to return that, so return, is this yet. And that will then return true or false for logged in, and then I can just take logged in and use that here.
So now, this actually reads better if not logged in, then login. And I also have this function that I can call in those pages, in that dual-context pages. I can say, if logged in, then display this. If not logged in, then don't display it, or display something different. So, it's nice to have these two different functions that I can call. This one is the one that is the enforcement. It makes sure that we're logged in. This one is just a simple check. Are we logged in or not? Alright, let's try it out. Now, let's save our page, close that. Make sure this is saved.
And let's go to admin.php, and reload the page. Now, let me see the page, just fine. That's what we would have expected, 'cuz we were already logged in. So how do we log out? Well, we're going to learn that in the next movie. We're going to create our logout function. For now, though, let's just go to Firefox. And let's just go to our cookies, show cookies, and here's my local host, php session id. Let's just remove that cookie, I basically just killed off my session. I no longer have a link to the session. And now when I reload my admin.php page, voila. Look at that, anytime I try to go to admi.php it takes me to login.
Note that, if we want to log in, there's two ways we could get there. We could either go to login.php and get this page, or we could go to admin.php and get to that page. So, let's try logging in again. Kscogland/g, password, secret. And now, I'm on the page. Now, it lets me in there. Now we want that enforcement on all of the pages that are in the admin area, so I'm going to leave that up to you to add. Just make sure that on every single page, that you also have the session included. It's very important. We need that session every time we're going to have confirmed logged. So make sure you have session.
You have the functions and then you can call confirmed logged in. So just go add that to the top of all your pages. That is all pages in the admin area, except for the login.php. We wouldn't want to protect that. Of course, you don't want to force people to be logged in, in order to see the login page. But all the other pages in the admin area. Will need this confirmed logged in function at the top. And then when you're done, in the next movie we'll create the log out page.
Get unlimited access to all courses for just $25/month.Become a member