Specifications
Because we now know who she is, we don’t need to show her the login form again. Instead,
we’ll tell her we know who she is, and give her the option to log out:
if (session_is_registered(“valid_user”))
{
echo “You are logged in as: $valid_user <br>”;
echo “<a href=\”logout.php\”>Log out</a><br>”;
}
If we tried to log her in and failed for some reason, we’ll have a userid but not a $valid_user
variable, so we can give her an error message:
if (isset($userid))
{
// if they’ve tried and failed to log in
echo “Could not log you in”;
}
Using Session Control in PHP
C
HAPTER 20
20
USING SESSION
C
ONTROL IN
PHP
443
Because $valid_user is a registered session variable, you can’t overwrite it by
attempting to pass a different value in the URL, as in the following:
members_only.php?valid_user=testuser
NOTE
That’s it for the main script. Now, let’s look at the Members page. The code for this script is
shown in Listing 20.5.
LISTING 20.5 members_only.php—The Code for the Members’ Section of Our Web Site
Checks for Valid Users
<?
session_start();
echo “<h1>Members only</h1>”;
// check session variable
if (session_is_registered(“valid_user”))
{
echo “<p>You are logged in as $valid_user.</p>”;
echo “<p>Members only content goes here</p>”;
}
25 7842 CH20 3/6/01 3:42 PM Page 443