Not all content on a website is accessible to all users. There exist some confidential content where only authorized members can access.
When a user searches for an IEEE Paper, the IEEE.org displays only the abstract of the paper. To read the whole paper, according to the organization’s protocol user requires membership authentication from the organization. Thus, non-members will be redirected to the login page. It is an act of protecting information and validating users.
Functions and Variables Used:
- Session: Session is a temporary database in an application to capture who is the user and what he does on every page of the web application. This information is stored as variables that can be accessed across multiple pages in one application. Once the user closes the browser, the database gets aborted.
- Isset: Function to check if a variable is set or not.
- Header: Function used to send information via HTTP header to client or server.
- Timeout: Timeout function in javascript used to execute a function after a specified time delay.
Example: We have to design a resistor you can say filter that will stop the non-login user to visit the confidential content.
PHP-Redirect to Login page : The basicpage.php code displays the abstract content that can be viewed by any user. Whereas, when the user clicks read more to view the whole content the program checks if the user is logged in. In this program, the session variable loggedin is used to store a valid authenticated token. The variable is validated whether it stores a value or not using isset function. If a value is not set, the user is redirected to the login page. The location parameter within the header function is used to define the page to be redirected when the condition holds true.
-
basicpage.php Code
// To check if a user is logged in else,// redirect to the login page.<?php session_start();
if(isset($_POST['read']))
{ if (!isset($_SESSION['loggedin']))
{
header('Location: login.php');
}
else
{
if (isset($_POST['read']))
{
session_destroy();
}
}
}?><html><body> <img src="GFG.png" style="float:left;width:100px;height:100px;">
<h1>GeeksForGeeks</h1>
<h2>A computer science portal for geeks</h2>
<p>How many times were you frustrated while looking out for a</p>
<p>good collection of programming/algorithm/interview questions? <p>What did you expect and what did you get?</p>
<p>This portal has been created to provide well written, </p> <p>well thought and well explained solutions for selected questions.</p>
<form action="basicpage.php" method="POST">
<input type="submit" name="read" value="Read More..."
style="background-color:#4CAF50;
color:white;
padding:10px 25px;
text-align:center;
font-size:15px;
cursor:pointer;" />
</form>
</body></html> |
Login page: The session_start() function used here, is to transfer the variable content from one page (basicpage.php) to other page.
After the form submission via the POST method, if the login credentials are valid, then the variable is set to TRUE.
Using the header function, the page is redirected to basicpage.php where the session variables are transferred along with HTTP request URI. This allows the user to view the whole content when read more button is clicked again in that session.
Using the timeout function, the page redirection is executed after(1500milliseconds) the validation message of the login page is printed.
-
Loginpage.php Code
// To Validate the user credentials and to sent// session variables via HTTP request.<?phpsession_start();if(isset($_POST['submit']))
{ if($_POST['password'] == "admin")
{
$_SESSION['loggedin'] = True;
echo "Valid Token, GFG Authenticated User";?>
<script>setTimeout(function(){window.location =
"http://localhost/GFG/basicpage.php";}, 1000);
</script>
<?php
}
else
{
echo "Not a Valid Token, Requires GFG Authentication to log in";?>
<script>setTimeout(function(){window.location =
"http://localhost/GFG/basicpage.php";}, 4000);
</script>
<?php
}
}?><html><body> <h1 style="color:green">
Requires Authentication Token to View Content
</h1>
<form method="POST" action="login.php">
<strong>Password:</strong>
<input type="password" name="password" id="password" />
<input type="submit" name="submit" value="Log In"
style="background-color:#4CAF50;
color:white;padding:10px 25px;
text-align:center;font-size:15px;
cursor:pointer;" />
<br>
<input type="checkbox" onclick="showPassword()">
Show password
<script>
function showPassword() {
var x = document.getElementById("password");
if (x.type == "password") {
x.type = "text";
}
}
</script>
</form>
</body></html> |
- During the very first execution before logged in, the session started for this application. In that case, if the user clicks read more in basicpage.php implies that the session variable logged in is not set (i.e. Null). Page is redirected to loginpage.php.
- If the user enters incorrect password, the page is redirected to basicpage.php without setting the session variable true and by displaying the validation message “Not a Valid Token, Requires GFG Authentication to log in”.
Now, if the user clicks read more, again will be redirected to loginpage.php.
- In loginpage.php when the user enters correct password admin. The session variable, logged-in is set true and redirected to basicpage.php after displaying the validation message “Valid Token, GFG Authenticated User”. Now, if the user clicks read more, the page is redirected to view the whole content.