Course Banner


PHP Session

Session is the processing of storing the value in the web page and accessing that value across the pages in that browser. The value remains until the browser is closed. Whether you want to store session value or access, you need to write session_start();

This session_start(); must be written in the very first line of PHP code. If any HTML code or space is before session_start(), it will show a warning message.

To understand better, how session works, we will implement this in our previous project (CRUD).

We have created admin section where admin can view list/edit the page and also can delete.

The drawback of the application is that anyone can enter into admin and delete the record. We want only admin to access the page and enter into that.

We can achieve that task using SESSION

STEP 1: First create a login page called login.php . Also we will create a new table called admin in which we will store the admin user/pass.

1. login.php

< ?phpsession_start();?>
< html>
< head>
< title>Login Page< /title>
< /head>
< body>
< h2>Login Page< /h2>
Email Id : < input type="text" name="user_name" placeholder="Enter User Id">< br>
Password : < input type="password" name="password" placeholder="Enter Password">< br>
< input type="submit" name="submit" value="Please Login">
< /body>
< /html>

STEP 2: Create admin table in the database




STEP 3: Create fields




Modify login page to look like this

<?php
    session_start();
  1. error_reporting(E_ERROR);
  2. include('../db_connect.php');
  3. if($_POST){
  4. $user_name = $_POST['user_name'];
  5. $password= $_POST['password'];
  6. $sel="select * from admin where user_name= '$user_name' and password ='$password'";
  7. $qry=mysqli_query($conn,$sel);
  8. $nums = mysqli_num_rows($qry);
  9. if($nums>0){
  10. $_SESSION['user_name']=$user_name;
  11. header('location:register_list.php');
  12. }
  13. else{
  14. $invalid = "Invalid user or password";
  15. }
  16. }
  17. ?>

< html>
< head>
< title>Login Page< /title>
< /head>
< body>
< h2>Login Page< /h2>
< ?php echo$invalid?>
< form method="post"action="">
Email Id : < input type="text" name="user_name" placeholder="Enter User Id">< br>
Password : < input type="password" name="password" placeholder="Enter Password">< br>
< input type="submit" name="submit" value="Please Login">
< /form>
< /body>
< /html>

Code Explanation :

$sel="select * from admin where user_name= '$user_name' and password ='$password'";


In the above code, we have matched user input user name and password against our table called ‘admin’. If both , user name and password are correct, then it will return 1 record or else it will return 0.

$nums = mysqli_num_rows($qry);

This is a mysqli function which checks how many records found in the table which matched. If matches then it will greater than 0 or else it will return 0.

If its greater than 0 then we will set the user name in session and redirect to our list page or else it will show error message that the ‘user name or password not fond’.

$_SESSION['user_name']=$user_name;
header('location:register_list.php');

In the above code we have assigned user_name value into session variable called ‘user_name’ this session variable we can access in other page also.

Output :

Now our login page is working fine. But, still our register list page is not secure. Because still we can enter into that page without login-in. To make that page along with other pages such as edit.php delete.php etc we need to create a page called auth.php

auth.php

<?php
  1. session_start();
  2. if($_SESSION['user_name']==''){
  3. header('Location:login.php');
  4. }
  5. ?>

In the above code we have checked if the user name exists. If there is value inside SESSION[‘user_name’] then it will stay in the page or else it will redirect the admin to login first. This SESSION[‘user_name’] will be only set if the user is logged in.

Now, include this page in every page which you want to make secure.

So, just write this line in register_list.php

include(‘auth.php’);

Now try to open the regiter_list.php and you will be redirected to login.php if you are not logged in.(Try this after closing the browser or in new browser/not in new tab)

So, just include this page in edit.php, delete.php , edit_action.php etc.

Once you have seen how to make a login and secure page. Now it's time to make log out page.

logout.php

<?php
  1. session_start();
  2. session_unset();
  3. session_destroy();
  4. header('Location:login.php');
  5. ?>