Quindi una cosa del genere potrebbe andare bene:
Pagina di login:
Codice PHP:
<!DOCTYPE unspecified PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<head>
<?php session_start();?>
<?php require_once 'PhpClass/connection.Class.php'; ?>
<?php require_once 'PhpClass/login.Class.php'; ?>
</head>
<html>
<body>
<?php
$log = new loginClass();
if(!$log->isConnected())
{
if(isset($_POST['uname']) && isset($_POST['passw']))
{
$filteredUser = addslashes($_POST['uname']);
$filteredPass = addslashes($_POST['passw']);
$connessione = new connect();
$connessione->connessioneMysql(usert', 'pass', 'host', 'db');
$verify = $log->login($filteredUser, $filteredPass);
if($verify)
header("Location: prova.php");
else
header("Location: ".$_SERVER['PHP_SELF']);
}
else
{
?>
Inserire username e passsword
<form method="post" action="<?php echo $_SERVER['PHP_SELF'];?>">
Username<input type="text" name="uname">
Password<input type="password" name="passw">
<button type="submit">invia</button>
</form>
<?php
}
}
else
header("Location: prova.php");
?>
</body>
</html>
e classe per il login:
Codice PHP:
<?php
class loginClass{
public function isConnected(){
return (!isset($_SESSION['logged'])) ? false : true;
}
public function login($user, $pass){
$sql="SELECT id FROM users WHERE username=".$user." AND password=".$pass." LIMIT 1";
$result=mysql_num_rows($sql);
if($result=='1')
{
$_SESSION['logged']='ok';
return true;
}
else
return false;
}
}
poi per ogni altra pagina farò il controllo sulla variabile session
Codice PHP:
session_star();
if(isset($_SESSION['logged']))
.....