It works like this:

它是这样工作的：

1. Start a session: session_start()
2. If Session["user"] == null, redirect to the login page, else continue.
3. In the login page, ask the user for password using a form
4. Post this form to the login page
5. Check against your authentication service (e.g. a table in mysql) if the user is authorized
6. If yes, Session["user"] = $userName, redirect the user to the page. If no, prompt for password again

1. 启动会话： session_start()
2. 如果 Session["user"] == null，则重定向到登录页面，否则继续。
3. 在登录页面中，使用表单向用户询问密码
4. 将此表单发布到登录页面
5. 如果用户获得授权，请检查您的身份验证服务（例如 mysql 中的表）
6. 如果是，Session["user"] = $userName，将用户重定向到页面。如果没有，再次提示输入密码

Of course, this is all very, very simple. In your session, you could keep a complex user object, or anything. Good luck coding.

当然，这一切都非常非常简单。在您的会话中，您可以保留一个复杂的用户对象或任何东西。祝你编码顺利。

As Svetlozar Angelov pointed out the following code would work well:

正如 Svetlozar Angelov 指出的那样，以下代码可以很好地工作：

if (!isset($_SESSION['nID']))
    header("Location: login.php");

However..this would not actually secure the page against users who really wanted access. You need to make some adjustments:

但是..这实际上并不能保护页面免受真正想要访问的用户的侵害。你需要做一些调整：

if (!isset($_SESSION['nID']))
{
    header("Location: login.php");
    die();
}

This prevents bots and savy users who know how to ignore browser headers from getting into the page and causing problems. It also allows the page to stop executing the rest of the page and to save resources.

这可以防止知道如何忽略浏览器标题的机器人和精明的用户进入页面并导致问题。它还允许页面停止执行页面的其余部分并节省资源。

Its also noteworthy that $_SESSION['nID'] can be swapped out for any other variable you are using to store usernames or id's.

同样值得注意的是，$_SESSION['nID'] 可以替换为用于存储用户名或 ID 的任何其他变量。

When he logs - store a session variable. Then in the beginning of every page

当他登录时 - 存储会话变量。然后在每一页的开头

session_start();
if (!isset($_SESSION['nID']))
    header("Location: login.php");

If the login is ok

如果登录没问题

session_start();
$_SESSION['nID'] = 1; //example

Follow these steps:

按着这些次序：

Create a login.php page accessible to everybody where a user enters her username and password in a form. This form must be submitted to login.php itself. (action='login.php'). Also include a hidden variable in your form which tracks if the form has been submitted.

创建一个所有人都可以访问的 login.php 页面，用户可以在其中在表单中输入她的用户名和密码。此表单必须提交给 login.php 本身。（动作='login.php'）。还要在表单中包含一个隐藏变量，用于跟踪表单是否已提交。

If the hidden variable is set, check if the username ($_POST['user']) exists in your DB, and that the password matches the username. If it does, store the username in a $_SESSION variable like this:

如果设置了隐藏变量，请检查$_POST['user']您的数据库中是否存在用户名 ( )，以及密码是否与用户名匹配。如果是这样，请将用户名存储在 $_SESSION 变量中，如下所示：

$_SESSION['username'] = $_POST['user'];

$_SESSION['username'] = $_POST['user'];

If it does not, reload login.php like this:

如果没有，请像这样重新加载 login.php：

echo 'header("login.php")'; //You should not have echoed anything before this

echo 'header("login.php")'; //You should not have echoed anything before this

Now include login.php in every user page you create. Suppose you were writing an email application, create an inbox.php like this

现在在您创建的每个用户页面中包含 login.php。假设你正在编写一个电子邮件应用程序，像这样创建一个 inbox.php

include ("login.php")

include ("login.php")

Now, login.php will check if the session variable 'user' is set and allow access to authorised users only.

现在，login.php 将检查会话变量“user”是否已设置并仅允许授权用户访问。