SitePoint Sponsor

User Tag List

Results 1 to 7 of 7
  1. #1
    Almeaty Member
    Join Date
    Jul 2000
    Location
    Nowhere
    Posts
    278
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hello,

    I remember reading somewhere that PHP4 has new features which support logon sessions of the visitor. I'm currently doing everthing with a mySQL database (storing the sessions and its ID) but I suppose this isn't a very elegant way to do it, right?

    Where are the tutorials and codes to teach me how I can use this session stuff. Do I have to use cookies? Or maybe you have some code ready for me

    thx in advance

  2. #2
    Dumb PHP codin' cat
    Join Date
    Aug 2000
    Location
    San Diego, CA
    Posts
    5,460
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    PHP4 does have built-in session management. YOu can use cookies or you can appened the session id to every link and form in your site, or you can compile PHP with --enable-trans-id which automatically appends the session id to links and form actions if cookies are turned off. There are some decent tutorials on Session Management at http://www.phpbuilder.com

    Basically all you need to do is call session_start() at the top of the page that you want to have session variables available.

    I usually create a login page which is a form that asks for username and password and looks it up in my MySQL db. If it authenticates I register the username as a session valriable

    using session_register("username");

    Then on everypage that I want password protected I use session_start() then I check for the existence of the $username variable. If it's present the page loads normally, if its not the it shoots the user to the login page to authenticate.
    Please don't PM me with questions.
    Use the forums, that is what they are here for.

  3. #3
    Almeaty Member
    Join Date
    Jul 2000
    Location
    Nowhere
    Posts
    278
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I found some code covering the session management:
    Code:
    session_start();
    if╩(@$userid╩&&╩@$password)╩{
    ╩╩╩╩$res╩=╩@mysql_query("SELECT╩userid╩FROM╩users╩WHERE╩userid='$userid'╩AND╩password='$password'");
    ╩╩╩╩if(@mysql_num_rows($res)╩!=╩0)╩{
    ╩╩╩╩╩╩╩╩$verified_user╩=╩$userid;
    ╩╩╩╩╩╩╩╩session_register("verified_user");
    ╩╩╩╩}
    }
    Questions:
    What should I store in a cookie? Session ID or Username? How can I get the session ID?
    When the user wants to logout, must the session be destroyed ( session_destroy() )? If yes, how?

  4. #4
    Dumb PHP codin' cat
    Join Date
    Aug 2000
    Location
    San Diego, CA
    Posts
    5,460
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Um your code came out a little squirrely. run phpinfo() to see what session configuration is setup on your server. If you have access to your php.ini file you can customize it.

    the session.name directive tells you what the session id is named, by default its PHPSESSID

    The cookie is stored automatically and it just holds the session id. There is a fiel that is written to your server that holds the session data associated with the session id from the cookie. And yes use session_unset() to kill the session
    Please don't PM me with questions.
    Use the forums, that is what they are here for.

  5. #5
    Almeaty Member
    Join Date
    Jul 2000
    Location
    Nowhere
    Posts
    278
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Too many difficulties!

    I'm using this code for login and logout:

    if ( $user && $pass )
    {
    $res = @mysql_query( "SELECT id FROM accounts WHERE username='$user' AND password='$pass'" );
    if( @mysql_num_rows($res) != 0 )
    {
    $row = mysql_fetch_row( $res );
    $userid = $row["id"];
    session_register( "userid" );
    }
    }
    elseif ( $task == 'logout' )
    {
    session_unset();
    // session_destroy();
    }

    It's too strange: When I logout it doesn't even delete the stored cookie named PHPSESSID. So after I which pages, it of course thinks I'm logged in and puts out empty table cells Another thing is: even when I AM logged in and the cookie is there; even then the fields are empty. Actually I'm not at all logged in! So what's wrong?? How can I get out the data from my DB with the help of the session id?

    thx for help and please give code

  6. #6
    Dumb PHP codin' cat
    Join Date
    Aug 2000
    Location
    San Diego, CA
    Posts
    5,460
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    First thing, you are using mysql_fetch_row and then assigning the value of $row["id"] to $userid It should be mysql_fetch_array() Second did you use session_start() at the top of your page. Third why not check for the existence of $userid instead of $user && $pass since it will never be present unless they are logged in. Fourth you have an elseif clause and no else clause that is why you are not getting logged out just make it an if clause:
    session_start();
    if ( !$userid )
    {
    $res = @mysql_query( "SELECT id FROM accounts WHERE username='$user' AND password='$pass'" );
    if( @mysql_num_rows($res) != 0 )
    {
    $row = mysql_fetch_array( $res );
    $userid = $row["id"];
    session_register( "userid" );
    }
    }
    if ( $task == 'logout' )
    {
    session_unset();
    // session_destroy();
    }
    Please don't PM me with questions.
    Use the forums, that is what they are here for.

  7. #7
    Almeaty Member
    Join Date
    Jul 2000
    Location
    Nowhere
    Posts
    278
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thank you! It works wonderfully

    One more ques: what is the difference between session_destroy() and session_unset()?
    <Edited by DIMA on 11-29-2000 at 11:40 AM>


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •