SitePoint Sponsor |
|
User Tag List
Results 1 to 5 of 5
-
Apr 26, 2007, 12:50 #1
- Join Date
- Oct 2005
- Location
- Athens, Hellas
- Posts
- 38
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
User authentication using session variable
Hello,
I use Dreamweaver.
I have a login form (methodost) which works fine.
But, when I add a session variable in order to keep the user logged in, the session does not work. I figure it out because i see no user data on the URL.
Changing the form method from post to get, seems to work (I mean userdata are on the URL), but in this case the form action (opening another page) is not performed.
I know this is a noob question but I would really appreciate any kind of help.
Thanks
-
Apr 26, 2007, 12:56 #2
- Join Date
- Nov 2005
- Location
- The Netherlands
- Posts
- 205
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Hey manton,
sessions and form method's are a big difference.
The form method GET is used for stuff in the url, mainly used for sites that you wanna link to. Like: showthread.php?t=475198
The form method POST also works but it doesn't show in the url.
To help you with your problem I'll have to see your code though.
Taking over the web one pixel at a time.
Currently working @ CodeCreators
-
Apr 26, 2007, 13:10 #3
- Join Date
- Oct 2005
- Location
- Athens, Hellas
- Posts
- 38
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
You mean that the post method works although that I cannot see it?
My code is this
Code:<?php require_once('../Connections/palso.php'); ?> <?php mysql_select_db($database_palso, $palso); $query_Recordset1 = "SELECT * FROM accs"; $Recordset1 = mysql_query($query_Recordset1, $palso) or die(mysql_error()); $row_Recordset1 = mysql_fetch_assoc($Recordset1); $totalRows_Recordset1 = mysql_num_rows($Recordset1); ?><?php // *** Validate request to login to this site. if (!isset($_SESSION)) { session_start(); } $loginFormAction = $_SERVER['PHP_SELF']; if (isset($_GET['accesscheck'])) { $_SESSION['PrevUrl'] = $_GET['accesscheck']; } if (isset($_POST['user'])) { $loginUsername=$_POST['user']; $password=$_POST['pass']; $MM_fldUserAuthorization = ""; $MM_redirectLoginSuccess = "list.php"; $MM_redirectLoginFailed = "login_failed.php"; $MM_redirecttoReferrer = false; mysql_select_db($database_palso, $palso); $LoginRS__query=sprintf("SELECT user, pass FROM accs WHERE user='%s' AND pass='%s'", get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc() ? $password : addslashes($password)); $LoginRS = mysql_query($LoginRS__query, $palso) or die(mysql_error()); $loginFoundUser = mysql_num_rows($LoginRS); if ($loginFoundUser) { $loginStrGroup = ""; //declare two session variables and assign them $_SESSION['MM_Username'] = $loginUsername; $_SESSION['MM_UserGroup'] = $loginStrGroup; if (isset($_SESSION['PrevUrl']) && false) { $MM_redirectLoginSuccess = $_SESSION['PrevUrl']; } header("Location: " . $MM_redirectLoginSuccess ); } else { header("Location: ". $MM_redirectLoginFailed ); } } ?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=windows-1253" /> <title>Untitled Document</title> <link href="styles.css" type="text/css" rel="stylesheet" /> </head> <body> <div id="container"> <div id="form"> <form action="<?php echo $loginFormAction; ?>" method="post" name="form_login" id="form_login"> <fieldset> <legend> Περιοχή μελών</legend> <label> Όνομα χρήστη<br /> <input name="user" type="text" id="username" value="<?php echo $_SESSION['user']; ?>" /> </label> <br /> <label> Κωδικός πρόσβασης<br /> <input name="pass" type="password" id="pass" /> </label> <br /> <input name="Submit" type="submit" value="Είσοδος" /> </fieldset> </form> </div> <p> </p> </div> </body> </html> <?php mysql_free_result($Recordset1); ?>
How can I achieve user to stay logged in until the session expires?
Where do I go from here?
Thanks for your concern
-
Apr 26, 2007, 13:16 #4
- Join Date
- Oct 2005
- Location
- Athens, Hellas
- Posts
- 38
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
I guess ive been thinking wrong. Probably, the session variable works by saving the userdata (login) directly on the server rather than passing them from one page to another via the url, huh?
-
Apr 26, 2007, 13:37 #5
- Join Date
- Mar 2007
- Posts
- 192
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
yes it does.
a session is a file stored on the server which stores whatever data you add to the $_SESSION super global. Post data is data from a form that is sent in the request header, and accessible by $_POST super global.
So if you session_start()
and then $_SESSION['auth'] = whatever;
then the next page you session_start() again, then $_SESSION['auth'] will be a set variable, and will equal whatever.
Bookmarks