SitePoint Sponsor

User Tag List

Results 1 to 5 of 5
  1. #1
    SitePoint Enthusiast
    Join Date
    Oct 2005
    Location
    Athens, Hellas
    Posts
    38
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    User authentication using session variable

    Hello,
    I use Dreamweaver.
    I have a login form (methodost) which works fine.
    But, when I add a session variable in order to keep the user logged in, the session does not work. I figure it out because i see no user data on the URL.
    Changing the form method from post to get, seems to work (I mean userdata are on the URL), but in this case the form action (opening another page) is not performed.

    I know this is a noob question but I would really appreciate any kind of help.
    Thanks

  2. #2
    SitePoint Addict Kokos's Avatar
    Join Date
    Nov 2005
    Location
    The Netherlands
    Posts
    205
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hey manton,
    sessions and form method's are a big difference.
    The form method GET is used for stuff in the url, mainly used for sites that you wanna link to. Like: showthread.php?t=475198
    The form method POST also works but it doesn't show in the url.
    To help you with your problem I'll have to see your code though.

    Taking over the web one pixel at a time.
    Currently working @ CodeCreators

  3. #3
    SitePoint Enthusiast
    Join Date
    Oct 2005
    Location
    Athens, Hellas
    Posts
    38
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You mean that the post method works although that I cannot see it?
    My code is this
    Code:
    <?php require_once('../Connections/palso.php'); ?>
    <?php
    mysql_select_db($database_palso, $palso);
    $query_Recordset1 = "SELECT * FROM accs";
    $Recordset1 = mysql_query($query_Recordset1, $palso) or die(mysql_error());
    $row_Recordset1 = mysql_fetch_assoc($Recordset1);
    $totalRows_Recordset1 = mysql_num_rows($Recordset1);
    ?><?php
    // *** Validate request to login to this site.
    if (!isset($_SESSION)) {
      session_start();
    }
    
    $loginFormAction = $_SERVER['PHP_SELF'];
    if (isset($_GET['accesscheck'])) {
      $_SESSION['PrevUrl'] = $_GET['accesscheck'];
    }
    
    if (isset($_POST['user'])) {
      $loginUsername=$_POST['user'];
      $password=$_POST['pass'];
      $MM_fldUserAuthorization = "";
      $MM_redirectLoginSuccess = "list.php";
      $MM_redirectLoginFailed = "login_failed.php";
      $MM_redirecttoReferrer = false;
      mysql_select_db($database_palso, $palso);
      
      $LoginRS__query=sprintf("SELECT user, pass FROM accs WHERE user='&#37;s' AND pass='%s'",
        get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc() ? $password : addslashes($password)); 
       
      $LoginRS = mysql_query($LoginRS__query, $palso) or die(mysql_error());
      $loginFoundUser = mysql_num_rows($LoginRS);
      if ($loginFoundUser) {
         $loginStrGroup = "";
        
        //declare two session variables and assign them
        $_SESSION['MM_Username'] = $loginUsername;
        $_SESSION['MM_UserGroup'] = $loginStrGroup;	      
    
        if (isset($_SESSION['PrevUrl']) && false) {
          $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];	
        }
        header("Location: " . $MM_redirectLoginSuccess );
      }
      else {
        header("Location: ". $MM_redirectLoginFailed );
      }
    }
    ?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=windows-1253" />
    <title>Untitled Document</title>
    <link href="styles.css" type="text/css" rel="stylesheet" />
    </head> 
    
    <body>
    <div id="container">
    <div id="form">
    <form action="<?php echo $loginFormAction; ?>" method="post" name="form_login" id="form_login">
    <fieldset>
    <legend>
    Περιοχή μελών</legend>
    <label>
    Όνομα χρήστη<br />
    <input name="user" type="text" id="username" value="<?php echo $_SESSION['user']; ?>" />
    </label>
    <br />
    <label>
    Κωδικός πρόσβασης<br />
    <input name="pass" type="password" id="pass" />
    </label>
    
    <br />
    
    <input name="Submit" type="submit" value="Είσοδος" />
    </fieldset>
    </form>
    
    </div>
    
    <p>&nbsp;</p>
    </div>
    </body>
    </html>
    <?php
    mysql_free_result($Recordset1);
    ?>
    Providing the correct username and psw it opens the form action page. I wonder, is the userdata passed to it?
    How can I achieve user to stay logged in until the session expires?
    Where do I go from here?

    Thanks for your concern

  4. #4
    SitePoint Enthusiast
    Join Date
    Oct 2005
    Location
    Athens, Hellas
    Posts
    38
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I guess ive been thinking wrong. Probably, the session variable works by saving the userdata (login) directly on the server rather than passing them from one page to another via the url, huh?

  5. #5
    SitePoint Zealot
    Join Date
    Mar 2007
    Posts
    192
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    yes it does.

    a session is a file stored on the server which stores whatever data you add to the $_SESSION super global. Post data is data from a form that is sent in the request header, and accessible by $_POST super global.

    So if you session_start()

    and then $_SESSION['auth'] = whatever;

    then the next page you session_start() again, then $_SESSION['auth'] will be a set variable, and will equal whatever.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •