Jump to content

Check session id to log in


master82

Recommended Posts

In my database I have a table called active - [userid, sessionid, ip, started, expire].

When a user logs in a session is created, its id recorded with user id, ip, the time it was created and an expiry time (I dont place any values into the session itself).

I have a script that deletes expired sessions from the table but need to make another script that I can use as an include on all my web page to do the following:
[list][*]check the session id[*]see if it exists in the active table[*]- - - if so, update/replace started (to time()) and update expire (time()+900)[*]- - - If not, redirect to login page (login.php)[/list]
Its basically a script to see if the user has already logged on in the last 15 mins.

Heres my really bad attempt...

[code]
<?php
include("connect.php");
session_start();

$sessionid = session_id();

$sql = "SELECT userid FROM active WHERE sessionid = '$sessionid'";
$result = mysql_query($sql,$conn) or die("No session matched");
if (mysql_num_rows($result) == 1) {
$userid = mysql_result($result, 0, 'userid');

$log = time();
$expire = $log + 900;
$ip = $_SERVER['REMOTE_ADDR'];

$Sql = "REPLACE INTO active (userid, sessionid, ip, logged, expire) VALUES ('$userid', '$sessionid', '$ip', '$log','$expire') WHERE sessionid = '$sessionid'";
$results = mysql_query($sql,$conn) or die("Unable to replace");
}
else
{
header("Location: login.php");
}
?>
[/code]

Anyone able to create this script or point me in the right direction?
Link to comment
Share on other sites

sure this is what i use:

[code]
<?
clean_sessions (); // your function for cleaning expired sessions

if (mysql_result (mysql_query ("SELECT `ip` FROM `active` WHERE `sessionid` = '$session_id'"), 0) == $_SERVER['REMOTE_ADDR'])
{
    mysql_query ("UPDATE `active` SET `expire` = '".time()."' + 900 WHERE `sessionid` = '$session_id'");
    echo "yay";
}
else
{
    header ("location: /login.php");
}
?>
[/code]

remember the deletion function already removed the expired functions so you don't need to check if it is expired again.
Link to comment
Share on other sites

I've done that, but now I get this at the top of each page:

Warning: mysql_result() [function.mysql-result]: Unable to jump to row 0 on MySQL result index 7 in Drive:\something\something\something\something\something\session.php on line 6

Warning: Cannot modify header information - headers already sent by (output started at Drive:\something\something\something\something\something\session.php:6) in Drive:\something\something\something\something\something\session.php on line 12

Any idea what the problem is?
Link to comment
Share on other sites

these are guidelines, you want to make sure the $ are correct as well as matching db fields. you can also do this

more valid
[code]
$sql = "SELECT `ip` FROM `active` WHERE `sessionid` = '$session_id'";
if (mysql_query ($sql) && mysql_result (mysql_query ($sql), 0) == $_SERVER['REMOTE_ADDR'])
{
    mysql_query ("UPDATE `active` SET `expire` = '".time()."' + 900 WHERE `sessionid` = '$session_id'");
    echo "yay";
}
else
{
    header ("location: /login.php");
}
[/code]
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.