[SOLVED] Setting Session Variable

[twilitegxa]

How do I set a session variable for a username login? I have been reading through some tutorials, and I am gettign a little confused. Can anyone help me get started? When my users log in, the field it saves it in is 'username'.

[Mchl]

session_start();
$_SESSION['username'] = $username;

[twilitegxa]

Which page do I put this code on? On the page the user logs into or every page?

[jordanwb]

You put the session_start() on any page where you'll be using sessions.

[twilitegxa]

How can I display on each page that the user is indeed logged in until they logout?

[jordanwb]

Well how that works is up to you to decide. Personally I like to make a User class with public functions such as Login ($username, $password, $remember), Logout (), and Register ($username, $display_name, $password, $email) and a private function called CheckLogin () that's called in the constructor.

[corbin]

Edit:  I gotta stop opening tabs like 10 threads at a time and weeding through them.  Beaten again.  Anyway, I'm still gonna post this.

 

 

Here's some stuff on sessions, because I'm too lazy to type it again:

http://www.phpfreaks.com/tutorial/sessions-and-cookies-adding-state-to-a-stateless-protocol (I didn't type this one obviously)

http://www.phpfreaks.com/forums/index.php/topic,204743.msg930076.html#msg930076

http://www.phpfreaks.com/forums/index.php/topic,172797.msg766566.html#msg766566 (not really that good for an understanding of sessions)

 

 

 

Anyway, the concept would be to set a session variable when a user logs in, then on each page, you just check that.

 

 

Eg:

 

login.php

session_start();
$_SESSION['username'] = 'Corbin';

 

index.php

session_start();
if(isset($_SESSION['username']))
   echo 'Welcome, ' . $_SESSION['username'];

[jordanwb]

Thanks for those links Corbin.

 

Adding to Corbin's code, I like to send the user's id and a random number associated with the valid session as a cookie and in a session, that way the username and/or password is not sent. You could use the IP as well to prevent man-in-the-middle attacks, but I'm not sure regarding DHCP servers.

[twilitegxa]

Does anyone know how to create a sub-menu (I think that's what it's called) that pops up under the link where I have Log In that lets them type in their username and password on the same page without redirecting them to a new page? Right now, I have a page with a log in link that directs the user away from that page to a page that has a field for the username and password, and then that page directs them to another page that tells them that they have successfully logged in, but I want it to have a little menu that pops up under the log in link that has the fields for the username and password, and then logs them in and then show they are logged in at the top of the page and shows they are logged until they log out or leave the page.

[jordanwb]

That would be more of a javascript thing, and I don't know how to do that.

[twilitegxa]

How do I set the code on my html page to display when a user is logged in? Do I put the:

 

session_start();
if(isset($_SESSION['username']))
    echo 'Welcome, ' . $_SESSION['username'];

 

Within PHP tags? And, how do I make it display where I want it to? Here is my home page (the top section of it at least, where I want the username to show up):

 

<html>
<head>
<title>Sailor Moon RPG - Home Page</title>
<!-- Source File -->
<script type="text/javascript" src="simpletreemenu.js"></script>
<link rel="stylesheet" type="text/css" href="simpletree2.css" />
<!--[if IE]>
<style>
#main
{
padding: 20px 0 20px 0;
}

</style>
<![endif]-->
</head>
<body>

<div id="head"><img src="logo.jpg" alt="Sailor Moon RPG Logo" width="314" height="75" /><br />

<address><a href="home.html">Home</a> | <a href="register.html">Register</a> | <a href="login.html">Log In</a> | <a href="help.html">Help</a>
</address></div> [right here is where I want the Welcome, [b]username[/b]! to show up]
<br /> 
(links are next)

 

How do I set up the code to make it check if they are logged in and to display it there?

[twilitegxa]

This is my login.php:

 

<?php
session_start();
$_SESSION['username'] = $username;

$user_area_location = 'account.php'; // Location of the user area
// Connect to MySQL database:
$access = mysql_connect('localhost','root','') or die ('Could not connect to database');
mysql_select_db('smrpg',$access) or die ('Could not select table');
# #
$error = array();
if($_GET['action']) {
switch($_GET['action']) {
case 'logoff':
unset($_SESSION['loggedIn']);
array_push($error, 'You were logged off.');
break;
}
}
if(!$error) {
if(empty($_POST['username'])) { array_push($error, 'You didn\'t supply a username'); }
if(empty($_POST['password'])) { array_push($error, 'You didn\'t supply a password'); }
}
if(!$error){
$result = @mysql_query('SELECT name, email FROM `users` WHERE username = \''.mysql_real_escape_string($_POST['username']).'\' AND password = \''.mysql_real_escape_string(md5($_POST['password'])).'\'');
if($row = @mysql_fetch_row($result)) {
$_SESSION['loggedIn'] = true;
header('Location: '.$user_area_location);
die('<a href="'.$user_area_location.'">Go to your user account</a>');
}else{
array_push($error, 'The username or password you provided were not correct');
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Login</title>
</head>
<body>
<table cellspacing="2" cellpadding="0" border="0">
<form method="post" action="login.php">
<?php if(isset($error) && $error) { ?>
<tr>
<td colspan="2">
<ul><?php foreach($error as $key => $value) echo '<li>'.$value.'</li>'; ?></ul>
</td>
</tr><?php } ?>
<tr>
<td>Username:</td>
<td><input type="text" name="username" /></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="password" /></td>
</tr>
<tr>
<td> </td>
<td><input type="submit" name="submit" value="Login!" /> <a href="forgot.html">I forgot my password</a></td>

</tr>
</form>
</table>
</body>
</html>

 

With the session variable.

[twilitegxa]

And my account.php script:

 

<html>
<head>
<title>Sailor Moon RPG - You are logged in</title>
</title>
<meta HTTP-EQUIV="REFRESH" content="2; url=index.php">
<body>
<?php session_start();
if(!isset($_SESSION['loggedIn'])) { header('Location: login.php'); die('<a href="login.php">Login first!</a>'); }
?>
You have successfully logged in! Sending you back to the Home Page...
</body>
</html>

[twilitegxa]

When I redirect, am I causing the session to not work for some reason? Or do I have any of my code wrong? Or many the code is incorrect to display the username on the home page?

[Mchl]

You need to have

session_start();

 

and any headers

 

header('Location: login.php')

 

before anything is sent to browser. In your case, before all the HTML.

 

<?php session_start();
if(!isset($_SESSION['loggedIn'])) { header('Location: login.php'); die(); }
?>
<html>
<head>
<title>Sailor Moon RPG - You are logged in</title>
</title>
<meta HTTP-EQUIV="REFRESH" content="2; url=index.php">
<body>

 

[twilitegxa]

If I put that code on my page, like my home page, how will I display that the user is logged on? It looks like that code will just save on that page if they are logged on from where they logged in on the other page. Also, the code:

 

if(!isset($_SESSION['loggedIn'])) { header('Location: login.php'); die(); }

 

where it has $_SESSION[loggedIn'], is that setting a variable or is that supposed to be a variable I've already set? Because I don't think I have that variable set anywhere yet. This is confusing to me!

[Mchl]

Sessions are a means of storing variables between scripts (or pages)

 

So you will probably have a login.php script, that will take usernam and password from a form, check credentials in databse, and if they are correct, then it sets a session variable

 

session_start();
$_SESSION['loggedIn'] = TRUE;

 

From now on, every other script run by this user, will see $_SESSION['loggedIn'] variable, so you can use it to check if user has logged in