Jump to content


Photo

Login


  • Please log in to reply
11 replies to this topic

#1 akrytus

akrytus
  • Members
  • PipPipPip
  • Advanced Member
  • 70 posts

Posted 28 July 2006 - 05:25 PM

Ok, I searched for this and found nothing to help me, so I appologize if this was posted before and I missed it. 

I have a company web page, www.nocrs.net, that I am working on and need a member login.  I have created it and it works but I think I found an alternative to what I should have done.

My way:

function index(){
   // Load standard index page}

function member(){
  // Load member page}

function invalid(){
  // Load invalid user page}

function checklogin(){
  // Check dbase for user validation}

function cookie(){
  // Create cookie if user login validated}



// Begin of PHP page
    if ($_SERVER['REQUEST_METHOD'] != 'POST'){index();}
	else{
	  if(isset($_COOKIE["login"])){cookie();}
	  else{checklogin();}}


Basically each funtion holds a webpage.  If the validation is met then load the member webpage, if not load the invalid webpage, if no submit, then load the index webpage.  So basically I have 3 pages using the same index.php file.

Could someone explain to me the way I should do this!  I know a little bit, like use session variables and cookies, and how they work, dont know how to get them to work.  When I try to use session variables, it always says session already open or sent cant remember. 

I guess I dont know how to load a new page once the validation has been done and what keeps people from browsing to restricted pages and restricting access to them with out proper validation.  Assume I am stupid and tell me everything you know,  PLEASE!!!!

#2 Ninjakreborn

Ninjakreborn
  • Members
  • PipPipPip
  • Information Technology Specialist
  • 3,922 posts
  • Age:33

Posted 28 July 2006 - 06:01 PM

I don't care what anybody tells you, you have absolutely no reason to need to use cookies "with" sessions.  If you change the php ini settings to max session cookie lifetime, it automatically set's a cookie on the computer, then allows it to pass the session id around.  It traps it in the url when they come back to visit, and passes it around, you can test it for yourself, login's are really nothing, have 1 page that they login at.  check the db for username and password, (with hashign or whatever precautions you take.
if they match, register the sessions with
$_SESSION['whatever'] = whatever
php.net claims session_register as outdated so I wouldn't use it
then at the top of each page throw in
session_start();
I have 1 sessions normally called controller, set to true
then If i want something to display or not to display for people who are logged in or out I say
if ($_SESSION['controller'] == true) {
if I want it to display and
!= true if I don't want it to display, like if they can login, after that above login I put
if ($_SESSION['controller'] != true) {
// show login form, information to login with
}else {
// show link to logout, or whatever
}
when you are ready for them to logout
throw out
session_destroy();
on the logout page and that's it they can no longer go to the password protected pages.

------

Business Website: http://www.infotechnologist.biz

Personal Website: http://www.joyelpuryear.com

Blog Site: http://www.realmofwriting.com
Services: Web development, application development, mobile development, and custom development. All services listed on my website.


#3 akrytus

akrytus
  • Members
  • PipPipPip
  • Advanced Member
  • 70 posts

Posted 28 July 2006 - 06:27 PM

Ok, that helps me understand the sessions better, thankyou for your response.

I still have 2 questions:

1. What exactly protects the web pages from being visited without logging in? 

2. Once you find out that the member is validated you said start the session, but then how do you forward to the member page?  Put up a link for them to click on once validated?  Can you automate it?


#4 Ninjakreborn

Ninjakreborn
  • Members
  • PipPipPip
  • Information Technology Specialist
  • 3,922 posts
  • Age:33

Posted 28 July 2006 - 06:32 PM

you can use header if you want to relocate, I just normally leave them on the homepage in the logged in form.  As far as password protected entire pages
if (isset($_SESSION['username']) {
// entire page

}else
// you are not logged in
}
for a quick way
2 other ways could be
at the top
if (empty[$_SESSION['username']) {
// exit the thing
then relocate them, or whatever
}
there are hundreds of ways to do it literally
and for the relocation

header('Location: ' . $page);
WIth page being set to the url of the page you want them to go to, you can use relative url's as well.
in this situation, whenever the script hits that line though it automatically redirects, so be careful where you place it, or you can cut off some of the important parts of your script.
BUt that will redirect them to whatever page you want.

------

Business Website: http://www.infotechnologist.biz

Personal Website: http://www.joyelpuryear.com

Blog Site: http://www.realmofwriting.com
Services: Web development, application development, mobile development, and custom development. All services listed on my website.


#5 akrytus

akrytus
  • Members
  • PipPipPip
  • Advanced Member
  • 70 posts

Posted 28 July 2006 - 06:33 PM

Thanks I will give it a try!

#6 akrytus

akrytus
  • Members
  • PipPipPip
  • Advanced Member
  • 70 posts

Posted 28 July 2006 - 07:33 PM

I apparently am a little confused.

You said

if (isset($_SESSION['username'])


Now if this is on top of my protected web pages, wouldnt this always be true, because how else would have you gotten there without having started a session?  Should this be:

// Login
$_SESSION['whatever'] = "whatever"


// Protected webpage
if($_SESSION['username']="whatever"){ 
  // entire page}

else {
  // Invalid User}


#7 Ninjakreborn

Ninjakreborn
  • Members
  • PipPipPip
  • Information Technology Specialist
  • 3,922 posts
  • Age:33

Posted 28 July 2006 - 07:37 PM

if they never logged in they never gained that session.
The thing you put is the same thing I put just wrote differently.  No they can come to the page if they wanted.  ANyway just by typing it in the url, so either way would work, personal preference, mostly.

------

Business Website: http://www.infotechnologist.biz

Personal Website: http://www.joyelpuryear.com

Blog Site: http://www.realmofwriting.com
Services: Web development, application development, mobile development, and custom development. All services listed on my website.


#8 akrytus

akrytus
  • Members
  • PipPipPip
  • Advanced Member
  • 70 posts

Posted 28 July 2006 - 07:44 PM

Ok, sorry to keep bothering you, I really appreciate your help, but..................

When I destroy the session on the protected page I get:

Warning: session_destroy() [function.session-destroy]: Trying to destroy uninitialized session

So I took your advice and put a start_session at the top of that page and i get:

Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started



#9 Ninjakreborn

Ninjakreborn
  • Members
  • PipPipPip
  • Information Technology Specialist
  • 3,922 posts
  • Age:33

Posted 28 July 2006 - 07:57 PM

VERY top of the page before any includes or anything right?

------

Business Website: http://www.infotechnologist.biz

Personal Website: http://www.joyelpuryear.com

Blog Site: http://www.realmofwriting.com
Services: Web development, application development, mobile development, and custom development. All services listed on my website.


#10 akrytus

akrytus
  • Members
  • PipPipPip
  • Advanced Member
  • 70 posts

Posted 28 July 2006 - 08:00 PM

Oops, html tags were on top! Thanks again.

#11 Ninjakreborn

Ninjakreborn
  • Members
  • PipPipPip
  • Information Technology Specialist
  • 3,922 posts
  • Age:33

Posted 28 July 2006 - 08:07 PM

Nothing above, nothing at all.  Nothing but top of document
<?php
that is it, it has to come directly after that
if you some much as piss in the area above it, the headers are already sent.

------

Business Website: http://www.infotechnologist.biz

Personal Website: http://www.joyelpuryear.com

Blog Site: http://www.realmofwriting.com
Services: Web development, application development, mobile development, and custom development. All services listed on my website.


#12 akrytus

akrytus
  • Members
  • PipPipPip
  • Advanced Member
  • 70 posts

Posted 31 July 2006 - 05:04 PM

Ok, I have it all working, I log in and visit the secure page fine, but if I click on a link away, then try to revisit the secure page, I loose all the session data.  How do I prevent that? The idea is to login, view both secure and non-secure pages until user logs off. 




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users