Jump to content

Working with sessions.

ShadeSlayer

By ShadeSlayer
in PHP Coding Help

 Share

Recommended Posts

ShadeSlayer Member

ShadeSlayer

Posted
Posted

So, I've been working on a backend area of a website and I want to have user accounts so the Admin area can be secure from users.

 

I've never done anything custom with sessions before, so I don't know where to start, but I can display my code thus far... maybe you guys could help?

 

My master plan is to have a variable on each file ($protectedpage), and if the variable is set to 1, then the user needs to be logged in. If it's not, then anyone can see.

 

Instead of adding code to all of my pages, I'd like the session to load out of the config.php file, and also load all the user details through there (so the session would need to be a userID or something so I can easily make that SQL query).

 

config.php

<?php
include("settings.php");
error_reporting("E_ALL");

// Connect to the database
if($mysql['conn'] = mysql_connect($global['host'], $global['username'], $global['password']))
{
$mysql['select'] = mysql_select_db($global['database'], $mysql['conn']);

if(!$mysql['select'])
{
echo "<b>Error:</b> Failed connection to database.<br /><br />".mysql_error();
}
}
else
{
echo "<b>Error:</b> Failed connection to server.<br /><br />".mysql_error();
}

// Retrieve Session Info
if($protectedpage === 1)
{
// Display the page to only logged in users
}
else
{
// Display the page to the masses
}
?>

 

page.php:

<?php
$protectedpage = 1; // This page is protected, only logged in users can view it.
include("config.php");
$pagetitle = "Protected Page";

$output = "Only logged in users can see this.";

$pagecontents = $output;
include("layout.php");
?>

 

login.php

<?php
$protectedpage = 0; // This page isn't protected, users can log in from here.
include("config.php");
$pagetitle = "Login";

$output = "<form action=\"\" method=\"post\">\n"
             ."<b>Username:</b> <input type=\"text\" name=\"username\" value=\"\" /><br />\n"
             ."<b>Password:</b> <input type=\"password\" name=\"password\" value=\"\" /><br />\n"
             ."<input type=\"hidden\" name=\"action\" value=\"output\" />\n"
             ."<input type=\"submit\" />\n"
             ."</form>\n";

if($_GET['action'] == "output")
{
// Log in and...
header("Location: page.php"); // redirect the logged in user to a protected page
}
if($_GET['action'] == "logout")
{
// Kill the session
$output = "You are now logged out.";
}

$pagecontents = $output;
include("layout.php");
?>

 

Sorry for being such a noob, but I'm a complete and total failure when it comes to session control/login/etc... so I could really use some assistance.

 

If you could help me with doing this, and keeping it secure while we're doing that; then I'd be very happy.

 

TONS of thanks to anyone who helps me out!

Link to comment
https://forums.phpfreaks.com/topic/164062-working-with-sessions/
Share on other sites
iSE Newbie

iSE

Posted
Posted

We all start somewhere, for me, it was using the following tutorial:

 

http://www.evolt.org/node/60384

 

All pages then just need to include session.php and then if $session->authorised = true, show the page.

 

Don't be scared of experimenting with different things, and if you are just starting out, I definately recommend you learn to use the mysqli extension, thats MySQL improved, before you get too attached to the old mysql extension. Most of the same functions are there (mysql_connect becomes mysqli_connect etc) and, not only does it offer far greater security, it also allows for object oriented programming if thats something you take an interest in.

dzelenika Newbie

dzelenika

Posted
Posted

Here's an example (simplified part of code I'm using)

 

session_start();

if (isset($_REQUEST['log_username']) && isset($_REQUEST['log_password']))
{	$app_USERNAME = filter_var($_REQUEST['log_username'], FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW );
$app_PASSWORD = filter_var( sha1($_REQUEST['log_password']), FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW );
}	else
{	if(isset($_SESSION['username']) && isset($_SESSION['password']) && !@$_REQUEST['special_page'])
{	$app_USERNAME = filter_var($_SESSION['username'], FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW );
	$app_PASSWORD = filter_var($_SESSION['password'], FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW );
}	else
{	denyUser();
}
}

$app_USER = new sys_user($db);
$app_USER->login = $app_USERNAME;

$rs = new rowSet($app_USER);

$rs->getRow($app_USER);
if($app_USER->status == 1)
{	if($app_PASSWORD != $app_USER->password)
{	$app_USER->bad_logins++;
	$app_USER->UPDATE();
	if($app_USER->bad_logins > $sys_MAX_BAD_LOGINS)
	{	$app_USER->status = -1;
		$app_USER->UPDATE();
	}
	denyUser();
}
}	else
{	denyUser();
}
$_SESSION['username'] = $app_USERNAME;
$_SESSION['password'] = $app_PASSWORD;

 

Let me know if you need some explanation.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.