glennn.php Posted January 3, 2010 Share Posted January 3, 2010 i have a simple login script that uses cookies and i'd love to utilize sessions - could someone show me how to do this? here's where the cookie is checked: $username_from_cookie = $_COOKIE[$cookiename]; //retrieve contents of cookie if($permission_level==''){ $sql="SELECT * FROM users WHERE username='$username_from_cookie'"; }else{ $threshold = $permission_level-1; $sql="SELECT * FROM users WHERE username='$username_from_cookie' AND permissions>'$threshold'"; } $result=mysql_query($sql); // Mysql_num_row is counting table rows $count=mysql_num_rows($result); // If result matches $myusername and $mypassword, table row must be 1 row if($count==0){ { header("location:login.php"); } } if someone could kindly show me how i'd start a session once a person logs in and then check his logged in status, i'd be forever grateful... regards, glennn Quote Link to comment Share on other sites More sharing options...
RaythMistwalker Posted January 4, 2010 Share Posted January 4, 2010 I'll show you mine: This is auth.php and i just use include on each page <?php session_start(); //Check whether the session variable SESS_MEMBER_ID is present or not if(!isset($_SESSION['SESS_MEMBER_ID']) || (trim($_SESSION['SESS_MEMBER_ID']) == '')) { header("location: access-denied.php"); exit(); } ?> This is the login: <?php //Start session session_start(); //Include database connection details require_once('config.php'); //Array to store validation errors $errmsg_arr = array(); //Validation error flag $errflag = false; //Connect to mysql server $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD); if(!$link) { die('Failed to connect to server: ' . mysql_error()); } //Select database $db = mysql_select_db(DB_DATABASE); if(!$db) { die("Unable to select database"); } //Function to sanitize values received from the form. Prevents SQL injection function clean($str) { $str = @trim($str); if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return mysql_real_escape_string($str); } //Sanitize the POST values $login = clean($_POST['login']); $password = clean($_POST['password']); //Input Validations if($login == '') { $errmsg_arr[] = 'Login ID missing'; $errflag = true; } if($password == '') { $errmsg_arr[] = 'Password missing'; $errflag = true; } //If there are input validations, redirect back to the login form if($errflag) { $_SESSION['ERRMSG_ARR'] = $errmsg_arr; session_write_close(); header("location: login-form.php"); exit(); } //Create query $qry="SELECT * FROM members WHERE login='$login' AND passwd='$password'"; $result=mysql_query($qry); //Check whether the query was successful or not if($result) { if(mysql_num_rows($result) == 1) { //Login Successful session_regenerate_id(); $member = mysql_fetch_assoc($result); $_SESSION['SESS_MEMBER_ID'] = $member['member_id']; session_write_close(); header("location: member-index.php"); exit(); }else { //Login failed $qry2 = "INSERT INTO iplogs(login, ip, rank, success) VALUES('$login','$ip', 'No')"; header("location: login-failed.php"); exit(); } }else { die("Query failed"); } ?> Config.php = database connection info to use variables DB_VARIABLE. At top of each page you then need <?php session_start(); require_once('auth.php'); ?> Hope this helped. Quote Link to comment Share on other sites More sharing options...
glennn.php Posted January 4, 2010 Author Share Posted January 4, 2010 ABSOLUTELY! (i'm one of those who has to SEE it done, rather than reading diatribe and details. that helped tremendously...) thanks! Quote Link to comment Share on other sites More sharing options...
RaythMistwalker Posted January 4, 2010 Share Posted January 4, 2010 No problem ~Rayth Quote Link to comment Share on other sites More sharing options...
glennn.php Posted January 4, 2010 Author Share Posted January 4, 2010 are sessions by all means a better idea than cookies these days? you can certainly do a lot more with sessions, huh...? Quote Link to comment Share on other sites More sharing options...
RaythMistwalker Posted January 4, 2010 Share Posted January 4, 2010 to be honest i have no idea because i only started a few days ago and just went straight with sessions and haven't found a problem with them. I did get a friend to explain the difference between $_SESSION['name'] and $_SESSION[name] which tbh i cant remember now. I think if it's in a string you use the first one and if your checking something you use the second. On the safe side if one doesnt work try the other Quote Link to comment Share on other sites More sharing options...
glennn.php Posted January 4, 2010 Author Share Posted January 4, 2010 yes, a string has to be enclosed in ''... thanks, dude. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.