Is this the proper syntax to use $SESSIONS for a logged in user?

[Modernvox]

I want to bypass email verification for logged in users so that don't need to verify there email prior to submitting a classified listing. Can you please tell me the proper way to use Sessions in my situation....

 

<?php
$_SESSION_START();
$_SESSION[‘username’] = $username;
include("classifiedsdb.inc");
if(isset($_POST['submit'])) 
$location= $_POST['location'];
$actual_location= $_POST['actual_location'];
$title= $_POST['title'];
$details= $_POST['details'];
$email= $_POST['email'];
$conn = mysql_connect($host,$user, $password);
if (!$conn)
{
die('Could not connect: ' . mysql_error());
}

    //check if user is logged in
if ($_SESSION('username' == $username)) { 

    if ($title == "" || strlen($title >50))
       {
        echo "<font face= \"tahoma\" color= \"red\" size= \"2\">Title must be bewteen 1 and 50 characters in length</font>";
        exit();
       }
              if ($details == ""  || strlen($details >350))
                  {
                  echo "<font face= \"tahoma\" color= \"red\" size= \"2\">Ad must be between 1 and 350 characters</font>";
                  exit();
                  }

                  $query = "INSERT INTO musicians (location, actual_location,  title, details, '', '', '') 
                  VALUES ('$location', '$actual_location', '$title', '$details', '','', '')";

          if (!mysql_query($query))
             {
             die('Error: ' . mysql_error());
             }
             exit();

        } //end logged in user script


//if user is not logged in start email verification

else  if ($_POST['form_submitted'] == '1') { 
       $activationKey =  mt_rand() . mt_rand() . mt_rand() . mt_rand() . mt_rand();

              if ($title == "" || strlen($title >50))
                {
                 echo "<font face= \"tahoma\" color= \"red\" size= \"2\">Max characters allowed= 50</font>";
                 exit();
                 }
                         if ($details == ""  || strlen($details >350))
                           {
                           echo "<font face= \"tahoma\" color= \"red\" size= \"2\">Ad must be no less than 20 characters and no more than 350</font>";
                           exit();
                           }
                  $pattern = '/^[a-z0-9]{4,}+.?([a-z0-9]+)?@([a-z0-9]+\.)+[a-z]{3,4}$/i';
                  if (!preg_match($pattern, $email))
                    {
                     echo "<font face= \"tahoma\" color= \"red\" size= \"2\">sorry, email is not valid</font>";
                     exit();
                     }
        $pattern = '/^[a-z0-9]{4,}+.?([a-z0-9]+)?@([gmail]+\.)+[a-z]{3,4}$/i';//exclude Gmail here
        if (preg_match($pattern, $email))
          {
           echo "<font face= \"tahoma\" color= \"red\" size= \"2\">Sorry, Gmail accounts not allowed</font>";
           exit();
          }

              $query = "INSERT INTO musicians (location, actual_location,  title, details, email, activationkey, status) 
              VALUES ('$location', '$actual_location', '$title', '$details', '$email','$activationKey', 'verify')";

if (!mysql_query($query))
{
die('Error: ' . mysql_error());
}

echo "An email has been sent to $email . Please click on the verification link to verify your AD";

//No value found, user must be activating their account!
//Send activation Email

$to      = $email;

$subject = " Activate your AD on IWJ!";

$message = "Verify your AD by clicking the following link:\rhttp://dezi9er.net16.net/verify_classified.php?$activationKey\r\rRegards, mysite.com Team";

$headers = 'From: noreply@ mysite.com' . "\r\n" .

    'Reply-To: noreply@ mysite.com' . "\r\n" .

    'X-Mailer: PHP/' . phpversion();

mail($to, $subject, $message, $headers);

} else {


$queryString = $_SERVER['QUERY_STRING'];

$query = "SELECT * FROM musicians";

$result = mysql_query($query) or die(mysql_error());

  while($row = mysql_fetch_array($result)){

    if ($queryString == $row["activationkey"]){
echo "Thank You! Your Ad has been verified and is now live! ";
$sql="UPDATE musicians SET activationkey = '', status='activated' WHERE (id = $row[id])";

       if (!mysql_query($sql))

  {

        die('Error: ' . mysql_error());

  }

}
}
}   

?>

[JonnoTheDev]

Sessions simply hold data that persist through the application. Example: If a user is logging into a website, after they have entered the correct username & password a session can be set that will flag that the user is logged in. All member only pages on the site then check that the session exists and if not throw the user back to login.

 

This code is purely hypothetical.

i.e

<?php
// login .php
session_start();
// user has entered correct details
if($userfound == true) {
$_SESSION['loggedin'] = true;
header("Location:my_account.php");
exit();
}
?>

 

<?php
// my_account .php
session_start();
// check user is logged in
if(!$_SESSION['loggedin']) {
header("Location:login.php");
exit();
}
?>

Sessions are a way to store data that can be accessed through any page on your site as long as the session_start() function has been called. They are not an alternative to email validation. Email validation is a mechanism that is commonly used to stop spammers by requiring a user to validate that they are who they say they are by actioning an email. Once a user has validated themselves they can login and use the system. If you do not use validation you are open to abuse by automated programs. Although bots could effectively validate themselves by reading the email it is a very effective detterant.

[Modernvox]

Sessions simply hold data that persist through the application. Example: If a user is logging into a website, after they have entered the correct username & password a session can be set that will flag that the user is logged in. All member only pages on the site then check that the session exists and if not throw the user back to login.

 

This code is purely hypothetical.

i.e

<?php
// login .php
session_start();
// user has entered correct details
if($userfound == true) {
$_SESSION['loggedin'] = true;
header("Location:my_account.php");
exit();
}
?>

 

<?php
// my_account .php
session_start();
// check user is logged in
if(!$_SESSION['loggedin']) {
header("Location:login.php");
exit();
}
?>

Sessions are a way to store data that can be accessed through any page on your site as long as the session_start() function has been called. They are not an alternative to email validation. Email validation is a mechanism that is commonly used to stop spammers by requiring a user to validate that they are who they say they are by actioning an email. Once a user has validated themselves they can login and use the system. If you do not use validation you are open to abuse by automated programs. Although bots could effectively validate themselves by reading the email it is a very effective detterant.

 

Thanks Neil I needed that.

But you did confuse me a little when you say $SESSIONS is not an alternative to email verification because if a user has registered that means they already validated there email , so why should they need to provide it again after they are logged in?

 

Just wondering your mindset on that?

[JonnoTheDev]

But you did confuse me a little when you say $SESSIONS is not an alternative to email verification because if a user has registered that means they already validated there email , so why should they need to provide it again after they are logged in?

 

Email verification is a procedure that has been structured via your programming code.

1. User registers

2. Email verification sent

3. User clicks link in email to validate

4. User logs in

 

Once this has been done once a user does not need to register again. They simply login next time they visit your website.

 

A session is completely different. The definition of a session: A semi-permanent interactive information interchange. Session management is build into php. It has core functions for starting, ending, storing sessions and session data.

 

You are getting confused between the usage of sessions, not what a session actually is. I suggest you read the php manual on using sessions. If your code is structured in such a way that a user has to validate themselves each time they come to your website and login, then it is poorly coded.

[Modernvox]

But you did confuse me a little when you say $SESSIONS is not an alternative to email verification because if a user has registered that means they already validated there email , so why should they need to provide it again after they are logged in?

 

Email verification is a procedure that has been structured via your programming code.

1. User registers

2. Email verification sent

3. User clicks link in email to validate

4. User logs in

 

Once this has been done once a user does not need to register again. They simply login next time they visit your website.

 

A session is completely different. The definition of a session: A semi-permanent interactive information interchange. Session management is build into php. It has core functions for starting, ending, storing sessions and session data.

 

You are getting confused between the usage of sessions, not what a session actually is. I suggest you read the php manual on using sessions. If your code is structured in such a way that a user has to validate themselves each time they come to your website and login, then it is poorly coded.

 

Understood,

Will go read up on this. Thanks again, buddy.