Jump to content


Photo

Sessions / Cookies


  • Please log in to reply
15 replies to this topic

#1 markspec87

markspec87
  • Members
  • PipPipPip
  • Advanced Member
  • 63 posts

Posted 05 September 2006 - 08:42 PM

i thought it best to make a thread about this.

Ive got a signup / login script sorted now (adds and checks info in databse)

But im unsure how to use cookies or sessions to implement into it my site.

What code or commands do i need to use to check if someones logged in and/or log them in / out?

thanks

#2 van2

van2
  • New Members
  • Pip
  • Newbie
  • 4 posts

Posted 05 September 2006 - 09:05 PM

Have you seen this sample chapter?

http://www.oreilly.c...apter/ch08.html

It's a great introduction to sessions.

#3 markspec87

markspec87
  • Members
  • PipPipPip
  • Advanced Member
  • 63 posts

Posted 05 September 2006 - 10:22 PM

So would this be right?

session_start(  );

    session_register("username");
    session_register("accesslevel");

    $username=$_POST['nickname'];
    $accesslevel = "select accesslevel from members where username = '".$_POST['username']."' and password = '".$_POST['password']."';";


Thats part of the code if they have specified the right username and password.

Guidance would be appreciated :)

#4 wildteen88

wildteen88
  • Staff Alumni
  • Advanced Member
  • 10,482 posts
  • LocationUK, Bournemouth

Posted 05 September 2006 - 10:31 PM

Nope. Should be something like this:
<?php
//start the session
session_start();

// connect to database first
@mysql_connect('localhost', 'db_user', 'db_user_pass') or die("Unable to connect to MySQL at this time");

@mysql_select_db('db_name') or die("Unable to select database");

// make the input safe:
$user = mysql_real_escape_string($_POST['username']);

// you should encrypt users password. rather than using plain text passwords.
$pass = mysql_real_escape_string($_POST['password']);

// perform the query first
$sql = "SELECT accesslevel FROM members WHERE username='".$user."' AND `password`=".$pass."';";

$result = @mysql_query($sql) or die("Unable to perform query");

// check that 1 row was returned, meaning a match is found
if(mysql_num_rows($result) == 1)
{
    // retrieve the access level
    $row = mysql_fetch_assoc($result);
    
    // set the session vars:
    $_SESSION['username'] = $_POST['nickname'];
    $_SESSION['accesslevel'] = $row['accessleve;'];
}


#5 markspec87

markspec87
  • Members
  • PipPipPip
  • Advanced Member
  • 63 posts

Posted 05 September 2006 - 11:02 PM

thanks for that, login works perfectly.

So what code could i use to detect if a session is in progress?

I.e if there is a session, say "welcome username!"

thanks

#6 wildteen88

wildteen88
  • Staff Alumni
  • Advanced Member
  • 10,482 posts
  • LocationUK, Bournemouth

Posted 05 September 2006 - 11:42 PM

Use something like this:
if (isset($_SESSION['Username']) && $_SESSION['accessleve'] >= 1)
{
    echo 'Welcome, ' . $_SESSION['Username'];
}

Make sure you  have session_start(); before you use any $_SESSION variables.

#7 markspec87

markspec87
  • Members
  • PipPipPip
  • Advanced Member
  • 63 posts

Posted 06 September 2006 - 12:25 AM

i used

 

<?php
if (isset($_SESSION['username']))

{
    echo 'Welcome, ' . $_SESSION['username'];
}
else
{
    echo "Welcome to my website!";

}
?>


but it always says "Welcome to my website!"

any ideas?

#8 wildteen88

wildteen88
  • Staff Alumni
  • Advanced Member
  • 10,482 posts
  • LocationUK, Bournemouth

Posted 06 September 2006 - 01:55 AM

You havnt started the sessions thats why. When ever you need to use session variables you need have session_start(); before you use any sessions, otherwise the sessions wont work.
<?php
// MUST START THE SESSION FIRST 
// BEFORE USING ANY SESSION VARIABLES
session_start();

if (isset($_SESSION['username']))
{
    echo 'Welcome, ' . $_SESSION['username'];
}
else
{
    echo "Welcome to my website!";

}
?>


#9 markspec87

markspec87
  • Members
  • PipPipPip
  • Advanced Member
  • 63 posts

Posted 06 September 2006 - 02:53 AM

Some success

The code works but it also thorws errors above the working text:

Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /home/terraarm/public_html/index.php:6) in /home/terraarm/public_html/index.php on line 30


Any fix for this except covering the entirity of my page in php tags and echoing?

EDIT: Never mind fixed that :)

#10 wildteen88

wildteen88
  • Staff Alumni
  • Advanced Member
  • 10,482 posts
  • LocationUK, Bournemouth

Posted 06 September 2006 - 02:55 AM

Post yor exact code here from index.php. When doing so please use the the code tags  - [code]your code here[/code]

#11 markspec87

markspec87
  • Members
  • PipPipPip
  • Advanced Member
  • 63 posts

Posted 06 September 2006 - 01:18 PM

Ive fixed it :)

Although i wouldnt mind knowing how to end the session for a logout page.

#12 wildteen88

wildteen88
  • Staff Alumni
  • Advanced Member
  • 10,482 posts
  • LocationUK, Bournemouth

Posted 06 September 2006 - 04:14 PM

session_destory will kill a session.

#13 quillspirit

quillspirit
  • Members
  • PipPipPip
  • Advanced Member
  • 33 posts
  • LocationOregon, USA

Posted 06 September 2006 - 04:49 PM

It is important that you don't have any kind of output before session_start(); - except for coments. A space between php open and session_start(); will killl you.

correct:

<?
session_start();

session_destroy();
?>

Incorrect:
<? 

session_start();

session_destroy();
?>

Peace,
Shawn
Simple PHP

#14 wildteen88

wildteen88
  • Staff Alumni
  • Advanced Member
  • 10,482 posts
  • LocationUK, Bournemouth

Posted 06 September 2006 - 05:23 PM

It is important that you don't have any kind of output before session_start(); - except for coments. A space between php open and session_start(); will killl you.

correct:

<?
session_start();

session_destroy();
?>

Incorrect:
<? 

session_start();

session_destroy();
?>

Thats is not a valid example as this will work
<? 

session_start();

session_destroy();
?>
It wont work if there is output before you use session_start. Any whitspace between <?(php) and ?> will not be outputed and so you can put as much whitespace as you like within those tags. The only time when php will display the headers already sent error is when there is some form of outpu, eg whitespace, text/html before your use any header realted functions.

#15 markspec87

markspec87
  • Members
  • PipPipPip
  • Advanced Member
  • 63 posts

Posted 06 September 2006 - 05:49 PM

to solve these problems i always put session stuff at the very top of the document.

works a treat :)

#16 markspec87

markspec87
  • Members
  • PipPipPip
  • Advanced Member
  • 63 posts

Posted 06 September 2006 - 06:03 PM

hmm run into a problem.

I can now login and logout fine.

When i login i can see the personalised message but then when i got to another page with the same code for a welcome message, it goes off.

Ive put session start at the top. What am i missing?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users