Sessions / Cookies

[markspec87]

i thought it best to make a thread about this.

Ive got a signup / login script sorted now (adds and checks info in databse)

But im unsure how to use cookies or sessions to implement into it my site.

What code or commands do i need to use to check if someones logged in and/or log them in / out?

thanks

[van2]

Have you seen this sample chapter?

http://www.oreilly.com/catalog/webdbapps/chapter/ch08.html

It's a great introduction to sessions.

[markspec87]

So would this be right?

[quote]session_start(  );

    session_register("username");
    session_register("accesslevel");

    $username=$_POST['nickname'];
    $accesslevel = "select accesslevel from members where username = '".$_POST['username']."' and password = '".$_POST['password']."';";

[/quote]

Thats part of the code if they have specified the right username and password.

Guidance would be appreciated :)

[wildteen88]

Nope. Should be something like this:
[code=php:0]<?php
//start the session
session_start();

// connect to database first
@mysql_connect('localhost', 'db_user', 'db_user_pass') or die("Unable to connect to MySQL at this time");

@mysql_select_db('db_name') or die("Unable to select database");

// make the input safe:
$user = mysql_real_escape_string($_POST['username']);

// you should encrypt users password. rather than using plain text passwords.
$pass = mysql_real_escape_string($_POST['password']);

// perform the query first
$sql = "SELECT accesslevel FROM members WHERE username='".$user."' AND `password`=".$pass."';";

$result = @mysql_query($sql) or die("Unable to perform query");

// check that 1 row was returned, meaning a match is found
if(mysql_num_rows($result) == 1)
{
    // retrieve the access level
    $row = mysql_fetch_assoc($result);
   
    // set the session vars:
    $_SESSION['username'] = $_POST['nickname'];
    $_SESSION['accesslevel'] = $row['accessleve;'];
}[/code]

[markspec87]

thanks for that, login works perfectly.

So what code could i use to detect if a session is in progress?

I.e if there is a session, say "welcome username!"

thanks

[wildteen88]

Use something like this:
[code=php:0]if (isset($_SESSION['Username']) && $_SESSION['accessleve'] >= 1)
{
    echo 'Welcome, ' . $_SESSION['Username'];
}[/code]

Make sure you  have session_start(); before you use any $_SESSION variables.

[markspec87]

i used

  [quote]<?php
if (isset($_SESSION['username']))

{
    echo 'Welcome, ' . $_SESSION['username'];
}
else
{
    echo "Welcome to my website!";

}
?>[/quote]

but it always says "Welcome to my website!"

any ideas?

[wildteen88]

You havnt started the sessions thats why. When ever you need to use session variables you need have session_start(); before you use any sessions, otherwise the sessions wont work.
[code=php:0]<?php
// MUST START THE SESSION FIRST
// BEFORE USING ANY SESSION VARIABLES
session_start();

if (isset($_SESSION['username']))
{
    echo 'Welcome, ' . $_SESSION['username'];
}
else
{
    echo "Welcome to my website!";

}
?>[/code]

[markspec87]

Some success

The code works but it also thorws errors above the working text:

[quote]Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /home/terraarm/public_html/index.php:6) in /home/terraarm/public_html/index.php on line 30[/quote]

Any fix for this except covering the entirity of my page in php tags and echoing?

EDIT: Never mind fixed that :)

[wildteen88]

Post yor exact code here from index.php. When doing so please use the the code tags  - [nobbc][code]your code here[/code][/nobbc]

[markspec87]

Ive fixed it :)

Although i wouldnt mind knowing how to end the session for a logout page.

[wildteen88]

session_destory will kill a session.

[quillspirit]

It is important that you don't have any kind of output before session_start(); - except for coments. A space between php open and session_start(); will killl you.

correct:

[code]
<?
session_start();

session_destroy();
?>[/code]

Incorrect:
[code]
<?

session_start();

session_destroy();
?>[/code]

[wildteen88]

[quote author=quillspirit link=topic=107001.msg429344#msg429344 date=1157561387]
It is important that you don't have any kind of output before session_start(); - except for coments. A space between php open and session_start(); will killl you.

correct:

[code]
<?
session_start();

session_destroy();
?>[/code]

Incorrect:
[code]
<?

session_start();

session_destroy();
?>[/code]
[/quote]
Thats is not a valid example as this will work
[code]
<?

session_start();

session_destroy();
?>[/code]
It wont work if there is output before you use session_start. Any whitspace between <?(php) and ?> will not be outputed and so you can put as much whitespace as you like within those tags. The only time when php will display the headers already sent error is when there is some form of outpu, eg whitespace, text/html before your use any header realted functions.

[markspec87]

to solve these problems i always put session stuff at the very top of the document.

works a treat :)

[markspec87]

hmm run into a problem.

I can now login and logout fine.

When i login i can see the personalised message but then when i got to another page with the same code for a welcome message, it goes off.

Ive put session start at the top. What am i missing?