Jump to content


Photo

Using Session for Login system


  • Please log in to reply
4 replies to this topic

#1 smartguyin

smartguyin
  • Members
  • PipPipPip
  • Advanced Member
  • 61 posts

Posted 10 September 2006 - 10:13 AM

I working on a login system for a database i want to know is using session is it suficient for login system.

this is my auth.user.inc.php file for checking logging in user please tell me if i am wrong any where :

<?php
session_start();
if ((isset($_SESSION['user_logged']) && $_SESSION['user_logged'] != "") ||
(isset($_SESSION['user_password']) && $_SESSION['user_password'] != "")) {
$name = ($_SESSION['user_logged']);
session_register($_SESSION['user_logged']);
$name = $_SESSION['user_logged'];

$side = 1;
} else {
$side = 0;
$redirect = $_SERVER['PHP_SELF'];
header("Refresh: 5; URL=user_login.php");
echo "<p>&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;</p><center>You are not currently no logged in, we are redirecting you to Login Page, be patient!<br>";
echo "(If your browser doesn't support this <a href=\"user_login.php\">Click Here</a>)</center>";
die();
}

this is my part of user_login.php just check if it is a correct lgin system or else i should try some thing else :

<?php
session_start();
include "conn.inc.php";

if (isset($_POST['submit'])) {
$query = "SELECT username, password FROM ur WHERE username = '".$_POST['username']."' ".
"AND password = (PASSWORD('".$_POST['password']."'))";
$result = mysql_query($query)
or die(mysql_error());

if (mysql_num_rows($result) == 1) {
$user_logged = $name;
session_register("user_logged");
$_SESSION['user_logged'] = $_POST['username'];
$_SESSION['user_password'] = $_POST['password'];
header ("Refresh: 3; URL=controlpanel.php");
echo "<p>&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;</p><center>You are Logged in Now ! You are being redirected to your original page requested!<br>";
echo"(if your browser doen't support redirection, <a href=\"".$_POST['redirect']."\">Click Here</a>)";
} else {
?>

One of my php project >> http://www.mumbaipropertysite.com

#2 onlyican

onlyican
  • Members
  • PipPipPip
  • Advanced Member
  • 921 posts
  • LocationHants - UK

Posted 10 September 2006 - 11:50 AM

Do you have any errors?

Answer to your question "using session is it suficient for login system"
The answer is yes, of course it is,
Thats one the reasons it was built,

Just Remember
session_start();
at the TOP of every page (Before <html> tag)

and
Sessions normally expire after X amount of time (see ur php_ini file) and die when the browser is closed
Tell me the problem, I will try tell you the solution

#3 °°Ben³

°°Ben³
  • Members
  • PipPip
  • Member
  • 17 posts
  • LocationGermany / Remagen

Posted 10 September 2006 - 01:23 PM

I would not store the password in the session.

if FORM_IS_SUBMITTED
   check if the user puttet the correct username and password in,
   else reload the login form (1)

When the user has logged in you have to do something like this
if USER_IS_LOGGED_IN
    show the site
ELSE
    load the login form

Maybe (1) is something like this
$sql = 'SELECT ...';
// ..

if(LOGIN_IS_CORRECT)
{
    $_SESSION['loggedIn'] = true;
    $_SESSION['userData']['id'] = $id
    $_SESSION['userData']['name'] = $name;
}
else 
{
    header('location: login.php');
    exit();
}

Just some sample code. Try to understand .. it is not really difficult.
Hope to help.

Regards, Ben.

desktop and web development ;)
---
English is not my native language. Please excuse if I made some errors in expression.

#4 onlyican

onlyican
  • Members
  • PipPipPip
  • Advanced Member
  • 921 posts
  • LocationHants - UK

Posted 10 September 2006 - 02:19 PM

I normally store the username in the session
Then I can just called $_SESSION["logged_in_user"]; to get there username
and this helps running queries
Tell me the problem, I will try tell you the solution

#5 °°Ben³

°°Ben³
  • Members
  • PipPip
  • Member
  • 17 posts
  • LocationGermany / Remagen

Posted 10 September 2006 - 04:00 PM

You have to decide what information you want to store in the session. Data like the username, that is used very often, i.e. in this forum " Hello °°Ben³", is a perfect example for such an information.

@smartguyin:
Do you have further questions?

Or has anyone a contrary opinion to my proposal?

Regards, Ben.
desktop and web development ;)
---
English is not my native language. Please excuse if I made some errors in expression.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users