Jump to content

Recommended Posts

is it necessary to store users session on db? if so please explain someone why?

 

and block multiple session login. say if im logged in and someone else tries to log into my id from some other place how would i stop that to happen? any idea and example would be  appreciated.  :D

Link to comment
https://forums.phpfreaks.com/topic/209527-question-on-user-session-handeling/
Share on other sites

is it necessary to store users session on db? if so please explain someone why?

No it isn't.

 

and block multiple session login. say if im logged in and someone else tries to log into my id from some other place how would i stop that to happen? any idea and example would be  appreciated.  :D

When the user logs in, store the IP he connects from. THen on each request, if he logs in from different IP do wahtever you seem fit (deny / logout / redirect to disney.com)

 

that means i got to store users ip in session too?

 

could u give an example with my exsisting code?

 


$query="SELECT * FROM members WHERE user_name='$user_name' AND user_pass='".md5($_POST['password'])."'";
$result=mysql_query($query);


if($result) {
	if(mysql_num_rows($result) == 1) {
		//Login Successful
		session_regenerate_id();
		$mem = mysql_fetch_assoc($result);
		$_SESSION['S_UID'] = $mem['mem_id'];
		$_SESSION['S_UNAME'] = $mem['user_name'];
		$_SESSION['S_FNAME'] = $mem['f_name'];
		$_SESSION['S_LNAME'] = $mem['l_name'];
		$_SESSION['S_UAUTH'] = $mem['user_auth'];
		session_write_close();
		header("location: index.php");
		exit();
	}else {
		//Login failed
		header("location: failed.php");
		exit();
	}

now did i do it right?

$_SESSION['S_UID'] = $mem['mem_id'];
		$_SESSION['S_UNAME'] = $mem['user_name'];
		$_SESSION['S_FNAME'] = $mem['f_name'];
		$_SESSION['S_LNAME'] = $mem['l_name'];
		$_SESSION['S_UAUTH'] = $mem['user_auth'];
                                    $_SESSION['S_UAGENT'] = $_mem['HTTP_USER_AGENT'];//users agent
                                    $_SESSION['S_UIP'] = $_mem['REMOTE_ADDR'];//users ip

 

but nothing abt users user agent nor ip is getting fetched why?

$_SERVER not $_POST.

 

did this

 

session_regenerate_id();
		$mem = mysql_fetch_assoc($result);
		$_SESSION['S_UID'] = $mem['mem_id'];
		$_SESSION['S_UNAME'] = $mem['user_name'];
		$_SESSION['S_FNAME'] = $mem['f_name'];
		$_SESSION['S_LNAME'] = $mem['l_name'];
		$_SESSION['S_UAUTH'] = $mem['user_auth'];
                        $_SESSION['S_UAGENT'] = $_SERVER['HTTP_USER_AGENT'];
                        $_SESSION['S_UIP'] = $_SERVER['REMOTE_ADDR'];

 

but nothing happening im trying to print the S_UAGENT and S_UIP but its all blank no effect.

ok this is the whole page, could help figure it out why wont it work?

 

<?php
//Start session
session_start();

//Include database connection details
require_once('config.php');

//Array to store validation errors
$errmsg_arr = array();

//Validation error flag
$errflag = false;

	//Function to sanitize values received from the form. Prevents SQL injection
function clean($str) {
	$str = @trim($str);
	if(get_magic_quotes_gpc()) {
		$str = stripslashes($str);
	}
	return mysql_real_escape_string($str);
}

//Sanitize the POST values
$user_name = clean($_POST['user_name']);
$password = clean($_POST['password']);

//Input Validations
if($user_name == '') {
	$errmsg_arr[] = 'Username field is missing';
	$errflag = true;
}
if($password == '') {
	$errmsg_arr[] = 'Password field is missing';
	$errflag = true;
}

//If there are input validations, redirect back to the login form
if($errflag) {
	$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
	session_write_close();
	header("location: login-form.php");
	exit();
}

//Create query
$qry="SELECT * FROM class_members WHERE user_name='$user_name' AND user_pass='".md5($_POST['password'])."'";
$result=mysql_query($qry);

//Check whether the query was successful or not
if($result) {
	if(mysql_num_rows($result) == 1) {
		//Login Successful
		session_regenerate_id();
		$mem = mysql_fetch_assoc($result);
		$_SESSION['S_UID'] = $mem['mem_id'];
		$_SESSION['S_UNAME'] = $mem['user_name'];
		$_SESSION['S_FNAME'] = $mem['f_name'];
		$_SESSION['S_LNAME'] = $mem['l_name'];
		$_SESSION['S_UAUTH'] = $mem['user_auth'];
                        $_SESSION['S_UAGENT'] = $_SERVER['HTTP_USER_AGENT'];
                        $_SESSION['S_UIP'] = $_SERVER['REMOTE_ADDR'];
		session_write_close();
		header("location: member-index.php");
		exit();
	}else {
		//Login failed
		header("location: login-failed.php");
		exit();
	}
}else {
	die("Query failed");
}
?>

When the user logs in, store the IP he connects from. THen on each request, if he logs in from different IP do wahtever you seem fit (deny / logout / redirect to disney.com)

LOL, Disney must get tons of traffic from redirects. Thats where I send all bad bots and 403 requests.

Do you have display_errors / error reporting enabled, or are you at least logging errors? Have you echoed your query and pasted it in to phpMyAdmin to see what the results are? Have you tried to see what the $_SESSION array is doing after you assign values by using echo '<pre>'; print_r($_SESSION); echo '</pre>';?

ok my profile page does print this

 

Array

(

    [s_UID] => 1

    [s_UNAME] => root

    [s_FNAME] =>

    [s_LNAME] =>

    [s_UAUTH] => general

    [s_UAGENT] => Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.11) Gecko/20100701 Firefox/3.5.11

    [s_UIP] => 122.3.6.1

)

 

wtf? it seem to be working on every page i tried yesterday but it didn seem to work but now i tried it without any changes and everything showing?. ok this was working but now how do i go on about making the session only for this particular ip and browser and if session active other browser and ip gets kicked off?

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.