xcoderx Posted August 1, 2010 Share Posted August 1, 2010 is it necessary to store users session on db? if so please explain someone why? and block multiple session login. say if im logged in and someone else tries to log into my id from some other place how would i stop that to happen? any idea and example would be appreciated. Quote Link to comment Share on other sites More sharing options...
Mchl Posted August 1, 2010 Share Posted August 1, 2010 is it necessary to store users session on db? if so please explain someone why? No it isn't. and block multiple session login. say if im logged in and someone else tries to log into my id from some other place how would i stop that to happen? any idea and example would be appreciated. When the user logs in, store the IP he connects from. THen on each request, if he logs in from different IP do wahtever you seem fit (deny / logout / redirect to disney.com) Quote Link to comment Share on other sites More sharing options...
xcoderx Posted August 1, 2010 Author Share Posted August 1, 2010 that means i got to store users ip in session too? could u give an example with my exsisting code? $query="SELECT * FROM members WHERE user_name='$user_name' AND user_pass='".md5($_POST['password'])."'"; $result=mysql_query($query); if($result) { if(mysql_num_rows($result) == 1) { //Login Successful session_regenerate_id(); $mem = mysql_fetch_assoc($result); $_SESSION['S_UID'] = $mem['mem_id']; $_SESSION['S_UNAME'] = $mem['user_name']; $_SESSION['S_FNAME'] = $mem['f_name']; $_SESSION['S_LNAME'] = $mem['l_name']; $_SESSION['S_UAUTH'] = $mem['user_auth']; session_write_close(); header("location: index.php"); exit(); }else { //Login failed header("location: failed.php"); exit(); } Quote Link to comment Share on other sites More sharing options...
Mchl Posted August 1, 2010 Share Posted August 1, 2010 http://php.net/manual/en/reserved.variables.server.php Quote Link to comment Share on other sites More sharing options...
bh Posted August 1, 2010 Share Posted August 1, 2010 is it necessary to store users session on db? if so please explain someone why? Session handers uses databases eg with shared systems. Quote Link to comment Share on other sites More sharing options...
xcoderx Posted August 1, 2010 Author Share Posted August 1, 2010 now did i do it right? $_SESSION['S_UID'] = $mem['mem_id']; $_SESSION['S_UNAME'] = $mem['user_name']; $_SESSION['S_FNAME'] = $mem['f_name']; $_SESSION['S_LNAME'] = $mem['l_name']; $_SESSION['S_UAUTH'] = $mem['user_auth']; $_SESSION['S_UAGENT'] = $_mem['HTTP_USER_AGENT'];//users agent $_SESSION['S_UIP'] = $_mem['REMOTE_ADDR'];//users ip but nothing abt users user agent nor ip is getting fetched why? Quote Link to comment Share on other sites More sharing options...
Alex Posted August 1, 2010 Share Posted August 1, 2010 $_SERVER not $_POST. Quote Link to comment Share on other sites More sharing options...
xcoderx Posted August 1, 2010 Author Share Posted August 1, 2010 $_SERVER not $_POST. did this session_regenerate_id(); $mem = mysql_fetch_assoc($result); $_SESSION['S_UID'] = $mem['mem_id']; $_SESSION['S_UNAME'] = $mem['user_name']; $_SESSION['S_FNAME'] = $mem['f_name']; $_SESSION['S_LNAME'] = $mem['l_name']; $_SESSION['S_UAUTH'] = $mem['user_auth']; $_SESSION['S_UAGENT'] = $_SERVER['HTTP_USER_AGENT']; $_SESSION['S_UIP'] = $_SERVER['REMOTE_ADDR']; but nothing happening im trying to print the S_UAGENT and S_UIP but its all blank no effect. Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted August 1, 2010 Share Posted August 1, 2010 You do have session_start(); at the top of the script, right? Quote Link to comment Share on other sites More sharing options...
xcoderx Posted August 2, 2010 Author Share Posted August 2, 2010 yes bro i have session_start();at the top. why will is not work? Quote Link to comment Share on other sites More sharing options...
bh Posted August 2, 2010 Share Posted August 2, 2010 Note: To use cookie-based sessions, session_start() must be called before outputing anything to the browser. Quote Link to comment Share on other sites More sharing options...
xcoderx Posted August 2, 2010 Author Share Posted August 2, 2010 ok this is the whole page, could help figure it out why wont it work? <?php //Start session session_start(); //Include database connection details require_once('config.php'); //Array to store validation errors $errmsg_arr = array(); //Validation error flag $errflag = false; //Function to sanitize values received from the form. Prevents SQL injection function clean($str) { $str = @trim($str); if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return mysql_real_escape_string($str); } //Sanitize the POST values $user_name = clean($_POST['user_name']); $password = clean($_POST['password']); //Input Validations if($user_name == '') { $errmsg_arr[] = 'Username field is missing'; $errflag = true; } if($password == '') { $errmsg_arr[] = 'Password field is missing'; $errflag = true; } //If there are input validations, redirect back to the login form if($errflag) { $_SESSION['ERRMSG_ARR'] = $errmsg_arr; session_write_close(); header("location: login-form.php"); exit(); } //Create query $qry="SELECT * FROM class_members WHERE user_name='$user_name' AND user_pass='".md5($_POST['password'])."'"; $result=mysql_query($qry); //Check whether the query was successful or not if($result) { if(mysql_num_rows($result) == 1) { //Login Successful session_regenerate_id(); $mem = mysql_fetch_assoc($result); $_SESSION['S_UID'] = $mem['mem_id']; $_SESSION['S_UNAME'] = $mem['user_name']; $_SESSION['S_FNAME'] = $mem['f_name']; $_SESSION['S_LNAME'] = $mem['l_name']; $_SESSION['S_UAUTH'] = $mem['user_auth']; $_SESSION['S_UAGENT'] = $_SERVER['HTTP_USER_AGENT']; $_SESSION['S_UIP'] = $_SERVER['REMOTE_ADDR']; session_write_close(); header("location: member-index.php"); exit(); }else { //Login failed header("location: login-failed.php"); exit(); } }else { die("Query failed"); } ?> Quote Link to comment Share on other sites More sharing options...
xcoderx Posted August 2, 2010 Author Share Posted August 2, 2010 anyone? Quote Link to comment Share on other sites More sharing options...
KevinM1 Posted August 2, 2010 Share Posted August 2, 2010 Are you sure the session variables aren't being set? Have you tried echoing them? Quote Link to comment Share on other sites More sharing options...
JonnoTheDev Posted August 2, 2010 Share Posted August 2, 2010 When the user logs in, store the IP he connects from. THen on each request, if he logs in from different IP do wahtever you seem fit (deny / logout / redirect to disney.com) LOL, Disney must get tons of traffic from redirects. Thats where I send all bad bots and 403 requests. Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted August 2, 2010 Share Posted August 2, 2010 Do you have display_errors / error reporting enabled, or are you at least logging errors? Have you echoed your query and pasted it in to phpMyAdmin to see what the results are? Have you tried to see what the $_SESSION array is doing after you assign values by using echo '<pre>'; print_r($_SESSION); echo '</pre>';? Quote Link to comment Share on other sites More sharing options...
xcoderx Posted August 2, 2010 Author Share Posted August 2, 2010 ok my profile page does print this Array ( [s_UID] => 1 [s_UNAME] => root [s_FNAME] => [s_LNAME] => [s_UAUTH] => general [s_UAGENT] => Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.11) Gecko/20100701 Firefox/3.5.11 [s_UIP] => 122.3.6.1 ) Quote Link to comment Share on other sites More sharing options...
xcoderx Posted August 2, 2010 Author Share Posted August 2, 2010 wtf? it seem to be working on every page i tried yesterday but it didn seem to work but now i tried it without any changes and everything showing?. ok this was working but now how do i go on about making the session only for this particular ip and browser and if session active other browser and ip gets kicked off? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.