Session timout? help!

[munnaz]

Hey guys, I have a website that people log into and watch documentaries. http://free-documentaries-online.com . I was wondering how to make my sessions last longer and also have an option for them to 'Keep me logged in'?

I have the code :

session_start();

 

at the top of every page and login.php is

<?php
   //Start session
   session_start();
   
   //Include database connection details
   require_once('configlogin.php');
   
   //Array to store validation errors
   $errmsg_arr = array();
   
   //Validation error flag
   $errflag = false;
   
   //Connect to mysql server
   $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
   if(!$link) {
      die('Failed to connect to server: ' . mysql_error());
   }
   
   //Select database
   $db = mysql_select_db(DB_DATABASE);
   if(!$db) {
      die("Unable to select database");
   }
   
   //Function to sanitize values received from the form. Prevents SQL injection
   function clean($str) {
      $str = @trim($str);
      if(get_magic_quotes_gpc()) {
         $str = stripslashes($str);
      }
      return mysql_real_escape_string($str);
   }
   
   //Sanitize the POST values
   $login = clean($_POST['login']);
   $password = clean($_POST['password']);
         
   //Input Validations
   if($login == '') {
      $errmsg_arr[] = 'Login ID missing';
      $errflag = true;
   }
   if($password == '') {
      $errmsg_arr[] = 'Password missing';
      $errflag = true;
   }
   
   //If there are input validations, redirect back to the login form
   if($errflag) {
      $_SESSION['ERRMSG_ARR'] = $errmsg_arr;
      session_write_close();
      header("location: login-form.php");
      exit();
   }
   
   //Create query
   $qry="SELECT * FROM members WHERE login='$login' AND passwd='".md5($_POST['password'])."'";
   $result=mysql_query($qry);
   
   //Check whether the query was successful or not
   if($result) {
      if(mysql_num_rows($result) == 1) {
         //Login Successful
         session_regenerate_id();
         $member = mysql_fetch_assoc($result);
         $_SESSION['SESS_MEMBER_ID'] = $member['member_id'];
         $_SESSION['SESS_FIRST_NAME'] = $member['firstname'];
         $_SESSION['SESS_LAST_NAME'] = $member['lastname'];
         $_SESSION['SESS_FULL_NAME'] = $member['firstname']." ".$member['lastname'];
         $_SESSION['SESS_LOGIN'] = $member['login'];
         $_SESSION['SESS_EMAIL'] = $member['email'];
         $_SESSION['SESS_SUBSCRIBE'] = $member['subscribe'];
         $_SESSION['SESS_AUTO_ADD_RECENT'] = $member['autoaddrecent'];
         $_SESSION['SESS_VISITS'] = $member['visits'];
         session_write_close();

         header("location: ../index.php");

         exit();
      }else {
         //Login failed
         header("location: login-failed.php");
         exit();
      }
   }else {
      die("Query failed");
   }
?>

I think it has something to do with

 

session.gc_maxlifetime

But im not too sure where to put it? I can't acess my php.ini file to change settings? Does that matter or can i use code.

Thanks in advance!

[Failing_Solutions]

Opps I was looking at it wrong.. corrected.

 

You can check your settings with

$currentTimeoutInSecs = ini_get(’session.gc_maxlifetime’);

$echo $currentTimeoutInSecs;

 

You can change it with

<?php
    ini_set(’session.gc_maxlifetime’, 30*60);
?>

 

Here is a reference: http://prajapatinilesh.wordpress.com/2009/01/14/manually-set-php-session-timeout-php-session/

[munnaz]

Thanks

Do I have to put the code anywhere specific or just at the top of the login page only?

I want it to last for a day minimum.

[Failing_Solutions]

Sorry had the wrong code there.

 

Just edited my post.

 

Could just stick it in a simple php file

<?php
include_once "thefile.php"; // this will include thefile.php
?>

[munnaz]

Thanks

Do I just include it at the top of the login page's code (the code i posted)?

[Failing_Solutions]

That should do it. Since their session starts when logged in.

[munnaz]

Thanks heaps for helpin!

[Failing_Solutions]

Just hope it works