[SOLVED] Extend Innactivity Time Out of Authentication Script

[SkyRanger]

I have been ripping through this script trying to find out how to extend the visitors time out session.  ie: giving them a longer time for inactivity.  Does anybody see anywhere that I can do this?

 

 

Login Script:

include_once("config.php");

checkLoggedIn("no");

$title="ProdCo Scripts";

if(isset($_POST["submit"])) {
    field_validator("login name", $_POST["login"], "alphanumeric", 4, 15);
    field_validator("password", $_POST["password"], "string", 4, 15);

    if($messages){
        doIndex();
        exit;
    }

    if( !($row = checkPass($_POST["login"], $_POST["password"])) ) {
        $messages[]="Incorrect login/password, try again";
    }

    if($messages){
        doIndex();
        exit;
    }

    cleanMemberSession($row["login"], $row["password"]);

    header("Location: members/office.php");
} else {
    doIndex();
}

function doIndex() {
    global $messages;

    global $title;

 

Secured Page:

 

include_once("config.php");

// Check user logged in already:
checkLoggedIn("yes");
doCSS();
print("Welcome <b>".$_SESSION["login"]."</b><br>\n");
print("<a href=\"logout.php"."\">Logout</a>");

 

Config.php

 

error_reporting(E_ALL);

include_once("functions.php");

session_register("login");
session_register("password");
session_register("loggedIn");

$messages=array();

 

functions.php

 

function connectToDB() {
    global $link, $dbhost, $dbuser, $dbpass, $dbname;


    ($link = mysql_pconnect("$dbhost", "$dbuser", "$dbpass")) || die("Couldn't connect to MySQL");

    mysql_select_db("$dbname", $link) || die("Couldn't open db: $dbname. Error if any was: ".mysql_error() );
}


function newUser($login, $password) {

    global $link;

    $query="INSERT INTO users (login, password) VALUES('$login', '$password')";
    $result=mysql_query($query, $link) or die("Died inserting login info into db.  Error returned if any: ".mysql_error());

    return true;
}


function displayErrors($messages) {
    print("<b>There were problems with the previous action.  Following is a list of the error messages generated:</b>\n<ul>\n");

    foreach($messages as $msg){
        print("<li>$msg</li>\n");
    }
    print("</ul>\n");
}


function checkLoggedIn($status){
    switch($status){
        case "yes":
            if(!isset($_SESSION["loggedIn"])){
                header("Location: index.php");
                exit;
            }
            break;

        case "no":
            if(isset($_SESSION["loggedIn"]) && $_SESSION["loggedIn"] === true ){
                header("Location: members/office.php");
            }
            break;
    }
    return true;
}


function checkPass($login, $password) {
    global $link;

    $query="SELECT login, password FROM users WHERE login='$login' and password='$password'";
    $result=mysql_query($query, $link)
        or die("checkPass fatal error: ".mysql_error());

    if(mysql_num_rows($result)==1) {
        $row=mysql_fetch_array($result);
        return $row;
    }
    return false;
}


function cleanMemberSession($login, $password) {
    $_SESSION["login"]=$login;
    $_SESSION["password"]=$password;
    $_SESSION["loggedIn"]=true;
}


function flushMemberSession() {
    unset($_SESSION["login"]);
    unset($_SESSION["password"]);
    unset($_SESSION["loggedIn"]);

    session_destroy();

    return true;
}


function doCSS() {
    ?>
<style type="text/css">
body{font-family: Arial, Helvetica; font-size: 10pt}
h1{font-size: 12pt}
</style>
    <?php
}

function field_validator($field_descr, $field_data,
  $field_type, $min_length="", $max_length="",
  $field_required=1) {
    global $messages;

    if(!$field_data && !$field_required){ return; }

    $field_ok=false;

    $email_regexp="^([a-zA-Z0-9_\-\.]+)@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.)|";
    $email_regexp.="(([a-zA-Z0-9\-]+\.)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\]?)$";

    $data_types=array(
        "email"=>$email_regexp,
        "digit"=>"^[0-9]$",
        "number"=>"^[0-9]+$",
        "alpha"=>"^[a-zA-Z]+$",
        "alpha_space"=>"^[a-zA-Z ]+$",
        "alphanumeric"=>"^[a-zA-Z0-9]+$",
        "alphanumeric_space"=>"^[a-zA-Z0-9 ]+$",
        "string"=>""
    );

    if ($field_required && empty($field_data)) {
        $messages[] = "$field_descr is a required field.";
        return;
    }

    if ($field_type == "string") {
        $field_ok = true;
    } else {
        $field_ok = ereg($data_types[$field_type], $field_data);
    }

    if (!$field_ok) {
        $messages[] = "Please enter a valid $field_descr.";
        return;
    }

    if ($field_ok && ($min_length > 0)) {
        if (strlen($field_data) < $min_length) {
            $messages[] = "$field_descr is invalid, it should be at least $min_length character(s).";
            return;
        }
    }

    if ($field_ok && ($max_length > 0)) {
        if (strlen($field_data) > $max_length) {
            $messages[] = "$field_descr is invalid, it should be less than $max_length characters.";
            return;
        }
    }
}

 

Sorry, alot of code posted.  I have dug through all of this and can't find anything.  Any help would be greatly appreciated.

[shaunrigby]

do you have session.autostart enabled in your php.ini?

[SkyRanger]

Just checked and this is the output:

 

session.auto_start Local:Off Master:Off

[shaunrigby]

you need to have session_start() at the beginning of every page that u want sessions enabled on

[SkyRanger]

Ok, so if I put session_start() on the top of every page that requires authentication.  Is there a way to set the timeout? Or would I have to come up with a authentication script for that with a remember me function.  Due to the users having to log back into the site after they visit an unsecure part for a extended period of time.

 

-------------------------------------------------

 

Added session_start() and got this error:

Notice: A session had already been started - ignoring session_start()

[SkyRanger]

~bump~

[SkyRanger]

~bump~

[SkyRanger]

Redid a new login script so not needed.