[SOLVED] sessions

[laron]

hello,

I need a little advice or help using sessions.(I am trying to create a login page.)  Anyway to my understanding(correct me if im wrong) we create a session with session_start(); that session id is stored on the server for later use,(unless the window is closed) and obiously end a session with session_destroy();  My question is when I am checking the database for the user's username and password, and the info is correct I want to start a session(right?).  When I start a session are there any parameters that I can set with in session_start() that I would check later to grant access to a "members" page?  If so how can I check if that session has been started. 

 

thanks

Aswell, when I check for a session that has been started, I will grant them access, else send them to a login page, right.?

[john010117]

First, you'll want to know if the username and password they've provided matches against the records in the database. After doing that, you start a session (name based on their user_id or whatever).

Ex:

<?php
session_start();
$username = $_POST['username'];
$password = $_POST['password'];
// Assuming that you have hashed the password in the database
$hashed_pass = md5($password);
// Check it against the database
$query = mysql_query("SELECT * FROM users WHERE username = '$username' AND password = '$hashed_pass'") OR DIE (mysql_error());
// If they match, start a session
if(mysql_num_rows($query)>0) {
   while($row = mysql_fetch_assoc($query);
      extract($row);
      // Assuming that you have a unique id number for each user (named user_id)
      $_SESSION['uid'] = $user_id;
   }
}
else {
   return false;
}
?>

 

 

 

[laron]

i only want to do that on the first page, and then check for the session on the rest... right?

[taith]

ontop of every page, put session_start();... and you never need to use session_destroy();... then you can access them session variables, when/wherever you see fit.

[laron]

and how is that going to restrict nonmembers

[laron]

say a nonmember knows a page with in the site that should be restricted ex. main.php and they enter that in as the url ex. www.site.com/main.php what restricts them from viewing it?

[The Bat]

say a nonmember knows a page with in the site that should be restricted ex. main.php and they enter that in as the url ex. www.site.com/main.php what restricts them from viewing it?

 

On every page you want to restrict, you can put

 

<?php if (!isset($_SESSION['sessionname']) { header('location: index.php'); } ?>

 

at the very top of the page. If there is no session, it redirects to index.php (you can also change index.php to whatever you want, like a page saying they were trying to access a restricted section of the site).

[laron]

thank you, thats what i needed