Jump to content

[SOLVED] sessions

laron

By laron
in PHP Coding Help

 Share

Recommended Posts

laron Newbie

laron

Posted
Posted

hello,

I need a little advice or help using sessions.(I am trying to create a login page.)  Anyway to my understanding(correct me if im wrong) we create a session with session_start(); that session id is stored on the server for later use,(unless the window is closed) and obiously end a session with session_destroy();  My question is when I am checking the database for the user's username and password, and the info is correct I want to start a session(right?).  When I start a session are there any parameters that I can set with in session_start() that I would check later to grant access to a "members" page?  If so how can I check if that session has been started. 

 

thanks

Aswell, when I check for a session that has been started, I will grant them access, else send them to a login page, right.?

Link to comment
https://forums.phpfreaks.com/topic/52086-solved-sessions/
Share on other sites
john010117 Member

john010117

Posted
Posted

First, you'll want to know if the username and password they've provided matches against the records in the database. After doing that, you start a session (name based on their user_id or whatever).

Ex:

<?php
session_start();
$username = $_POST['username'];
$password = $_POST['password'];
// Assuming that you have hashed the password in the database
$hashed_pass = md5($password);
// Check it against the database
$query = mysql_query("SELECT * FROM users WHERE username = '$username' AND password = '$hashed_pass'") OR DIE (mysql_error());
// If they match, start a session
if(mysql_num_rows($query)>0) {
   while($row = mysql_fetch_assoc($query);
      extract($row);
      // Assuming that you have a unique id number for each user (named user_id)
      $_SESSION['uid'] = $user_id;
   }
}
else {
   return false;
}
?>

 

 

 

Link to comment
https://forums.phpfreaks.com/topic/52086-solved-sessions/#findComment-256806
Share on other sites
The Bat Newbie

The Bat

Posted
Posted

say a nonmember knows a page with in the site that should be restricted ex. main.php and they enter that in as the url ex. www.site.com/main.php what restricts them from viewing it?

 

On every page you want to restrict, you can put

 

<?php if (!isset($_SESSION['sessionname']) { header('location: index.php'); } ?>

 

at the very top of the page. If there is no session, it redirects to index.php (you can also change index.php to whatever you want, like a page saying they were trying to access a restricted section of the site).

Link to comment
https://forums.phpfreaks.com/topic/52086-solved-sessions/#findComment-257031
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.