Jump to content

[SOLVED] sessions


laron

Recommended Posts

hello,

I need a little advice or help using sessions.(I am trying to create a login page.)  Anyway to my understanding(correct me if im wrong) we create a session with session_start(); that session id is stored on the server for later use,(unless the window is closed) and obiously end a session with session_destroy();  My question is when I am checking the database for the user's username and password, and the info is correct I want to start a session(right?).  When I start a session are there any parameters that I can set with in session_start() that I would check later to grant access to a "members" page?  If so how can I check if that session has been started. 

 

thanks

Aswell, when I check for a session that has been started, I will grant them access, else send them to a login page, right.?

Link to comment
https://forums.phpfreaks.com/topic/52086-solved-sessions/
Share on other sites

First, you'll want to know if the username and password they've provided matches against the records in the database. After doing that, you start a session (name based on their user_id or whatever).

Ex:

<?php
session_start();
$username = $_POST['username'];
$password = $_POST['password'];
// Assuming that you have hashed the password in the database
$hashed_pass = md5($password);
// Check it against the database
$query = mysql_query("SELECT * FROM users WHERE username = '$username' AND password = '$hashed_pass'") OR DIE (mysql_error());
// If they match, start a session
if(mysql_num_rows($query)>0) {
   while($row = mysql_fetch_assoc($query);
      extract($row);
      // Assuming that you have a unique id number for each user (named user_id)
      $_SESSION['uid'] = $user_id;
   }
}
else {
   return false;
}
?>

 

 

 

Link to comment
https://forums.phpfreaks.com/topic/52086-solved-sessions/#findComment-256806
Share on other sites

say a nonmember knows a page with in the site that should be restricted ex. main.php and they enter that in as the url ex. www.site.com/main.php what restricts them from viewing it?

 

On every page you want to restrict, you can put

 

<?php if (!isset($_SESSION['sessionname']) { header('location: index.php'); } ?>

 

at the very top of the page. If there is no session, it redirects to index.php (you can also change index.php to whatever you want, like a page saying they were trying to access a restricted section of the site).

Link to comment
https://forums.phpfreaks.com/topic/52086-solved-sessions/#findComment-257031
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.