laron Posted May 19, 2007 Share Posted May 19, 2007 hello, I need a little advice or help using sessions.(I am trying to create a login page.) Anyway to my understanding(correct me if im wrong) we create a session with session_start(); that session id is stored on the server for later use,(unless the window is closed) and obiously end a session with session_destroy(); My question is when I am checking the database for the user's username and password, and the info is correct I want to start a session(right?). When I start a session are there any parameters that I can set with in session_start() that I would check later to grant access to a "members" page? If so how can I check if that session has been started. thanks Aswell, when I check for a session that has been started, I will grant them access, else send them to a login page, right.? Quote Link to comment Share on other sites More sharing options...
john010117 Posted May 19, 2007 Share Posted May 19, 2007 First, you'll want to know if the username and password they've provided matches against the records in the database. After doing that, you start a session (name based on their user_id or whatever). Ex: <?php session_start(); $username = $_POST['username']; $password = $_POST['password']; // Assuming that you have hashed the password in the database $hashed_pass = md5($password); // Check it against the database $query = mysql_query("SELECT * FROM users WHERE username = '$username' AND password = '$hashed_pass'") OR DIE (mysql_error()); // If they match, start a session if(mysql_num_rows($query)>0) { while($row = mysql_fetch_assoc($query); extract($row); // Assuming that you have a unique id number for each user (named user_id) $_SESSION['uid'] = $user_id; } } else { return false; } ?> Quote Link to comment Share on other sites More sharing options...
laron Posted May 19, 2007 Author Share Posted May 19, 2007 i only want to do that on the first page, and then check for the session on the rest... right? Quote Link to comment Share on other sites More sharing options...
taith Posted May 19, 2007 Share Posted May 19, 2007 ontop of every page, put session_start();... and you never need to use session_destroy();... then you can access them session variables, when/wherever you see fit. Quote Link to comment Share on other sites More sharing options...
laron Posted May 19, 2007 Author Share Posted May 19, 2007 and how is that going to restrict nonmembers Quote Link to comment Share on other sites More sharing options...
laron Posted May 19, 2007 Author Share Posted May 19, 2007 say a nonmember knows a page with in the site that should be restricted ex. main.php and they enter that in as the url ex. www.site.com/main.php what restricts them from viewing it? Quote Link to comment Share on other sites More sharing options...
The Bat Posted May 19, 2007 Share Posted May 19, 2007 say a nonmember knows a page with in the site that should be restricted ex. main.php and they enter that in as the url ex. www.site.com/main.php what restricts them from viewing it? On every page you want to restrict, you can put <?php if (!isset($_SESSION['sessionname']) { header('location: index.php'); } ?> at the very top of the page. If there is no session, it redirects to index.php (you can also change index.php to whatever you want, like a page saying they were trying to access a restricted section of the site). Quote Link to comment Share on other sites More sharing options...
laron Posted May 19, 2007 Author Share Posted May 19, 2007 thank you, thats what i needed Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.