Logging In

[brokenhope]

Im making a login for my script... it uses cookies if you check the remember me box, and sessions if you dont check the remember me box when you login. 1 cookie/session for userid and 1 for a md5'd version of your password.

Now on every page it runs a query to check your userid and password, you know to get your user info and such, but how am I supposed to tell if your logged in through a cookie or session?

In the past I just went:

if ($_COOKIE['userid']) {
// cookie
}
elseif ($_SESSION['userid']) {
// session
}
else {
// not logged in
}

Is there a better way? Any helpful hints? any problems with what im doing?

[redarrow]

On the main page in a small area in a table use.


[code]
<?php
session_start();// always on pages that use sessions

database connection

select statement  limit 10

$userid=('$username');//Username is name of user.

if ($_SESSION['userid']) {
echo "<table><td width="what ever" height="what ever">Logged In<br><br><font color="red">".$userid."</font><br></td></table>";
}

[/code]

I think that session are better as cookies are client based and a user can delete them ok.

Show how many users logged in but only the first 10 shown in a table on the main page.

I dont see no point in showing user not loged in, unless you have that set in the admin area for administrator purpose.

[redbullmarky]

to be honest, you're pretty much heading in the right direction. the only thing i'm never keen on (and this is a personal opinion, not bad practice or anything) is keeping the user logged in by cookies.

you shouldn't really need a check on every page either. your login page should ideally be the only place that will determine if a user should be logged in or not. reason? if you change your login/logout methods, you only need to change one script, and it saves calling unnecessary code each time. but the steps would be:

1, check the cookies
2, if the cookies are valid, use them, set up the $_SESSION's
3, if not, go to normal login page.

but on each page in your site, you only then need to check for $_SESSION to make sure user is logged in.


redarrow, i've noticed this in a few of your posts. be very careful about making guesses and/or posting incorrect code, even if pseudo code, as a new user who types in:

[code]
echo "<table><td width="what ever" height="what ever">Logged In<br><br><font color="red">".$userid."</font><br></td></table>"
[/code]

will be back here with other problems faster than you can say 'uh oh'.

[redarrow]

[code]
echo "<table><td width=\"what ever\" height=\"what ever\">Logged In<br><br><font color=\"red\">".$userid."</font><br></td></table>";
[/code]


Sorry what did i say wrong me agin lol.

[redbullmarky]

[!--quoteo(post=358022:date=Mar 24 2006, 07:22 PM:name=redarrow)--][div class=\'quotetop\']QUOTE(redarrow @ Mar 24 2006, 07:22 PM) [snapback]358022[/snapback][/div][div class=\'quotemain\'][!--quotec--]
[code]
echo "<table><td width=\"what ever\" height=\"what ever\">Logged In<br><br><font color=\"red\">".$userid."</font><br></td></table>";
[/code]
Sorry what did i say wrong me agin lol.
[/quote]

lol nothing major bad, but when the original code is simple and the question is fairly simple, showing examples of backslashing and using PHP to display HTML and inline CSS using echo can be a little overwhelming to some. just remember that some (including me sometimes) literally cut/copy and paste code you provide directly into their scripts.
occasionaly a few of your posts personally have made me think and helped me decide on things, but occasionaly they, shall we say, go off on tangents as more of a coding showcase unnecessary to the original problem.
but for the benefit of the tape: the code you provide draws a table with a) no table properties b) no rows (<tr>), uses backslashes on double quotes when single quotes (') are comfortable, uses the inline <font> property (dont get me started on inline styles lol) and that's about it. aside from that, none of these problems actually have anything to do with solving cookie and/or session problems.

i'm very guilty sometimes of exactly the same thing, as are alot of people, so no major drama. just it's sometimes best to stick directly to the problem in hand no matter how tempting it is to write someones entire project for them.

take it easy
Mark