Jump to content

PHP Session

Custer

By Custer
in PHP Coding Help

 Share

Recommended Posts

Custer Member

Custer

Posted
Posted

Okay, yesterday, I finished my login script and it takes users, if login is successful, to my members page, which I'm working on now. But I'm unsure as to how I should write a program to make sure the user is still logged in and even logged into that session from the login script. All I put in my login.php was SessionStart(); at the top of the code...

Link to comment
Share on other sites
pocobueno1388 Regular Member

pocobueno1388

Posted
Posted

It's not SessionStart(), it's session_start().

 

Lets say the name of your session that you registered was "logged", this is how you would check if they are logged in.

 

<?php

session_start();

if (!isset($_SESSION['logged'])){
   echo "ERROR: You are not logged in.";
   exit;
}

//rest of code here, for if they are logged in

?>

 

Note:

You have to call session_start at the top of EVERY page that you want the session to carry over on.

Link to comment
Share on other sites
steelmanronald06 Advanced Member

steelmanronald06

Posted
Posted

Granted his code isn't full proof. You want to first grab their user level $_SESSION['user_level'] and ensure it is greater than 0.  If so, then you grab their username on EVERY PAGE using $_SESSION['username'] and query the database.  From there you need to get all their information again and refresh their session variables in case someone tampered with them, including their user_level.  That is why it is best to put all this in a function, and then just include this function and call it at the top of every page.

Link to comment
Share on other sites
Custer Member

Custer

Posted
  • Author
Posted

Okay, so I'll make a function for that in my functions.php and just include it..

 

So you're saying take this code:

 

session_start();

if (!isset($_SESSION['logged'])){
   echo "ERROR: You are not logged in.";
   exit;
}

 

Turn it into a function, and check the userlevel too?

Link to comment
Share on other sites
pocobueno1388 Regular Member

pocobueno1388

Posted
Posted 

<?php

function checkLogin(){
    
    if (isset($_SESSION['username']) && isset($_SESSION['password'])){
        $query = "SELECT col FROM users WHERE username='{$_SESSION['username']}' AND password='{$_SESSION['password']}'";
        $result = mysql_query($query)or die(mysql_error());
    
        if (mysql_num_rows($result) < 1){
            echo "You'r not logged in!";
            exit;
        }
    }
}

?>

 

Now on the top of every page the user should be logged in for, just put this:

checkLogin();

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.