Norsk.Firefox Posted December 9, 2007 Share Posted December 9, 2007 Hello, Read some place that checking the login info with the mysql table every time the person reloads the page is a waste of resources. So, the question I'm asking you? How would you check if a person is logged in, and stays logged in? (Based on sessions and mysql). Quote Link to comment Share on other sites More sharing options...
revraz Posted December 9, 2007 Share Posted December 9, 2007 If you use sessions, you don't have to check the DB each time, just set a variable and check that instead. If you don't want the session to time out, you can also use a cookie. Quote Link to comment Share on other sites More sharing options...
Norsk.Firefox Posted December 9, 2007 Author Share Posted December 9, 2007 Hm .. Ok, but sessions is saved on the server, and cookies at the users computer. So cookies are easy to manipulate. But check it against a variable? Any code example? Quote Link to comment Share on other sites More sharing options...
revraz Posted December 9, 2007 Share Posted December 9, 2007 For a session? When they log in set $_SESSION['loggedin']= true To check it if ($_SESSION['loggedin'] == true) { //logged in } else { //not logged in } Quote Link to comment Share on other sites More sharing options...
rab Posted December 9, 2007 Share Posted December 9, 2007 <?php session_start(); $loggedIn = False; // Either not logged in or session expired if( empty($_SESSION['user']) ) { if( isset($_COOKIE['user']) ) { $data = unserialize($_COOKIE['user']); // Assumes loginUser escapes variables... if( loginUser($data['user'],$data['pass']) ) { $_SESSION['user'] = $data; // Now logged in $loggedIn = True; } } } else $loggedIn = True; ?> When they actually do login, assign $_COOKIE['user'] serialized data of the $_SESSOION['user']. Users can modify cookies, but with the login check you can see if the cookie is valid or not. Quote Link to comment Share on other sites More sharing options...
Stephen68 Posted December 9, 2007 Share Posted December 9, 2007 you do your DB check and if the user is able to log in just set a session to their session id $sessionID = SESSION_ID(); $_SESSION['sid'] = $sessionID."staff"; then check on the top of each page that you want protected by checking that value session_start(); $sessionID = SESSION_ID(); if ($_SESSION['sid'] != $sessionID."staff") { header("Location: http://www.yoururl.com"); } or something like that, code above is from the top of my head but you should get the meaning Hope it was some help Stephen Quote Link to comment Share on other sites More sharing options...
Norsk.Firefox Posted December 9, 2007 Author Share Posted December 9, 2007 hehe, tanks all Think I'm gonna go for that solution when viewing pages, but when their editing their profile and things like that I'm still gonna check.. (?) Quote Link to comment Share on other sites More sharing options...
revraz Posted December 9, 2007 Share Posted December 9, 2007 Especially if they edit their profile. You want to make sure they are in fact editing their own and have no way to edit someone elses. I just did this today on one of my pages, and it was a bit of a challenge to make sure they are only allowed to edit their own profile. Takes a little bit of thinking and logic. Quote Link to comment Share on other sites More sharing options...
Norsk.Firefox Posted December 9, 2007 Author Share Posted December 9, 2007 Thanks Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.