chiefrokka Posted February 7, 2008 Share Posted February 7, 2008 ok, I need to keep passing "LeagueID" to every page. I know how to pass variables through post and get but isn't passing it through web address ?LeagueID=".$LeagueID." a very bad thing because someone can just change the address to a different league and the code would be trying to alter that League settings? I could use Post but some pages don't have forms and it just has a graphical image to click "Continue" so I can't really send a hidden or post variable right? whats the best solution to send LeagueID to everypage? I guess I could use Session or cookie maybe? Quote Link to comment Share on other sites More sharing options...
aebstract Posted February 7, 2008 Share Posted February 7, 2008 Yes, using a session would be your best bet. You'll be able to call your information from any page, unless you unset your session. Quote Link to comment Share on other sites More sharing options...
chiefrokka Posted February 7, 2008 Author Share Posted February 7, 2008 ok I'll use a session I guess. now I haven't gotten into cookies yet but I plan to set one when someone logs in I will set a cookie and I'm gathering I can put the LeagueID in that cookie and retrieve it on every page I need it right? thanks Quote Link to comment Share on other sites More sharing options...
aebstract Posted February 7, 2008 Share Posted February 7, 2008 Yeah you can, I recommend using sessions for logins, though its whatever preference you have I suppose. I have only heard that sessions are more secure and solid to work with. That and some people block cookies, though I'm not sure if it would override that or not, that may be an issue to. Quote Link to comment Share on other sites More sharing options...
laffin Posted February 7, 2008 Share Posted February 7, 2008 This is true, because session information isnt stored on the users machine, as cookies are (again users can change cookies, thus defeating the purpose of moving away from GET to cookies for security). Sessions are stored either file based (decided by the server) or in a db. So 2 options are storing user info in Sessions or DB Quote Link to comment Share on other sites More sharing options...
chiefrokka Posted February 7, 2008 Author Share Posted February 7, 2008 ok, I have all my login info set up with Sessions and I pass LeagueID to all the setup pages. the only thing now I gotta figure out is cookies since I want a user to only have to sign in once and have option to stay logged in for like 2 or 3 days so I can't use Sessions for that but have to rely on cookies I guess to store their name,pass,LeagueID. sessions are nice and easy to pass variables though. thanks Quote Link to comment Share on other sites More sharing options...
laffin Posted February 7, 2008 Share Posted February 7, 2008 Yes U Can Sessions already does this for u. It stores a cookie with the session id on the users pc. Question is in validating that session to that user. so the id can be stored in a session as well so now ya need a validation cookie. a simple way, is if the user id is stored in the session. use a md5 of the user id and the league id $vc = md5($userID . $LeageID) now looking at the setcookie function bool setcookie ( string $name [, string $value [, int $expire [, string $path [, string $domain [, bool $secure [, bool $httponly ]]]]]] ) we want the cookie to expire after 1 day so we add in our expiration period $expires=time()+(60*60*24); // 1 Day added from today multiply by num of days needeed after the user logs in and is verified, ya set the cookies and session info function session_setinfo($userID,$leagueID) { $expires=time()+(60*60*24); // 1 Day added from today multiply by num of days needeed $vc = md5($userID . $LeageID); setcookie('vc',$vc,$expires); $_SESSION['userid']=$userID; $_SESSION['leagueid']=$leagueID } during other pages we want to validate the user [code] function session_defaults() { setcookie('vc',''); $_SESSION['userid']=''; $_SESSION['leagueid']=''; } if(isset($_COOKIE['vc']) { if(isset($_SESSION['userid'] && isset($_SESSION['leagueid']) { if(md5($_SESSION['userid'] . $_SESSION['leagueid']) == $_COOKIE['vc']) { if(isset($_SESSION['userid'] && isset($_SESSION['leagueid']) && isset($_COOKIE['vc'])) { if(md5($_SESSION['userid'] . $_SESSION['leagueid']) == $_COOKIE['vc']) { { $expires=time()+(60*60*24); // 1 Day added from today multiply by num of days needeed setcookie('vc',$_COOKIE['vc'],$expires); } else { session_defaults(); // invalid session/cookie response, reset session/cookie info } } else session_defaults(); // no session/cookie response, reset session/cookie info Code is just off the top of my head, expect bugs [/code] Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.