sessions

[ohdang888]

i'm using sessions... When someone logs in, the session starts.

Each members has an "id". And i have an "edit_settings.php?id=NUMBER OF MEMBER"

 

So how would i make sure that only the person signed in with the session id of "4", could only change their own settings?

 

 

 

<?php
// always start a session 
session_start();
// if user does not have session open, direct them to login.php
if (!isset($_SESSION['email'])){
    header("Location:login.php");
    exit();
}
?>

[trq]

You wouldn't bother with this...

 

[And i have an "edit_settings.php?id=NUMBER OF MEMBER"

 

at all.

 

edit_setting.php might look something like....

 

<?php

  session_start();

  if (isset($_POST['submit'])) {
    $setting = mysql_real_escape_string($_POST['setting']);
    $sql = "UPDATE usersettings SET setting = '$setting' WHERE user_id = '{$_SESSION['id']}'";
  }

?>

[ohdang888]

ok. it makes a little more sense now!

but a few questions...

 

1)if they go a page that does not require to be logged in, will their session be lost?

 

2)There is a page both members, and non-members can see, but only members can leave comments, etc.... How would i do that? just a session_start(); at the top?????

 

 

3)So session id obviously starts are log in, so to get the id for the session, would it be this? And when would the session be destoryed, only when they log out, or also when they close their browser?

 

$user_info = mysql_fetch_array($result);
$id = stripslashes($user_info['id']);

if($count==1){
// if user login is successful then create session and direct to members.php
$_SESSION['email']=$email;
$_SESSION['id']=$id;
echo "<meta http-equiv='refresh' content='0;url=member_home.php'>";

}else {
// if user login is wrong direct to failed.php
session_destroy();
echo "<meta http-equiv='refresh' content='0;url=failed.php'>";

}

 

[ohdang888]

is it more efficent to name a session?