Sessions..

[rofl90]

I have a login file, and in it it creates sessions, I was wondering if anyone has any handy tricks of identifying the username, and then like storing it in vars/mysql.

[pocobueno1388]

Are you asking how to get the value of the session?

 

<?php
session_start();

//print out the username stored in the session
echo $_SESSION['username'];

//Assign the session to a variable
$var = $_SESSION['username'];

?>

 

As for storing it in the database, you would just use an INSERT query. This site has a lot of tutorials that would help you: http://www.tizag.com/phpT/

[rofl90]

I know, but i don't want to have mysql insert a new record every time they login, lol, your first idea worked, thanks!, also how do i destroy my session using

session_destroy() doesn't seem to be working.

[peranha]

Session_start() has to be at the beginning of the page for session_destroy() to work as well

[rofl90]

ok thanks, btw it didn't work the echo session user thingy..

heres my validation

 

Validating your credentials... Please wait a moment...

<?php
/* get the incoming ID and password hash */
$user = $_POST["userid"];
$pass = md5($_POST["password"]);

/* establish a connection with the database */
$server = mysql_connect("x", "x",
          "x");
if (!$server) die(mysql_error());
mysql_select_db("x");
  
/* SQL statement to query the database */
$query = "SELECT * FROM users WHERE User = '$user'
         AND Password = '$pass'";

/* query the database */
$result = mysql_query($query);

if (mysql_fetch_row($result)) {
  /* access granted */
  
  $sql = "update users set online='<img src='http://www.codeetech.com/backend/images/online.png' />' WHERE User = '$user'";
  mysql_query($sql);
  
  session_start();
  header("Cache-control: private");
  $_SESSION["access"] = "granted";
  header("Location: index2.php");
  
} else
  /* access denied &#8211; redirect back to login */
  header("Location: index.php");
?>

[rofl90]

<?php
session_start()

$dbhost = 'x';
$dbuser = 'x';
$dbpass = 'x';
$dbname = 'x';
mysql_connect($dbhost, $dbuser, $dbpass) or die(mysql_error());

mysql_select_db($dbname);
$sql = "update users set online='<img src='xxxxxxxxx' />'";
mysql_query($sql);

      session_destroy();	  
      header("Location: index.php");
  
?>

 

and theres logout, that doesn't work either, just keeps me logged in...

[rofl90]

Rumpedybump.

[discomatt]

Your last post was 12 minutes before your bump... if it's really that urgent, why not learn the language?

 

To answer your question, when you call session_destroy, the session is still considered active for that execution. Try redirecting (to the same page, if you'd like) using the header() function after your session_destroy call

[rofl90]

I am heres the code

 

<?php
session_start()

$dbhost = 'x';
$dbuser = 'x';
$dbpass = 'x';
$dbname = 'x';
mysql_connect($dbhost, $dbuser, $dbpass) or die(mysql_error());

mysql_select_db($dbname);
$sql = "update users set online='<img src='xxxxxxxxx' />'";
mysql_query($sql);

      session_destroy();	  
      header("Location: index.php");
  
?>

[frijole]

in this example:

<?php
/* get the incoming ID and password hash */
$user = $_POST["userid"];
$pass = md5($_POST["password"]);

/* establish a connection with the database */
$server = mysql_connect("x", "x",
          "x");
if (!$server) die(mysql_error());
mysql_select_db("x");
  
/* SQL statement to query the database */
$query = "SELECT * FROM users WHERE User = '$user'
         AND Password = '$pass'";

/* query the database */
$result = mysql_query($query);

if (mysql_fetch_row($result)) {
  /* access granted */
  
  $sql = "update users set online='<img src='http://www.codeetech.com/backend/images/online.png' />' WHERE User = '$user'";
  mysql_query($sql);
  
  session_start();
  header("Cache-control: private");
  $_SESSION["access"] = "granted";
  header("Location: index2.php");
  
} else
  /* access denied &#38;#8211; redirect back to login */
  header("Location: index.php");
?>

 

you don't session_start() until the bottom of the code. I was told session_start() was always supposed to be at the very beginning of the script.

[revraz]

There is no session data in that post to even destroy.

 

I am heres the code

 

<?php
session_start()

$dbhost = 'x';
$dbuser = 'x';
$dbpass = 'x';
$dbname = 'x';
mysql_connect($dbhost, $dbuser, $dbpass) or die(mysql_error());

mysql_select_db($dbname);
$sql = "update users set online='<img src='xxxxxxxxx' />'";
mysql_query($sql);

      session_destroy();	  
      header("Location: index.php");
  
?>

[rofl90]

Thats supposed to be my logout.php is it supposed to have data, sorry if these are silly questions, i'm new to sessions.

[revraz]

Let's see your index page.  Assuming that's where you're seeing yourself still logged in.

[frijole]

are you asking about destroying a session? Or, about setting the session variable so you can use them on other pages? Or, both?

[rofl90]

I'm asking about destroying a session: heres login.php

 

 

<?php
error_reporting(E_ALL);
$dbhost = 'x';
$dbuser = 'x';
$dbpass = 'x';
$dbname = 'x';
mysql_connect($dbhost, $dbuser, $dbpass) or die(mysql_error());

mysql_select_db($dbname);
?>
<form action="validate.php" method="post"> <fieldset>
<label>Your IP is <?php echo $_SERVER['REMOTE_ADDR']; ?>, and has been logged, unauthorised attempts to access will be logged, and steps will be taken. <br /></label>
<br />
<label>
<input type="text" name="userid" id="user" />
Name</label>
<br /><br />
<label> 
<input type="password" name="password" id="password" />
Password</label>
<br />
<br />
<input type="submit" id="submit" value="Login" />
<input name="ip" type="hidden" id="hidden" value="<?php $ip = $_SERVER['REMOTE_ADDR']; echo $ip; ?>" />
<br />
<br />
Backend time out currently set at: <?php $result = mysql_query("SELECT * FROM settings") or die(mysql_error()); 
$row = mysql_fetch_array($result);
$timing = $row['timeout']; echo $timing / 60; ?> minutes.<br />
</fieldset></form>

 

and validate.php:

 

Validating your credentials... Please wait a moment... 
<?php
/* get the incoming ID and password hash */
$user = $_POST["userid"];
$pass = md5($_POST["password"]);

/* establish a connection with the database */
$server = mysql_connect("mx", "x",
          "hxx");
if (!$server) die(mysql_error());
mysql_select_db("xx");
  
/* SQL statement to query the database */
$query = "SELECT * FROM users WHERE User = '$user'
         AND Password = '$pass'";

/* query the database */
$result = mysql_query($query);

if (mysql_fetch_row($result)) {
  /* access granted */
  
  $sql = "update users set online='<img src='xx.png' />' WHERE User = '$user'";
  mysql_query($sql);
  
  session_start();
  header("Cache-control: private");
  $_SESSION["access"] = "granted";
  $_SESSION["user"] = $user;
  header("Location: index2.php");
  
  
} else
  /* access denied &#8211; redirect back to login */
  header("Location: index.php");
?>

[revraz]

As stated before, you need to put session_start() as the first line of code.

 

login.php doesn't even have session data in it.

 

validate.php has the session_start() in the middle

 

Again, where are you seeing yourself logged in after you logout?

[rofl90]

But I don't want to start sessions in validate.php unless the information is correct...

 

and i get a white screen when i clickk logout.php also if this is any help the vars are

 

Array ( [access] => granted [user] => Charlie ) 1

[rofl90]

bump

[rofl90]

/bump.

[ohdang888]

this is my entire logout.php script

 

<?php 

session_start();  
$id = $_SESSION['id'];

connect to db.

mysql_query("UPDATE `users` SET `online_now` = 'no' WHERE `id`='{$id}' ") or die(mysql_error());

session_destroy();

echo "<meta http-equiv='refresh' content='0;url=http://localhost/index.php?source=logged_out'>";
?>

now obviously its extremely simple, but its works.

[rofl90]

I get a blank page with:

 

In PHPDES08 its saying dbhost is an unexpected t-var?????????

 

<?php
session_start()

$dbhost = 'x';
$dbuser = 'x';
$dbpass = 'x';
$dbname = 'x';
mysql_connect($dbhost, $dbuser, $dbpass) or die(mysql_error());

mysql_select_db($dbname);

$user = $_SESSION['user'];

mysql_query("UPDATE `users` SET `online` = 'offline' WHERE `user`='{$user}' ") or die(mysql_error());

session_destroy();

echo "<meta http-equiv='refresh' content='0;url=http://codeetech.com/backend/index.php'>";
?>

[rofl90]

updatethe mysql error is:

 

Validating your credentials... Please wait a moment... You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'http://www.codeetech.com/backend/images/online.png' border='0' />' WHERE user = ' at line 1

 

and the codeis:

Validating your credentials... Please wait a moment... 
<?php
/* get the incoming ID and password hash */
$user = $_POST["userid"];
$pass = md5($_POST["password"]);

/* establish a connection with the database */
$server = mysql_connect("x", "px",
          "x");
if (!$server) die(mysql_error());
mysql_select_db("xx");
  
/* SQL statement to query the database */
$query = "SELECT * FROM users WHERE User = '$user'
         AND Password = '$pass'";

/* query the database */
$result = mysql_query($query);

if (mysql_fetch_row($result)) {
  /* access granted */
  
  $sql = "update users set online='<img src='http://www.codeetech.com/backend/images/online.png' border='0' />' WHERE user = $user";
  mysql_query($sql) or die(mysql_error());
  
  session_start();
  header("Cache-control: private");
  $_SESSION["access"] = "granted";
  $_SESSION["user"] = $user;
  header("Location: index2.php");
  
  
} else
  /* access denied &#8211; redirect back to login */
  header("Location: index.php?a=Login has failed, please try again.");
?>

[rofl90]

ok fixed that, but still can't logout..

 

do i need to unregister session vars?

[rofl90]

bump.

[rofl90]

fixed.