SESSION data handling

Anon

Hi,

I'm using MySQL and PHP. I have a login page which stores the username and password entered, and I want the other pages to use these variables to connect to the MySQL database. Unfortunately it doesn't work because it displays an access denied error message.

Any ideas?

Thanks, Akos

Anon

Ehm, you mean you use these values for mysql_connect() ? This would only be okay for the owner of the database, like yourself??

Anyway, that doesn't mean you should get an error message if you logged on using your login and pwd. Perhaps you forgot something?

mysql_connect($host, $user, $pwd);

Or do you mean you need a way to preserve the entered values in the login page, so you can call for mysql_connect on every page of your site ?

I'd say create something like a "include.inc" and include this page on every page, create your include.inc something like this:

session_start();

function connect_db() {
  global $login;
  $db_id = mysql_connect($login['host'],$login['user'],$login['pwd']);
  return $db_id;
}

Also include this file on your login page and before the user enters login values; register the var like this:

session_register("login");

At log-off:

unset($login);

But perhaps this is not what you mean ;-)

Anon

Hi Martin,

I'm a beginner as you might have recognized. :-))) I have a login page where the user's name and password are stored in $user and $password.

I want to make all the other pages secure so I would like to check at each page if a valid username and password have been entered.

On the login page I have:

session_start() ;
...
session_register("db_user") ;
$db_user = $user ;
session_register("db_pass") ;
$db_pass = $password ;
session_register("$loggedon") ;
$loggedon = 1 ;
header("Location: DESTINATION_PAGE") ;

Is that correct so far?

What's next on the DESTINATION_PAGE?

I would do something like this:

session_start() ;
if ($loggedon)
{
mysql_connect("HOSTNAME",$db_user,$db_pass) ;
mysql_select_db("DBNAME") ;

displaying the page

}
else
{
header("Location: LOGIN.PHP") ;
}

What do you think? What would you do in a different way?

Thanks a lot, Akos

Anon

And how to do this include thing?

I created a file but on the destination page how to refer to that?

I tried:

require("include.inc") ;
include("include.inc") ;

But none of them worked. It displayed:

FATAL: Undetermined function FUNCTIONNAME() ;

How to define that function to be observed by other pages?

Thanks, Akos

Anon

Hi,

Well I don't think it's in the scope of this forum to give you a "Session 101" here. I really suggest you to first go to:

http://www.phpbuilder.com/columns/

And read and try examples given there like Mattias Nilsson's articles

http://www.phpbuilder.com/columns/mattias20000105.php3

And it's follow up:
http://www.phpbuilder.com/columns/mattias20000312.php3

You'll find many interesting columns written there. In my humble opinion it's not fair to the creators of phpbuilder to ignore their great columns which answer much of what you are asking.

Also, I've been reading this forum for about half a year now and your question involving sessions and securing your page have been asked, and clearly answered, dozen of times already.

A proper search should also give you much information.

You are trying to connect people who visit your page to your own MySQL database and think this authorizes them?

You need to create a table with fields like id, login, password, possible user level. And query that.

I wouldn't know where to begin to make this all clear to you, and I don't have time for that also.

People reading this forum gladly help you to comment you on syntax, tell you where it's wrong offer you alternatives or even show you short examples of how to do this.

What you are asking however, is a bit beyond that.

Anon

I guess there's something on your include.inc that is causing this!

You tried correctly; so there's nothing wrong with that.

You seem to call a function on your page that is not found, or not correctly coded, on include.inc