$HTTP_SESSION_VARS

Anon

Hi,

Thanks for everyone who answered my previous questions. In order to make my pages secure I decided to use $HTTP_SESSION_VARS.

On the login page I have the following lines:

if ($submit) #if the submit button is pressed
#"$felhasznalo" > username, "$jelszo" > password

the table jelszavak contains the usernames & passes

{
$query = "select felhasznalo,jelszo from jelszavak
where (felhasznalo = '$felhasznalo') && (jelszo = '$jelszo')" ;
$result = mysql_query($query,$db) ;
if (!$result)
{
echo "<h4>Hiba az azonosító és jelszó ellenõrzésénél!</h4>" ;
}
$num = mysql_num_rows($result) ;
if ($num == 1)
{
session_start() ;
#this variable is supposed to store
#whether someone is logged in or not (1 or 0)
$HTTP_SESSION_VARS["bejelentkezve"] = 1 ;
if ($felhasznalo == "admin")
{
header("Location: admin_menu.php") ;
}
else
if ($felhasznalo == "dolg")
{
header("Location: dolg_menu.php") ;
}
}
else
{
header("Location: login.php") ;
}
}

On all the target pages there are the following lines:

<?
session_start() ;
if (!$HTTP_SESSION_VARS["bejelentkezve"])
{
header("Location: login.php") ;
}

The login worked pretty well before I made this change. Since I have this check for each page using $HTTP_SESSION_VARS I can't even log in any of the users. Please someone help me! This authetication drives me crazy!

Thanks a lot!

Akos, Hungary

Anon

If I'm reading your code correctly. I think you need to change this:

session_start() ;
$HTTP_SESSION_VARS["bejelentkezve"] = 1 ;

to this:

session_start() ;
$bejelentkezve = 1 ;
session_register("bejelentkezve") ;

And I don't think you really need the session_start, because it is started implicitly when you session_register().

I'm not sure about all this, but that's what I would try.

-Mark

Anon

mark is correct I think and to check whether user has logged in or not you can use a code like:
if($bejelentkezve!=1)
echo "<h1>Not Logged in!</h1>";
else
header("Location:meaningfulpage.php");
Spread PHP.
Bye

Anon

If I want the user to log out clicking to a link, how can I do that? If the code is simple:

...

?>
<table>
<tr><td>Menu1</td></tr>
<tr><td>Menu2</td></tr>

...

I want to use a session_unset() ; or session_unregister() ; but how can I know if the user has pressed the logout button.

Any help is welcome. And MANY-MANY thanks for your help with the session handling.

Thanks, Akos

Anon

If you mean to say what happens if the user closes down the browser instead of logging out from the proper menu, You have come to what I am searching for.
In windows, you can use the javascript event onUnload() to call some other activity which will finall do the session_unset()
ex:
<BODY onUnload="finishOff()">

But in linux we need some other technique
May be the php.ini file can provide some light I am looking through it.
N'Joy

Adi'os