session help? :-)

mo0ness

Hey everyone, i've read up on sessions b4 i start 😛...I wish to basically make a login system. I basically don't know which steps there is to set the session, check it etc. I REALLY would like help here if any cud please.

Below is some of my code i've already made for the login system...

	require_once("../inc/conn.php");
	require_once("../inc/tables.php");

if ($do_email && $do_pass) // Where $do_user and $do_pass are html form values 
{

	if ($conn)
	{

		mysql_select_db($dbname) or die ("Couldnt select database");

		$query     =  "SELECT Password FROM $admin WHERE Email='$do_email'";
		$result    =  mysql_db_query($dbname, $query);
		$passcheck =  mysql_fetch_array($result);

		if ($passcheck[0]=="$do_pass")
		{
			print "login ok";
		}
		else
		{
			print "The username and password you have input are invalid";
		}			
	}
	else
	{
		print "Couldnt connect to database";
	}	
}
else
{
	print "Please supply both an e-mail address for a username and password";
}

Thats "login2.php" where it checks the login info input on login1.php. I don't know how, or where 2 put on that page that checks 2 see if the session is already started for that spesific user, if it hasn't to start the session, if it has to just pint "login ok". I don't know where to put the IsSet $_SESSION['username'] etc. U know wot i mean 🙂. I would be real grateful for any help, thanx in advanced.

dustbuster

I've marked some changes with
//------------------

//------------------
session_start();
//-------------------

require_once("../inc/conn.php");
    require_once("../inc/tables.php");

if ($do_email && $do_pass) // Where $do_user and $do_pass are html form values 
{

    if ($conn)
    {

        mysql_select_db($dbname) or die ("Couldnt select database");

        $query     =  "SELECT Password FROM $admin WHERE Email='$do_email'";
        $result    =  mysql_db_query($dbname, $query);
        $passcheck =  mysql_fetch_array($result);

        if ($passcheck[0]=="$do_pass")
        {
//------------------
             $_SESSION['do_email']=$do_email ;
             $_SESSION['do_pass']=$do_pass ;
             $_SESSION['user_logged_in']=1 ;
             // You can then   print "login ok"; or header("Refresh: 0; url= next.php");
//------------------


        }
        else
        {
            print "The username and password you have input are invalid";
        }            
    }
    else
    {
        print "Couldnt connect to database";
    }    
}
else
{
    print "Please supply both an e-mail address for a username and password";
}

//next.php
session_start();
if (!isset ($_SESSION['user_logged_in']))
   header("Refresh: 0; url=login1.php");

else
{
//do the next.php code
}

dustbuster

Just some other things I thought I'd mention.

Try not to use the global variables from the GET and POST
Instead of $myvar from a form try
$GET['myvar'] or $POST['myvar']

Unless you are using a version of php older than 4.1.0
Then you can use HTTP_GET_VARS['myvar'].
This is more secure.

Also try using mysql_fetch_assoc() instead of mysql_fetch_array()
This uses less 'space' and you can still reference entries by name.

eg $row['password'] instead of $row[0]

You may want to save your passwords in an encrypted form incase someone gets access to that database. You may not want them seeing the passwords.

mo0ness

😃 thank you both VERY much for your help, I will give the changes a try! Thanx again!

One more question...

The code for "next.php" -- is this the code that will be required for all "password protected" pages? As this is an administration panel. So say i have a page called "add_user.php" - to check the passwords etc and session..wot wud be the code? Thanx once again.

dustbuster

Originally posted by mo0ness
[B
The code for "next.php" -- is this the code that will be required for all "password protected" pages? As this is an administration panel. So say i have a page called "add_user.php" - to check the passwords etc and session..wot wud be the code? [/B]

Yes you would use the code from next.php on the top of anypage that needed to be an administration page

Mark

sessions are bad!!! did you ever go to Newgrounds.com before they fixed it? remember how slow it was? well they figured out why! because of sessions!!! eeeek, just thought you should know.:rolleyes: try cookies!

mo0ness

Ive changed the code as u said, for login2.php it works fine!
But on next.php my code

<?php

session_start();

if (!IsSet ($_SESSION['user_logged_in']))

	print "Please login <a href=\"login.php?s=1\">here</a>";

else
{

	print "admin panel :-D";
}

?>

The session is already set from login2.php - and it prints the "please login" message :S any1 know wot the problem may be? Thanx! 😃

dustbuster

How are you redirecting to next.php?

if you use
header("Location: next.php"); the session will be lost

if you use
header("Refresh: 0; url= next.php"); it won't be lost

mo0ness

It is now: header("Refresh: 0; url= next.php"); -- but it still displays the "please login message" :-S Any more advice?

dustbuster

Can you post your login2.php code?

As well, what OS are you using and what webserver?

mo0ness

nm! I got it working 😃, heres the small differences I made...

login2.php:


         $_SESSION['do_email']=$do_email;
         $_SESSION['do_pass']=$do_pass;
         $_SESSION['user_logged_in']=1;

         session_write_close(); // wasnt there b4, thats y my session kept ending

         header("Location: next.php"); // used instead of "login ok" message, I also changed this from: header("Refresh: 0; url=login1.php");

next.php:


session_start();

if ($_SESSION['user_logged_in']!=1) // changed from: if (!isset ($_SESSION['user_logged_in']))

	print "Please login <a href=\"login.php?s=1\">here</a>";

else
{

	print "admin panel :-D";
}

So it works well now 🙂 One other thing that caused it 2 not work was the way PHP is configured on my machine...I uploaded my code to my web-host with my changes and it all works 😃

So thanx alot for your help guys, you saved me alot of time!

Oh btw, wot wud the code be for say..logout.php? Sumthin using session_destroy();? Thanx once again 🙂