Verification on each page

imnsi

alright I want to have a security function that checks that the client is logged in and has a valid user/pass.

Whats a safe/easy way to do this, I know sessions, cookies and possibly an include function may help me with this but whats the best, I am confuzed, its only going to be a 7-page database handling site.

Please aim me at 'snoozelord' or reply here. Thanks!

imnsi

I already have the login verification but I want one on each page, whats the best way?

leatherback

Hi,

I have a file called say, checklogin.php, which returns "true" if the person brwosing is logged it. If not, they are redirected to the login page, through: header( location: "");

.
I include that in the top of my pages. I keep track of the login through the session var's.

ceanth

leatherback could you please explain this in some more detail? Anychance of some of that coding?

cosminb

Let's say you have a file called check_login.php that looks smth like this:

if (...some login condition ...)
  {
      ...some code
  }
else
  {
    header('Location: index.php');
    exit();
  }

then add this piece of code at the begining of every script that requires a logged in user

require('check_login.php');

ceanth

ic but lets say i have a login page and in that if its accept it adds the session variables and possibly even sets a session time, would this same information be refered back to, say for example in that check_login.php?

e.g login.php
if (username and pass in db)
session_register(username);
session_reg(......)
$session_timeout = 10;
redirect to page1.php
else

echo "error"

Now in page1.php what do i need to check? That the session is still active right, if i check the condition again wouldnt this not work? Seems confusing to me, wouldnt u need to, when they log in, have a marker, then check this marker everytime they continue in the page? Someone please explain
😕

cosminb

in login.php
if (login condition)
{
session_start();
$_SESSION['loggedin']=true;

}

in your other files :
session_start();
if ($_SESSION['loggedin'])
{
echo 'you are logged in ...';
}
else
{
echo 'error';
}
.....

make sure not to set a too short expiration time.
so your user won't have to login over and over again

ceanth

ic so u are checking the session_register(variable) ?

If you set the session_reg(variable) and u also set the session timeout, if the timeout reaches 0 then would the session_reg become null?

Also what variables would u but in session_register? Is there purpose of having them there just for validation?

Also the session_start(), that would only be on the first page right along with the timeout?

thanks

ceanth

cosminb

Originally posted by ceanth
1.ic so u are checking the session_register(variable) ?

2.If you set the session_reg(variable) and u also set the session timeout, if the timeout reaches 0 then would the session_reg become null?

3.Also what variables would u but in session_register? 4.Is there purpose of having them there just for validation?

5.Also the session_start(), that would only be on the first page right along with the timeout?

thanks
ceanth

my head hurts ... 🙁
... just joking🙂

Answers:
1.yes smth like that
2.when the timeout reaches 0 the session will be destroyed and all the variables in it. so, yes, they all will be null which evaluates as false
3.this is up to you depending on your needs
4.didn't understand this one ...😕
5.you'll have to put session_start() on script that will need acces to session variables

... read http://www.php.net/manual/en/ref.session.php for more details

ceanth

4.Is there purpose of having them there just for validation?

What i mean was what other reason would u want to have session_reg(var) apart from validation.

cosminb

Let's say you have a user who has a name, birthdate etc. which are stored in a database.
If you want to show this info on every page you'll have to do smth like this
<?php
...some code to extract the info from db
echo "Hello $userName. Your birtdate is on $userBirthDate";
?>
...meaning that you'll have to extract them every time from your database.

another way to this is extracting them only once and keeping the info in session variables;so every time you want to output them you don't have to extract them from the database....
<?php
echo "Hello ",$_SESSION['userName']," your ...";
?>
and speeding up your code