Allow access to a page(s) using cookies

atully

Hi all,

Here's my problem, I have a mini site & access to it is via a simple registration page. Once registered you are forwarded onot the site but there is nothing stopping somebody brome sending the URL of the mini site onto other and therefore bypassing the registration stage.

What I think I should do is once registered, a cookie is created the will expire at the end of that day, this cookie will allow the person that has just registered access for one day, if you happen to have the mini site URL you will not be able to view because you will not that cookie on your machine.

There is no usernames or passwords involved, just once the registration form is completed the cookie is created, then each page on the mini site should check for the cookie.

Does that make sence? I'm really looking for a start here, does anyone have any ideas as to how I would go about this? I have never used cookies before.

Thanks,
Andrew

BIOSTALL

Theres no need to rewrite a manual so heres a link on coookies.

Personally i would use sessions but its up to you 🙂

BIOSTALL

atully

Thanks for the link! I'll use sessions, seems like the best option. One question, with a successful registration I register a session with:

session_register("string");

but when I check for that session in later pages with:

if (isset($_session['string']))

I always get a negative response.

What am I doing wrong?

Thanks,
Andrew

BIOSTALL

I think you wana use:

if (session_is_registered('string'))

what i do on login scripts is this

if username and password correct {
$_SESSION['loggedin'] == 1;
}else{
header("location: Login.php")
exit();
}

Then at the top of each page do:

if ($_SESSION['loggedin']!=1) {
header("location: Login.php")
exit();
}

Hope that helps

BIOSTALL

leatherback

Hi Attuly,

You do start a session at the top of EVERY page between where you register something, and where you retrieve it again?

atully

Thanks for you comments, but I still can't get it to work!!!

Here's my code:

//Register the session
session_register('uc2005');
//Set it to 1
$_SESSION['uc2005'] == 1;

//Check if it exists
if ($_SESSION['uc2005']!=1) {echo "0";} else {echo "1";}

What am I doing wrong?

Thanks,
Andrew

atully

Got part of it working:

Top of page:
session_start( );
session_register('uc2005');

On the same page to test:
if (isset($_SESSION["uc2005"])) {echo "1";} else {echo "0";}

Result is 1 confirming that the session has been created

On page 2:
session_start( );
if (isset($_session["uc2005"])) {echo "1";} else {echo "0";}

This returns 0, suggestion that the session has been lost?

How?

Thanks,
Andrew

atully

I don't believe it!

It turns out that there is a world of difference between $SESSION and $session, ie one works and the other dosen't!

Got it working, thanks for your suggestions!

Andrew

LoganK

Also, to the best of my knowledge session_register() is depracated, correct?