return false?

wkilc

I use a simple "status" code to display either "Click to Login" or "Click to Logout" on all my pages:

<?php 
 if ($_SESSION['logged_in'] = true) {
  echo '<a href="logout.php"><font color=#FFFFFF><b>Click to Logout</b></font></a>';
} else {
  echo '<a href="login.php"><font color=#FFFFFF><b>Member Login</b></font></a>';
}
?>

Using basic sessions, and BEFORE I added a "keep me logged in" cookie feature... I would simply add this to the "public/non-member" pages and the proper message was displayed.

<?php
session_set_cookie_params (0, '/', '.domain.com');
session_start();
?>

Now that I'm using the cookie, I'd like the "Click to Logout" to display if the "keep me logged in" cookie is present, even on the public pages. On the actual member pages, the final "else" would be a re-direct to the login page... but here I simply want to establish that the user is not logged in, and the cookie is not present, so my "status" script will display the appropriate message:

<?php
session_set_cookie_params (0, '/', '.domain.com');
session_start();

if($logged_in) {
    }else{

MySQL_connect("localhost", 'name', 'password'); MySQL_select_db("users");

if (isset($_COOKIE['cookname'])) {      

   $_SESSION['user'] = $_COOKIE['cookname'];
}

   $user   = $_SESSION['user'];

$sql = "SELECT user
        FROM users
        WHERE md5(user) = '$user'";

$result = mysql_query($sql) or die('Query failed. ' . mysql_error());

if (mysql_num_rows($result) == 1) {
    // the user id is verified,
    // set the session
    $_SESSION['logged_in'] = true; 

   }else{

  return false;
}
}
?>

What's happening now on this page is I'm beign logged in... even without the cookie.

Many, many thanks.

toplay

Change this:

if ($_SESSION['logged_in'] = true) {

To this:

session_start();
if (TRUE == $_SESSION['logged_in']) {

Read my tip here:
http://www.phpbuilder.com/board/showpost.php?p=10647256&postcount=41

Where does $logged_in get set?

🙂

wkilc

Thanks very much for the quick reply... I've made that correction... but I still think there's another problem... if either the active session or "keep me logged" cookie are present, everything is fine... if neither are present, the page loads blank:
<html><body></body</html>

If the the active session or "keep me logged in" cookie are negative, I'd still like the user to have access to the page... and see the proper login prompt ("Click to Login").

I thinking the problem is here:

   }else{

  return false;

... but I don't knoiw how to fix it.

Thank you again.

toplay

The "return" should only be used in three circumstances.

1) In a function to return a value.
2) In an include file to return a value.
3) To stop eval()'d code and return a value.

Ask yourself of what you're hoping to do with "return false"?

How is $logged_in being set?

Is the code shown in an included file or function?

toplay

Another hint:

You should remove "return false;" and replace it with what? The opposite value of this:

$_SESSION['logged_in'] = true;

🙂

wkilc

Thank you once again.

Honestly, I thought that I had tried something like:

$_SESSION['logged_in'] = false;

...it didn't work... but I guess there were other problems at the time.

But it seems to be working fine now!

"return false" was kind of a "punt" (for lack of a batter word) when the former didn't work. :o

I've got to go out and read a book on this stuff... I'm trying to learn by dechiphering sample codes... and unlike HTML, PHP seems a bit too complicated to do that way.

They sell a "PHP and MySQL for dummies" book, perhaps I'll shoot on down to Barnes and Noble and pick one up this weekend.

Thank you very much for your knowledge and your patience!

wkilc

If the value in the cookie doesn't match the DB, I'm trying to add:

	setcookie("cookname", md5($_SESSION['user']), time()-3600, "/");

to destroy the invalid cookie.

If I add it along with this last else:

   }else{
setcookie("cookname", md5($_SESSION['user']), time()-3600, "/");
 $_SESSION['logged_in'] = false;

...it works fine... but I think now I'm automatically setting an expired cookie on every page when one isn't logged in... I'd like to destroy the cookie once... only after the cookie is checked against the DB and found to be invalid. I figure it woul mean another "else"... but now I'm getting a parse error, unexpected T_ELSE. Is there something wrong with my logic or am I simply missing a curly brackett somewhere?

<?php
session_set_cookie_params (0, '/', '.domain.com');
session_start();

if($logged_in) {
    }else{

MySQL_connect("localhost", 'name', 'password'); MySQL_select_db("users");

if (isset($_COOKIE['cookname'])) {      

   $_SESSION['user'] = $_COOKIE['cookname'];
}

   $user   = $_SESSION['user'];

$sql = "SELECT user
        FROM users
        WHERE md5(user) = '$user'";

$result = mysql_query($sql) or die('Query failed. ' . mysql_error());

if (mysql_num_rows($result) == 1) {
    // the user id is verified,
    // set the session
    $_SESSION['logged_in'] = true; 

   }else{

setcookie("cookname", md5($_SESSION['user']), time()-3600, "/");  }

   }else{

 $_SESSION['logged_in'] = false;
}
}
?>

Humbly submitted.