Sessions Noob

homer09001

ok im pretty newish to php & mysql im writing a members area for my site and i want to know how i can get it so they can login it gets that users info from the database and keeps it in its memory all teh time the suer is logged in so they can use certain pages of teh site i know it has something to do with sessions?

my idea is to have a basic 2 field html form like so:

Member ID
<br><input type="text" name="name">
<br><br>
Password
<input type="password" name="pword">
<input type="submit" value="Log-In"

Memberarea.php

<?php
include configuration.php

$id = $_POST['id'];
$pssword = md5($_POST['pword']);

$temp=mysql_query("SELECT * FROM $table1 WHERE id=$id AND pword=$pssword",$conn);

$num = mysql_num_rows($temp);
if ($num == 1)
{
Show Links to specific pages
}
else
{
exit("Sorry but it appears you do not have Correct rights to access this page");
}
?>

membershop.php

How do i get it so only people that vae logged in can use this page e.g. so that the info taken from memberarea.php is used on this page to authenticate the user and display the correct bank balance etc?

bpat1434

Make the contents of memberarea.php a function. Then just include that on each "protected" page, and check the result of the login: TRUE or FALSE. So where check to see if mysql_num_rows == 1, instead of showing links, just return TRUE; else { return FALSE; }.

You have a few minor errors dealing with syntax in your files, but PHP will kindly display errors for you at run-time. And you should put single quotes around the variables in your query.

~Brett

homer09001

im confused ??

bpat1434

auth.php

<?php
session_start();
include 'configuration.php'

function gen_auth($id, $pssword)
{
  $temp=mysql_query("SELECT * 
  FROM $table1 
  WHERE id='$id' 
  AND pword='$pssword'",$conn);

  if (mysql_num_rows($temp) == 1)
  {
    $_SESSION['auth'] = 'Authenticated';
    $_SESSION['user'] = $id;
    return TRUE;
  }
  else
  {
    session_destroy();
    return FALSE;
  }
}

function check_auth()
{
  if($_SESSION['auth'] == 'Authenticated')
  {
    return TRUE;
  }
  else
  {
    return FALSE;
  }
}
?>

memberarea.php

<?php
include('auth.php');
if(check_auth()==TRUE)
{
  // Display contents of page
}
else
{
  // Display error message:
  echo "Sorry but it appears you do not have Correct rights to access this page";
}
?>

login.php

<?php
if(isset($_POST))
{
  include('auth.php');
  if(gen_auth($_POST['name'], $_POST['pword'])===TRUE)
  {
    // They've been logged in, redirect to memberarea.php
    header('Location: memberarea.php');
  }
  else
  {
    echo 'Your username or password are incorrect.  Please try again.';
  }
}
?>
<!-- Display the HTML form here -->

Something like that....

~Brett