Login/Session Handling
hey guys...quick question:
i wrote this script, and i know its not all right or ready or anything. but what i want is for the person to login, and if it is correct (according to the db), then it starts a session and redirects them. i checked php.net, and i couldn't find all the session handlers, so if you guys could help me out with this, that would be great! thanks, heres the code:
<?php
$dbh = mysql_connect ("localhost", "...", "...") or die ('Database failure: ' . mysql_error());
mysql_select_db ("customer");
$search1=mysql_query("SELECT * FROM customer WHERE username='$username');
$search2=mysql_query("SELECT * FROM customer WHERE password='$password');
if ($search1==$username, $search2==$password) {
session_start();
session.name('session');
$_SESSION['username']=$username;
$_SESSION['password']=$password;
Header("Location: <a href="http://.../customer.php" class="bb-url">http://.../customer.php</a>");
}
else {
echo('Wrong username.');
mysql_close($dbh);
?>
druagord posted this at 21:41 — 5th September 2003.
He has: 335 posts
Joined: May 2003
I would write it like that if youre redirection goes to another domain name then the session won't follow you have to use something else
<?php$dbh = mysql_connect (\"localhost\", \"...\", \"...\") or die ('Database failure: ' . mysql_error());
mysql_select_db (\"customer\");
$search1=mysql_query(\"SELECT * FROM customer WHERE username='$username' AND password='$password'\");
if (mysql_num_rows($search1)==1) {
session_start();
session.name('session');
$_SESSION['username']=$username;
$_SESSION['password']=$password;
Header(\"Location:<a href=\"http://.../customer.php\" class=\"bb-url\">http://.../customer.php</a>\");
}
else {
echo('Wrong username.');
mysql_close($dbh);
?>
IF , ELSE , WHILE isn't that what life is all about
m3rajk posted this at 00:59 — 6th September 2003.
They have: 461 posts
Joined: Jul 2003
i don't know them all, but here's some help...
<?php$dbh = mysql_connect (\"localhost\", \"...\", \"...\") or die ('Database failure: ' . mysql_error($dbh));
mysql_select_db (\"customer\");
$search=mysql_query(\"SELECT * FROM customer WHERE username='$username' AND password='$password'); // this does what you want. it returns only those entries where the username and pw match what was entered
if (mysql_num_rows($search)==1) { /// if you found the person
session_start();
session.name('session');
$_SESSION['username']=$username;
$_SESSION['password']=$password;
Header(\"Location: <a href=\"http://.../customer.php\" class=\"bb-url\">http://.../customer.php</a>\");
}
else {
echo('Wrong username.');
mysql_close($dbh);
?>
POSIX. because a stable os that doesn't have memory leaks and isn't buggy is always good.
Suzanne posted this at 01:25 — 6th September 2003.
She has: 5,507 posts
Joined: Feb 2000
... you make them up, don't you?
I could set any session variable I wanted, including:
$_SESSION['annoyingpeople'] or
$_SESSION['pigsfeet']
kb posted this at 01:53 — 6th September 2003.
He has: 1,380 posts
Joined: Feb 2002
i meant like the time it works and stuff like that
Suzanne posted this at 02:15 — 6th September 2003.
She has: 5,507 posts
Joined: Feb 2000
well you need to open the session on every single page? If it's already there, it will continue, if not, it won't.
So the first thing on every "page" needs to be session_start(); and then do whatever you need to do.
kb posted this at 18:48 — 6th September 2003.
He has: 1,380 posts
Joined: Feb 2002
no this is the login and session starter.
according to other people that i know that have worked with sessions, you can start a session, say it is open for x amount of time and then put a piece of code at the top of each page where it says you need the session to access it. that is what i'm asking about. how do i do that time amount and check for a session at certain pages? thanks
Suzanne posted this at 20:17 — 6th September 2003.
She has: 5,507 posts
Joined: Feb 2000
You're not listening, Kyle.
session_start(); needs to be at the beginning of EVERY page. If it isn't, you won't be able to access the information stored in the $_SESSION variables.
To set session times, you would set a start time, and then when each page is accessed, start_session(); then check that variable (the time started) and if it's within the allowed time, proceed. If not, session_destroy(); and send them back to the login.
kb posted this at 01:21 — 7th September 2003.
He has: 1,380 posts
Joined: Feb 2002
i took that as a type of "will"...geez, sorry.
ok, thanks.
Suzanne posted this at 05:23 — 7th September 2003.
She has: 5,507 posts
Joined: Feb 2000
lol, alrighty then. *mental note to be more direct and less confusing*
kb posted this at 15:30 — 7th September 2003.
He has: 1,380 posts
Joined: Feb 2002
when i run the script, i get an error on line 10 (the header) and line 6 (header when i take out the session stuff). whats wrong with that?
Suzanne posted this at 16:52 — 7th September 2003.
She has: 5,507 posts
Joined: Feb 2000
<?phpHeader(\"Location:_/customer.php\");
?>
http://ca.php.net/manual/en/function.header.php
Want to join the discussion? Create an account or log in if you already have one. Joining is fast, free and painless! We’ll even whisk you back here when you’ve finished.