Custergrant 0 Report post Posted July 19, 2007 Okay, I just got all my site stuff transferred over to Xisto, so I'm ready to resume coding. I'm currently working on my members' pages, and wish to use the PHP Session tags and include it in a function so that on every page, I just include the function to check and see if that user is still logged in and is allowed to view that page.Somebody told me I need to use the isset( blah blah blah and check to see if they were logged in from the login page (not sure how to do that), then query the $_SESSION['username] so I can check the 'userlevel' to check if that person is permitted to be there, but I'm not sure how to do that all inside of a function... Share this post Link to post Share on other sites
shadowx 0 Report post Posted July 19, 2007 Well with my sessions i usually use a variable called "logged" which is set to 1 for true when the user logs in. Then with the session i basically log them in again. I use an include file which does the sessions for me, it simply starts the sessions then i check for the 'logged' variable, if its not there then the session is destroyed and i tell the to log in. If it is there i go and check the username and password variables. If they are there then i check them against the DB again and if theyre correct i let them see the page, if not it gets destroyed and they get told to login. Ive attached my script i use for all of my DB driven login systems. It might not be 1OO% great but it works for me. Of course if you use it and something goes wrong i cant be held liable! I recommend making your own script as youll find it easy to customize that way but you can use this one if you want. Like i said, it works for me!Ive never really used ISSET with anything i just check for NULL values of variables and if its null then its not set. That might not be technically true but practically its true enough for my use! session.php Share this post Link to post Share on other sites
Custergrant 0 Report post Posted July 20, 2007 Okay, thanks! I'll try this out and modify it to fit my site. But I notice the 'logged'...where do I define that at in my login.php? Share this post Link to post Share on other sites
shadowx 0 Report post Posted July 20, 2007 Well in my login script the basic flow is this:enter user/pass -> validate them against the DB -> fill session variables with those from DB -> redirect outand the code i usually use to fill the session variables is just: $_SESSION['logged'] = "1";$_SESSION['username'] = $username;$_SESSION['password'] = $password; Of course you need to start the session first with session_start(); If youre not sure about using sessions try this link http://www.tizag.com/phpT/phpsessions.php Its where i learned my stuff from. Share this post Link to post Share on other sites
Custergrant 0 Report post Posted July 20, 2007 Okay, I completely forgot about the session.php you sent me and was spending half a day trying to come up with my own gate. Great, I think this form will work, although, why do you have the $link in so many times? You've already connected to the database it appears, but I guess it'll work. But you're saying I need to define the $_SESSION['logged'] = "1";$_SESSION['username'] = $username;$_SESSION['password'] = $password; in my login.php? So then in the future members pages, it can call of those variables? Share this post Link to post Share on other sites
shadowx 0 Report post Posted July 20, 2007 I use the $link variable in all my DB functions almost because the app i use to write my code prompts me to use it and its never done any harm. As for defining those variables, yes i would suggest adding code like that to login.php page so that then the sessions page can call out their username and password as they entered it and check it with the DB records to make sure that no-one has been fiddling with the sessions to get through security. You might need to change a line or two in the sessions file since i had an extra variable in my login page that isnt the sessions.php file. Share this post Link to post Share on other sites
Custergrant 0 Report post Posted July 21, 2007 Okay, I've modified the session.php that you've sent to fit my site, and I can successfully login to my members page. But, I came across another issue and I'm not exactly sure how to approach it, I have a good idea, but thought it would be good to check with you guys (still a hair confused with sessions ).I had a couple friends of mine login using my test account to make sure that the page was displaying properly in different browsers and one of my friends just copied and pasted the url to the members page and was able to view the page just fine, but had a warning about the session.php and it's function.Anyways, what I could make out of it, was that as long as you had the session started on your computer, you could just get right in, and that the same account could be logged in by multiple computers (there were 3 of us at the same time under the same account).So I need to write a piece of code to limit the number of users able to login to one account to 1 and then, if they should exit the page, it logs them out...Here is the session.php that I modified: <?PHP//include in all files to check session and loginsession_start();require("configure.php");//check session statusif($_SESSION['logged'] != "1"){//bad session, kill itsession_destroy();} else { // SESSION GATE//check login details against table$user = $_SESSION['username'];$pass = $_SESSION['password'];//connect $link = mysql_connect($dbhost, $dbuser, $dbpass) or die('Could not connect: ' . mysql_error($link));//select databasemysql_select_db($dbname, $link) or die(mysql_error($link));//check details in the DB$result = mysql_query("SELECT * FROM users WHERE username='$user' AND password='$pass'",$link) or die (mysql_error());$row = mysql_fetch_array($result,MYSQL_ASSOC);//check details from session and DBif($user == $row['name'] && $pass == $row['pass'] && $row['userlevel'] == 1){ //if user is correct then login must be true $_SESSION['logged'] = "1";}else{ //if user is not correct send error message to main page $_SESSION['error'] = "1"; $_SESSION['message'] = "Sorry there was an error with your login details, please <a href=login.php>try again</a>";};}; // SESSION GATE ELSE//if we get this far then they are logged in and can see the page below! Yay!?> And all that I've been putting on my members page at the very top is require <?php ('session.php'); ?> Share this post Link to post Share on other sites