PHP Developers Network

A community of PHP developers offering assistance, advice, discussion, and friendship.
 
Loading
It is currently Fri Dec 06, 2019 4:47 pm

All times are UTC - 5 hours




Post new topic Reply to topic  [ 42 posts ]  Go to page 1, 2, 3  Next
Author Message
 Post subject: question about sessions
PostPosted: Fri Mar 09, 2012 10:45 am 
Offline
Forum Commoner

Joined: Fri Feb 24, 2012 10:56 am
Posts: 70
This topic moved to PHP - Code forum by moderator. You are asking a question about PHP coding, not Security.
not sure if this is in the right section but since sessions are about security I thought this is the right place.
anyway I'm making a forum and everthing is working fine but I need to add sessions and I'm not sure where exactly to put the sessions :?
does it need to go in the sign in and sign out pages?
i have this code for the sessions:
Syntax: [ Download ] [ Hide ]
//creating session
session_start();  
if(isset($_SESSION['views']))
    $_SESSION['views'] = $_SESSION['views']+ 1;
else
    $_SESSION['views'] = 1;
echo "views = ". $_SESSION['views'];

//ending session
session_start();  
if(isset($_SESSION['cart']))
    unset($_SESSION['cart']);
 

I can post the any code if you need to see it


Top
 Profile  
 
PostPosted: Fri Mar 09, 2012 3:07 pm 
Offline
Spammer :|
User avatar

Joined: Wed Oct 15, 2008 2:35 am
Posts: 6617
Location: WA, USA
Normally you use sessions to do something, not just have sessions for the sake of having sessions.

So what are you trying to do with them?


Top
 Profile  
 
PostPosted: Fri Mar 09, 2012 4:01 pm 
Offline
Forum Commoner

Joined: Fri Feb 24, 2012 10:56 am
Posts: 70
i need them so when a person signs in then closes the forum they shouldn't still be signed in. I want it to sign them out automatically


Top
 Profile  
 
PostPosted: Fri Mar 09, 2012 5:03 pm 
Offline
Spammer :|
User avatar

Joined: Wed Oct 15, 2008 2:35 am
Posts: 6617
Location: WA, USA
Store whatever information you need (like the username) in the session. Unless configured otherwise the session will be destroyed* when the user closes the browser.
If the information is there then you use it to know who's logged in and whatever. If not then you force them to log in. Thus you do this checking stuff whenever you need to know who the current user is - which should be just about everywhere.

* Technically no but effectively yes.


Top
 Profile  
 
PostPosted: Sat Mar 10, 2012 10:59 am 
Offline
Forum Commoner

Joined: Fri Feb 24, 2012 10:56 am
Posts: 70
ok how do i store the username in a session? I just have start_session; in the signin page and session_start; session_destory in the signout page
I took out the code about the number of views
heres my sign in page:
Syntax: [ Download ] [ Hide ]
<?php
session_start();  

//signin.php
include 'connect.php';
include 'header.php';

echo '<h3>Sign in</h3><br />';

//first, check if the user is already signed in
if(isset($_SESSION['signed_in']) && $_SESSION['signed_in'] == true)
{
        echo 'You are already signed in, you can <a href="signout.php">sign out</a> if you want.';
}
else
{
        if($_SERVER['REQUEST_METHOD'] != 'POST')
        {
                //the form hasn't been posted yet, display it
                echo '<form method="post" action="">
                        Enter Username: <input type="text" name="userName" /><br />
                        Enter Password: <input type="password" name="userPassword"><br /><br/>
                        <input type="submit" value="Sign in" />
                 </form>'
;
        }
        else
        {
                $errors = array(); // declare the array for the errors
               
                if(!isset($_POST['userName']))
                {
                        $errors[] = 'The username field must not be empty.';
                }
               
                if(!isset($_POST['userPassword']))
                {
                        $errors[] = 'The password field must not be empty.';
                }
               
                if(!empty($errors))
                {
                        echo 'A couple of fields are not filled in correctly<br /><br />';
                        echo '<ul>';
                        foreach($errors as $key => $value) //check array
                        {
                                echo '<li>' . $value . '</li>'; //make error list
                        }
                        echo '</ul>';
                }
                else
                {
                        //mysql_real_escape_string is to keep the data save
                        //the sha1 function hashes the password
                        $sql = "SELECT
                                        userID,
                                        userName,
                                        userLevel
                                        FROM
                                                users
                                        WHERE
                                                userName = '"
. mysql_real_escape_string($_POST['userName']) . "'
                                        AND
                                                userPassword = '"
. sha1($_POST['userPassword']) . "'";
                                               
                        $result = mysql_query($sql);
                        if(!$result)
                        {
                                echo 'Something went wrong while signing in. Please try again later.';
                                //echo mysql_error();
                        }
                        else
                        {
                                //the query returned an empty result so the data was wrong
                                if(mysql_num_rows($result) == 0)
                                {
                                        echo 'You have supplied a wrong user/password combination. <a href="signin.php">Please try again</a>.';
                               
                                }
                               
                                else
                                {
                                        //sign in successful
                                        $_SESSION['signed_in'] = true;
                                       
                                        while($row = mysql_fetch_assoc($result))
                                        {
                                                $_SESSION['userID']     = $row['userID'];
                                                $_SESSION['userName']   = $row['userName'];
                                                $_SESSION['userLevel'] = $row['userLevel'];
                                        }
                                        if($_SESSION['userLevel'] == 1 || $_SESSION['userLevel'] == 0) //can only sign in if they are admin or normal user
                                        {
                                        echo 'Welcome, ' . $_SESSION['userName'] . '. <br /><a href="index.php">Return to home page</a>.<br/>';
                                        }
                                       
                                        else
                                        {
                                                //the userLevel is 3 which means they are banned
                                                $_SESSION['signed_in'] = NULL;
                                                //the user is banned - can't sign in
                                                echo 'You have been banned from this forum. You can no longer make topics or posts';
                                               
                                        }
                                       
                                }
                       
                        }
                }
        }
}

include 'footer.php';
?>
 

and sign out page:
Syntax: [ Download ] [ Hide ]
<?php
session_start;
session_destory;
//signout.php
include 'connect.php';
include 'header.php';

echo '<h2>Sign out</h2>';

//check if user is signed in first
if($_SESSION['signed_in'] == true)
{
        //all variables to null to sign out
        $_SESSION['signed_in'] = NULL;
        $_SESSION['userName'] = NULL;
        $_SESSION['userID']   = NULL;

        echo 'Succesfully signed out, thank you for visiting.';

}
else
{
        echo 'You are not signed in. Would you <a href="signin.php">like to</a>?';
}
include 'footer.php';


?>
 


Top
 Profile  
 
PostPosted: Sat Mar 10, 2012 11:15 am 
Offline
Moderator
User avatar

Joined: Tue Nov 09, 2010 3:39 pm
Posts: 6425
Location: Montreal, Canada
It's session_start(), not session_start, and it's session_destroy(), not session_destory

_________________


Top
 Profile  
 
PostPosted: Sat Mar 10, 2012 11:54 am 
Offline
Forum Commoner

Joined: Fri Feb 24, 2012 10:56 am
Posts: 70
ok thanks but it doesn't work. I got this message:
Fatal error: Call to undefined function session_destory() in C:\wamp\www\project\signout.php on line 3


Top
 Profile  
 
PostPosted: Sat Mar 10, 2012 11:56 am 
Offline
Moderator
User avatar

Joined: Tue Nov 09, 2010 3:39 pm
Posts: 6425
Location: Montreal, Canada
Because it's destroy, not destory

_________________


Top
 Profile  
 
PostPosted: Sat Mar 10, 2012 3:34 pm 
Offline
Forum Commoner

Joined: Fri Feb 24, 2012 10:56 am
Posts: 70
thanks what a stupid mistake :lol:
but its still doesn't sign the user out when I close the forum


Top
 Profile  
 
PostPosted: Sat Mar 10, 2012 8:13 pm 
Offline
Jack of Zircons
User avatar

Joined: Thu Nov 09, 2006 9:30 pm
Posts: 4484
Location: California, USA
Are you saying that you are logging their status in a database? Do you have a reason for doing that?


Top
 Profile  
 
PostPosted: Sun Mar 11, 2012 12:24 pm 
Offline
Forum Commoner

Joined: Fri Feb 24, 2012 10:56 am
Posts: 70
I'm not sure what you mean. I just want to start a session when a user signs in and end it when the user logs off or exits the website


Top
 Profile  
 
PostPosted: Sun Mar 11, 2012 1:16 pm 
Offline
Jack of Zircons
User avatar

Joined: Thu Nov 09, 2006 9:30 pm
Posts: 4484
Location: California, USA


Top
 Profile  
 
PostPosted: Sun Mar 11, 2012 1:36 pm 
Offline
Forum Commoner

Joined: Fri Feb 24, 2012 10:56 am
Posts: 70
I know they are still logged in because I have a userbar that says hello 'username' when somone signs in. When I exit the website then go back in it still says hello 'username'. I didn't write any code for cookies so I don't ifs its storing their login status


Top
 Profile  
 
PostPosted: Sun Mar 11, 2012 2:31 pm 
Offline
Moderator
User avatar

Joined: Tue Nov 09, 2010 3:39 pm
Posts: 6425
Location: Montreal, Canada
Are you closing the browser tab (session is still alive) or closing the browser altogether (session dies)?

_________________


Top
 Profile  
 
PostPosted: Sun Mar 11, 2012 4:37 pm 
Offline
Forum Commoner

Joined: Fri Feb 24, 2012 10:56 am
Posts: 70
i want to kill the session for both


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 42 posts ]  Go to page 1, 2, 3  Next

All times are UTC - 5 hours


Who is online

Users browsing this forum: Google [Bot] and 13 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group