PHP Developers Network
http://forums.devnetwork.net/

question about sessions
http://forums.devnetwork.net/viewtopic.php?f=1&t=134783
Page 1 of 3

Author:  beginner123 [ Fri Mar 09, 2012 10:45 am ]
Post subject:  question about sessions

This topic moved to PHP - Code forum by moderator. You are asking a question about PHP coding, not Security.
not sure if this is in the right section but since sessions are about security I thought this is the right place.
anyway I'm making a forum and everthing is working fine but I need to add sessions and I'm not sure where exactly to put the sessions :?
does it need to go in the sign in and sign out pages?
i have this code for the sessions:
Syntax: [ Download ] [ Hide ]
//creating session
session_start();  
if(isset($_SESSION['views']))
    $_SESSION['views'] = $_SESSION['views']+ 1;
else
    $_SESSION['views'] = 1;
echo "views = ". $_SESSION['views'];

//ending session
session_start();  
if(isset($_SESSION['cart']))
    unset($_SESSION['cart']);
 

I can post the any code if you need to see it

Author:  requinix [ Fri Mar 09, 2012 3:07 pm ]
Post subject:  Re: question about sessions

Normally you use sessions to do something, not just have sessions for the sake of having sessions.

So what are you trying to do with them?

Author:  beginner123 [ Fri Mar 09, 2012 4:01 pm ]
Post subject:  Re: question about sessions

i need them so when a person signs in then closes the forum they shouldn't still be signed in. I want it to sign them out automatically

Author:  requinix [ Fri Mar 09, 2012 5:03 pm ]
Post subject:  Re: question about sessions

Store whatever information you need (like the username) in the session. Unless configured otherwise the session will be destroyed* when the user closes the browser.
If the information is there then you use it to know who's logged in and whatever. If not then you force them to log in. Thus you do this checking stuff whenever you need to know who the current user is - which should be just about everywhere.

* Technically no but effectively yes.

Author:  beginner123 [ Sat Mar 10, 2012 10:59 am ]
Post subject:  Re: question about sessions

ok how do i store the username in a session? I just have start_session; in the signin page and session_start; session_destory in the signout page
I took out the code about the number of views
heres my sign in page:
Syntax: [ Download ] [ Hide ]
<?php
session_start();  

//signin.php
include 'connect.php';
include 'header.php';

echo '<h3>Sign in</h3><br />';

//first, check if the user is already signed in
if(isset($_SESSION['signed_in']) && $_SESSION['signed_in'] == true)
{
        echo 'You are already signed in, you can <a href="signout.php">sign out</a> if you want.';
}
else
{
        if($_SERVER['REQUEST_METHOD'] != 'POST')
        {
                //the form hasn't been posted yet, display it
                echo '<form method="post" action="">
                        Enter Username: <input type="text" name="userName" /><br />
                        Enter Password: <input type="password" name="userPassword"><br /><br/>
                        <input type="submit" value="Sign in" />
                 </form>'
;
        }
        else
        {
                $errors = array(); // declare the array for the errors
               
                if(!isset($_POST['userName']))
                {
                        $errors[] = 'The username field must not be empty.';
                }
               
                if(!isset($_POST['userPassword']))
                {
                        $errors[] = 'The password field must not be empty.';
                }
               
                if(!empty($errors))
                {
                        echo 'A couple of fields are not filled in correctly<br /><br />';
                        echo '<ul>';
                        foreach($errors as $key => $value) //check array
                        {
                                echo '<li>' . $value . '</li>'; //make error list
                        }
                        echo '</ul>';
                }
                else
                {
                        //mysql_real_escape_string is to keep the data save
                        //the sha1 function hashes the password
                        $sql = "SELECT
                                        userID,
                                        userName,
                                        userLevel
                                        FROM
                                                users
                                        WHERE
                                                userName = '"
. mysql_real_escape_string($_POST['userName']) . "'
                                        AND
                                                userPassword = '"
. sha1($_POST['userPassword']) . "'";
                                               
                        $result = mysql_query($sql);
                        if(!$result)
                        {
                                echo 'Something went wrong while signing in. Please try again later.';
                                //echo mysql_error();
                        }
                        else
                        {
                                //the query returned an empty result so the data was wrong
                                if(mysql_num_rows($result) == 0)
                                {
                                        echo 'You have supplied a wrong user/password combination. <a href="signin.php">Please try again</a>.';
                               
                                }
                               
                                else
                                {
                                        //sign in successful
                                        $_SESSION['signed_in'] = true;
                                       
                                        while($row = mysql_fetch_assoc($result))
                                        {
                                                $_SESSION['userID']     = $row['userID'];
                                                $_SESSION['userName']   = $row['userName'];
                                                $_SESSION['userLevel'] = $row['userLevel'];
                                        }
                                        if($_SESSION['userLevel'] == 1 || $_SESSION['userLevel'] == 0) //can only sign in if they are admin or normal user
                                        {
                                        echo 'Welcome, ' . $_SESSION['userName'] . '. <br /><a href="index.php">Return to home page</a>.<br/>';
                                        }
                                       
                                        else
                                        {
                                                //the userLevel is 3 which means they are banned
                                                $_SESSION['signed_in'] = NULL;
                                                //the user is banned - can't sign in
                                                echo 'You have been banned from this forum. You can no longer make topics or posts';
                                               
                                        }
                                       
                                }
                       
                        }
                }
        }
}

include 'footer.php';
?>
 

and sign out page:
Syntax: [ Download ] [ Hide ]
<?php
session_start;
session_destory;
//signout.php
include 'connect.php';
include 'header.php';

echo '<h2>Sign out</h2>';

//check if user is signed in first
if($_SESSION['signed_in'] == true)
{
        //all variables to null to sign out
        $_SESSION['signed_in'] = NULL;
        $_SESSION['userName'] = NULL;
        $_SESSION['userID']   = NULL;

        echo 'Succesfully signed out, thank you for visiting.';

}
else
{
        echo 'You are not signed in. Would you <a href="signin.php">like to</a>?';
}
include 'footer.php';


?>
 

Author:  Celauran [ Sat Mar 10, 2012 11:15 am ]
Post subject:  Re: question about sessions

It's session_start(), not session_start, and it's session_destroy(), not session_destory

Author:  beginner123 [ Sat Mar 10, 2012 11:54 am ]
Post subject:  Re: question about sessions

ok thanks but it doesn't work. I got this message:
Fatal error: Call to undefined function session_destory() in C:\wamp\www\project\signout.php on line 3

Author:  Celauran [ Sat Mar 10, 2012 11:56 am ]
Post subject:  Re: question about sessions

Because it's destroy, not destory

Author:  beginner123 [ Sat Mar 10, 2012 3:34 pm ]
Post subject:  Re: question about sessions

thanks what a stupid mistake :lol:
but its still doesn't sign the user out when I close the forum

Author:  califdon [ Sat Mar 10, 2012 8:13 pm ]
Post subject:  Re: question about sessions

Are you saying that you are logging their status in a database? Do you have a reason for doing that?

Author:  beginner123 [ Sun Mar 11, 2012 12:24 pm ]
Post subject:  Re: question about sessions

I'm not sure what you mean. I just want to start a session when a user signs in and end it when the user logs off or exits the website

Author:  califdon [ Sun Mar 11, 2012 1:16 pm ]
Post subject:  Re: question about sessions


Author:  beginner123 [ Sun Mar 11, 2012 1:36 pm ]
Post subject:  Re: question about sessions

I know they are still logged in because I have a userbar that says hello 'username' when somone signs in. When I exit the website then go back in it still says hello 'username'. I didn't write any code for cookies so I don't ifs its storing their login status

Author:  Celauran [ Sun Mar 11, 2012 2:31 pm ]
Post subject:  Re: question about sessions

Are you closing the browser tab (session is still alive) or closing the browser altogether (session dies)?

Author:  beginner123 [ Sun Mar 11, 2012 4:37 pm ]
Post subject:  Re: question about sessions

i want to kill the session for both

Page 1 of 3 All times are UTC - 5 hours
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/