www.webdeveloper.com
Results 1 to 3 of 3

Thread: PHP Sessions... Is this right?

  1. #1
    Join Date
    Oct 2005
    Posts
    593

    PHP Sessions... Is this right?

    Hi there.. i put this together along time ago with bits and pieces from other scritps and other people (mainly other people ) but id like you to see if im doing it right. I have the login page which allows me to login to the database, but id also like to add more functionallity.. like the ability to record who's done what on the admin section of the site... what users are logged in... stuff like that! Just what you to check if the coding's ok, suggest ways to improve it etc... see if its easy to expand like i said above

    PHP Code:
    <?php
    ######################################################################
    # Login script
    ######################################################################

    # use sessions:
    session_start();

    $dbcnx = @mysql_connect("xxx""xxx""xxx") or
             die(
    "ERROR: Unable to establish database connection"); 
             
    $dbconn = @mysql_select_db("xxx") or 
            die( 
    "Unable to select database");


    # if we received post data from login form, process it:
    if(isset($_POST['submit']))
    {
      
    # I'm using the old_password() MySQL function due to the setup on my PC
    $username mysql_real_escape_string($_POST['username']);
    $password mysql_real_escape_string($_POST['password']);
    $query "SELECT * FROM `Users` WHERE `Username`='$username' AND `Password`= '$password'";
    $result mysql_query($query) or die("ERROR: " mysql_error()); 
      if(
    mysql_num_rows($result) > 0)  # we found a match, so set $_SESSION flag:
      
    {
        
    $_SESSION['logged'] = TRUE;
        if(isset(
    $_SESSION['caller'])) # if we got here from another page, go there
        
    {
          
    header("Location: " $_SESSION['caller']);
          exit;
        }
        else                           
    # otherwise go to main page
        
    {
          
    header("Location: index2.php");
          exit;
        }
      }
      else  
    # invalid login, so create error message
      
    {
        
    $error "<p id='error'>ERROR: Invalid user name and/or password.</p>";
      }
    }
    # next is the HTML for the login form
    ?>
    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

    <html>
    <head>
        <title>Please Login</title>
        <link rel=stylesheet type="text/css" href="style.css">
    <style type="text/css">
    <!--
    fieldset {
      width: 20em;
      margin: 1em auto;
    }
    legend {
      font-size: large;
      font-weight: bold;
    }
    label {
      float: left;
      width: 6em;
    }
    fieldset p {
      clear: both;
    }
    #error {
      color: #c00;
      font-weight: bold;
    }

    </style>

    </head>

    <body background="img/background.jpg" bottommargin="0" leftmargin="0" marginheight="0" marginwidth="0" rightmargin="0" topmargin="0">

    <center><table width="765" height="100%" cellpadding="0" cellspacing="0" border="0" background="img/mainbackground.jpg"><tr valign="top"><td>

    <table width="764" height="97" cellpadding="0" cellspacing="0" border="0">
        <tr valign="top">
    <td width="248"><!-- logo image --><img src="img/templogo.jpg" width="248" height="97" border="0" alt=""><!-- end logo image --></td>
    <td width="100%" background="img/toplogobg.jpg"><img src="img/toplogobg.jpg" width="22" height="97" border="0" alt=""></td>
        </tr>
    </table>
    <table width="764" height="42" cellpadding="0" cellspacing="0" border="0">
        <tr valign="top">
    <td width="169"><img src="img/left1.jpg" width="169" height="42" border="0" alt=""></td>
    <td width="100%" background="img/left1bg.jpg"><img src="img/left1bg.jpg" width="20" height="42" border="0" alt=""></td>
        </tr>
    </table>

    <table width="764" cellpadding="0" cellspacing="0" border="0">
        <tr valign="top">
    <td width="150">
    </td>

    <td width="10">&nbsp;</td>
    <td width="744">

    <!-- add your content below -->
    <BR>
    <BR><BR><BR><BR>
    <BR><BR><BR><BR><BR>
    <center><form action='<?php echo $_SESSION['PHP_SELF'?>' method='post'>
    <fieldset>
    <legend>Log In</legend>
    <p><label for="username">User Name:</label>
    <input name="username" type="text" size="16" maxlength="16">
    </p>
    <p><label for="password">Password:</label>
    <input name="password" type="password" size="16" maxlength="16">
    </p>
    <p><input type="submit" name="submit" value="Log In"></p>
    <?php
    if(!empty($error))
    {
      echo 
    $error;
    }
    ?>
    </fieldset>
    </form>
    </center>
    </td>
    <td width="10">&nbsp;</td>
        </tr>
    </table>
    </td></tr></table></center>
    </body>
    </html>
    then on each page i want secured i have this file included
    PHP Code:
    <?php
    if (session_id() == ""){
        
    session_start();
    }
    if (!
    $_SESSION['logged']){
        
    header("Location:index.php");
    }
    ?>

  2. #2
    Join Date
    Oct 2005
    Posts
    593
    *Bumpo*

  3. #3
    Join Date
    Aug 2005
    Location
    The Garden State
    Posts
    5,634
    session_start() has to be the first line of code on each page.

    this doesn't work in this case:
    PHP Code:
    if (session_id() == ""){ 
    since you don't use session_start() already, it has no session id. you should just do session_start() (no if around it) and then check to see if logged is set.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles