PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
function user_login($username, $password)
{
$thequery = ("SELECT registered FROM members WHERE username = '". $username ."' ");
$query = mysql_query($thequery) or die ('session data dont match.');
$row = mysql_fetch_array($query);
$result = $row['registered'];
if($result == 0)
{
// Reshow the form with an error
$notregistered_error = 'username not registered';
include 'index.php';
exit;
}
// Try and get the salt from the database using the username
$query = ("select salt from members where username='$username' limit 1");
$result = mysql_query($query);
$user = mysql_fetch_array($result);
// Using the salt, encrypt the given password to see if it
// matches the one in the database
$encrypted_pass = md5(md5($password).$user['salt']);
// Try and get the user using the username & encrypted pass
$query = "SELECT id, username FROM members WHERE username='$username' and password='$encrypted_pass'";
$result = mysql_query($query);
$user = mysql_fetch_array($result);
$numrows = mysql_num_rows($result);
// Now encrypt the data to be stored in the session
$encrypted_id = md5($user['id']);
$encrypted_name = md5($user['username']);
// Store the data in the session
$_SESSION['id'] = $id;
$_SESSION['username'] = $username;
$_SESSION['encrypted_id'] = $encrypted_id;
$_SESSION['encrypted_name'] = $encrypted_name;
if ($numrows == 1)
{
return 'Correct';
}
else
{
return false;
}
}
if i try echo out session data it leaves the $id blank
Hi Can you please help me out...you seem to have understood this. I am building an ajax application and i do most of the form validation using xhr object. I am having problems implementing the session handling. My code for the validation of the login info looks like this
// Sending these messages to my client side validation code.
if(!isset($username)){
echo("{message : 'NoName'}");
}elseif(!isset($pwd)){
echo("{message : 'NoPW'}");
}
$sQuery = "SELECT * FROM users WHERE
username = '$username' AND password = '$pwd'";
$result = mysql_query($sQuery) or die(mysql_error());
$intFound = mysql_num_rows($result);
if ($intFound == 0) {
unset($_SESSION['userNameLogin']);
unset($_SESSION['passwordLogin']);
// AD - Access Denied
echo("{message : 'AD'}");
}else{
//a flag to set in the database who is currently online
mysql_query("UPDATE users SET online = '1' WHERE username = '$username'") or die(mysql_error);
}
As you can see, i new to this stuff i having my share of problems. What can i do to make sure that sessions are set and unset properly i.e when user logs out.
secondly how can i monitor who is online and who is not using sessions. This is how i am trying to check who is currently online and then building a json file with the user names and sending it to the client. Easy to parse.
<?php
// this script determines which sessions are currently active by
// 1.) checking to see which online fields in the users table are set to 1
// 2.) by determining if a session variable has been set for these users.
// If it is not set, it means user is no longer active and script sets its online field in the users table to zero.
// After doing this, the script, then queries the users table for online fields with values one, writes them to an
// array and passes them to the client.