PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
This topic moved to PHP - Code forum by moderator. You are asking a question about PHP coding, not Security.
not sure if this is in the right section but since sessions are about security I thought this is the right place.
anyway I'm making a forum and everthing is working fine but I need to add sessions and I'm not sure where exactly to put the sessions
does it need to go in the sign in and sign out pages?
i have this code for the sessions:
Store whatever information you need (like the username) in the session. Unless configured otherwise the session will be destroyed* when the user closes the browser.
If the information is there then you use it to know who's logged in and whatever. If not then you force them to log in. Thus you do this checking stuff whenever you need to know who the current user is - which should be just about everywhere.
ok how do i store the username in a session? I just have start_session; in the signin page and session_start; session_destory in the signout page
I took out the code about the number of views
heres my sign in page:
<?php
session_start();
//signin.php
include 'connect.php';
include 'header.php';
echo '<h3>Sign in</h3><br />';
//first, check if the user is already signed in
if(isset($_SESSION['signed_in']) && $_SESSION['signed_in'] == true)
{
echo 'You are already signed in, you can <a href="signout.php">sign out</a> if you want.';
}
else
{
if($_SERVER['REQUEST_METHOD'] != 'POST')
{
//the form hasn't been posted yet, display it
echo '<form method="post" action="">
Enter Username: <input type="text" name="userName" /><br />
Enter Password: <input type="password" name="userPassword"><br /><br/>
<input type="submit" value="Sign in" />
</form>';
}
else
{
$errors = array(); // declare the array for the errors
if(!isset($_POST['userName']))
{
$errors[] = 'The username field must not be empty.';
}
if(!isset($_POST['userPassword']))
{
$errors[] = 'The password field must not be empty.';
}
if(!empty($errors))
{
echo 'A couple of fields are not filled in correctly<br /><br />';
echo '<ul>';
foreach($errors as $key => $value) //check array
{
echo '<li>' . $value . '</li>'; //make error list
}
echo '</ul>';
}
else
{
//mysql_real_escape_string is to keep the data save
//the sha1 function hashes the password
$sql = "SELECT
userID,
userName,
userLevel
FROM
users
WHERE
userName = '" . mysql_real_escape_string($_POST['userName']) . "'
AND
userPassword = '" . sha1($_POST['userPassword']) . "'";
$result = mysql_query($sql);
if(!$result)
{
echo 'Something went wrong while signing in. Please try again later.';
//echo mysql_error();
}
else
{
//the query returned an empty result so the data was wrong
if(mysql_num_rows($result) == 0)
{
echo 'You have supplied a wrong user/password combination. <a href="signin.php">Please try again</a>.';
}
else
{
//sign in successful
$_SESSION['signed_in'] = true;
while($row = mysql_fetch_assoc($result))
{
$_SESSION['userID'] = $row['userID'];
$_SESSION['userName'] = $row['userName'];
$_SESSION['userLevel'] = $row['userLevel'];
}
if($_SESSION['userLevel'] == 1 || $_SESSION['userLevel'] == 0) //can only sign in if they are admin or normal user
{
echo 'Welcome, ' . $_SESSION['userName'] . '. <br /><a href="index.php">Return to home page</a>.<br/>';
}
else
{
//the userLevel is 3 which means they are banned
$_SESSION['signed_in'] = NULL;
//the user is banned - can't sign in
echo 'You have been banned from this forum. You can no longer make topics or posts';
}
}
}
}
}
}
include 'footer.php';
?>
<?php
session_start;
session_destory;
//signout.php
include 'connect.php';
include 'header.php';
echo '<h2>Sign out</h2>';
//check if user is signed in first
if($_SESSION['signed_in'] == true)
{
//all variables to null to sign out
$_SESSION['signed_in'] = NULL;
$_SESSION['userName'] = NULL;
$_SESSION['userID'] = NULL;
echo 'Succesfully signed out, thank you for visiting.';
}
else
{
echo 'You are not signed in. Would you <a href="signin.php">like to</a>?';
}
include 'footer.php';
?>
ok thanks but it doesn't work. I got this message:
Fatal error: Call to undefined function session_destory() in C:\wamp\www\project\signout.php on line 3
beginner123 wrote: its still doesn't sign the user out when I close the forum
That sounded to me like you might be maintaining their status in a database. If you're not doing that, what is it that causes you to think that they are still "logged in" after they have closed their browser? Are you using a client-side cookie to store their login status? The session on the server is effectively ended if they close their browser, because the next time they attempt to connect, it will be a different session.
I know they are still logged in because I have a userbar that says hello 'username' when somone signs in. When I exit the website then go back in it still says hello 'username'. I didn't write any code for cookies so I don't ifs its storing their login status