keep tracking user...

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
devork
Forum Contributor
Posts: 213
Joined: Fri Aug 08, 2003 6:44 am
Location: p(h) developer's network

keep tracking user...

Post by devork »

-what is good way to keep track of user on site,and related variables.
-should we use
if(!session_is_registered("validUser"))
header("..");
to check whether user has logged in or not.
-code if moved to other distribution of linux don't need to be modified.
-no security threats,
User avatar
Johnm
Forum Contributor
Posts: 344
Joined: Mon May 13, 2002 12:05 pm
Location: Michigan, USA
Contact:

Post by Johnm »

devork,
Is storing them in a database an option for you? If so, that would be the way to go in my opinnion. Some people use cookies for this but that is not a reliable way as you are then depending on the client and as we all well know, you just can't depend on them.

John M


John M
User avatar
twigletmac
Her Royal Site Adminness
Posts: 5371
Joined: Tue Apr 23, 2002 2:21 am
Location: Essex, UK

Post by twigletmac »

Little point on sessions - If you are using sessions on PHP 4.1 or above,

Code: Select all

if (!empty($_SESSION['validUser'])) {
is a register_globals independent way of doing:

Code: Select all

if(!session_is_registered("validUser")) {
Mac
User avatar
devork
Forum Contributor
Posts: 213
Joined: Fri Aug 08, 2003 6:44 am
Location: p(h) developer's network

Post by devork »

what about this
-headers already sent..
-session delimeter
these kinds of errors.
User avatar
twigletmac
Her Royal Site Adminness
Posts: 5371
Joined: Tue Apr 23, 2002 2:21 am
Location: Essex, UK

Post by twigletmac »

Check out the headers already sent tutorial:
viewtopic.php?t=1157

What is the full text of the second error?

Mac
User avatar
devork
Forum Contributor
Posts: 213
Joined: Fri Aug 08, 2003 6:44 am
Location: p(h) developer's network

Post by devork »

ok
I have registered some variables in a.php through session to be used on b.php but session variables lost in b.php no output.
User avatar
twigletmac
Her Royal Site Adminness
Posts: 5371
Joined: Tue Apr 23, 2002 2:21 am
Location: Essex, UK

Post by twigletmac »

Can we see the code for b.php?

Mac
Nay
Forum Regular
Posts: 951
Joined: Fri Jun 20, 2003 11:03 am
Location: Brisbane, Australia

Post by Nay »

Maybe he was missing session_start()?

I was killing myself on a script till I re-read another session script and saw that session_start() was missing O_o.

-Nay
php_wiz_kid
Forum Contributor
Posts: 181
Joined: Tue Jun 24, 2003 7:33 pm

Post by php_wiz_kid »

yeah, session_start() seems to trick people new to sessions. Twigs example should work fine. Here's another example:

I'm using quick reply so sorry for not formatting it:

a.php:
<?php
session_start();
if($good_pass == true and $good_user == true) {
$_SESSION['validuser'] = true;
} else {
$_SESSION['validuser'] = false;
}
?>

b.php
<?php
session_start();
if($_SESSION['validuser'] == true) {
$keep_user_logged_in = true;
} else {
$keep_user_logged_in = false;
session_destroy(); //Gets rid of registered session
}

Note how the $_SESSION['validuser'] carries from a.php to b.php. This might not be totally accurate but I hope it gives you the idea. I'm kind of in a hurry so sorry if I didn't explain it good enough. You would hopefuly have a more in depth user authentication and valid user checker script. So don't mess with possible hazards such as cookeis or url scrambling. Also, I've heard stories of sites getting session hijacked. I'm note exactly sure what that is, but they say you should somehow authenticate your sessions. I try to implement session authentication but I'm not sure if it works because I don't know how session hijacking works. If you need some more help don't be afraid to email or pm me.
Last edited by php_wiz_kid on Thu Nov 13, 2003 10:27 am, edited 1 time in total.
User avatar
JAM
DevNet Resident
Posts: 2101
Joined: Fri Aug 08, 2003 6:53 pm
Location: Sweden
Contact:

Post by JAM »

php_wiz_kid, note that yu are missing session_start(); in the beginning of b.php. You need that on all pages dealing with sessions...
User avatar
twigletmac
Her Royal Site Adminness
Posts: 5371
Joined: Tue Apr 23, 2002 2:21 am
Location: Essex, UK

Post by twigletmac »

tags around code are nice too.

Mac
Post Reply