keep tracking user...
Moderator: General Moderators
- devork
- Forum Contributor
- Posts: 213
- Joined: Fri Aug 08, 2003 6:44 am
- Location: p(h) developer's network
keep tracking user...
-what is good way to keep track of user on site,and related variables.
-should we use
if(!session_is_registered("validUser"))
header("..");
to check whether user has logged in or not.
-code if moved to other distribution of linux don't need to be modified.
-no security threats,
-should we use
if(!session_is_registered("validUser"))
header("..");
to check whether user has logged in or not.
-code if moved to other distribution of linux don't need to be modified.
-no security threats,
- twigletmac
- Her Royal Site Adminness
- Posts: 5371
- Joined: Tue Apr 23, 2002 2:21 am
- Location: Essex, UK
Little point on sessions - If you are using sessions on PHP 4.1 or above,
is a register_globals independent way of doing:
Mac
Code: Select all
if (!empty($_SESSION['validUser'])) {Code: Select all
if(!session_is_registered("validUser")) {- twigletmac
- Her Royal Site Adminness
- Posts: 5371
- Joined: Tue Apr 23, 2002 2:21 am
- Location: Essex, UK
Check out the headers already sent tutorial:
viewtopic.php?t=1157
What is the full text of the second error?
Mac
viewtopic.php?t=1157
What is the full text of the second error?
Mac
- twigletmac
- Her Royal Site Adminness
- Posts: 5371
- Joined: Tue Apr 23, 2002 2:21 am
- Location: Essex, UK
-
php_wiz_kid
- Forum Contributor
- Posts: 181
- Joined: Tue Jun 24, 2003 7:33 pm
yeah, session_start() seems to trick people new to sessions. Twigs example should work fine. Here's another example:
I'm using quick reply so sorry for not formatting it:
a.php:
<?php
session_start();
if($good_pass == true and $good_user == true) {
$_SESSION['validuser'] = true;
} else {
$_SESSION['validuser'] = false;
}
?>
b.php
<?php
session_start();
if($_SESSION['validuser'] == true) {
$keep_user_logged_in = true;
} else {
$keep_user_logged_in = false;
session_destroy(); //Gets rid of registered session
}
Note how the $_SESSION['validuser'] carries from a.php to b.php. This might not be totally accurate but I hope it gives you the idea. I'm kind of in a hurry so sorry if I didn't explain it good enough. You would hopefuly have a more in depth user authentication and valid user checker script. So don't mess with possible hazards such as cookeis or url scrambling. Also, I've heard stories of sites getting session hijacked. I'm note exactly sure what that is, but they say you should somehow authenticate your sessions. I try to implement session authentication but I'm not sure if it works because I don't know how session hijacking works. If you need some more help don't be afraid to email or pm me.
I'm using quick reply so sorry for not formatting it:
a.php:
<?php
session_start();
if($good_pass == true and $good_user == true) {
$_SESSION['validuser'] = true;
} else {
$_SESSION['validuser'] = false;
}
?>
b.php
<?php
session_start();
if($_SESSION['validuser'] == true) {
$keep_user_logged_in = true;
} else {
$keep_user_logged_in = false;
session_destroy(); //Gets rid of registered session
}
Note how the $_SESSION['validuser'] carries from a.php to b.php. This might not be totally accurate but I hope it gives you the idea. I'm kind of in a hurry so sorry if I didn't explain it good enough. You would hopefuly have a more in depth user authentication and valid user checker script. So don't mess with possible hazards such as cookeis or url scrambling. Also, I've heard stories of sites getting session hijacked. I'm note exactly sure what that is, but they say you should somehow authenticate your sessions. I try to implement session authentication but I'm not sure if it works because I don't know how session hijacking works. If you need some more help don't be afraid to email or pm me.
Last edited by php_wiz_kid on Thu Nov 13, 2003 10:27 am, edited 1 time in total.
- twigletmac
- Her Royal Site Adminness
- Posts: 5371
- Joined: Tue Apr 23, 2002 2:21 am
- Location: Essex, UK