$_SESSIONs

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
anthony88guy
Forum Contributor
Posts: 246
Joined: Thu Jan 20, 2005 8:22 pm

$_SESSIONs

Post by anthony88guy »

I have a small membership area, you need to login to get access. You also must be verified by a admin inorder to get complete access to the member tools. Now my script works alittle bit. My table looks like this


When field "" is set to ? by an admin you can access all areas of the membership area. When its set to 0 (default) you can only see the membership home page. With field "" is set to ? you can access admin options such as unlock accounts. My problem is that the sessions are losing their value or something because when i am going to different areas of my membership area, sometimes i get sent to membership home (basicly not verfied account). On each of my pages it checks that you are verifed, and if you are a mod it displays mod options. You can try it, my login page




This is verified and has mod rights, so if you start clicking and going to differnet areas you will get send to ffhome.php (membership home).

How should i solve this problem? Query the database for the "status" and "mod" values each page?
Last edited by anthony88guy on Thu May 12, 2005 6:03 pm, edited 2 times in total.
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

What I like to do is when the user logs in, update his user row with the current session_id(). (This is to make sure only 1 instnace of the user can log in at a time).

On pages where access is required you can either

1) Check if ($_SESSION['loggedin'] && $_SESSION['access'] == 1)
2) Run a query on the database and searchnig for

Code: Select all

$sql = "SELECT COUNT(`id`) AS `total` WHERE `session_id` = '".session_id()."' AND `access` = 1";
if returns 1 row then user is admin, let him have access to that part of site.

Also, you could create another column in your user row, and update their last activity.
Each page load on your index, run a check for (time() > ($row['last_activity']+3600)) then log the user out. This is so if the user closes the browser, it still will change his status after a certain period of time, so a user on a different computer may also log in at a later point in time.
Post Reply