login script using sessions
Posted: Wed Jun 08, 2005 8:34 pm
how would one go about making a login script using sessions that save to the database?
A community of PHP developers offering assistance, advice, discussion, and friendship.
http://forums.devnetwork.net/
Code: Select all
<?php
require "db.php";
// Returns current time as a number. Used for recording the
// last session access.
function getMicroTime()
{
// microtime() returns the number of seconds since
// 0:00:00 January 1, 1970 GMT as a microsecond part
// and a second part. e.g.: 0.08344800 1000952237
// Convert the two parts into an array
$mtime = explode(" ", microtime());
// Return the addition of the two parts e.g.: 1000952237.08344800
return($mtime[1] + $mtime[0]);
}
// The database connection
$connection = NULL;
// The global variable that holds the table name
$session_table= NULL;
// The session open handler called by PHP whenever
// a session is initialized. Always returns true.
function sessionOpen($database_name, $table_name)
{
// Save the database connection in a global variable
global $session_table;
// Database credentials
global $hostName;
global $username;
global $password;
if (!($connection @ mysql_connect($hostName, $username, $password)))
showerror();
if (!mysql_select_db($database_name, $connection))
showerror();
$session_table = $table_name;
return true;
}
// This function is called whenever a session_start() call is
// made and reads the session variables associated with the session
// identified by the $sess_id parameter. Returns "" when a session
// is not found and the session variables as a serialized string
// when the session exists.
function sessionRead($sess_id)
{
// Access the DBMS connection
global $connection;
// Access the sessions table
global $session_table;
// Formulate a query to find the session identified by $sess_id
$search_query = "SELECT * FROM {$session_table}
WHERE session_id = '{$sess_id}':;
// Execute the query
if (!($result = @mysql_query($search_query, $connection)))
showerror();
if(mysql_num_rows($result) == 0)
//No session found - return the serialized string
return "";
else
{
//Found a session - return the serialized string
$row = mysql_fetch_array($result);
return $row["session_variable"];
}
}
function sessionWrite($sess_id, $val)
{
// Access the DBMS connection
global $connection;
// Access the sessions table
global $session_table;
$time_stamp = getMicroTime();
$search_query = "SELECT session_id FROM {$session_table}
WHERE session_id = '{sess_id}'";
// Execute the query
if (!($result - @ mysql_query($search_query, $connection)))
showerror();
if(mysql_num_rows($result) == 0)
{
// No session found, insert a new one
$insert_query = "INSERT INTO {$session_table}
(session_id, session_variable, last_accessed)
VALUES ('{$sess_id)', '{$val}', {$time_stamp})";
if (!mysql_query($insert_query, $connection))
showerror();
}
else
{
// Existing session found - Update the session variables
$update_query = "UPDATE {$session_table}
SET session_variable = '{$val}',
last_accessed = {$time_stamp}
WHERE session_id = '{$sess_id}'";
if(!mysql_query($update_query, $connection))
showerror();
}
}
// This function is executed on shutdown of the session.
// Always returns true.
function sessionClose()
{
return true;
}
// This is called whenever the session_destroy() function
// call is made. Returns true if the session has successfully
// been deleted.
function sessionDestroy($sess_id)
{
//Access the DBMS connection
global $connection;
// Access the sessions table
global $sessions_table;
$delete_query = "DELETE FROM {$session_table}
WHERE session_id = '{$sess_id}'";
if (!($result = @ mysql_query($delete_query, $connection)))
showerror();
return true;
}
// This function is called on a session's start up with the
// probability specified in session.gc_probability. Performs
// garbage collection by removing all sessions that haven't been
// updated in the last $max_lifetime seconds as set in
// session.gc_maxlifetime.
// Returns true if the DELETE query succeeded.
function sessionGC($max_lifetime)
{
// Access the DBMS connection
global $connection;
//Access the sessions table
global $session_table;
$current_time = getMicroTime();
$delete_query = "DELETE FROM {$session_table}
WHERE last_accessed < ({$current_time} - {$max_lifetime})";
if (!($result = @ mysql_query($delete_query, $connection)))
showerror();
return true;
}
// Call to register user call back functions.
session_set_save_handler("sessionOpen",
"sessionClose",
"sessionRead",
"sessionWrite",
"sessionDestroy",
"sessionGC");
?>Code: Select all
WHERE session_id = '{$sess_id}':;Code: Select all
<?php
require "dblink.php";
// Returns current time as a number. Used for recording the
// last session access.
function getMicroTime()
{
// microtime() returns the number of seconds since
// 0:00:00 January 1, 1970 GMT as a microsecond part
// and a second part. e.g.: 0.08344800 1000952237
// Convert the two parts into an array
$mtime = explode(" ", microtime());
// Return the addition of the two parts e.g.: 1000952237.08344800
return($mtime[1] + $mtime[0]);
}
// The database connection
$connection = NULL;
// The global variable that holds the table name
$session_table= NULL;
// The session open handler called by PHP whenever
// a session is initialized. Always returns true.
function sessionOpen($database_name, $table_name)
{
// Save the database connection in a global variable
global $session_table;
// Database credentials
global $hostName;
global $username;
global $password;
if (!($connection @ mysql_connect($hostName, $username, $password)))
showerror();
if (!mysql_select_db($database_name, $connection))
showerror();
$session_table = $table_name;
return true;
}
// This function is called whenever a session_start() call is
// made and reads the session variables associated with the session
// identified by the $sess_id parameter. Returns "" when a session
// is not found and the session variables as a serialized string
// when the session exists.
function sessionRead($sess_id)
{
// Access the DBMS connection
global $connection;
// Access the sessions table
global $session_table;
// Formulate a query to find the session identified by $sess_id
$search_query = "SELECT * FROM {$session_table}
WHERE session_id = '{$sess_id}';
// Execute the query
if (!($result = @mysql_query($search_query, $connection)))
showerror();
if(mysql_num_rows($result) == 0)
//No session found - return the serialized string
return "";
else
{
//Found a session - return the serialized string
$row = mysql_fetch_array($result);
return $row["session_variable"];
}
}
function sessionWrite($sess_id, $val)
{
// Access the DBMS connection
global $connection;
// Access the sessions table
global $session_table;
$time_stamp = getMicroTime();
$search_query = "SELECT session_id FROM {$session_table}
WHERE session_id = '{sess_id}'";
// Execute the query
if (!($result - @ mysql_query($search_query, $connection)))
showerror();
if(mysql_num_rows($result) == 0)
{
// No session found, insert a new one
$insert_query = "INSERT INTO {$session_table}
(session_id, session_variable, last_accessed)
VALUES ('{$sess_id)', '{$val}', {$time_stamp})";
if (!mysql_query($insert_query, $connection))
showerror();
}
else
{
// Existing session found - Update the session variables
$update_query = "UPDATE {$session_table}
SET session_variable = '{$val}',
last_accessed = {$time_stamp}
WHERE session_id = '{$sess_id}'";
if(!mysql_query($update_query, $connection))
showerror();
}
}
// This function is executed on shutdown of the session.
// Always returns true.
function sessionClose()
{
return true;
}
// This is called whenever the session_destroy() function
// call is made. Returns true if the session has successfully
// been deleted.
function sessionDestroy($sess_id)
{
//Access the DBMS connection
global $connection;
// Access the sessions table
global $sessions_table;
$delete_query = "DELETE FROM {$session_table}
WHERE session_id = '{$sess_id}'";
if (!($result = @ mysql_query($delete_query, $connection)))
showerror();
return true;
}
// This function is called on a session's start up with the
// probability specified in session.gc_probability. Performs
// garbage collection by removing all sessions that haven't been
// updated in the last $max_lifetime seconds as set in
// session.gc_maxlifetime.
// Returns true if the DELETE query succeeded.
function sessionGC($max_lifetime)
{
// Access the DBMS connection
global $connection;
//Access the sessions table
global $session_table;
$current_time = getMicroTime();
$delete_query = "DELETE FROM {$session_table}
WHERE last_accessed < ({$current_time} - {$max_lifetime})";
if (!($result = @ mysql_query($delete_query, $connection)))
showerror();
return true;
}
// Call to register user call back functions.
session_set_save_handler("sessionOpen",
"sessionClose",
"sessionRead",
"sessionWrite",
"sessionDestroy",
"sessionGC");Code: Select all
$search_query = "SELECT * FROM {$session_table} WHERE session_id = '{$sess_id}';Code: Select all
$search_query = "SELECT * FROM {$session_table} WHERE session_id = '{$sess_id}'";Code: Select all
$query = sprintf("e;SELECT * FROM `users` WHERE `user`='%s' AND `password`='%s' LIMIT 1"e;,
mysql_real_escape_string($_POSTї'user']),
mysql_real_escape_string($_POSTї'password']));
$result = mysql_query($query) or die(mysql_error());
if (mysql_num_rows($result) == 1) {
$user = mysql_fetch_assoc($result);
$_SESSIONї'user'] = $userї'user'];
$_SESSIONї'id'] = $userї'id'];
$_SESSIONї'access'] = $userї'access'];
$_SESSIONї'logged'] = true;
header('Location: private.php');
}
echo 'Login failed';Code: Select all
if ($_SESSIONї'loggedin']) {
echo 'You\'ve reached a private page!. You Must be logged in!';
}mysql_query() wrote:link_identifier
The MySQL connection. If the link identifier is not specified, the last link opened by mysql_connect() is assumed. If no such link is found, it will try to create one as if mysql_connect() was called with no arguments. If by chance no connection is found or established, an E_WARNING level warning is generated.
Code: Select all
$query = sprintf("SELECT * FROM `users` WHERE `username`='%s' AND `password`='%s' LIMIT 1",
mysql_real_escape_string($_POST['username']),
mysql_real_escape_string($_POST['password']));this is my codeParse error: parse error in /home/www/twarowsk.freeownhost.com/StreetLife/login.php on line 8
Code: Select all
<?php
$connection = mysql_connect('127.0.0.1', 'root@localhost', '');
$mysql_select_db('streetlife');
if (!$connection){
die('Could not connect);
}
echo "Connected successfully";
$query = sprintf("SELECT * FROM `users` WHERE `username`='%s' AND `password`='%s' LIMIT 1",
mysql_real_escape_string($_POST['username']),
mysql_real_escape_string($_POST['password']));
$result = mysql_query($query) or die(mysql_error());
if (mysql_num_rows($result) == 1) {
$user = mysql_fetch_assoc($result);
$_SESSION['user'] = $username['username'];
$_SESSION['id'] = $username['id'];
$_SESSION['access'] = $username['access'];
$_SESSION['loggedin'] = true;
header('Location: private.php');
}
echo 'Login failed';
?>