[Solved] chech user session problem!!!

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
joecrack
Forum Commoner
Posts: 99
Joined: Mon Oct 31, 2005 9:17 pm

[Solved] chech user session problem!!!

Post by joecrack »

i did a login script that is working pretty good.
but now i want to have something that checks if a user is logged in or not - and if the user is NOT then i want him to go to the login page. so i thought about somethig like this:

Code: Select all

<?php
function CheckUserSession ($session) {
    $result = mysql_query("SELECT UserId,Name,Vorname,UserName,UserLogin FROM AdminUser
                    WHERE UserSession = '".$session."'") or mysql_error();
    if ( mysql_num_rows($result) == 1 ) {
////<code  for adding a dataset>
    }
    else {
      header ("Location: /site/index_login.php");
      return false;
    }
  }
?>
so if the user is not logged in .. its not alowed to add data.
do i have the right idea?? .. cause with this, its not working so far - the script adds the data ... logged in or not.
or can i even have this code in my external login script ???
and tell the script always to go to login page if user is not logged in???
User avatar
hawleyjr
BeerMod
Posts: 2170
Joined: Tue Jan 13, 2004 4:58 pm
Location: Jax FL & Spokane WA USA

Post by hawleyjr »

You don't need to query the database everytime.

When the user signs in, set a session variable:

Code: Select all

$_SESSION['VALID_USER'] = TRUE;
Then, on each page; check for the session variable:

Code: Select all

if($_SESSION['VALID_USER'] === TRUE){
#VALID USER
}else{
#INVALID USER
#REDIRECT TO LOGIN PAGE
}
joecrack
Forum Commoner
Posts: 99
Joined: Mon Oct 31, 2005 9:17 pm

Post by joecrack »

so i set the variable like this (on an included php login script):

Code: Select all

function CheckUserLogin ($un, $pw, $session) {
    $result = mysql_query("SELECT UserId,Name,Vorname,UserName,UserPasswd FROM AdminUser
                    WHERE UserName='$un' AND UserPasswd=MD5('$pw')") or mysql_error();
    $zeile = mysql_fetch_array($result);

    if ( $zeile["UserId"] == "" )
    {
      header ("Location: index_login_again.php");
    }
    else
    {
      $result = mysql_query("UPDATE AdminUser SET UserSession = '".$session."',UserLogin = NOW()
                    WHERE UserId = '".$zeile["UserId"]."'") or mysql_error();
	$_SESSION['VALID_USER'] = TRUE; 
      header ("Location: index_login_suc.htm");
    }
  }
and then i did the if that you told me - but i get the error: Undefined variable: _SESSION !!!
User avatar
hawleyjr
BeerMod
Posts: 2170
Joined: Tue Jan 13, 2004 4:58 pm
Location: Jax FL & Spokane WA USA

Post by hawleyjr »

put the following line at the top of your page:

Code: Select all

session_start();
joecrack
Forum Commoner
Posts: 99
Joined: Mon Oct 31, 2005 9:17 pm

Post by joecrack »

hmmm - your function is now working fine - but i found out that my login/logout script is not doin as good as i thought. it keeps me logged in all the time, only restarting my browser loggs me out.
the logout page looks like this:

Code: Select all

<?php
  session_start();
  include("connect.inc.php");
  include("usermanagment.inc.php");
  ?>
<html><head>
<link rel="stylesheet" href="style.css" type="text/css"></head><body>
<img src="menue.jpg" width="1004" height="80">
<table width="575">
..............table...
  <tr>
    <th width="154" height="24" scope="row"><a href="change.html"><img src="change2.gif" width="124" height="17" border="0" align="left"></a></th>
    <td width="85" height="24">&nbsp;</td>
    <td height="24">Remeber to <a href="index_logout_suc.htm?action=logout">"Log Out"</a> if you leave the computer.</td>
  </tr>
  <tr>
</table></body></html>
and the logout part of the usermanagement.inc.php like this:

Code: Select all

function UserLogout ($session) {
    $result = mysql_query("UPDATE AdminUser SET UserSession = NULL
                    WHERE UserSession = '".$session."'") or mysql_error();
    header ("Location: index_logout_suc.htm");
  }
User avatar
trukfixer
Forum Contributor
Posts: 174
Joined: Fri May 21, 2004 3:14 pm
Location: Miami, Florida, USA

Post by trukfixer »

looks like you arent calling your function .. simply including it does nothing, it must be called and the session id passed
joecrack
Forum Commoner
Posts: 99
Joined: Mon Oct 31, 2005 9:17 pm

Post by joecrack »

man i am sorry - i searched for it - but i cant find anything.
so how do i call it and pass the ID???
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

Code: Select all

CheckUserLogin(session_id());
joecrack
Forum Commoner
Posts: 99
Joined: Mon Oct 31, 2005 9:17 pm

Post by joecrack »

sorry i dont know what to do with that... just put it at the begining of the script ... put it in the unsermanagement.php or in the html?????
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

joecrack wrote:so how do i call it and pass the ID???
Jcart wrote:

Code: Select all

CheckUserLogin(session_id());
I'm not quite sure what you mean then if that doesn't answer your question. :?
joecrack
Forum Commoner
Posts: 99
Joined: Mon Oct 31, 2005 9:17 pm

Post by joecrack »

PERHAPS it aswers my question - but as i wrote i dont know what do do with it
trukfixer said:"simply including it does nothing, it must be called and the session id passed"
OK so does that mean doing it like this:

Code: Select all

<?php
  session_start();
  include("connect.inc.php");
CheckUserLogin(session_id());
  ?>
<table width="575">
..............table...
  <tr>
    <td height="24">Remeber to <a href="index_logout_suc.htm?action=logout">"Log Out"</a> if you leave the computer.</td>
...
now i replaced the include cause trukfixer said that icluding does noting - i dont know WHAT to do with checkuser?
plz HELP
User avatar
trukfixer
Forum Contributor
Posts: 174
Joined: Fri May 21, 2004 3:14 pm
Location: Miami, Florida, USA

Post by trukfixer »

heh - you mis understood ..
"*SIMPLY* including the file does nothing, *in and of itself*

You need to include teh script - that is fine,
but after the include(myfunctions.php);
you must then call your function that you defined as

Code: Select all

//pseudocode to demonstrate the idea
session_start();
include('myfile.php');
include('myfunctions.php');
$return_val = check_login($_SESSION['session_id']);//calls function declared in myfunctions.php, and passes the session id
//a function should almost always return a value of some kind, ideally.
joecrack
Forum Commoner
Posts: 99
Joined: Mon Oct 31, 2005 9:17 pm

Post by joecrack »

my LogOut Button is now just a link to a php page like this:

Code: Select all

<?php
  session_start();
  include("connect.inc.php");
  include("usermanagment.inc.php");
  $return_val = UserLogout ($session);
  ?>
And it uses the my logout function:

Code: Select all

function UserLogout ($session) {
    $result = mysql_query("UPDATE AdminUser SET UserSession = NULL
                    WHERE UserSession = '".$session."'") or mysql_error();
    header ("Location: index_login.php");
  }
Because it is straight going to the index_login.php - but it does NOT log the user out.
Is something wrong with the function. I mean it is using it - cause it takes the header - but it doesnt set the session NULL it think.
User avatar
AKA Panama Jack
Forum Regular
Posts: 878
Joined: Mon Nov 14, 2005 4:21 pm

Post by AKA Panama Jack »

Might want to read the information on this page.

http://us2.php.net/manual/en/function.s ... estroy.php
joecrack
Forum Commoner
Posts: 99
Joined: Mon Oct 31, 2005 9:17 pm

Post by joecrack »

Finally - THANKS A LOT
Post Reply