Page 1 of 1
[Solved] chech user session problem!!!
Posted: Sun Dec 11, 2005 8:12 pm
by joecrack
i did a login script that is working pretty good.
but now i want to have something that checks if a user is logged in or not - and if the user is NOT then i want him to go to the login page. so i thought about somethig like this:
Code: Select all
<?php
function CheckUserSession ($session) {
$result = mysql_query("SELECT UserId,Name,Vorname,UserName,UserLogin FROM AdminUser
WHERE UserSession = '".$session."'") or mysql_error();
if ( mysql_num_rows($result) == 1 ) {
////<code for adding a dataset>
}
else {
header ("Location: /site/index_login.php");
return false;
}
}
?>
so if the user is not logged in .. its not alowed to add data.
do i have the right idea?? .. cause with this, its not working so far - the script adds the data ... logged in or not.
or can i even have this code in my external login script ???
and tell the script always to go to login page if user is not logged in???
Posted: Sun Dec 11, 2005 8:33 pm
by hawleyjr
You don't need to query the database everytime.
When the user signs in, set a session variable:
Then, on each page; check for the session variable:
Code: Select all
if($_SESSION['VALID_USER'] === TRUE){
#VALID USER
}else{
#INVALID USER
#REDIRECT TO LOGIN PAGE
}
Posted: Sun Dec 11, 2005 8:47 pm
by joecrack
so i set the variable like this (on an included php login script):
Code: Select all
function CheckUserLogin ($un, $pw, $session) {
$result = mysql_query("SELECT UserId,Name,Vorname,UserName,UserPasswd FROM AdminUser
WHERE UserName='$un' AND UserPasswd=MD5('$pw')") or mysql_error();
$zeile = mysql_fetch_array($result);
if ( $zeile["UserId"] == "" )
{
header ("Location: index_login_again.php");
}
else
{
$result = mysql_query("UPDATE AdminUser SET UserSession = '".$session."',UserLogin = NOW()
WHERE UserId = '".$zeile["UserId"]."'") or mysql_error();
$_SESSION['VALID_USER'] = TRUE;
header ("Location: index_login_suc.htm");
}
}
and then i did the if that you told me - but i get the error: Undefined variable: _SESSION !!!
Posted: Sun Dec 11, 2005 8:48 pm
by hawleyjr
put the following line at the top of your page:
Posted: Sun Dec 11, 2005 9:31 pm
by joecrack
hmmm - your function is now working fine - but i found out that my login/logout script is not doin as good as i thought. it keeps me logged in all the time, only restarting my browser loggs me out.
the logout page looks like this:
Code: Select all
<?php
session_start();
include("connect.inc.php");
include("usermanagment.inc.php");
?>
<html><head>
<link rel="stylesheet" href="style.css" type="text/css"></head><body>
<img src="menue.jpg" width="1004" height="80">
<table width="575">
..............table...
<tr>
<th width="154" height="24" scope="row"><a href="change.html"><img src="change2.gif" width="124" height="17" border="0" align="left"></a></th>
<td width="85" height="24"> </td>
<td height="24">Remeber to <a href="index_logout_suc.htm?action=logout">"Log Out"</a> if you leave the computer.</td>
</tr>
<tr>
</table></body></html>
and the logout part of the usermanagement.inc.php like this:
Code: Select all
function UserLogout ($session) {
$result = mysql_query("UPDATE AdminUser SET UserSession = NULL
WHERE UserSession = '".$session."'") or mysql_error();
header ("Location: index_logout_suc.htm");
}
Posted: Sun Dec 11, 2005 10:15 pm
by trukfixer
looks like you arent calling your function .. simply including it does nothing, it must be called and the session id passed
Posted: Sun Dec 11, 2005 11:30 pm
by joecrack
man i am sorry - i searched for it - but i cant find anything.
so how do i call it and pass the ID???
Posted: Sun Dec 11, 2005 11:51 pm
by John Cartwright
Posted: Mon Dec 12, 2005 1:26 am
by joecrack
sorry i dont know what to do with that... just put it at the begining of the script ... put it in the unsermanagement.php or in the html?????
Posted: Mon Dec 12, 2005 3:13 am
by John Cartwright
joecrack wrote:so how do i call it and pass the ID???
I'm not quite sure what you mean then if that doesn't answer your question.

Posted: Mon Dec 12, 2005 8:19 pm
by joecrack
PERHAPS it aswers my question - but as i wrote i dont know what do do with it
trukfixer said:"simply including it does nothing, it must be called and the session id passed"
OK so does that mean doing it like this:
Code: Select all
<?php
session_start();
include("connect.inc.php");
CheckUserLogin(session_id());
?>
<table width="575">
..............table...
<tr>
<td height="24">Remeber to <a href="index_logout_suc.htm?action=logout">"Log Out"</a> if you leave the computer.</td>
...
now i replaced the include cause trukfixer said that icluding does noting - i dont know WHAT to do with checkuser?
plz HELP
Posted: Mon Dec 12, 2005 10:45 pm
by trukfixer
heh - you mis understood ..
"*SIMPLY* including the file does nothing, *in and of itself*
You need to include teh script - that is fine,
but after the include(myfunctions.php);
you must then call your function that you defined as
Code: Select all
//pseudocode to demonstrate the idea
session_start();
include('myfile.php');
include('myfunctions.php');
$return_val = check_login($_SESSION['session_id']);//calls function declared in myfunctions.php, and passes the session id
//a function should almost always return a value of some kind, ideally.
Posted: Tue Dec 13, 2005 12:23 am
by joecrack
my LogOut Button is now just a link to a php page like this:
Code: Select all
<?php
session_start();
include("connect.inc.php");
include("usermanagment.inc.php");
$return_val = UserLogout ($session);
?>
And it uses the my logout function:
Code: Select all
function UserLogout ($session) {
$result = mysql_query("UPDATE AdminUser SET UserSession = NULL
WHERE UserSession = '".$session."'") or mysql_error();
header ("Location: index_login.php");
}
Because it is straight going to the index_login.php - but it does NOT log the user out.
Is something wrong with the function. I mean it is using it - cause it takes the header - but it doesnt set the session NULL it think.
Posted: Tue Dec 13, 2005 12:42 am
by AKA Panama Jack
Posted: Tue Dec 13, 2005 12:53 am
by joecrack
Finally - THANKS A LOT