Page 1 of 1

[Solved] chech user session problem!!!

Posted: Sun Dec 11, 2005 8:12 pm
by joecrack
i did a login script that is working pretty good.
but now i want to have something that checks if a user is logged in or not - and if the user is NOT then i want him to go to the login page. so i thought about somethig like this:

Code: Select all

<?php
function CheckUserSession ($session) {
    $result = mysql_query("SELECT UserId,Name,Vorname,UserName,UserLogin FROM AdminUser
                    WHERE UserSession = '".$session."'") or mysql_error();
    if ( mysql_num_rows($result) == 1 ) {
////<code  for adding a dataset>
    }
    else {
      header ("Location: /site/index_login.php");
      return false;
    }
  }
?>
so if the user is not logged in .. its not alowed to add data.
do i have the right idea?? .. cause with this, its not working so far - the script adds the data ... logged in or not.
or can i even have this code in my external login script ???
and tell the script always to go to login page if user is not logged in???

Posted: Sun Dec 11, 2005 8:33 pm
by hawleyjr
You don't need to query the database everytime.

When the user signs in, set a session variable:

Code: Select all

$_SESSION['VALID_USER'] = TRUE;
Then, on each page; check for the session variable:

Code: Select all

if($_SESSION['VALID_USER'] === TRUE){
#VALID USER
}else{
#INVALID USER
#REDIRECT TO LOGIN PAGE
}

Posted: Sun Dec 11, 2005 8:47 pm
by joecrack
so i set the variable like this (on an included php login script):

Code: Select all

function CheckUserLogin ($un, $pw, $session) {
    $result = mysql_query("SELECT UserId,Name,Vorname,UserName,UserPasswd FROM AdminUser
                    WHERE UserName='$un' AND UserPasswd=MD5('$pw')") or mysql_error();
    $zeile = mysql_fetch_array($result);

    if ( $zeile["UserId"] == "" )
    {
      header ("Location: index_login_again.php");
    }
    else
    {
      $result = mysql_query("UPDATE AdminUser SET UserSession = '".$session."',UserLogin = NOW()
                    WHERE UserId = '".$zeile["UserId"]."'") or mysql_error();
	$_SESSION['VALID_USER'] = TRUE; 
      header ("Location: index_login_suc.htm");
    }
  }
and then i did the if that you told me - but i get the error: Undefined variable: _SESSION !!!

Posted: Sun Dec 11, 2005 8:48 pm
by hawleyjr
put the following line at the top of your page:

Code: Select all

session_start();

Posted: Sun Dec 11, 2005 9:31 pm
by joecrack
hmmm - your function is now working fine - but i found out that my login/logout script is not doin as good as i thought. it keeps me logged in all the time, only restarting my browser loggs me out.
the logout page looks like this:

Code: Select all

<?php
  session_start();
  include("connect.inc.php");
  include("usermanagment.inc.php");
  ?>
<html><head>
<link rel="stylesheet" href="style.css" type="text/css"></head><body>
<img src="menue.jpg" width="1004" height="80">
<table width="575">
..............table...
  <tr>
    <th width="154" height="24" scope="row"><a href="change.html"><img src="change2.gif" width="124" height="17" border="0" align="left"></a></th>
    <td width="85" height="24">&nbsp;</td>
    <td height="24">Remeber to <a href="index_logout_suc.htm?action=logout">"Log Out"</a> if you leave the computer.</td>
  </tr>
  <tr>
</table></body></html>
and the logout part of the usermanagement.inc.php like this:

Code: Select all

function UserLogout ($session) {
    $result = mysql_query("UPDATE AdminUser SET UserSession = NULL
                    WHERE UserSession = '".$session."'") or mysql_error();
    header ("Location: index_logout_suc.htm");
  }

Posted: Sun Dec 11, 2005 10:15 pm
by trukfixer
looks like you arent calling your function .. simply including it does nothing, it must be called and the session id passed

Posted: Sun Dec 11, 2005 11:30 pm
by joecrack
man i am sorry - i searched for it - but i cant find anything.
so how do i call it and pass the ID???

Posted: Sun Dec 11, 2005 11:51 pm
by John Cartwright

Code: Select all

CheckUserLogin(session_id());

Posted: Mon Dec 12, 2005 1:26 am
by joecrack
sorry i dont know what to do with that... just put it at the begining of the script ... put it in the unsermanagement.php or in the html?????

Posted: Mon Dec 12, 2005 3:13 am
by John Cartwright
joecrack wrote:so how do i call it and pass the ID???
Jcart wrote:

Code: Select all

CheckUserLogin(session_id());
I'm not quite sure what you mean then if that doesn't answer your question. :?

Posted: Mon Dec 12, 2005 8:19 pm
by joecrack
PERHAPS it aswers my question - but as i wrote i dont know what do do with it
trukfixer said:"simply including it does nothing, it must be called and the session id passed"
OK so does that mean doing it like this:

Code: Select all

<?php
  session_start();
  include("connect.inc.php");
CheckUserLogin(session_id());
  ?>
<table width="575">
..............table...
  <tr>
    <td height="24">Remeber to <a href="index_logout_suc.htm?action=logout">"Log Out"</a> if you leave the computer.</td>
...
now i replaced the include cause trukfixer said that icluding does noting - i dont know WHAT to do with checkuser?
plz HELP

Posted: Mon Dec 12, 2005 10:45 pm
by trukfixer
heh - you mis understood ..
"*SIMPLY* including the file does nothing, *in and of itself*

You need to include teh script - that is fine,
but after the include(myfunctions.php);
you must then call your function that you defined as

Code: Select all

//pseudocode to demonstrate the idea
session_start();
include('myfile.php');
include('myfunctions.php');
$return_val = check_login($_SESSION['session_id']);//calls function declared in myfunctions.php, and passes the session id
//a function should almost always return a value of some kind, ideally.

Posted: Tue Dec 13, 2005 12:23 am
by joecrack
my LogOut Button is now just a link to a php page like this:

Code: Select all

<?php
  session_start();
  include("connect.inc.php");
  include("usermanagment.inc.php");
  $return_val = UserLogout ($session);
  ?>
And it uses the my logout function:

Code: Select all

function UserLogout ($session) {
    $result = mysql_query("UPDATE AdminUser SET UserSession = NULL
                    WHERE UserSession = '".$session."'") or mysql_error();
    header ("Location: index_login.php");
  }
Because it is straight going to the index_login.php - but it does NOT log the user out.
Is something wrong with the function. I mean it is using it - cause it takes the header - but it doesnt set the session NULL it think.

Posted: Tue Dec 13, 2005 12:42 am
by AKA Panama Jack
Might want to read the information on this page.

http://us2.php.net/manual/en/function.s ... estroy.php

Posted: Tue Dec 13, 2005 12:53 am
by joecrack
Finally - THANKS A LOT