Help with sessions

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
ffclan
Forum Newbie
Posts: 10
Joined: Fri Dec 30, 2005 3:59 am

Help with sessions

Post by ffclan »

Hi all,

Nice forums you got here.

Moving on, i need help with user management. Im using dreamweaver to create the login/registration pages for my site. (Using PHP and MySQL of course). Now, all works fine and dandy :D

I want it that when the user logs in, he/she will see something like "Welcome [username]" and a button "Log out [username]". I dont know how to go about doing this. Im sure its very simple. Yet, i couldnt find help.

Also, in the members section, there is an area where users can upload files. In the file upload page, i put the field "Uploader name", and the user has to put his/her name. Im thinking this feild should be automatically filled according to the username of the person logged in.

Im thinking this all depends on sessions. But i have never delt with them.

My website address is http://www.fastfragclan.com

Sorry if the terms i used are not "up to standard". Thats the best i can explain it.

Thanks for any help.

Oh BTW, how do you add a date stamp when the user registers? Currently, im using a feild in the members table which automatically gets filled in when a new record is created. datatype: Timestamp. The problem is that it includes the time with it. Which i dont need.
User avatar
Ambush Commander
DevNet Master
Posts: 3698
Joined: Mon Oct 25, 2004 9:29 pm
Location: New Jersey, US

Post by Ambush Commander »

Your first question is pretty much not answerable without some code to base your system off of. How do you persist the user login? Do you store a user_id or something in your session? The system would have to know which user is associated with the request, figure out the username, then insert that value in the page. I can't be any more specirfic without code.

Your second question: keep the time. Better to have more information than less. Otherwise, check out http://dev.mysql.com/doc/refman/5.0/en/ ... rview.html
Vapor
Forum Newbie
Posts: 3
Joined: Thu Dec 29, 2005 10:55 am

Post by Vapor »

I was fooling around with the same sort of thing a while ago and had some limited success. I used html FORMS using POST method. whenever I needed to call something tied to the user I called

Code: Select all

$_POST['User_Name'] //user name 
$_POST['User_Pwd'] //user password
. It DID work; but it will put alot of stress on the server as each time they load a page they have to reverify their identiy and login status. Depending on how busy you think your site will be, this might work for you.
mickd
Forum Contributor
Posts: 397
Joined: Tue Jun 21, 2005 9:05 am
Location: Australia

Post by mickd »

using sessions will probably be easiest. either store their username in the session when they login or query the database to get the info then store it in a session.

Code: Select all

//login.php page
<?php
session_start();
// validation/authentication
$_SESSION['username'] = $_POST['username'];
?>

// page to display their username
<?php
session_start();
echo 'Welcome' . $_SESSION['username'];
?>
ffclan
Forum Newbie
Posts: 10
Joined: Fri Dec 30, 2005 3:59 am

Post by ffclan »

Code: Select all

// page to display their username 
<?php 
session_start(); 
echo 'Welcome' . $_SESSION['username']; 
?>
I was playing around yesterday with the code. I used the code like above but did not put the

Code: Select all

session_start();
and it worked. You see, the code at the top of the page already has the

Code: Select all

session_start();
so this made it unnecessary to include it in the code you gave me above.

Anyway, thanks for you help guys.

But regarding the time stamp thing, you're right, more info is better. But how can i make it that it only shows the date and not the time. Example, i have a members page and it lists the names of all the members along with the date. currently it shows the date AND time. Can i make it that it just shows the date?

Later :D
User avatar
Jenk
DevNet Master
Posts: 3587
Joined: Mon Sep 19, 2005 6:24 am
Location: London

Post by Jenk »

Code: Select all

<?php

echo 'Welcome ' . htmlentities($_POST['username']);

?>
To prevent XSS and HTML injection :)
ffclan
Forum Newbie
Posts: 10
Joined: Fri Dec 30, 2005 3:59 am

Post by ffclan »

I was reading about XSS and HTML injection and i dont think i really need the "htmlentities". But, better safe than sorry :D

Thanks.
User avatar
Jenk
DevNet Master
Posts: 3587
Joined: Mon Sep 19, 2005 6:24 am
Location: London

Post by Jenk »

if you use anything similar to:

Code: Select all

echo $_POST['var'];
then yes, you most definately do. :)
ffclan
Forum Newbie
Posts: 10
Joined: Fri Dec 30, 2005 3:59 am

Post by ffclan »

Yeah, im using that. Will add "htmlentites".
User avatar
spamyboy
Forum Contributor
Posts: 266
Joined: Sun Nov 06, 2005 11:29 am
Location: Lithuania, vilnius

Post by spamyboy »

But if i need to display all users online ?
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

As you probably know, http is stateless... So you might want to define "online users"

- A possible definition would be: all the users that have an active session... With this definition the solution is pretty easy, as you only need to loop through the sessions (/tmp/sessions or somewhere in your database...)


PS: If you're looking at htmlentities, you want to make sure you pass UTF-8 as the second parameter.. I think PHP should do this by default on echo and print..
Post Reply