Page 1 of 1

Help with sessions

Posted: Fri Dec 30, 2005 4:10 am
by ffclan
Hi all,

Nice forums you got here.

Moving on, i need help with user management. Im using dreamweaver to create the login/registration pages for my site. (Using PHP and MySQL of course). Now, all works fine and dandy :D

I want it that when the user logs in, he/she will see something like "Welcome [username]" and a button "Log out [username]". I dont know how to go about doing this. Im sure its very simple. Yet, i couldnt find help.

Also, in the members section, there is an area where users can upload files. In the file upload page, i put the field "Uploader name", and the user has to put his/her name. Im thinking this feild should be automatically filled according to the username of the person logged in.

Im thinking this all depends on sessions. But i have never delt with them.

My website address is http://www.fastfragclan.com

Sorry if the terms i used are not "up to standard". Thats the best i can explain it.

Thanks for any help.

Oh BTW, how do you add a date stamp when the user registers? Currently, im using a feild in the members table which automatically gets filled in when a new record is created. datatype: Timestamp. The problem is that it includes the time with it. Which i dont need.

Posted: Fri Dec 30, 2005 12:51 pm
by Ambush Commander
Your first question is pretty much not answerable without some code to base your system off of. How do you persist the user login? Do you store a user_id or something in your session? The system would have to know which user is associated with the request, figure out the username, then insert that value in the page. I can't be any more specirfic without code.

Your second question: keep the time. Better to have more information than less. Otherwise, check out http://dev.mysql.com/doc/refman/5.0/en/ ... rview.html

Posted: Fri Dec 30, 2005 1:18 pm
by Vapor
I was fooling around with the same sort of thing a while ago and had some limited success. I used html FORMS using POST method. whenever I needed to call something tied to the user I called

Code: Select all

$_POST['User_Name'] //user name 
$_POST['User_Pwd'] //user password
. It DID work; but it will put alot of stress on the server as each time they load a page they have to reverify their identiy and login status. Depending on how busy you think your site will be, this might work for you.

Posted: Fri Dec 30, 2005 7:31 pm
by mickd
using sessions will probably be easiest. either store their username in the session when they login or query the database to get the info then store it in a session.

Code: Select all

//login.php page
<?php
session_start();
// validation/authentication
$_SESSION['username'] = $_POST['username'];
?>

// page to display their username
<?php
session_start();
echo 'Welcome' . $_SESSION['username'];
?>

Posted: Sat Dec 31, 2005 1:10 am
by ffclan

Code: Select all

// page to display their username 
<?php 
session_start(); 
echo 'Welcome' . $_SESSION['username']; 
?>
I was playing around yesterday with the code. I used the code like above but did not put the

Code: Select all

session_start();
and it worked. You see, the code at the top of the page already has the

Code: Select all

session_start();
so this made it unnecessary to include it in the code you gave me above.

Anyway, thanks for you help guys.

But regarding the time stamp thing, you're right, more info is better. But how can i make it that it only shows the date and not the time. Example, i have a members page and it lists the names of all the members along with the date. currently it shows the date AND time. Can i make it that it just shows the date?

Later :D

Posted: Sat Dec 31, 2005 2:58 am
by Jenk

Code: Select all

<?php

echo 'Welcome ' . htmlentities($_POST['username']);

?>
To prevent XSS and HTML injection :)

Posted: Sat Dec 31, 2005 3:51 am
by ffclan
I was reading about XSS and HTML injection and i dont think i really need the "htmlentities". But, better safe than sorry :D

Thanks.

Posted: Sat Dec 31, 2005 4:06 am
by Jenk
if you use anything similar to:

Code: Select all

echo $_POST['var'];
then yes, you most definately do. :)

Posted: Sat Dec 31, 2005 5:35 am
by ffclan
Yeah, im using that. Will add "htmlentites".

Posted: Sun Jan 01, 2006 4:18 pm
by spamyboy
But if i need to display all users online ?

Posted: Sun Jan 01, 2006 6:21 pm
by timvw
As you probably know, http is stateless... So you might want to define "online users"

- A possible definition would be: all the users that have an active session... With this definition the solution is pretty easy, as you only need to loop through the sessions (/tmp/sessions or somewhere in your database...)


PS: If you're looking at htmlentities, you want to make sure you pass UTF-8 as the second parameter.. I think PHP should do this by default on echo and print..