Sessions - I'm stuck!

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Wardy7
Forum Commoner
Posts: 38
Joined: Wed Aug 24, 2005 4:45 am
Location: UK

Sessions - I'm stuck!

Post by Wardy7 »

I've spent the day trying to get my head round getting sessions working on a site and I just seem to be getting absoluitely no where. I've tried a number of different times and read a load of examples and tutorials yet still seem to be in "stupid" mode and just not getting it working.

Basically I have a site (I bet you didn't see that one coming). I have it currently that on logon.php there is a form with email & password to be filled in and then the form is submitted (POST) to logon2.php
logon2.php then has some code that look sup the email address and password to make sure that they match and then if they do I have a line of code that creates a link for users to clickon to log into their user area (userdetails.php)

Code: Select all

echo("Thank you for logging in. Click <a href=\"userdetails.php?password=$password&email=$email\">here</a> to continue.");
I know that this way is very un-secure as the email address and password get written to the address bar so anyone could come along and check the history of the computer and click on it and they would be able to be logged in :(

I'm tearing my hair out now trying to get this working (well other than I have a skinhead so not exactly true), can anyone help me with this please, as the only session I feel like now is one down the pub as today's efforts have got me no where. :(

I must add that I did get some basic session working before so I oculd display a session but I don't think they were actually doing anythign else other than displaying the number as it was still possible to click on history link an dlog in and also the email and password were still egtting written out.

So, does anyone think they can help (it is my birthday tommorrow, not that that will make a jot of difference to anyone here I guess) :roll:

Cheers
Wardy
User avatar
Maugrim_The_Reaper
DevNet Master
Posts: 2704
Joined: Tue Nov 02, 2004 5:43 am
Location: Ireland

Post by Maugrim_The_Reaper »

Use PHP sessions. Start up a session using session_start(), and store session data within $_SESSION. These are stored between separate requests.

Code: Select all

session_start();

// check authentication

$_SESSION['authenticated'] = true;
$_SESSION['userid'] = $userid; // use this to look up user details

// next page - userdetails.php say

session_start();

if(!$_SESSION['authenticated'])
{
	header('Location: http://myserver.com/index.php'); // failed auth check, send to index
}

// otherwise fetch user details - id is stored as $_SESSION['userid']
Wardy7
Forum Commoner
Posts: 38
Joined: Wed Aug 24, 2005 4:45 am
Location: UK

Post by Wardy7 »

Um, sorry to be thick but...

So on login2.php this is put at the very top

Code: Select all

session_start();

// check authentication

$_SESSION['authenticated'] = true;
$_SESSION['userid'] = $userid; // use this to look up user details
I take it then after this just below itI do my check to see if the email address and passwords match?

Thanks for the reply!

Cheers
Wardy
User avatar
Maugrim_The_Reaper
DevNet Master
Posts: 2704
Joined: Tue Nov 02, 2004 5:43 am
Location: Ireland

Post by Maugrim_The_Reaper »

You need to figure out $userid yourself - its on your database, I just put the above as an example.

session_start() must be called before you use $_SESSION - only once per request mind.

// check authentication - means just that, run your usual checks that the user is valid and can be allowed to login - the authenticated value simply tells other files that this user has logged in - you need to check its TRUE for every page only accessible by a logged in user.
Post Reply