Authentification and session question

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
ducky
Forum Newbie
Posts: 5
Joined: Mon Dec 02, 2002 10:53 am

Authentification and session question

Post by ducky »

I wrote a authentification script that seems to work pretty good however this script should work for people that don't accept cookies. Can anyone look at this and give me some ideas as to why my sessions don't work when I set my browser (IE 6.0) to Block all Cookies. Everything should work except the ability to remember me after the session is over.

Thanks,

Ducky

Code: Select all

<?php
$db = mysql_connect("localhost", "XXXXXXXXXXXXXXXXXXX", "XXXXXXXXXXXXXXXXX");
function querySQL($sql) &#123;
   
   global $result;
   
   global $db;

   mysql_select_db("pcn",$db);

   $result = mysql_query($sql);
   
   if (!$result) &#123;
     echo mysql_error();
	 exit;
   &#125;
&#125;

if (!$sess_member_id || !$sess_guest_id) &#123;
	if ($memberLogin) &#123;
	  
  		$sql = "SELECT * FROM members WHERE member_id = '$memberLogin'";
			querySQL($sql);
			$myrow = mysql_fetch_array($result);
			session_start();
			session_register('sess_member_id', 'sess_title', 'sess_first', 'sess_last', 'sess_email', 'sess_suffix');
			$sess_member_id = $myrow&#1111;"member_id"];
			$sess_title = $myrow&#1111;"title"];
			$sess_first = $myrow&#1111;"first"];
			$sess_last = $myrow&#1111;"last"];
			$sess_email = $myrow&#1111;"email"];
			$sess_suffix = $myrow&#1111;"suffix"];
		
	&#125; else if ($guestLogin) &#123;
	
  		$sql = "SELECT * FROM guests WHERE guest_id = '$guestLogin'";
			querySQL($sql);
			$myrow = mysql_fetch_array($result);
			session_start();
			session_register('sess_member_id', 'sess_title', 'sess_first', 'sess_last', 'sess_email', 'sess_suffix');
			$sess_guest_id = $myrow&#1111;"guest_id"];
			$sess_title = $myrow&#1111;"title"];
			$sess_first = $myrow&#1111;"first"];
			$sess_last = $myrow&#1111;"last"];
			$sess_email = $myrow&#1111;"email"];
			$sess_suffix = $myrow&#1111;"suffix"];
			$sess_guest = "true";		
	
	&#125; else &#123;
		
		if ($guest == "true") &#123;
		
			session_start();
			session_register('sess_guest_id', 'sess_title', 'sess_first', 'sess_last', 'sess_email', 'sess_suffix');
			
		&#125; else &#123;
		
			session_start();
			session_register('sess_member_id', 'sess_title', 'sess_first', 'sess_last', 'sess_email', 'sess_suffix', 'sess_guest');
		
		&#125;
		
	&#125;
&#125;
if ($logOut) &#123;
  
	if ($guestLogin) &#123;
	
		setcookie("guestLogin", "");
	
	&#125;
	
	if ($memberLogin) &#123;
	
		setcookie("memberLogin", "");
		
	&#125;
		
	session_unset();
	session_destroy();
	
&#125;
if ($email_signin) &#123;
  
	if ($guest == "true") &#123;
		$sql = "SELECT * FROM guests WHERE email = '$email_signin' and BINARY password = '$password_signin'";
		querySQL($sql);
		$myrow = mysql_fetch_array($result);
  	$num = mysql_numrows($result);
	&#125; else &#123;
		$sql = "SELECT * FROM members WHERE email = '$email_signin' and BINARY password = '$password_signin'";
		querySQL($sql);
		$myrow = mysql_fetch_array($result);
  	$num = mysql_numrows($result);
	&#125;
	
	if ($num != "0") &#123;
	  if ($guest == "true") &#123;
		
			session_start();
			session_register('sess_guest_id', 'sess_title', 'sess_first', 'sess_last', 'sess_email', 'sess_suffix', 'sess_guest');
			$sess_guest_id = $myrow&#1111;"guest_id"];
			$sess_title = $myrow&#1111;"title"];
			$sess_first = $myrow&#1111;"first"];
			$sess_last = $myrow&#1111;"last"];
			$sess_email = $myrow&#1111;"email"];
			$sess_suffix = $myrow&#1111;"suffix"];
			$sess_guest = "true";
		
			if ($remberMe == "1") &#123;
				setcookie("guestLogin", "$myrow&#1111;guest_id]", time()+31536000);
			&#125;
					
		&#125; else &#123;
		
			session_start();
			session_register('sess_member_id', 'sess_title', 'sess_first', 'sess_last', 'sess_email', 'sess_suffix');
			$sess_member_id = $myrow&#1111;"member_id"];
			$sess_title = $myrow&#1111;"title"];
			$sess_first = $myrow&#1111;"first"];
			$sess_last = $myrow&#1111;"last"];
			$sess_email = $myrow&#1111;"email"];
			$sess_suffix = $myrow&#1111;"suffix"];
		
			if ($remberMe == "1") &#123;
				setcookie("memberLogin", "$myrow&#1111;member_id]", time()+31536000);
			&#125;		
		&#125;
		
	&#125; else &#123;
	
     if ($guest == "true") &#123;
		 		$errorMsg = "<font color=red><b>Your user name or password was incorrect.  Have you <a href=guest_registration.php>registered</a> yet or did you <a href=guest_password_request.php>forget your password</a>?</b></font><Br><br>\n";		 
		 &#125; else &#123;
		 		$errorMsg = "<font color=red><b>Your user name or password was incorrect.  Have you <a href=signUp.php>registered</a> yet or did you <a href=passwordRequest.php>forget your password</a>?</b></font><Br><br>\n";
		 &#125;
		 
		 $errorMsg = urlencode($errorMsg);
			
	&#125;

&#125;

?>
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

http://www.php.net/manual/en/ref.session.php
A visitor accessing your web site is assigned an unique id, the so-called session id. This is either stored in a cookie on the user side or is propagated in the URL.
On that page you can read about switching then methods, too.
  • search for
  • session.use_cookies
  • session.use_only_cookies
  • session.use_trans_sid
  • url_rewriter.tags
also take a look at this tutorial: http://www.zend.com/zend/tut/session.php
ducky
Forum Newbie
Posts: 5
Joined: Mon Dec 02, 2002 10:53 am

Post by ducky »

That really doesn't answer my question. I've looked at all those resorces and I didn't find the answer that's why I posted this question on this forum.
User avatar
patrikG
DevNet Master
Posts: 4235
Joined: Thu Aug 15, 2002 5:53 am
Location: Sussex, UK

Post by patrikG »

Look again at what a session does (volka's post). PHP-sessions automatically set session-cookies. The only alternative to session cookies are session_ids via URL (see php manual).
ducky
Forum Newbie
Posts: 5
Joined: Mon Dec 02, 2002 10:53 am

Post by ducky »

All the reading that I have done says that you can have sessions without cookies. When cookies are not available php passes the session id via a url or html form.
User avatar
patrikG
DevNet Master
Posts: 4235
Joined: Thu Aug 15, 2002 5:53 am
Location: Sussex, UK

Post by patrikG »

There are two methods to propagate a session id:

* Cookies
* URL parameter

The session module supports both methods. Cookies are optimal, but since they are not reliable (clients are not bound to accept them), we cannot rely on them. The second method embeds the session id directly into URLs.

PHP is capable of doing this transparently when compiled with --enable-trans-sid. If you enable this option, relative URIs will be changed to contain the session id automatically. Alternatively, you can use the constant SID which is defined, if the client did not send the appropriate cookie. SID is either of the form session_name=session_id or is an empty string.
check with phpinfo() whether your PHP has been compiled with --enable-trans-sid.
Post Reply