Page 1 of 1

Authentification and session question

Posted: Fri Feb 07, 2003 2:12 pm
by ducky
I wrote a authentification script that seems to work pretty good however this script should work for people that don't accept cookies. Can anyone look at this and give me some ideas as to why my sessions don't work when I set my browser (IE 6.0) to Block all Cookies. Everything should work except the ability to remember me after the session is over.

Thanks,

Ducky

Code: Select all

<?php
$db = mysql_connect("localhost", "XXXXXXXXXXXXXXXXXXX", "XXXXXXXXXXXXXXXXX");
function querySQL($sql) &#123;
   
   global $result;
   
   global $db;

   mysql_select_db("pcn",$db);

   $result = mysql_query($sql);
   
   if (!$result) &#123;
     echo mysql_error();
	 exit;
   &#125;
&#125;

if (!$sess_member_id || !$sess_guest_id) &#123;
	if ($memberLogin) &#123;
	  
  		$sql = "SELECT * FROM members WHERE member_id = '$memberLogin'";
			querySQL($sql);
			$myrow = mysql_fetch_array($result);
			session_start();
			session_register('sess_member_id', 'sess_title', 'sess_first', 'sess_last', 'sess_email', 'sess_suffix');
			$sess_member_id = $myrow&#1111;"member_id"];
			$sess_title = $myrow&#1111;"title"];
			$sess_first = $myrow&#1111;"first"];
			$sess_last = $myrow&#1111;"last"];
			$sess_email = $myrow&#1111;"email"];
			$sess_suffix = $myrow&#1111;"suffix"];
		
	&#125; else if ($guestLogin) &#123;
	
  		$sql = "SELECT * FROM guests WHERE guest_id = '$guestLogin'";
			querySQL($sql);
			$myrow = mysql_fetch_array($result);
			session_start();
			session_register('sess_member_id', 'sess_title', 'sess_first', 'sess_last', 'sess_email', 'sess_suffix');
			$sess_guest_id = $myrow&#1111;"guest_id"];
			$sess_title = $myrow&#1111;"title"];
			$sess_first = $myrow&#1111;"first"];
			$sess_last = $myrow&#1111;"last"];
			$sess_email = $myrow&#1111;"email"];
			$sess_suffix = $myrow&#1111;"suffix"];
			$sess_guest = "true";		
	
	&#125; else &#123;
		
		if ($guest == "true") &#123;
		
			session_start();
			session_register('sess_guest_id', 'sess_title', 'sess_first', 'sess_last', 'sess_email', 'sess_suffix');
			
		&#125; else &#123;
		
			session_start();
			session_register('sess_member_id', 'sess_title', 'sess_first', 'sess_last', 'sess_email', 'sess_suffix', 'sess_guest');
		
		&#125;
		
	&#125;
&#125;
if ($logOut) &#123;
  
	if ($guestLogin) &#123;
	
		setcookie("guestLogin", "");
	
	&#125;
	
	if ($memberLogin) &#123;
	
		setcookie("memberLogin", "");
		
	&#125;
		
	session_unset();
	session_destroy();
	
&#125;
if ($email_signin) &#123;
  
	if ($guest == "true") &#123;
		$sql = "SELECT * FROM guests WHERE email = '$email_signin' and BINARY password = '$password_signin'";
		querySQL($sql);
		$myrow = mysql_fetch_array($result);
  	$num = mysql_numrows($result);
	&#125; else &#123;
		$sql = "SELECT * FROM members WHERE email = '$email_signin' and BINARY password = '$password_signin'";
		querySQL($sql);
		$myrow = mysql_fetch_array($result);
  	$num = mysql_numrows($result);
	&#125;
	
	if ($num != "0") &#123;
	  if ($guest == "true") &#123;
		
			session_start();
			session_register('sess_guest_id', 'sess_title', 'sess_first', 'sess_last', 'sess_email', 'sess_suffix', 'sess_guest');
			$sess_guest_id = $myrow&#1111;"guest_id"];
			$sess_title = $myrow&#1111;"title"];
			$sess_first = $myrow&#1111;"first"];
			$sess_last = $myrow&#1111;"last"];
			$sess_email = $myrow&#1111;"email"];
			$sess_suffix = $myrow&#1111;"suffix"];
			$sess_guest = "true";
		
			if ($remberMe == "1") &#123;
				setcookie("guestLogin", "$myrow&#1111;guest_id]", time()+31536000);
			&#125;
					
		&#125; else &#123;
		
			session_start();
			session_register('sess_member_id', 'sess_title', 'sess_first', 'sess_last', 'sess_email', 'sess_suffix');
			$sess_member_id = $myrow&#1111;"member_id"];
			$sess_title = $myrow&#1111;"title"];
			$sess_first = $myrow&#1111;"first"];
			$sess_last = $myrow&#1111;"last"];
			$sess_email = $myrow&#1111;"email"];
			$sess_suffix = $myrow&#1111;"suffix"];
		
			if ($remberMe == "1") &#123;
				setcookie("memberLogin", "$myrow&#1111;member_id]", time()+31536000);
			&#125;		
		&#125;
		
	&#125; else &#123;
	
     if ($guest == "true") &#123;
		 		$errorMsg = "<font color=red><b>Your user name or password was incorrect.  Have you <a href=guest_registration.php>registered</a> yet or did you <a href=guest_password_request.php>forget your password</a>?</b></font><Br><br>\n";		 
		 &#125; else &#123;
		 		$errorMsg = "<font color=red><b>Your user name or password was incorrect.  Have you <a href=signUp.php>registered</a> yet or did you <a href=passwordRequest.php>forget your password</a>?</b></font><Br><br>\n";
		 &#125;
		 
		 $errorMsg = urlencode($errorMsg);
			
	&#125;

&#125;

?>

Posted: Sat Feb 08, 2003 4:51 am
by volka
http://www.php.net/manual/en/ref.session.php
A visitor accessing your web site is assigned an unique id, the so-called session id. This is either stored in a cookie on the user side or is propagated in the URL.
On that page you can read about switching then methods, too.
  • search for
  • session.use_cookies
  • session.use_only_cookies
  • session.use_trans_sid
  • url_rewriter.tags
also take a look at this tutorial: http://www.zend.com/zend/tut/session.php

Posted: Mon Feb 10, 2003 9:00 am
by ducky
That really doesn't answer my question. I've looked at all those resorces and I didn't find the answer that's why I posted this question on this forum.

Posted: Mon Feb 10, 2003 9:45 am
by patrikG
Look again at what a session does (volka's post). PHP-sessions automatically set session-cookies. The only alternative to session cookies are session_ids via URL (see php manual).

Posted: Mon Feb 10, 2003 9:49 am
by ducky
All the reading that I have done says that you can have sessions without cookies. When cookies are not available php passes the session id via a url or html form.

Posted: Mon Feb 10, 2003 9:53 am
by patrikG
There are two methods to propagate a session id:

* Cookies
* URL parameter

The session module supports both methods. Cookies are optimal, but since they are not reliable (clients are not bound to accept them), we cannot rely on them. The second method embeds the session id directly into URLs.

PHP is capable of doing this transparently when compiled with --enable-trans-sid. If you enable this option, relative URIs will be changed to contain the session id automatically. Alternatively, you can use the constant SID which is defined, if the client did not send the appropriate cookie. SID is either of the form session_name=session_id or is an empty string.
check with phpinfo() whether your PHP has been compiled with --enable-trans-sid.