I call session_start() on every page. When someone logs in a $_SESSION['user_info'] is populated and persistent cookies are set with username/password. When they logout, I do $_SESSION = array(), session_destroy() and delete the persistent cookies.
Here is the relevant code.
Called on every page:
Code: Select all
session_start();
if(!isset($_SESSION['user_info']))
{
// If user has cookie set, use that info
if(isset($_COOKIE['cookieUN']) && isset($_COOKIE['cookiePW']))
$_SESSION['id'] = login_username_password($_COOKIE['cookieUN'], $_COOKIE['cookiePW']);
if(!isset($_SESSION['id']))
{
$_SESSION['id'] = 0;
$_SESSION['username'] = 'ANONYMOUS';
//echo 'New site user - set to ANONYMOUS';
}
else
{
if ((int)$_SESSION['id'] != 0)
{
$_SESSION['user_info'] = get_userinfo_by_id($_SESSION['id']);
unset($_SESSION['id']);
unset($_SESSION['username']);
}
}
}Code: Select all
function login_store() {
$username = trim($_POST['login_username']);
$password = md5(trim($_POST['login_password']));
// lookup user an retrieve id
$user_id = login_username_password($username, $password);
if ($user_id != 0)
{
if(isset($_POST['remember']))
{
setcookie("cookieUN", $username, time()+60*60*24*100);
setcookie("cookiePW", $password, time()+60*60*24*100);
}
$_SESSION['id'] = $user_id;
if(isset($_SESSION['return_page']))
{
$temp = $_SESSION['return_page'];
unset($_SESSION['return_page']);
header("location: " . $temp);
}
else
header("location: main_controller.php");
}
else
header("location: main_controller.php?controller=store&action=login_page&error=2");
}Code: Select all
function logout_store()
{
// Delete cookies
if(isset($_COOKIE['cookieUN']) && isset($_COOKIE['cookiePW']))
{
setcookie("cookieUN", "", time()-60*60*24*100, "/");
setcookie("cookiePW", "", time()-60*60*24*100, "/");
}
else
die('bad');
// Kill session
$_SESSION = array();
//if (isset($_COOKIE[session_name()]))
//setcookie(session_name(), '', time()-42000, '/');
//setcookie('PHPSESSID', '', time()-42000, '/');
//session_destroy();
@session_destroy();
setcookie(session_name('PHPSESSID'), '', time()-42000,'/','.domain.com');
setcookie(session_name('PHPSESSID'), '', time()-42000,'/','domain.com');
setcookie(session_name('PHPSESSID'), '', time()-42000,'/','domain.com');
setcookie(session_name('PHPSESSID'), '', time()-42000,'/');
@session_destroy();
header("location: main_controller.php");
}