PHP keeping session alive after returning to index [SOLVED]
Posted: Mon Aug 13, 2007 12:21 pm
I have my authentication included in the index page. At the top of the index page I have ob_start(); Then, after the beginning of my html I call my authentication script. here's a snippet from index.php on where that is called:
this is authentication.php
And all of this works correctly and as per my requirements. After the user is authenticated and the session starts, the HTML loads and shows the related data.
Here is my problem:
I want the user to be able to navigate to other pages (as long as the session is valid) but if I come back to this original page, the user is prompted again to login. I have looked around this site some but cannot find a way to make sure the session stays alive through all the pages. Do I have to rewrite how the session is established or is there a value I can store in the session that will accomplish this?
This is the first real authentication I've written so I could be doing this all wrong. If there's a way I could do this better please also let me know, I am very much open to suggestion. I saw on this post viewtopic.php?t=24789 the use of session_set_cookie_params(0, '/', '.foo.com'); before the session is began, but I am unsure how to incorporate that into my script or if it is necessary to set any cookies.
Thank you in advance
Code: Select all
<?
//authenticate correctly and get a session
include("includes/authentication.php");
if(isset($_SESSION['valid']))
{
//diffuse site IDs - nothing to do with authentication
include('includes/site_breakdown.php');
?>
<div style="margin: 15px 0px 15px 0px; background-color: #eee; border: 1px solid #ddd; padding: 5px;">
<span style="float: left;">Welcome, <?=$styled_site;?>.</span>Code: Select all
<?
if ($_POST['user']!=NULL)
{
$user = md5($_POST['user']);
$pass = md5($_POST['pass']);
$result = mysql_query("select * from table where username = '" . $user . "' AND password = '". $pass ."'", $localhost);
$row=mysql_fetch_assoc($result);
if ($row['username']!=NULL && $row['site']!=NULL)
{
$val=1;
session_start();
$_SESSION['valid'] = 1;
$_SESSION['site'] = $row['site'];
ob_end_flush();
}
else if ($row['username']==NULL)
{
echo("<p>Invalid login, please try again.</p>");
}
else if ($row['site']=="" || $row['site']==NULL)
{
echo("<p>Your username is not associated with a site, please contact the system administrator or try again.</p>");
}
else
{
echo("<p>Invalid login, please try again.</p>");
}
}
else
{
if ($val!=1)
{
?>
<form action="" method="POST">
<p>Please log into the ProCare Customer Portal.</p>
<p>Username: <input type="text" name="user" size="20" /></p>
<p>Password: <input type="password" name="pass" size="20" /></p>
<p><input type="Submit" /></p>
</form>
<?
}
else
{
echo("<p>Invalid login, please try again.</p>");
$val=0;
}
}
?>Here is my problem:
I want the user to be able to navigate to other pages (as long as the session is valid) but if I come back to this original page, the user is prompted again to login. I have looked around this site some but cannot find a way to make sure the session stays alive through all the pages. Do I have to rewrite how the session is established or is there a value I can store in the session that will accomplish this?
This is the first real authentication I've written so I could be doing this all wrong. If there's a way I could do this better please also let me know, I am very much open to suggestion. I saw on this post viewtopic.php?t=24789 the use of session_set_cookie_params(0, '/', '.foo.com'); before the session is began, but I am unsure how to incorporate that into my script or if it is necessary to set any cookies.
Thank you in advance