sessions help

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
ccrevling
Forum Newbie
Posts: 19
Joined: Mon Aug 06, 2007 1:34 pm

sessions help

Post by ccrevling »

So when it comes to sessions i have no idea on what im doing... so if someone can help me i would appreciate it so much.

This is the session.inc.php page i have now

Code: Select all

 
<?php 
if (eregi(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) || eregi(".inc.php",$_SERVER['PHP_SELF'])) {
    echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";
    exit;
}
 
if(($config['offLine']==1 && isset($_SESSION['ccAdmin']) && $config['offLineAllowAdmin']==0) || ($config['offLine']==1 && !isset($_SESSION['ccAdmin']))) {
    header("Location: offLine.php");
    exit;
}
 
$sessData["location"] = $db->mySQLSafe(currentPage());
$lkParsed = "PC9ib2R5Pg==PC9odG1sPg==";
 
if( !isset($_SESSION['ccUser']) && (isset($_COOKIE['ccUser']) || isset($_GET['ccUser'])) ){
 
    if(isset($_COOKIE['ccUser'])){
 
        $_COOKIE['ccUser'] = treatGet($_COOKIE['ccUser']);
        $sessId = base64_decode($_COOKIE['ccUser']);
    
    } elseif(isset($_GET['ccUser'])){
 
        $_GET['ccUser'] = treatGet($_GET['ccUser']);
        $sessId = $_GET['ccUser'];
    
    }
    
    // see if session is still in db
    $query = "SELECT sessId FROM ".$glob['dbprefix']."_sessions WHERE sessId=".$db->mySQLSafe($sessId);
    $results = $db->select($query);
    
    if($results == TRUE){
 
    
        $sessData["timeLast"] = $db->mySQLSafe(time());
        
        if(!isset($_COOKIE['ccRemember'])) { $sessData["customer_id"] = 0; }
        
        $update = $db->update($glob['dbprefix']._sessions", $sessData,"sessId=".$db->mySQLSafe($results[0]['sessId']));
        
        $_SESSION['ccUser'] = $results[0]['sessId'];
        // set cookie to extend expire time meaning if the visitor visits regularly they stay logged in
        setcookie("ccUser", base64_encode($sessId),time()+$config['sqlSessionExpiry'], $sessionDomain);
    
    }
    
}
 
if(!isset($_SESSION['ccUser']) && $results == FALSE) {
    
    
    $sessId = makeSessId();
    $_SESSION['ccUser'] = $sessId;
    
    // insert sessionId into db
    
    $sessData["sessId"] = $db->mySQLSafe($_SESSION['ccUser']);      
    $timeNow = $db->mySQLSafe(time());
    $sessData["timeStart"] = $timeNow;  
    $sessData["timeLast"] = $timeNow;
    $sessData["customer_id"] = 0;
 
    $insert = $db->insert($glob['dbprefix']."_sessions", $sessData);
    
    // set cookie
    setcookie("ccUser", base64_encode($sessId),time()+$config['sqlSessionExpiry'], $sessionDomain);
    
    // delete sessions older than time set in config file
    $expiredSessTime = time() - $config['sqlSessionExpiry'];
    $delete = $db->delete($glob['dbprefix']."_sessions", "timeLast<".$expiredSessTime);
 
} else {
    
    $sessData["timeLast"] = $db->mySQLSafe(time());
 
    $update = $db->update($glob['dbprefix']."_sessions", $sessData,"sessId=".$db->mySQLSafe($_SESSION['ccUser']));
 
}
 
$uniKey = "PGRpdiBjbGFzcz0ndHh0Q29weXJpZ2h0Jz5Qb3dlcmVkIGJ5IDxhIGhyZWY9J2h0dHA6Ly93d3cuY3ViZWNhcnQuY29tJyBjbGFzcz0ndHh0Q29weXJpZ2h0JyB0YXJnZXQ9J19ibGFuayc+Q3ViZUNhcnQ8L2E+JnRyYWRlOzxiciAvPkNvcHlyaWdodCA8YSBocmVmPSdodHRwOi8vd3d3LmRldmVsbGlvbi5jb20nIGNsYXNzPSd0eHRDb3B5cmlnaHQnIHRhcmdldD0nX2JsYW5rJz5EZXZlbGxpb24gTGltaXRlZDwvYT4gMjAwNi4gQWxsIHJpZ2h0cyByZXNlcnZlZC48L2Rpdj48L2JvZHk+";
$uniKey2 = "TG9jYXRpb246IGh0dHA6Ly93d3cuY3ViZWNhcnQuY29tL3NpdGUvcHVyY2hhc2Uv";
 
 
// get userdata
$query = "SELECT * FROM ".$glob['dbprefix']."_sessions LEFT JOIN ".$glob['dbprefix']."_customer ON ".$glob['dbprefix']."_sessions.customer_id = ".$glob['dbprefix']."_customer.customer_id WHERE sessId = ".$db->mySQLSafe($_SESSION['ccUser']);
$ccUserData = $db->select($query);
 
// We have a session issue :-/ (e.g. session but no matching DB value)
if($ccUserData==FALSE)
{
    // reset session and reload current page
    unset($_SESSION['ccUser'],$_COOKIE['ccUser'],$_COOKIE['ccRemember']);
    header("Location: ".str_replace("&","&",currentPage()));
    exit;
}
?>
 
now how would i make a login for this? the one i tried to make doesnt exacltly work for it...

Code: Select all

<?php
if($_GET['p']=="R" && isset($_POST['Email']) && isset($_POST['Password'])){
    
    $query = "SELECT customer_id FROM ".$glob['dbprefix']."_customer WHERE email='".$_POST['Email']."' AND password = '".EncPas($_POST['password'], "Both")."'";
    
    $customer = $db->select($query);
    
    if($customer[0]['customer_id']>0) {
                
            $customerData["customer_id"] = "'".$customer[0]['customer_id']."'";
            $update = $db->update($glob['dbprefix']."_sessions", $customerData,"sessId='".$customer[0]['customer_id']."'");
            
            if($_POST['remember']==1){
                setcookie("ccRemember","1",time()+$config['sqlSessionExpiry'], $GLOBALS['rootRel']);
            }
            
            // redirect
            // "login","reg","unsubscribe","forgotPass"
            if($_SESSION['ccUser']){
                
                header("Location: index.php?p=H");
                exit;
            
            } else {
    
            
            }       
    }
}?>
///////////FORM 
<form action="" method="post" enctype="multipart/form-data" class="login">
    <table width="98.5%" style="float:left;">
     <tr>
      <td><strong>E-Mail:</strong></td>
     </tr>
     <tr>
      <td><input type="text" name="Email" size="30" class="textbox" value="<?php if($_COOKIE['email']==TRUE){ echo $_COOKIE['email']; } ?>" /></td>
     </tr>
     <tr>
      <td>
        <strong>Password:</strong>
      </td>
     </tr>
     <tr>
      <td><input type="password" name="Password" size="15" class="textbox" value="" /></td>
     </tr>
     <tr>
      <td> <strong style="font-size:10px">Remember Me&nbsp;</strong>
        <input name="remember" type="checkbox" value="1" <?php if($_COOKIE['remember']){ echo "checked"; } ?> /><br />
        <center><input name="submit" type="submit" value="Login" class="submit" /> -Or- <a href="index.php?p=L&m=Fl" class="txtSession">Forgot Login?</a></center></td>
     </tr>
     <tr>
      <td>
        
      </td>
     </tr>
     </table>
</form>
 
 
 
Post Reply