using $_SESSION in a login script.

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
oscardog
Forum Contributor
Posts: 245
Joined: Thu Oct 23, 2008 4:43 pm

using $_SESSION in a login script.

Post by oscardog »

Well i have a registration script working fine, and damned close to the login part.

Now currently my script uses 'session_register' but according to my friend, thats been depreciated. If this is the case i need to update my code to use $_SESSION, right?

So. I was looking at it and thinking, is this right:
(something along these lines)

Code: Select all

 
"Check login details are correct, injections/md5 etc etc"
 
if they are all fine {
$_SESSION['username'] = "True";
header(location: blabla.php);
}
 
Just wanting to make sure if i have done that right. Also obv i need to check if that is true on other pages, would it be using the 'isset($_SESSION['username']) (obv with an if)

Buuuut i have set a True variable, on the Session in the login script... Gah im confused Haha! Basically can someone explain what is the right way of going about this, the actual setting the session, and then how to check if it is set. Also is there a way to set a session named from a variable?

Thanks!
User avatar
Jade
Forum Regular
Posts: 908
Joined: Sun Dec 29, 2002 5:40 pm
Location: VA

Re: using $_SESSION in a login script.

Post by Jade »

Best place to start is the php documentation on sessions: http://us2.php.net/session

Code: Select all

 
<?php
//basic login form
session_start();
 
if ($_POST['submit']) //trying to login
{
      //check if login is found in the database
 
     //login is found
     if ($found)
     {
       //save the session value, close it
       $_SESSION['member_id'] = $member_id;
       session_write_close();
 
       //redirect to their account
       header("location: account.php");
      }
}
?>
 
Now once they try to access a member's only page

Code: Select all

 
<?php
session_start();
 
if (!$_SESSION['member_id']) //don't have a member id
                                       //of their session has expired
{ 
    //force them to leave the page
    header("Location: login.php");
    exit;
}
 
//show the rest of your members only content
?>
 
oscardog
Forum Contributor
Posts: 245
Joined: Thu Oct 23, 2008 4:43 pm

Re: using $_SESSION in a login script.

Post by oscardog »

Thanks alot :)
oscardog
Forum Contributor
Posts: 245
Joined: Thu Oct 23, 2008 4:43 pm

Re: using $_SESSION in a login script.

Post by oscardog »

Well i just got this working, works fine. Except when i want to check if its set. Say i try to access guild_registration.php without logging in i have the following code:

Code: Select all

<?php session_start(); ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>DOFUS Guildopedia ::: Free guild pages for all UK/International Servers :: Guild Registration for the Guildopedia</title>
</head>
 
<body>
<?php
include("connection.php");
 
if (!$_SESSION['username']) {
//Redirect to login page
echo "you are not logged in!";
}
else
{
//FORM HERE
echo "You are logged in!";
}
?> 
</body>
</html>
 
Now this is only to test if the login was working, and if they are logged in it works but if they are not logged in i get the following error:

'Notice: Undefined index: username in /www/1stfreehosting.com/a/s/h/ashpea1/htdocs/guild_registration.php on line 13
you are not logged in'

So how do i stop this from happening?
User avatar
requinix
Spammer :|
Posts: 6617
Joined: Wed Oct 15, 2008 2:35 am
Location: WA, USA

Re: using $_SESSION in a login script.

Post by requinix »

Code: Select all

if (!$_SESSION['username']) {
If you want to check if something has been set use isset(). Makes sense, right?

Code: Select all

if (!isset($_SESSION['username'])) {
User avatar
infolock
DevNet Resident
Posts: 1708
Joined: Wed Sep 25, 2002 7:47 pm

Re: using $_SESSION in a login script.

Post by infolock »

Just to add on to this (trying not to be too picky here), but unless you are wanting to set something to boolean (ie $_SESSION['username'] as in your first post), never set it to a string "true". see below

Code: Select all

 
//correct
$_SESSION['username'] = true;
 
//incorrect and a total waste of a boolean
 $_SESSION['username'] = "true";
 
true equates faster than "true" due to true being equivalent to 1 (an integer) versus a 4 letter string ("true");
oscardog
Forum Contributor
Posts: 245
Joined: Thu Oct 23, 2008 4:43 pm

Re: using $_SESSION in a login script.

Post by oscardog »

Thanks guys, i used

Code: Select all

$_SESSION['username'] = $username
But thanks :)
Post Reply