Page 1 of 1
using $_SESSION in a login script.
Posted: Tue Nov 04, 2008 2:03 pm
by oscardog
Well i have a registration script working fine, and damned close to the login part.
Now currently my script uses 'session_register' but according to my friend, thats been depreciated. If this is the case i need to update my code to use $_SESSION, right?
So. I was looking at it and thinking, is this right:
(something along these lines)
Code: Select all
"Check login details are correct, injections/md5 etc etc"
if they are all fine {
$_SESSION['username'] = "True";
header(location: blabla.php);
}
Just wanting to make sure if i have done that right. Also obv i need to check if that is true on other pages, would it be using the 'isset($_SESSION['username']) (obv with an if)
Buuuut i have set a True variable, on the Session in the login script... Gah im confused Haha! Basically can someone explain what is the right way of going about this, the actual setting the session, and then how to check if it is set. Also is there a way to set a session named from a variable?
Thanks!
Re: using $_SESSION in a login script.
Posted: Tue Nov 04, 2008 2:27 pm
by Jade
Best place to start is the php documentation on sessions:
http://us2.php.net/session
Code: Select all
<?php
//basic login form
session_start();
if ($_POST['submit']) //trying to login
{
//check if login is found in the database
//login is found
if ($found)
{
//save the session value, close it
$_SESSION['member_id'] = $member_id;
session_write_close();
//redirect to their account
header("location: account.php");
}
}
?>
Now once they try to access a member's only page
Code: Select all
<?php
session_start();
if (!$_SESSION['member_id']) //don't have a member id
//of their session has expired
{
//force them to leave the page
header("Location: login.php");
exit;
}
//show the rest of your members only content
?>
Re: using $_SESSION in a login script.
Posted: Tue Nov 04, 2008 4:29 pm
by oscardog
Thanks alot

Re: using $_SESSION in a login script.
Posted: Wed Nov 05, 2008 3:33 pm
by oscardog
Well i just got this working, works fine. Except when i want to check if its set. Say i try to access guild_registration.php without logging in i have the following code:
Code: Select all
<?php session_start(); ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>DOFUS Guildopedia ::: Free guild pages for all UK/International Servers :: Guild Registration for the Guildopedia</title>
</head>
<body>
<?php
include("connection.php");
if (!$_SESSION['username']) {
//Redirect to login page
echo "you are not logged in!";
}
else
{
//FORM HERE
echo "You are logged in!";
}
?>
</body>
</html>
Now this is only to test if the login was working, and if they are logged in it works but if they are not logged in i get the following error:
'Notice: Undefined index: username in /www/1stfreehosting.com/a/s/h/ashpea1/htdocs/guild_registration.php on line 13
you are not logged in'
So how do i stop this from happening?
Re: using $_SESSION in a login script.
Posted: Wed Nov 05, 2008 4:23 pm
by requinix
If you want to check if something has been set use isset(). Makes sense, right?
Code: Select all
if (!isset($_SESSION['username'])) {
Re: using $_SESSION in a login script.
Posted: Wed Nov 05, 2008 6:26 pm
by infolock
Just to add on to this (trying not to be too picky here), but unless you are wanting to set something to boolean (ie $_SESSION['username'] as in your first post), never set it to a string "true". see below
Code: Select all
//correct
$_SESSION['username'] = true;
//incorrect and a total waste of a boolean
$_SESSION['username'] = "true";
true equates faster than "true" due to true being equivalent to 1 (an integer) versus a 4 letter string ("true");
Re: using $_SESSION in a login script.
Posted: Thu Nov 06, 2008 5:45 am
by oscardog
Thanks guys, i used
But thanks
