-----------------------------
I have an external script (functions.enc.php) that has a logged_in() function that I want to check whether a user is logged in. Since I'm using sessions, when a user logs in, the session var "logged_in" is set to "1", "em_id" is set to the user's username, and I set the database value "session_id" equal to md5($session_id) . md5($_SERVER['HTTP_USER_AGENT']).
Inside functions.enc.php, I have the following:
Code: Select all
function logged_in($aEmployee)
{
global $db;
$result = 0;
if($_SESSION['logged_in'] == 1)
{
$checkSessionID_q = "SELECT session_id FROM employees WHERE em_id='$aEmployee'";
$checkSessionID = $db->get_var($checkSessionID_q);
$session_id = session_id();
$thissSessionID = md5($session_id) . md5($_SERVER['HTTP_USER_AGENT']);
if($thisSessionID == $checkSessionID)
{
$result = 1;
}
}
return $result;
}