question about sessions

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

beginner123
Forum Commoner
Posts: 70
Joined: Fri Feb 24, 2012 9:56 am

question about sessions

Post by beginner123 »

This topic moved to PHP - Code forum by moderator. You are asking a question about PHP coding, not Security.
not sure if this is in the right section but since sessions are about security I thought this is the right place.
anyway I'm making a forum and everthing is working fine but I need to add sessions and I'm not sure where exactly to put the sessions :?
does it need to go in the sign in and sign out pages?
i have this code for the sessions:

Code: Select all

//creating session
session_start();  
if(isset($_SESSION['views']))
    $_SESSION['views'] = $_SESSION['views']+ 1;
else
    $_SESSION['views'] = 1;
echo "views = ". $_SESSION['views']; 

//ending session
session_start();  
if(isset($_SESSION['cart']))
    unset($_SESSION['cart']); 
I can post the any code if you need to see it
User avatar
requinix
Spammer :|
Posts: 6617
Joined: Wed Oct 15, 2008 2:35 am
Location: WA, USA

Re: question about sessions

Post by requinix »

Normally you use sessions to do something, not just have sessions for the sake of having sessions.

So what are you trying to do with them?
beginner123
Forum Commoner
Posts: 70
Joined: Fri Feb 24, 2012 9:56 am

Re: question about sessions

Post by beginner123 »

i need them so when a person signs in then closes the forum they shouldn't still be signed in. I want it to sign them out automatically
User avatar
requinix
Spammer :|
Posts: 6617
Joined: Wed Oct 15, 2008 2:35 am
Location: WA, USA

Re: question about sessions

Post by requinix »

Store whatever information you need (like the username) in the session. Unless configured otherwise the session will be destroyed* when the user closes the browser.
If the information is there then you use it to know who's logged in and whatever. If not then you force them to log in. Thus you do this checking stuff whenever you need to know who the current user is - which should be just about everywhere.

* Technically no but effectively yes.
beginner123
Forum Commoner
Posts: 70
Joined: Fri Feb 24, 2012 9:56 am

Re: question about sessions

Post by beginner123 »

ok how do i store the username in a session? I just have start_session; in the signin page and session_start; session_destory in the signout page
I took out the code about the number of views
heres my sign in page:

Code: Select all

<?php 
session_start();  

//signin.php
include 'connect.php';
include 'header.php';

echo '<h3>Sign in</h3><br />';

//first, check if the user is already signed in
if(isset($_SESSION['signed_in']) && $_SESSION['signed_in'] == true)
{
	echo 'You are already signed in, you can <a href="signout.php">sign out</a> if you want.';
}
else
{
	if($_SERVER['REQUEST_METHOD'] != 'POST')
	{
		//the form hasn't been posted yet, display it
		echo '<form method="post" action="">
			Enter Username: <input type="text" name="userName" /><br />
			Enter Password: <input type="password" name="userPassword"><br /><br/>
			<input type="submit" value="Sign in" />
		 </form>';
	}
	else
	{
		$errors = array(); // declare the array for the errors
		
		if(!isset($_POST['userName']))
		{
			$errors[] = 'The username field must not be empty.';
		}
		
		if(!isset($_POST['userPassword']))
		{
			$errors[] = 'The password field must not be empty.';
		}
		
		if(!empty($errors)) 
		{
			echo 'A couple of fields are not filled in correctly<br /><br />';
			echo '<ul>';
			foreach($errors as $key => $value) //check array
			{
				echo '<li>' . $value . '</li>'; //make error list
			}
			echo '</ul>';
		}
		else
		{
			//mysql_real_escape_string is to keep the data save
			//the sha1 function hashes the password
			$sql = "SELECT 
					userID,
					userName,
					userLevel
					FROM
						users
					WHERE
						userName = '" . mysql_real_escape_string($_POST['userName']) . "' 
					AND
						userPassword = '" . sha1($_POST['userPassword']) . "'";
						
			$result = mysql_query($sql);
			if(!$result)
			{
				echo 'Something went wrong while signing in. Please try again later.';
				//echo mysql_error(); 
			}
			else
			{
				//the query returned an empty result so the data was wrong
				if(mysql_num_rows($result) == 0)
				{
					echo 'You have supplied a wrong user/password combination. <a href="signin.php">Please try again</a>.';
				
				}
				
				else
				{
					//sign in successful
					$_SESSION['signed_in'] = true;
					
					while($row = mysql_fetch_assoc($result))
					{
						$_SESSION['userID'] 	= $row['userID'];
						$_SESSION['userName'] 	= $row['userName'];
						$_SESSION['userLevel'] = $row['userLevel'];
					}
					if($_SESSION['userLevel'] == 1 || $_SESSION['userLevel'] == 0) //can only sign in if they are admin or normal user
					{
					echo 'Welcome, ' . $_SESSION['userName'] . '. <br /><a href="index.php">Return to home page</a>.<br/>';
					}
					
					else
					{
						//the userLevel is 3 which means they are banned
						$_SESSION['signed_in'] = NULL;
						//the user is banned - can't sign in
						echo 'You have been banned from this forum. You can no longer make topics or posts';
						
					}
					
				}
			
			}
		}
	}
}

include 'footer.php';
?>
and sign out page:

Code: Select all

<?php 
session_start;
session_destory;
//signout.php
include 'connect.php';
include 'header.php';

echo '<h2>Sign out</h2>';

//check if user is signed in first
if($_SESSION['signed_in'] == true)
{
	//all variables to null to sign out
	$_SESSION['signed_in'] = NULL;
	$_SESSION['userName'] = NULL;
	$_SESSION['userID']   = NULL;

	echo 'Succesfully signed out, thank you for visiting.';

}
else
{
	echo 'You are not signed in. Would you <a href="signin.php">like to</a>?';
}
include 'footer.php';


?>
User avatar
Celauran
Moderator
Posts: 6425
Joined: Tue Nov 09, 2010 2:39 pm
Location: Montreal, Canada

Re: question about sessions

Post by Celauran »

It's session_start(), not session_start, and it's session_destroy(), not session_destory
beginner123
Forum Commoner
Posts: 70
Joined: Fri Feb 24, 2012 9:56 am

Re: question about sessions

Post by beginner123 »

ok thanks but it doesn't work. I got this message:
Fatal error: Call to undefined function session_destory() in C:\wamp\www\project\signout.php on line 3
User avatar
Celauran
Moderator
Posts: 6425
Joined: Tue Nov 09, 2010 2:39 pm
Location: Montreal, Canada

Re: question about sessions

Post by Celauran »

Because it's destroy, not destory
beginner123
Forum Commoner
Posts: 70
Joined: Fri Feb 24, 2012 9:56 am

Re: question about sessions

Post by beginner123 »

thanks what a stupid mistake :lol:
but its still doesn't sign the user out when I close the forum
User avatar
califdon
Jack of Zircons
Posts: 4484
Joined: Thu Nov 09, 2006 8:30 pm
Location: California, USA

Re: question about sessions

Post by califdon »

Are you saying that you are logging their status in a database? Do you have a reason for doing that?
beginner123
Forum Commoner
Posts: 70
Joined: Fri Feb 24, 2012 9:56 am

Re: question about sessions

Post by beginner123 »

I'm not sure what you mean. I just want to start a session when a user signs in and end it when the user logs off or exits the website
User avatar
califdon
Jack of Zircons
Posts: 4484
Joined: Thu Nov 09, 2006 8:30 pm
Location: California, USA

Re: question about sessions

Post by califdon »

beginner123 wrote: its still doesn't sign the user out when I close the forum
That sounded to me like you might be maintaining their status in a database. If you're not doing that, what is it that causes you to think that they are still "logged in" after they have closed their browser? Are you using a client-side cookie to store their login status? The session on the server is effectively ended if they close their browser, because the next time they attempt to connect, it will be a different session.
beginner123
Forum Commoner
Posts: 70
Joined: Fri Feb 24, 2012 9:56 am

Re: question about sessions

Post by beginner123 »

I know they are still logged in because I have a userbar that says hello 'username' when somone signs in. When I exit the website then go back in it still says hello 'username'. I didn't write any code for cookies so I don't ifs its storing their login status
User avatar
Celauran
Moderator
Posts: 6425
Joined: Tue Nov 09, 2010 2:39 pm
Location: Montreal, Canada

Re: question about sessions

Post by Celauran »

Are you closing the browser tab (session is still alive) or closing the browser altogether (session dies)?
beginner123
Forum Commoner
Posts: 70
Joined: Fri Feb 24, 2012 9:56 am

Re: question about sessions

Post by beginner123 »

i want to kill the session for both
Post Reply