Session Problems

**hoopy** · Jul 18 '09, 03:13 AM

Hi,

First off, session_is_regi stered, is deprecated, so should not really be used.

You can use the $_SESSION variables to store if the user has authenticated. Consider this very basic example:

login.php

Code:

<form action="auth.php" method="post">
U: <input type="text" name="username"><br />
P: <input type="password" name="password"><br />
<input type="submit" name="submit">
</form>

auth.php

Code:

<?
session_start();
if( $_POST['username'] == "test" && $_POST['password'] == "test" )
{
  $_SESSION['authenticated'] = 1;
  header("Location: menu.php");
} else {
  header("Location: login.php");
}
?>

menu.php

Code:

<?
session_start();
if(!isset($_SESSION['authenticated']))
{
  // not authenticated redirect
  header("location: login.php");
  exit();
}
// get here we OK.
// display menu, etc. 
echo ("Hello, you are authenticated..");
?>

So login.php is pretty much just a form which points to auth.php. auth.php starts a session and then checks if the username and pass match that of "test". If not then it redirects back to login.php. If a match occurs it sets the session variable $_SESSION['authenticated'] to 1 and then redirects to what would be your menu page. On menu.php the session is started and a check is made to ensure the session variable $_SESSION['authenticated'] has been set. If not then the user has not authenticated so it redirects back to login.php. If it does exist you are good to display your menu.

This is a very basic example but playing around with it should point you in the right direction.

Best of luck.

**PHPstarter** · Jul 18 '09, 03:30 AM

Thanks a lot for your answer, I will look more into it this way now that you pointed me in the right direction.

- -

**PHPstarter** · Jul 18 '09, 04:29 AM

[sorry for double posting]

I tried to get my own login script that logs in the user via MySQL to link to the auth.php, but I was wondering how I could implement it into the mysql login script?

logincheck.php

Code:

<?php
ob_start();
$host="localhost"; 		// Host name
$username="--------"; 	// Mysql username
$password="---------"; 	// Mysql password
$db_name="-------------"; 	// Database name
$tbl_name="-----------"; 		// Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// Define $username and $password
$username=$_POST['username'];
$password=$_POST['password'];

// To protect MySQL injection (more detail about MySQL injection)
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);

$sql="SELECT * FROM $tbl_name WHERE username='$username' and password='$password'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $username and $password, table row must be 1 row

[I]if($count==1){
// Register $username, $password and redirect to file "menu.php"
session_register("username");
session_register("password");
header("location: menu.php");
}
else {
header( "Location: login.php" );
}[/I]

ob_end_flush();
?>

Now I tried to implement it where i marked the text in italics as:

Code:

if($count==1){
// Register $username, $password and redirect to file "boelogin=yes.html"
session_register("username");
session_register("password");
session_start();
$_SESSION['authenticated'] = 1;
header("location: boelogin=yes.html");
}
else {
header( "Location: badlogin=user.html" );
}

and also:

if($count==1){
// Register $username, $password and redirect to file "menu.php"
session_start();
session_register("username");
session_register("password");
$_SESSION['authenticated'] = 1;
header("location: menu.php");
}
else {
header( "Location: login.php" );
}

But nothing prevailed :/
So any ideas to this?

**Dormilich** · Jul 18 '09, 09:19 AM

first, session_registe r() is also deprecated. you just need to implement the authentication as used in post #2 only that you have this time a slightly different if condition. everything else stays the same.

Session Problems

Session Problems

Comment

Comment

Comment

Comment