[PHP] Sessions help please
Hi guys I'm a little confused on how sessions work. ok I use session_start(); to get started I know that but then the manual starts to confuse me with all of the garbled text about passing the SID. How do I tell if it was compiled with transparent SID passing? Also I'm not sure how to use cookies and this is just a small application for private use so I don't mind passing it using urls for this iteration of the project. Also I'm not quite sure how to auctually perserve the variables across pages. Thanks, Bryan
RE: [PHP] Sessions help please
Have a look through the articles and or tutorials that can be found on phpbeginner.com and also phpbuilder.com they will give u a good place to start learning about it all :) -Original Message- From: Bryan McLemore [mailto:Kaelten;worldnet.att.net] Sent: Friday, 25 October 2002 2:19 AM To: PHP - General Subject: [PHP] Sessions help please Hi guys I'm a little confused on how sessions work. ok I use session_start(); to get started I know that but then the manual starts to confuse me with all of the garbled text about passing the SID. How do I tell if it was compiled with transparent SID passing? Also I'm not sure how to use cookies and this is just a small application for private use so I don't mind passing it using urls for this iteration of the project. Also I'm not quite sure how to auctually perserve the variables across pages. Thanks, Bryan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Sessions help Please
Hi guys I'm a little confused on how sessions work. ok I use session_start(); to get started I know that but then the manual starts to confuse me with all of the garbled text about passing the SID. How do I tell if it was compiled with transparent SID passing? Also I'm not sure how to use cookies and this is just a small application for private use so I don't mind passing it using urls for this iteration of the project. Also I'm not quite sure how to auctually perserve the variables across pages. Thanks, Bryan
RE: [PHP] Sessions help Please
have a look on phpbeginner there is a couple of articles/tutorials that explain this also look at previous posts :) -Original Message- From: Bryan McLemore [mailto:Kaelten;worldnet.att.net] Sent: Friday, 25 October 2002 6:39 AM To: PHP - General Subject: [PHP] Sessions help Please Hi guys I'm a little confused on how sessions work. ok I use session_start(); to get started I know that but then the manual starts to confuse me with all of the garbled text about passing the SID. How do I tell if it was compiled with transparent SID passing? Also I'm not sure how to use cookies and this is just a small application for private use so I don't mind passing it using urls for this iteration of the project. Also I'm not quite sure how to auctually perserve the variables across pages. Thanks, Bryan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Sessions help Please
on 25/10/02 6:38 AM, Bryan McLemore ([EMAIL PROTECTED]) wrote: Hi guys I'm a little confused on how sessions work. ok I use session_start(); to get started I know that but then the manual starts to confuse me with all of the garbled text about passing the SID. How do I tell if it was compiled with transparent SID passing? make a ? phpinfo() ? file -- it will explain what PHP was compiled with up the top-ish. Also I'm not sure how to use cookies and this is just a small application for private use so I don't mind passing it using urls for this iteration of the project. By default, sessions will work with cookies (at least every install i've seen)... you don't need to do anything special to get it working. *IF* you are worried about people without cookies not being able to maintain the session, *THEN* passing the SID around in URLs would be the next step. You can do this manually (a lot of work), or... *IF* enable_trans_sid() was compiled (or if you can comile with it), this is the best option, because everything happens transparently... IF the user allows cookies, PHP will use them... if not, PHP will re-write your URLs with the SID in them. Easy. Also I'm not quite sure how to auctually perserve the variables across pages. Assuming PHP = 4.1.1 with register globals OFF, and cookies ALLOWED by your browser OR trans_sid compiled: page 1: ? // maintain or start session session_start(); // assign a few variables to it $_SESSION['favcolor'] = #FFCC99; $_SESSION['name'] = Justin; ? HTML BODY A HREF=page2.phpclick here to see page 2/a /BODY /HTML page 2: ? // maintain or start session session_start(); ? HTML BODY bgcolor=?=$_SESSION['favcolor']? Hi ?=$_SESSION['name']?, hopefully this session carried forward.BR A HREF=page3.phpclick here to see it carried to page 3/a /BODY /HTML page 3: ? // maintain or start session session_start(); ? HTML BODY bgcolor=?=$_SESSION['favcolor']? Hi ?=$_SESSION['name']?, hopefully this session carried forward to the third page. /BODY /HTML Good luck, Justin French -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Sessions help please
Hi, I am going to use sessions to authenticate and protect my pages, this is what I have so far... User logs in via form, this is checked via a SQL call, if the correct username and password are entered I run the following: session_start(); session_register("UserName","Password"); header ("Location: Http://www.domain.com/members/index.php"); The bit where I get lost is 1) how to authenticate this on each page and 2) How to close the session after the browser has closed. I have tried many tutorials etc but none seem to go into great detail in those areas. Anyone know of any decent tutorials or any snippets I can learn from. Thanks -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Sessions help please
[EMAIL PROTECTED] [[EMAIL PROTECTED]] wrote: Hi, I am going to use sessions to authenticate and protect my pages, this is what I have so far... User logs in via form, this is checked via a SQL call, if the correct username and password are entered I run the following: session_start(); session_register("UserName","Password"); You have to register each "field" like this: session_register("UserName"); // register UserName as a session var $UserName = $new_value_for_username; // give UserName session var a new value. session_register("Password"); // register Password as a session var $Password = $new_value_of_password; // give Password session var a new value. Then in the next script, after you do session_start();, you will have access to those previously registered session variables by just using $UserName and $Password. HTH. -- Hardy Merrill Mission Critical Linux, Inc. http://www.missioncriticallinux.com header ("Location: Http://www.domain.com/members/index.php"); The bit where I get lost is 1) how to authenticate this on each page and 2) How to close the session after the browser has closed. I have tried many tutorials etc but none seem to go into great detail in those areas. Anyone know of any decent tutorials or any snippets I can learn from. Thanks -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] Sessions help please
Apologies for the long post. I use this approach: (simplified) at the top of every page, before any HTML. Pop it into an include right at the top. I have not included all the util function e.g. LogQuietAlert() regards Jeff ?php #=== # Initialise session array session_start(); if (!isset($sesh)) { session_register('sesh'); $sesh = array(); } # If they are not logged in - send them to the /login page if ( !$sesh[_loggedin] and !isUtilityPage()) { $sesh[_target] = TopPage($PHP_SELF); # Remember where they were going gotoPage("/login"); } # This is updated by the login function if a login fails # Print it on your page somewhere to let the user know # that their login failed $message = ''; # I leave the action on my FORMs empty, so the user # will return to the same page when they press SUBMIT # $act is the name of the submit button/link etc if ( $act == 'login' ) { if ( !$UserName || !$Password ) { $message = "Missing Username or Password [From: $REMOTE_ADDR]"; } elseif ( login( $UserName, $Password ) ) { srand((double) microtime() * 100); $randval = rand(); setcookie( 'cookUserName', $UserName, time()+(180*86400),'','', 1); # Note that this is a session cookie, not persistant setcookie( 'cookSPID', $randval, 0, '','', 1); $sesh[_cookSPID] = $randval; $sesh[_sslSESH] = $SSL_SESSION_ID; gotoPage($sesh[_target]); } else { $message = "Invalid Username/Password [From: $REMOTE_ADDR]"; } } if (!isUtilityPage()) { # Check that the user is not attempting to spoof the session if ( $sesh[_cookSPID] != $cookSPID) { LogQuietAlert("$PHP_SELF $sesh[_email] at $sesh[_client_id] " . "has a cookSPID mismatch: Attempt to spoof session?BR"); gotoPage("/login"); } } #=== function login( $UserName, $Password ) { # Checks username/password global $sesh, $message, $REMOTE_ADDR; $sesh[_user]= $UserName; $sesh[_loggedin]= 0; $sesh[_user_id] = ''; $sesh[_role]= ''; $sesh[_name]= ''; $sesh[_client_id] = ''; if ( !$UserName or !$Password ) { return 0; } $UserName = strtolower( $UserName ); $sth = runSQL('get_user_login',array( where = "user='$UserName' and password=PASSWORD('MySalt$Password')" )); $rows = mysql_num_rows( $sth ); if (!$rows) { # Invalid UserName/Password - log a quiet alert LogAlert("Login failure: $UserName from $REMOTE_ADDR tried '$Password'BR"); $message = "Invalid username/password [from $REMOTE_ADDR]"; return 0; } $rec = mysql_fetch_array( $sth, MYSQL_ASSOC ); $sesh[_loggedin]= 1; $sesh[_user_id] = $rec[user_id]; $sesh[_email] = $rec[email]; $sesh[_role]= $rec[role]; $sesh[_name]= $rec[name]; $sesh[_client_id] = $rec[client_id]; return 1; } #=== function gotoPage( $page = "/index" ) { header("Location: $page"); exit; # Old browsers get no further! } #=== function isUtilityPage() { global $PHP_SELF; # returns true if this is a utility page # ie index, login, unavailable or error if ( stristr($PHP_SELF, 'login')) return 1; if ( stristr($PHP_SELF, 'index')) return 1; if ( stristr($PHP_SELF, 'unavail')) return 1; if ( stristr($PHP_SELF, 'error')) return 1; if ( stristr($PHP_SELF, 'disclaimer')) return 1; return 0; } #=== ? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]