[PHP] Sessions help please

2002-10-24 Thread Bryan McLemore
Hi guys I'm a little confused on how sessions work.  ok I  use session_start(); to get 
started I know that but then the manual starts to confuse me with all of the garbled 
text about passing the SID.  How do I tell if it was compiled with transparent SID 
passing?  

Also I'm not sure how to use cookies and this is just a small application for private 
use so I don't mind passing it using urls for this iteration of the project.  

Also I'm not quite sure how to auctually perserve the variables across pages.

Thanks,
Bryan



RE: [PHP] Sessions help please

2002-10-24 Thread Peter Houchin
Have a look through the articles and or tutorials that can be found on
phpbeginner.com and also phpbuilder.com they will give u a good place to
start learning about it all :)

 -Original Message-
 From: Bryan McLemore [mailto:Kaelten;worldnet.att.net]
 Sent: Friday, 25 October 2002 2:19 AM
 To: PHP - General
 Subject: [PHP] Sessions help please


 Hi guys I'm a little confused on how sessions work.  ok I  use
 session_start(); to get started I know that but then the manual
 starts to confuse me with all of the garbled text about passing
 the SID.  How do I tell if it was compiled with transparent SID passing?

 Also I'm not sure how to use cookies and this is just a small
 application for private use so I don't mind passing it using urls
 for this iteration of the project.

 Also I'm not quite sure how to auctually perserve the variables
 across pages.

 Thanks,
 Bryan



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




[PHP] Sessions help Please

2002-10-24 Thread Bryan McLemore
Hi guys I'm a little confused on how sessions work.  ok I  use session_start(); to get 
started I know that but then the manual starts to confuse me with all of the garbled 
text about passing the SID.  How do I tell if it was compiled with transparent SID 
passing?  

Also I'm not sure how to use cookies and this is just a small application for private 
use so I don't mind passing it using urls for this iteration of the project.  

Also I'm not quite sure how to auctually perserve the variables across pages.

Thanks,
Bryan




RE: [PHP] Sessions help Please

2002-10-24 Thread Peter Houchin
have a look on phpbeginner there is a couple of articles/tutorials that
explain this also look at previous posts :)

 -Original Message-
 From: Bryan McLemore [mailto:Kaelten;worldnet.att.net]
 Sent: Friday, 25 October 2002 6:39 AM
 To: PHP - General
 Subject: [PHP] Sessions help Please


 Hi guys I'm a little confused on how sessions work.  ok I  use
 session_start(); to get started I know that but then the manual
 starts to confuse me with all of the garbled text about passing
 the SID.  How do I tell if it was compiled with transparent SID passing?

 Also I'm not sure how to use cookies and this is just a small
 application for private use so I don't mind passing it using urls
 for this iteration of the project.

 Also I'm not quite sure how to auctually perserve the variables
 across pages.

 Thanks,
 Bryan




-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




Re: [PHP] Sessions help Please

2002-10-24 Thread Justin French
on 25/10/02 6:38 AM, Bryan McLemore ([EMAIL PROTECTED]) wrote:

 Hi guys I'm a little confused on how sessions work.  ok I  use
 session_start(); to get started I know that but then the manual starts to
 confuse me with all of the garbled text about passing the SID.  How do I tell
 if it was compiled with transparent SID passing?

make a ? phpinfo() ? file -- it will explain what PHP was compiled with up
the top-ish.


 Also I'm not sure how to use cookies and this is just a small application for
 private use so I don't mind passing it using urls for this iteration of the
 project.  

By default, sessions will work with cookies (at least every install i've
seen)... you don't need to do anything special to get it working.  *IF* you
are worried about people without cookies not being able to maintain the
session, *THEN* passing the SID around in URLs would be the next step.  You
can do this manually (a lot of work), or...

*IF* enable_trans_sid() was compiled (or if you can comile with it), this is
the best option, because everything happens transparently... IF the user
allows cookies, PHP will use them... if not, PHP will re-write your URLs
with the SID in them.

Easy.



 Also I'm not quite sure how to auctually perserve the variables across pages.

Assuming PHP = 4.1.1 with register globals OFF, and cookies ALLOWED by your
browser OR trans_sid compiled:

page 1:

?
// maintain or start session
   session_start();
// assign a few variables to it
   $_SESSION['favcolor'] = #FFCC99;
   $_SESSION['name'] = Justin;
?
HTML
   BODY
  A HREF=page2.phpclick here to see page 2/a
   /BODY
/HTML


page 2:

?
// maintain or start session
session_start();
?
HTML
   BODY bgcolor=?=$_SESSION['favcolor']?
  Hi ?=$_SESSION['name']?, hopefully this session carried forward.BR
  A HREF=page3.phpclick here to see it carried to page 3/a
   /BODY
/HTML


page 3:

?
// maintain or start session
session_start();
?
HTML
   BODY bgcolor=?=$_SESSION['favcolor']?
  Hi ?=$_SESSION['name']?, hopefully this session carried forward to
the third page.
   /BODY
/HTML


Good luck,


Justin French


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




[PHP] Sessions help please

2001-03-21 Thread KPortsmout

Hi,

I am going to use sessions to authenticate and protect my pages, this is what 
I have so far...

User logs in via form, this is checked via a SQL call, if the correct 
username and password are entered I run the following:

session_start();
session_register("UserName","Password");
header ("Location: Http://www.domain.com/members/index.php");

The bit where I get lost is 1) how to authenticate this on each page and 2) 
How to close the session after the browser has closed. I have tried many 
tutorials etc but none seem to go into great detail in those areas. Anyone 
know of any decent tutorials or any snippets I can learn from.

Thanks

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




Re: [PHP] Sessions help please

2001-03-21 Thread Hardy Merrill

[EMAIL PROTECTED] [[EMAIL PROTECTED]] wrote:
 Hi,
 
 I am going to use sessions to authenticate and protect my pages, this is what 
 I have so far...
 
 User logs in via form, this is checked via a SQL call, if the correct 
 username and password are entered I run the following:
 
 session_start();
 session_register("UserName","Password");

You have to register each "field" like this:

  session_register("UserName");   // register UserName as a session var
  $UserName = $new_value_for_username; // give UserName session var a
  new value.
  session_register("Password");   // register Password as a session var
  $Password = $new_value_of_password; // give Password session var a
 new value.

Then in the next script, after you do session_start();, you
will have access to those previously registered session
variables by just using $UserName and $Password.

HTH.

-- 
Hardy Merrill
Mission Critical Linux, Inc.
http://www.missioncriticallinux.com

 header ("Location: Http://www.domain.com/members/index.php");
 
 The bit where I get lost is 1) how to authenticate this on each page and 2) 
 How to close the session after the browser has closed. I have tried many 
 tutorials etc but none seem to go into great detail in those areas. Anyone 
 know of any decent tutorials or any snippets I can learn from.
 
 Thanks
 
 -- 
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 To contact the list administrators, e-mail: [EMAIL PROTECTED]

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




RE: [PHP] Sessions help please

2001-03-21 Thread Jeff Armstrong

Apologies for the long post.

I use this approach: (simplified) at the top of every page,
before any HTML. Pop it into an include right at the top.
I have not included all the util function e.g. LogQuietAlert()


regards
Jeff

?php
#===

# Initialise session array
session_start();
if (!isset($sesh)) {
  session_register('sesh');
  $sesh = array();
}

# If they are not logged in - send them to the /login page
if ( !$sesh[_loggedin]  and !isUtilityPage()) {
  $sesh[_target] = TopPage($PHP_SELF); # Remember where they were going
  gotoPage("/login");
}

# This is updated by the login function if a login fails
# Print it on your page somewhere to let the user know
# that their login failed
$message = '';

# I leave the action on my FORMs empty, so the user
# will return to the same page when they press SUBMIT
# $act is the name of the submit button/link etc
if ( $act == 'login' ) {
  if ( !$UserName || !$Password ) {
$message = "Missing Username or Password [From: $REMOTE_ADDR]";
  } elseif ( login( $UserName, $Password ) ) {
srand((double) microtime() * 100);
$randval = rand();
setcookie( 'cookUserName', $UserName, time()+(180*86400),'','', 1);
# Note that this is a session cookie, not persistant
setcookie( 'cookSPID', $randval, 0, '','', 1);
$sesh[_cookSPID]  = $randval;
$sesh[_sslSESH]   = $SSL_SESSION_ID;
gotoPage($sesh[_target]);
  } else {
$message = "Invalid Username/Password [From: $REMOTE_ADDR]";
  }
}

if (!isUtilityPage()) {
  # Check that the user is not attempting to spoof the session
  if ( $sesh[_cookSPID] != $cookSPID) {
LogQuietAlert("$PHP_SELF $sesh[_email] at $sesh[_client_id] "
  . "has a cookSPID mismatch: Attempt to spoof session?BR");
gotoPage("/login");
  }
}

#===

function login( $UserName, $Password ) {
  # Checks username/password
  global $sesh, $message, $REMOTE_ADDR;

  $sesh[_user]= $UserName;
  $sesh[_loggedin]= 0;
  $sesh[_user_id] = '';
  $sesh[_role]= '';
  $sesh[_name]= '';
  $sesh[_client_id]   = '';

  if ( !$UserName or !$Password ) {
return 0;
  }

  $UserName = strtolower( $UserName );
  $sth = runSQL('get_user_login',array(
where =   "user='$UserName' and
password=PASSWORD('MySalt$Password')"
  ));

  $rows = mysql_num_rows( $sth );
  if (!$rows) {
# Invalid UserName/Password - log a quiet alert
LogAlert("Login failure: $UserName from $REMOTE_ADDR tried
'$Password'BR");
$message = "Invalid username/password [from $REMOTE_ADDR]";
return 0;
  }
  $rec = mysql_fetch_array( $sth, MYSQL_ASSOC );

  $sesh[_loggedin]= 1;
  $sesh[_user_id] = $rec[user_id];
  $sesh[_email]   = $rec[email];
  $sesh[_role]= $rec[role];
  $sesh[_name]= $rec[name];
  $sesh[_client_id]   = $rec[client_id];

  return 1;
}

#===

function gotoPage( $page = "/index" ) {
   header("Location: $page");
   exit; # Old browsers get no further!
}
#===

function isUtilityPage() {
  global $PHP_SELF;
  # returns true if this is a utility page
  # ie index, login, unavailable or error
  if ( stristr($PHP_SELF, 'login'))   return 1;
  if ( stristr($PHP_SELF, 'index'))   return 1;
  if ( stristr($PHP_SELF, 'unavail')) return 1;
  if ( stristr($PHP_SELF, 'error'))   return 1;
  if ( stristr($PHP_SELF, 'disclaimer'))  return 1;
  return 0;
}
#===

?


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]