|
04-12-2004, 09:56 PM | #1 |
Green Mole
Join Date: Apr 2004
Posts: 1
|
Session Newbie
I am completely new to PHP. I am trying to create a project for myself in which to learn. I have modified a free authentication script to create a small site where my old high school classmates can get contact information and current events. I have everything working but cannot figure out how and where to place the PHP to make session handling work. I want it so that people aren't having to log over and over during the same visit. i've tried every concievable means i can think of to get this to work and it's not happening. any assistance would be much appreciated.
The way my scripts work are this: User logs in here in this html page: <HTML> <HEAD> <TITLE>UNTITLED</TITLE> </HEAD> <LINK href="authorize.css" type=text/css rel=stylesheet> <script src=scripts.js></script> <BODY> <br><br><br> Entrance for registered users, they will be refered to page haha.htm<br> <form action=login.php method=post> <input type=hidden name=entrance> Login<input type=text name=username> Password<input type=password name=password> <input type=submit value=Enter class=button1> </form> <tr> <td> </BODY> </HTML> The user is then sent to this php login page. This page handles many functions of the site updating user data, adding users ect...this particular function being signed into is to display all entries in the database: <LINK href="authorize.css" type=text/css rel=stylesheet> <script src=scripts.js></script> <? require("setup.php"); $link=mysql_connect("", "$dblog", "$dbpass"); if (!$link) die ("Couldn't connect to MySQL"); mysql_select_db("$admin_db",$link) or die (mysql_error(). " : ".mysql_errno()); $referer=getenv("HTTP_REFERER"); if (!ereg("^$admin_url_tmp",$referer)) { echo "<br><br><br><blockquote><p>Please, enter from <a href=$admin_url>$admin_url</a></p></blockquote>"; exit; } mt_srand(time()); //obiazatel'no, inache ne rabotaet r****mally $result = mt_rand(1, 10000)/7; // disable cache // to update user data if (isset($enter)) { include ('header.inc'); include("enter.php"); } //to enter to display database page if (isset($entrance)) { include("entrance.php"); } //to add user if (isset($adduser)) { include ('header.inc'); include ("adduser.php"); } if (isset($show)) //show or remove users { if (($admin_login !=$admin_login_compare) || ($admin_password !=$admin_password_compare)) { print "<br><br><br><blockquote><p>You are not authorized for this action. You must first make a username and password.</p></blockquote>" ; exit; } else include("showusers.php"); } if (isset($forgotlogin)) { include ('header.inc'); include ("forgotlogin.php"); } ?> They are in turn sent to this script: <? $sql = "SELECT *FROM users WHERE login='$username' and password='$password'"; $result = mysql_query($sql) or die("Couldn't execute query."); $num = mysql_numrows($result); if ($num == 1) { $day1=date(d); $month1=date(m); $year1=date(Y); $last_date1=$year1."-".$month1."-".$day1; $lstdate = "update users set last_date='$last_date1' where login='$username'"; $tmp = mysql_query($lstdate) or die("Couldn't execute query"); echo "Hello, $username<br>"; include ("$admin_page"); } else if ($num == 0) { echo "You are not authorized!"; // if user not exist } // exit; ?> |
04-13-2004, 02:06 PM | #2 |
Head Mole
Join Date: May 2003
Posts: 2,539
|
Hi. There are several ways to authenticate users: cookie, session, database, or some combination of these. Each method has some plus or minus to it, but maybe for starters a cookie authentication might be helpful. For every page that you want to protect, just include the script below as the first thing in the page.
If you would rather use sessions, there are some examples here. When your skills improve, you might consider using a combination of methods along with SSL, depending on whether you are looking for more security. The below example offers a basic authentication, and there is a logout script too, both of which you should put to the test. PHP Code:
PHP Code:
__________________
Responses are offered on a voluntary if/as time is available basis, no guarantees. Double posting or bumping threads will not get your question answered any faster. No support via PM or email, responses not guaranteed. Thank you for your comprehension. |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Indexing Password Protected pages (using session variables) | apetersen | How-to Forum | 1 | 03-27-2007 05:18 AM |
Indexing cookie/session authenticated pages | tester | Troubleshooting | 10 | 08-18-2004 10:57 AM |
Version 1.8.0 and session IDs & links | Charter | Mod Submissions | 0 | 01-21-2004 04:04 PM |
getting past session protected pages | theverychap | How-to Forum | 4 | 12-03-2003 06:18 AM |