RE: [PHP] User authentication

Thu, 02 Oct 2003 09:27:14 -0700 

Ok,

I've got a login page that has these funtions to set the userid and
password to session variables....

[code start]
session_start();
        if(!isset($userid)) {
                login_form();
                exit;
}
else {
        session_register("userid", "userpassword");
        $username = auth_user($userid, $userpassword);
        if(!$username) {
                session_unregister("userid");
                session_unregister("userpassword");
                echo "Authorization failed. " . 
                         "You must enter a valid userid and password
combo. " .
                         "Click on the following link to try
again.<BR>\n";
                echo "<A HREF=\"$PHP_SELF\">login</A><BR>";
                echo "If you do not have login, please contact
Operations to obtain one.<br>\n";
                exit;
        }
        else echo "welcome, $username!";
}
[code end]

I then have a simple test page with the following code...

[code start]
<?php
include "./register_functions.php";

if($_SESSION['userid'] == 'bob'){
        Echo $_SESSION['userid'];
        Echo"Access Denied Bobby boy!!!";
        }
        else {
        echo"OK, since it's not Bob, it's ok";
        }
html_footer();
[code end]

The problem is that the $_SESSION['userid'] doesn't return anything on
this page..
Am I not calling the session variable correctly or not storing it
correctly?
In my php.ini I have globals turned off.  Does this effect it?

Thanks,

Jeff


> -----Original Message-----
> From: Dan Joseph [mailto:[EMAIL PROTECTED] 
> Sent: Thursday, October 02, 2003 11:39 AM
> To: php
> Subject: RE: [PHP] User authentication
> 
> 
> Hi,
> 
> > What is stored in the date_out column?  Is that one of the 
> colums in 
> > your own created table or a standard one?
> 
>       That's the SQL table that I use to track sessions.  Its 
> one I created.  I have a functon that does a simple SQL query:
> 
>       SELECT date_out FROM sessions WHERE user_id = 12
> 
>       Then I check to see if if date_out != 0000-00-00 
> 00:00:00 and log them out if it doesn't.  This method is both 
> good and bad.  (1) I have a master log of all user logins.  
> (2) I can force a user to log out.  Overall, it was just more 
> work on the sessions.  I guess I'd recommend this method if 
> you have to keep strong security in mind.
> 
> -Dan Joseph
> 
> -- 
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 
> 

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to