Jake,
it would be helpful if we could see your code.
That said...
first you need to identify what information you need to track in the
sessions, and whether you're going to use php sessions (the $_SESSIONS
array) or build your own mysql based session tracker.
to use php sessions:
you will need some place where you set up/create the sessions. typically
this is the login page. let's assume you'll use the login page. The logic
for the login page goes something like this:
1. present a form for logging in (usually username/password)
2. on post, clean the posted data (remove html, special characters, etc)
3. check the cleaned username/password against the data in the database
4. if the username/password is valid, create your session and assign
variables to it like this:
session_start(); //create the session
$id = session_id(); // create a unique session id
session_register("id"); // register id as a session variable
session_register("name"); // register name as a session variable
session_register("email"); // register email as a session variable
$_SESSION["id"] = $id; // assign the unique session id to session array
$_SESSION["name"] = $data["name"]; // assign the username to session array
$_SESSION["email"] = $data["email"]; // assign additional values (after
regisering them) to session array
5. now either redirect to your main application page, or create another
page with links to that main applicaiton page. In either case every page
where you want to use sessions has to start with:
session_start();
for example:
<?php
session_start();
the rest of your code.
6. I recommend that you add a check to your pages to make sure that the
session is still the right one and it's intact, something like this:
if (!$_SESSION["id"]) // if no session id, return to the login page
{
header ("Refresh: 0; url=login.php"); //or
// header ("location:http://www.mydomain.com/login.php";);
}else{
// the body of your code goes here.
}
7. so with all that the pages you want to access session in should have a
structure similar to:
<?php
session_start();
if (!$_SESSION["id"])
{
header ("Refresh: 0; url=login.php");
}else{
// do all kinds of nifty time card things here
}
?>
Hope this is helpful.
Chris
-----Original Message-----
From: Jake McHenry [mailto:[EMAIL PROTECTED]
Sent: Tuesday, October 14, 2003 4:00 PM
To: [EMAIL PROTECTED]
Subject: [PHP] Sessions Question
Hi everyone,
I've been trying to set up sessions, but have been having problems. I
created an online time clock for my company using php and a mysql
database. It's everything that my boss wanted. The only problem is, he
told me today that he is planning on selling it to our partners. The
actual software and database will reside on my server, but I will give
them their own database.
I started designing it about 2 years ago, and the machine that I was
working on at the time had register_globals=on, so I built my
scripting around that. I didn't know much about php at the time, but
have learned an immense amount since then.
Since a people are now going to be accessing the time clock from
outside my company, I need to turn register_globals off, and turn
sessions on. My problem is that all my variables are declared locally
in the individual files, and are being passed by forms to $PHP_SELF,
and all of the variables and their values can be seen in the address
bar.
This never concerned me while being inside my firewall, since it was
only my employees and I. I knew what was going on.
I've read a lot of documents on the net concerning sessions, but still
can't get it to work right. Whenever I try to go to another page, or
submit a time, it either doesn't work at all, or it works, but the
value that's in the variable is stuck there, and I can't change it
without closing the browser and starting over.
Can someone point me in the right direction here?
Thanks,
Jake McHenry
Nittany Travel MIS Coordinator
http://www.nittanytravel.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
