One quick note - if you're starting a session then you can't user the header() function afterwards. You'll get the lovel "headers already sent" error.
Be sure to use an alternate method of redirection if you're starting a session before your redirect logic takes place. -M -----Original Message----- From: Chris Hubbard [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 14, 2003 9:24 PM To: [EMAIL PROTECTED] Subject: RE: [PHP] Sessions Question Jake, it would be helpful if we could see your code. That said... first you need to identify what information you need to track in the sessions, and whether you're going to use php sessions (the $_SESSIONS array) or build your own mysql based session tracker. to use php sessions: you will need some place where you set up/create the sessions. typically this is the login page. let's assume you'll use the login page. The logic for the login page goes something like this: 1. present a form for logging in (usually username/password) 2. on post, clean the posted data (remove html, special characters, etc) 3. check the cleaned username/password against the data in the database 4. if the username/password is valid, create your session and assign variables to it like this: session_start(); //create the session $id = session_id(); // create a unique session id session_register("id"); // register id as a session variable session_register("name"); // register name as a session variable session_register("email"); // register email as a session variable $_SESSION["id"] = $id; // assign the unique session id to session array $_SESSION["name"] = $data["name"]; // assign the username to session array $_SESSION["email"] = $data["email"]; // assign additional values (after regisering them) to session array 5. now either redirect to your main application page, or create another page with links to that main applicaiton page. In either case every page where you want to use sessions has to start with: session_start(); for example: <?php session_start(); the rest of your code. 6. I recommend that you add a check to your pages to make sure that the session is still the right one and it's intact, something like this: if (!$_SESSION["id"]) // if no session id, return to the login page { header ("Refresh: 0; url=login.php"); //or // header ("location:http://www.mydomain.com/login.php";); }else{ // the body of your code goes here. } 7. so with all that the pages you want to access session in should have a structure similar to: <?php session_start(); if (!$_SESSION["id"]) { header ("Refresh: 0; url=login.php"); }else{ // do all kinds of nifty time card things here } ?> Hope this is helpful. Chris -----Original Message----- From: Jake McHenry [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 14, 2003 4:00 PM To: [EMAIL PROTECTED] Subject: [PHP] Sessions Question Hi everyone, I've been trying to set up sessions, but have been having problems. I created an online time clock for my company using php and a mysql database. It's everything that my boss wanted. The only problem is, he told me today that he is planning on selling it to our partners. The actual software and database will reside on my server, but I will give them their own database. I started designing it about 2 years ago, and the machine that I was working on at the time had register_globals=on, so I built my scripting around that. I didn't know much about php at the time, but have learned an immense amount since then. Since a people are now going to be accessing the time clock from outside my company, I need to turn register_globals off, and turn sessions on. My problem is that all my variables are declared locally in the individual files, and are being passed by forms to $PHP_SELF, and all of the variables and their values can be seen in the address bar. This never concerned me while being inside my firewall, since it was only my employees and I. I knew what was going on. I've read a lot of documents on the net concerning sessions, but still can't get it to work right. Whenever I try to go to another page, or submit a time, it either doesn't work at all, or it works, but the value that's in the variable is stuck there, and I can't change it without closing the browser and starting over. Can someone point me in the right direction here? Thanks, Jake McHenry Nittany Travel MIS Coordinator http://www.nittanytravel.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
