Well,
What you need to do is start all pages with the session_start(); variable,
like this :
<?php
session_start();
?>
This would make you ready for handling logins and such further down the
page.
What you also need to do is two things,
1. Create a login which registers a new session.
2. Create a validation function which validates the logged user on each
page.
Example, login page :
<?php
session_start();
if(($_GET["username"]=="thename") && ($_GET["password"]=="thepass")){
$u->username=$_GET["username"];
$u->password=$_GET["password"];
session_register(u);
}
?>
The above code would mean that
a)
You enable the session for the page.
b)
If the username and passord is valid, you se the sessionobject, in the
example "u"
to the username and passord.
Further you need the page to validate if you have a valid login, a simple
way would be
to just validate if the u object is something at all, since if you havnt
logged in there isnt
any value here.
Example :
// check if user logged in
if(!$u->username){
// Not logged in, lets throw a header or something to send the user to
login page
}
The best should be to look up the username from $u->username against your
database
to be sure that the username infact is valid.
Final script page would be :
<?php
// start session
session_start();
// Login, register session object
if(($_GET["username"]=="thename") && ($_GET["password"]=="thepass")){
$u->username=$_GET["username"];
$u->password=$_GET["password"];
session_register(u);
}
// check if user logged in
if(!$u->username){
// Not logged in, lets throw a header or something to send the user to
login page
header("location: login.php");
exit;
}
// The rest of page comes here
?>
This is a brief explernation which should give you what you need to get
going on
your session handling. You also might want to add more variables into the
prosess, like IP, browseragent and such to prevent session hijacking from
proxy
servers, just to be on the secure side.
--
--
Kim Steinhaug
----------------------------------------------------------------------
There are 10 types of people when it comes to binary numbers:
those who understand them, and those who don't.
----------------------------------------------------------------------
www.steinhaug.com - www.easywebshop.no - www.webkitpro.com
----------------------------------------------------------------------
"Robi" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]
> Hello,
>
>
> I need some info about sessions in php,
> to clarify my knowledge and usage.
> So lets imagine that
> I am building a web site
> where I can log in and log off,
> it is without db.
> How do I use sessions,
> am I right use the start_session()
> and its a value to PHPSID as
> cookie, so if make link to
> another page I will check against
> phpsesid which is cookie against the id
> what I have in link?right?
> pls help
> troby
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
