Jump to content

Another Basic Question From A Newbe


jimgilbert

Recommended Posts

I can set something like $registerd_ok = 1 in a page (like login.php) and then echo different phrases depending on the value of $registered_ok.Great, but I want to use the value of $registered_ok in a different page (like loggedin.php) to determine actions on that page. I have looked at GET and POST but those appear to be for forms only... ? I looked at session variables but either that doesn't do what I need or I am doing it wrong. Globals? Can someone tell me how to do this? I want to be able to set values whenever appropriate and then use them wherever needed.Does i make sense?ThanksJim

Link to comment
Share on other sites

Globals are persistent within a single script.GET and POST are okay, but poor security, and more coding that you really want.Session variables are persistent for a single client, as long as the client does not close the browser or remain inactive for a set period. Session variables cannot be accessed by another user.Any more persistence and you'll need to store the data in a DB or file.Most folks handle registration and logins with sessions. Just a guess: are you calling session_start() before trying to access session data? You have to do that in every script that uses the $_SESSION array.

Link to comment
Share on other sites

I used the login routine referred to on this site (http://www.phpeasystep.com/workshopview.php?id=6) - which has multiple files involved. One is checklogin.php. I modified it to send the user back to main_login.php instead of simply echoing "Wrong Username or Password" when the login attempt isn't successful and I want to send a flag along so main_login.php knows to tell the user that bad info was entered instead of the standard "Enter your info" message.It sounds like session variables are right for what I want - which is what I tried - so now my question is what I have wrong in my code.OK, what I had done was use the alternate script in the example that says "For PHP5 User - checklogin.php". It is the same as the 'regular' script except that it buffers and flushes ( <?php ob_start(); . . . thecode . . . ob_end_flush(); ) I double-checked and Hostmonster says php 5.2.8 so that is the one I used. However, it doesn't work when I add session_start(). BUT if I delete the buffering and flushing it works. So either I added the session_start() in the wrong place or using session_start() and ob_start() together isn't possible. Since it looks like it works right without the buffering and flushing, can I use that safely even with php 5 or is buffering and flushing needed? With the file that starts <?phpob_start();$host="localhost"; // Host name $username=""; // Mysql username $password=""; // Mysql password $db_name="test"; // Database name $tbl_name="members"; // Table name // Connect to server and select databse.etc etc . . . . Where is the right place to add session_start() if it can be added?Also, there appears to be predefined "session variables" like session_is_registered and session_register. I have looked but don't see documentation about that. Is there a reference showing them if they exist?Thanks again!JIm

Link to comment
Share on other sites

This has nothing to do with output buffering.Your user logs in from some page.Now we're in your login script. From the post data, you get the username and pw. You look them up in your db and see if you have a match. If you have a match, call session_start(). Now is the time to assign a value to a session variable (you choose the name--it really doesn't matter).Example: $_SESSION['logged'] = 1;All this is in your login script.In all other pages where you need to see if the user is logged in, just test for the same variable:

session_start();if (isset($_SESSION['logged']) {   #do something} else {   #redirect to the login page}

The variables are stored on the server, so any simple value can work. Obviously, if you want to store more complex data, you can. The server and the browser recognize each other by exchanging a one-time, unique value that's valid for one session only. It's stored on the browser as a cookie. I just looked at one of my own, and the value happened to be 9657aed9f610c612bd26a766e73a0ca9 . Not likely to be hacked by brute force during the length of a session. Unless you have some special purpose (debugging, usually) you NEVER need to inspect this value. You just need to check the ones that you set.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...