Slyke Posted January 19, 2009 Report Share Posted January 19, 2009 Usually, I would create my own session "protocol" just using a username stored in the cookies, and the MD5 Hash of the password. Then when the user changes pages, PHP would check the user's cookies against the database and determine if they match or not. I know this is not a very secure way to do things, but I haven't been coding for anything major.I would like to however learn how to use SESSIONs properly. Let me give you an example of my code:Index Page:<?phpinclude_once "includes/include.php"; //Creates database links, and loads common functions for the script.if (isUserLoggedIn($userTableConn)){ include "the_index_page.php";}else{ if(!session_started()) { session_start(); } if ($_GET['userName']!="") { if (checkValidUser($_GET['userName'],md5($_GET['passWord']), $userTableConn)) { $_SESSION['currentUser']=$_GET['userName'] $_SESSION['currentUserPassword']=md5($_GET['passWord']) } } else { include_once "login_page.php" // Just a normal login page with the username and password textboxes. }}?>include.php:<?php include_once "config.php" //Details for database access$userTableConn = mysql_connect($dbHost, $dbUsername, $dbPassword) or die("Could not connect");mysql_select_db($dbDatabase,$userTableConn) or die("Could not select database");function session_started(){ if(isset($_SESSION)) { return true; } else { return false; }}function checkValidUser($userName, $passWordHashed, $dbConn){ $userQueryResult = mysql_query("SELECT `Username`, `ID` FROM `membersTable` WHERE `Username`='" . $userName . "' && `Password`='" . $passWordHashed . "';", $dbConn); // Passwords are stored as MD5 HASHes inside the database. The MD5 HASH is sent to this function. if ($userQueryResult == FALSE) { echo(mysql_error()); } $userQueryArray=mysql_fetch_array($userQueryResult); if (userQueryArray=="") { return false; } else { return true; }}function isUserLoggedIn($dbConn){ checkValidUser($_SESSION['currentUser'], $_SESSION['currentUserPassword'], $dbConn)}the_index_page.php:<?phpif (isUserLoggedIn($userTableConn)){ // Webpage Content}else{ header("Location: index.php"); // This will send them to the login page, since they are not logged in.}The problems that I have with this method is that when a user logs in, it takes them back to the login page. Then they have to either press refresh or press login again for the login to be successful. I believe this is because PHP doesn't have time to send, and retrieve the SESSION and COOKIE data? Just speculation here.The next problem is that if they click a link on any of the pages, the session data is cleared away (They are logged out). This also happens if they navigate to any page (Including the current page). What I mean to say is when pressing refresh, everything is OK. When Pressing enter on the address bar (Which will navigate to the current page) the user is logged out. When navigating to any hyperlinks, the user is logged out.Does anyone have any suggestions? I use Hostgator to test all my scripts.I know that this code is open to SQL injections and all that. I left out any input validation to keep it simple. Quote Link to comment Share on other sites More sharing options...
Slyke Posted January 23, 2009 Author Report Share Posted January 23, 2009 Figured it out!login_session.zip Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.