Back Home

Open Designs

Community. Driven.

General Talk: Session Help

Bottom of Page

1 to 14 of 14

  1.  
    • CommentAuthorconartistdesigns
    • CommentTimeJun 1st 2008 edited by conartistdesigns on the 01st June 2008 at 17:35:23 EDT
     
    This is the action for my login form

    <?php

    $un = file_get_contents($_POST['unattempt'] . '/username.txt');
    $pw = file_get_contents($_POST['unattempt'] . '/password.txt');
    $pwmd5 = md5($_POST['pwattempt']);

    if ($pwmd5 = $pw) {
    $_SESSION['user'] = $un;
    $_SESSION['logged'] = "yes";
    header( 'Location: http://www.blogbrighter.com/' . $_POST['unattempt'] . '/admin.php') ;
    }
    else {
    echo 'You Have Entered an incorrect Username Password combination, Please Try again.';
    }
    ?>

    in place of the redirect i have had it echo "Success" so i no its the correct password and username

    aand for admin.php page i have this:

    <?php
    session_start();
    if(isset($_SESSION['logged']) && $_SESSION['logged'] == yes) {

    echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
    <title>Untitled Document</title>
    </head>

    <body>
    Success!
    </body>
    </html>
    ';
    }
    else {
    print 'You must be logged in to view this page';
    }
    ?>



    and no matter what i get You must be logged in to view this page

    and yes i have cookies enabled if it has to do with that.
    Whats wrong?! thanks
    • CommentAuthorfernbap
    • CommentTimeJun 1st 2008
     
    add session_start as first line of your first script
  3.  
    that didnt work... is there a way i could do it with cookies?
    • CommentAuthorfernbap
    • CommentTimeJun 1st 2008
     
    $_SESSION['logged'] == "yes"
  5.  
    i dont understand
    • CommentAuthorfernbap
    • CommentTimeJun 1st 2008
     
    if(isset($_SESSION['logged']) && $_SESSION['logged'] == yes)

    ""s are missing
  7.  
    that got rid of the error but now i can see every admin.php page
    • CommentAuthorfernbap
    • CommentTimeJun 1st 2008 edited by fernbap on the 01st June 2008 at 19:14:33 EDT
     
    you can see them because you are logged, so $_SESSION['logged']="yes" always

    Better make a SESSION variable whose name is the hash of the password (for instance), that will assure that each user has a session variable with a different name

    Admin.php will have to read its own user password in order to compare
  9.  
    in the registration form - %passwordhash% gets replaced with the hashed password

    $fp = fopen($data['username'] . '/admin.php', 'w+');
    fwrite($fp, str_replace('%passwordhash%', $password, file_get_contents('admin-template.php')));
    fclose($fp);


    in the admin-template.php


    <?php
    session_start();
    $pw = "%passwordhash%"
    if(isset($_SESSION['blogbrighter']) && $_SESSION['blogbrighter'] == $pw)
    {

    echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
    <title>Untitled Document</title>
    </head>

    <body>
    Success!
    </body>
    </html>
    ';
    }
    else {
    print 'You must be logged in to view this page';
    }
    ?>


    in the login form


    <?php
    session_start();

    $un = file_get_contents('http://www.blogbrighter.com/' . $_POST['unattempt'] . '/username.txt');
    $pw = file_get_contents('http://www.blogbrighter.com/' . $_POST['unattempt'] . '/password.txt');
    $pwmd5 = md5($_POST['pwattempt']);

    if ($pwmd5 = $pw) {

    $_SESSION['blogbrighter'] = $pwmd5;
    }

    else {
    echo 'You Have Entered an incorrect Username Password combination, Please Try again.';
    }
    ?>


    is that what you mean
    • CommentAuthorfernbap
    • CommentTimeJun 1st 2008
     
    yea, that might work, but it has the drawback of not allowing the user to change the password. It can only run once for each user, if run second time it wouldn't find %passwordhash%.
  11.  
    i fixed it i think. How fast do sessions expire? how do i do a "remember me" sort of deal? How would i make an error page that pops up if someone tried to register an existing username (this uses mkdir)
    •  
      CommentAuthorbakercad
    • CommentTimeJun 2nd 2008
     
    sessions expire when the browser is closed or if you run the function session_destroy(). To do a "remember me" sort of deal, you'll need to use cookies.

    in your login form:

    if ($pwmd5 = $pw) {

    should be 2 equal signs


    if ($pwmd5 == $pw) {
  13.  
    so would i use cookies all in place of a session
  14.  
    I would like to thank you all for all your help. I finally got it all working (methinks) and now on to the legal part of it. Terms and Conditions
    you can view the discussion here

1 to 14 of 14

  1.