Jump to content

Login in sessions

harkly

By harkly
in PHP Coding Help

 Share

Recommended Posts

harkly Regular Member

harkly

Posted
Posted

Checking to see if I am going in the right direction, any suggestions would be appreciated!

 

I am setting up SESSIONs for login and setting a time limit on them.

 

I have basically 2 scenarios that I need to code for.

 

1. Registerd user w/good billing has all access

2. Registerd user w/expired billing & Guest user can only go to certain pages and have limited access

 

This is my login page, will validate the login info and either sends user to one page or another or gives error that the login is incorrect

 

 

<?php// http://www.daniweb.com/forums/thread124500.html  session_start(); // starting session  if( isset($_POST['submitLogin'])) {    include('library/login.php');    login();    mysql_select_db('test');    // username and pswd from login    $userID=$_POST["userID"];    $pswd=$_POST["pswd"];    // to protect from MySQL injection    $userID = stripslashes($userID);    $pswd = stripslashes($pswd);    $userID = mysql_real_escape_string($userID);    $pswd = mysql_real_escape_string($pswd);    $sql="SELECT * FROM user WHERE userID='$userID' and pswd='$pswd'";    $result=mysql_query($sql);    while ($r=mysql_fetch_array($result)) {      $exp_date=$r["exp_date"];      $todays_date=date("Y-m-d");    }    // Mysql_num_row is counting table row    $count=mysql_num_rows($result);    // If result matched $userID and $pswd, table row must be 1 rowif($count == 1) {      session_register("userID");      session_register("pswd");      $_SESSION['userID'] = $userID;            // verifies billing      if ($exp_date >= $todays_date) {        // billing is up to date        echo "<meta http-equiv='refresh' content='0;url=session2.php'>";      }      else  {        // billing has expired        echo "<meta http-equiv='refresh' content='0;url=expBilling.php'>";      }    }    else  {      // login form for when there us an incorrect user/password      echo " <div id='incorrect'>Please verify the username or password.</div>      <form method='post' action='' name='login' id='login'>        <div id='loginForm'>          <fieldset>            <span class='textbox'>              <label for='username'>Username: </label> <input type='text' name='userID' size='25' class='cells' value='$userID'>              <br><label for='pswd'>Password: </label> <input type='password' name='pswd' size='25'class='cells' value='$pswd'>              <br><label for='pswd'> </label>Remember Me:  <input type='checkbox' name='Remember' value='21'>              <br><label for='blank'> </label><a href='resetPswd.php'>Forget Your Password? </a>              <br><label for='blank'> </label><input type='image' value='Login'  src='img/button_login.gif' width='64' height='25'                  onmouseover=\"javascript:this.src='img/button_login2.gif';\" onmouseout=\"javascript:this.src='img/button_login.gif';\">              <input type='hidden' name='submitLogin' value='true'>            </span>          </fieldset>        </div>      </form>      ";    }  }  else  {    // log in form    echo "      <form method='post' action=''  name='login' id='login'>        <div id='loginForm'>          <fieldset>            <span class='textbox'>              <label for='username'>Username: </label> <input type='text' name='userID' size='25' class='cells'>              <br><label for='pswd'>Password: </label> <input type='password' name='pswd' size='25'class='cells'>              <br><label for='pswd'> </label>Remember Me:  <input type='checkbox' name='Remember' value='21'>              <br><label for='blank'> </label><a href='resetPswd.php'>Forget Your Password?</a>              <br><label for='blank'> </label><input type='image' value='Login' src='img/button_login.gif' width='65' height='25'              onmouseover=\"javascript:this.src='img/button_login2.gif';\" onmouseout=\"javascript:this.src='img/button_login.gif';\">              <input type='hidden' name='submitLogin' value='true'>            </span>          </fieldset>        </div>      </form>      ";  }  ?>

 

 

If the billing is good then user will go here

 

 

<?PHP  session_start();  // session timing// set timeout period in seconds$inactive = 15;// check to see if $_SESSION['timeout'] is setif(isset($_SESSION['timeout']) ) {  $session_life = time() - $_SESSION['timeout'];    if($session_life > $inactive)  {      session_destroy(); }}$_SESSION['timeout'] = time();// END session timing  if(!session_is_registered(userID)){    header("location:login.php");  }?><html><body>  Login Successful</body></html>If the billing has expired user goes here<?php  session_start();  // session timing// set timeout period in seconds$inactive = 15;// check to see if $_SESSION['timeout'] is setif(isset($_SESSION['timeout']) ) {  $session_life = time() - $_SESSION['timeout'];    if($session_life > $inactive)  {      session_destroy(); }}$_SESSION['timeout'] = time();// END session timing  // if the user has been timed out or not logged in  if(!session_is_registered(userID)){    header("location:form.php");  }  // user is logged in and their billing is good  else {    echo "Warning! <b>";    echo $_SESSION['userID'];    echo "</b> Your billing has expired ";  } // end session?>

 

 

I also created this page to test what happens when a non-subscriber trys to go to a page without logging in, it also

test the billing and blocks a user whose billing is expired.

 

 

<?phpsession_start();// session timing// set timeout period in seconds$inactive = 15;// check to see if $_SESSION['timeout'] is setif(isset($_SESSION['timeout']) ) {  $session_life = time() - $_SESSION['timeout'];    if($session_life > $inactive)  {      session_destroy(); }}$_SESSION['timeout'] = time();// END session timing  // if the user has been timed out or not logged in  if(session_is_registered(userID)){    // verify billing if user comes in directly thru this page    include('library/login.php');    login();    mysql_select_db('test');    $userID = $_SESSION['userID'];    $sql="SELECT * FROM user WHERE userID='$userID'";    $result=mysql_query($sql);    while ($r=mysql_fetch_array($result)) {      $exp_date=$r["exp_date"];      $todays_date=date("Y-m-d");    }    // Mysql_num_row is counting table row    $count=mysql_num_rows($result);    // If result matched $userID and $pswd, table row must be 1 rowif($count == 1) {      // checks dates      if ($exp_date >= $todays_date) {        // billing is up to date            echo "Welcome: ";            echo $_SESSION['userID'];      }      else  {        // billing has expired        echo "<meta http-equiv='refresh' content='0;url=expBilling.php'>";      }    }    // END verify billing  }  // user is logged in and their billing is good  else {    echo "Welcome: ";    echo "Non-user can view this stuff.";    echo "<br><a href='form.php'>Click here to register</a>";  } // end session?>

 

 

 

These are all test pages once I get the coding right I will incorporate it into the real pages.

 

 

 

 

Link to comment
Share on other sites
rwwd Member

rwwd

Posted
Posted

after a quick skim:-

    $userID = stripslashes(mysql_real_escape_string($_POST['userID']));
    $pswd = stripslashes(mysql_real_escape_string($_POST['pswd']));

 

Save some typing where ya can ;p

 

Rw

Link to comment
Share on other sites
Pawn Member

Pawn

Posted
Posted

Note that session_is_registered() is deprecated as of PHP 5.3.0. I'd suggest using isset($_SESSION['index']) instead.

 

You may also wish to add "LIMIT 1" to the end of your SQL statements. It may not make a difference in your case, but on a large table it will execute faster, as MySQL knows it can stop looking when it finds just one matching row.

Link to comment
Share on other sites
rwwd Member

rwwd

Posted
Posted

You may also wish to add "LIMIT 1" to the end of your SQL statements. It may not make a difference in your case, but on a large table it will execute faster, as MySQL knows it can stop looking when it finds just one matching row.

 

Precisely why you use LIMIT 1.

 

And using stripslashes(mysql_real_escape_string(...)) would remove any escaping and make your code open to sql injection.

 

Lol, I realised that after I posted last night, thanks for picking me up on that @PFMaBiSmAd.

 

      if ($exp_date >= $todays_date) {
        // billing is up to date
        echo "<meta http-equiv='refresh' content='0;url=session2.php'>";
        exit;
      }
      else  {
        // billing has expired
        echo "<meta http-equiv='refresh' content='0;url=expBilling.php'>";
        exit;
      }

 

Your effectively using a header call here, so, pop the exit after you call it, this will stop the parser parsing the rest of the file, so in theory save a bit of processing power.

 

Rw

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.