Jump to content

Active session or instant header


Shadowing

Recommended Posts

Trying to make it so people need a active session in order to access the page after the log in page and if they dont then it redirects them back to the log in page.

My session works fine. I tested and made sure.

it saves the user_id lets me display the page

 

but how do I keep someone from simply going to the webpage with out loging in?

Just a simple if statment checking if lastactive is empty or not? is that secure?

 

<?php include_once("connect.php");


if(isset($_SESSION['user_id'])) {
// Login OK, update last active

$sql = "UPDATE users SET lastactive=NOW() WHERE id='".mysql_real_escape_string($_SESSION['user_id'])."'";
mysql_query($sql);

}else{
   header("Location: index.php");
     exit();
}
?>

Link to comment
Share on other sites

Alright wrote me a if statment so that anyone who hasnt loged in before cant go to the page with out loging in.

but this doesnt prevent someone that has already loged in that can access the page with out loging in again

 

So now I need another if statement that can tell that they been loged in for so many minutes and then

 

session_unset();

 

session_destroy();

 

 

 

 

<?php include_once("connect.php");


if(isset($_SESSION['user_id'])) {
// Login OK, update last active

	$sql = "UPDATE users SET lastactive=NOW() WHERE id='".mysql_real_escape_string($_SESSION['user_id'])."'";
	$query = "SELECT lastactive FROM users WHERE id='".mysql_real_escape_string ($_SESSION['user_id'])."'";
	$result = mysql_query($query) or die(mysql_error());
	$row = mysql_fetch_array($result);

	mysql_query($sql);


	if(empty($row['lastactive'])) {

		header("Location: index.php");
		exit();
       
	}
}
?>

Link to comment
Share on other sites

Really appreciating you helping me scootstah

 

Trying out your idea right now and it didnt work so I ran a test first to make sure the time is being saved to the session

using

echo "log in time is ". $_SESSION['login_time'];

 

and it output "log in time is 1323026212"

i cant see those numbers meaning the time even if it wasnt formated correctly.

 

any ideas?

 

this is exactly what I added on my log in page

$_SESSION['login_time'] = time(); // stores the log in time of the user
				echo "log in time is ". $_SESSION['login_time'];

 

 

and what i added on my safe page

 

if ($_SESSION['login_time'] < strtotime('-1 minutes')) { 	

       	        session_destroy();

Link to comment
Share on other sites

lol nevermind it works

the if statement I had before it was messing it up which wasnt needed anymore anyways.

 

Thanks alot. I didnt know I could use time like that as a function cause the function guide ive been using has poor ways of explaining the functions

Link to comment
Share on other sites

Hey Scootstah

 

is it impossible to make it say "you have been loged out" on the log in page when it redirects you back to the login page? I tried using sessions but I cant get it to only display "you have been loged out" after being redirected only.

Link to comment
Share on other sites

I found a flaw in this

 

if ($_SESSION['login_time'] < strtotime('now - 15 minutes')) {	
	// logs user out after 15 minutes and redirects to login and ends session

                                header("Location: signup.php");
              
		exit();

		session_destroy();

 

anyone who doesnt have a session login time "people who dont have accounts" will beable to view pages. if they had the direct links.

 

The session_destroy after the exit like that wont destroy the session. and if it did destroy the session then the script doesnt work at all. Cant figure out how to fix this :(

 

I was going to put this before it

 

if(!isset($_SESSION['login_time'])){
header("Location: signup.php");
exit();

 

but that doesnt work

Link to comment
Share on other sites

I got it working on my own woot !!!

 

<?php 
include_once("connect.php");


session_start();

if (!(isset($_SESSION['login_time']) && $_SESSION['login_time'] != '')) {
         header ("Location: signup.php");
         exit();
      } else {


   if ($_SESSION['login_time'] < strtotime('now - 60 minutes')) {	
	       // logs user out after 15 minutes and redirects to login and ends session
		header("Location: signup.php");
               	exit();
         }
}

?>

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.