Forums

PHP

This topic is locked

PHP/MySQL using Sessions

Posted 22 Oct 2001 16:37:51
1
has voted
22 Oct 2001 16:37:51 Ryan Schwiebert posted:
I am attempting to use php to create a session when someone visits my pages. I can't really figure out how to do it with phakt. If I must hand code it, I will, but it is not making sense.

I want my pages to first recognize visitors as not "Logged In" but will show all of the data. (Similar to an e-commerce site) Then I wish to allow the user to login and be authenticated by a page that checks the table for a username and password. This way all of the pages will either show "click here to login" or "click here to logout" The validation page will be similar with an if/then statement that will either show "You're logged in" or "Your login is not Valid"

Does that make any sense? How do I do that? My code does not work right.

The PHP part:
<?php
session_start();
session_register ("email_user";
session_register ("password";
$rsLogin__stremail_user = "email_user";
if {$rsLogin__stremail_user = "email_user";}
$rsLogin__strpassword = "password";
if {$rsLogin__strpassword = "password";}
?><?php
$rsLogin=$connSignup->Execute("SELECT * FROM Registrants WHERE email_user='" . ($rsLogin__stremail_user) . "' AND password='" . ($rsLogin__strpassword) . "'" or DIE($connSignup->ErrorMsg());
$rsLogin_numRows=0;
$rsLogin__totalRows=$rsLogin->RecordCount();
?>

The HTML part:
<?php if ($rsLogin->RecordCount()==0) { ?>
<a href="newuser.php"><u>Create Account</u></a>
<?php } // end $rsLogin->RecordCount()==0 ?>
</font> |
<?php if ($rsLogin->RecordCount()==0) { ?>
<font face="Arial, Helvetica, sans-serif" size="2"><a href="login.php"><u>Login</u></a></font>
<?php } // end $rsLogin->RecordCount()==0 ?>
<?php if ($rsLogin__totalRows>0) { ?>
<font face="Arial, Helvetica, sans-serif" size="2"><a href="logout.php"><u>Logout</u></a></font>
<?php } // end $rsLogin__totalRows>0 ?>

Replies

Replied 22 Oct 2001 16:47:27
22 Oct 2001 16:47:27 Ryan Schwiebert replied:
By the way, I have successfully used the "User Authentication" Server Behaviour to do this, but the problem is that I dont want to deny access to the pages. I just want to have users login if they wish to sign up for one of the courses we are offering. Am I looking at this worng? Maybe I can use the "User Authentication" Server Behaviour to do what I want to do?

If so, how do I recall the username when the person checks the box to register for a course, so that the course data coresponds with the correct user.

I know I can do this... I am just so NEW to PHP/MySQL.

Replied 03 Nov 2001 13:08:24
03 Nov 2001 13:08:24 Kacey Murphy replied:
Curious to know to... I am needing this information. Has someone figured this out, haveing a real trouble with Sessions.

Thanks
Replied 03 Nov 2001 17:55:57
03 Nov 2001 17:55:57 Tim Green replied:
You are incorrectly referring to your session variables in the PHP code.

<pre id=code><font face=courier size=2 id=code>
&lt;?php
session_start();
if (!session_is_registered("email_user") {
session_register ("email_user";
}
if (!session_is_registered("password") {
session_register ("password";
}
$rsLogin__stremail_user = $email_user;
$rsLogin__strpassword = $password;
?&gt;
</font id=code></pre id=code>

One gripe I have with your code though, is that you are storing the password as a session variable. This is an extremely BAD idea, and I would not recommend it's use in situations where security is paramount.

Tim Green

Extension & PHP TalkZone Manager
<font size=1>-------------------------------------------
<i>Please read the Forum FAQ before posting
a question to this TalkZone.</i>
-------------------------------------------
www.UDzone.com : A dynamic Dreamweaver,
Ultradev and Fireworks site for developers
by developers.
-------------------------------------------</font id=size1>
Replied 05 Nov 2001 14:05:04
05 Nov 2001 14:05:04 Ryan Schwiebert replied:
I have been told this by others that this is a bad way to save passwords as well. I definately see the point. The usage in my case is not in need of high security, but really I can understand that it it a bad habit to get into. I'm really just learning anyway. So, if I were to change this to use encryption, how would I do that? Is this close?

Posted - 11/03/2001 :  17:55:57        
You are incorrectly referring to your session variables in the PHP code.
&lt;?php
session_start();
if (!session_is_registered("email_user") {
session_register ("email_user";
}
if (!session_is_registered("password") {
session_register ("password";
}
$rsLogin__stremail_user = $email_user;
$rsLogin__strpassword = password($password);
?&gt;

Is that right?

Replied 08 Nov 2001 10:53:09
08 Nov 2001 10:53:09 Tim Green replied:
No, it isn't.

The password() function is a MySQL Query Function and not a PHP function. The other caveat with the password() function in MySQL is that it is a one-way function. It will encode, but it won't decode. It works by comparing the encrypted form of the submitted string to the encrypted string stored in your database.

If you are using a database then you would just write a query such as:-

SELECT count(*) FROM Users WHERE PASS=PASSWORD('submittedpasswordvalue')

Then you would just check to see if any rows are returned. If there are then the login is valid and then you could maintain a login state via a session variable using :-

session_register("loggedin";
$loggedin = true;

Personally, I would recommend that you stick with the current set of Log In behaviours that are supplied with PHAkT and then add any relevant bits of code that you need yourself.

Hope this helps.

Tim Green

Extension & PHP TalkZone Manager
<font size=1>-------------------------------------------
<i>Please read the Forum FAQ before posting
a question to this TalkZone.</i>
-------------------------------------------
www.UDzone.com : A dynamic Dreamweaver,
Ultradev and Fireworks site for developers
by developers.
-------------------------------------------</font id=size1>

Reply to this topic