There are various methods to do this, generally a username would be
stored in a database and used with a password, then this could be used
with a session time so the user would be logged out if there was no
activity after a certain period, it could also be checked if the user
was an active user etc. etc. I have written a very simple method for
checking a username saved in a php variable and then storing this in a
session, one that could be used where it is not critical information,
otherwise there would need to be a password and have it stored
encrypted.
This is not an ‘idiots guide’ as requested, to be honest I remember
having some problems when I first needed sessions and I think that was
because I was confusing cookies and sessions then reading several
different examples which where making it even more confusing. I
finally found some simple example of a session which I then understood
then added to that myself for my needs, anyway here are a couple of
links to how to use sessions:
http://www.weberdev.com/get_example-4349.html
What follows is not as simple as the above although it might show you
how to expand things a little, I find it best to keep the code out of
Freeway and then just bring it in with includes when needed, so…
you could do this writing 3 or 4 small php scripts:
login.php
logout.php
logincheck.php
loginaccess.php // Used to replace a database query
All these php file paths in the following code are written as in the
same folder as the pages using them, this is not advised but is done
just for ease, you should change that and alter your paths etc. to
suite where you have them stored and the names they are called. Your
login page should have a means of showing the contents of a variable
called $error if it has been set and is not empty, something like the
following:
<?php
if (isset($error) and $error) {
echo $error;
}
?>
OK now onto the rest…
(Contents loginaccess.php)
The file that contains the username, this would generally be a
database query but as you asked for using a username and to try and
keep things simple I just stuck it in a variable. Any time this is
needed the following code in the files will pull this file in so no
need to include this to any of the web pages.
<?php
$access_user = 'letmeinplease';
?>
This bit of code should be included at the top of the login page
(before for example) but included only if someone has attempted
a login so it could be added with a small section of code such as:
<?php
// This bit of code works on the asumption of the submit buttin being
called submit
// and the username being called username
if ($_POST['submit'] && $_POST['username']) {
include_once ('login.php');
} else if ($_GET['logout']==1) {
include_once ('logout.php');
}
?>
(Contents login.php)
Will be pulled in if somene tries to login.
<?php
session_start();
header ("Cache-control: private");
$error = '';
// It is strongly advised to also run the username through a function
to clean
// any chars or code that may be maliciously used, this has not been
done here
// and would be done to suite the method of username/password storage.
$username_session = stripslashes($_POST['username']);
// Check the username against where is has been stored (Generally a
database)
// has it been stored crypted? if it has then the same cryption should
be used
// on the entered username before the query is made
// For these purposes we just use a password stored in a variable.
// Get the password
include_once ('loginaccess.php');
if ($username_session == $access_user) {
session_register('username');
$_SESSION['username_session'] = $access_user;
// Set a session expire time if preferred
session_register('expires');
$_SESSION['expires'] = (time() + 3600);
header('Location: ./privatepage.php');
exit;
} else {
session_destroy();
// Set any user error here
$error = 'The username is not correct';
}
?>
(Contents logincheck.php)
This should be pulled in using an include at the top of any page that
needs to have the username access, if not used access will be given
without any username access being present in the session.
<?php
ob_start();
session_start();
// Time now
$currenttime = time();
// Get the password
include_once ('loginaccess.php');
$username_session = $_SESSION['username_session']; // Login
$expires_session = $_SESSION['expires']; // Session time
if($currenttime > $expires_session) {
session_unset();
session_destroy(); // Destroy the session
$error = 'Your session has expired, you need to login again';
include ("./login.php");
exit;
} else if($access_user == $username_session) { // if the user is OK
for the page let them continue
// If there is a time limition to access then renew it here
// $_SESSION['expires'] = ($currenttime + 3600);
ob_end_flush();
} else {
session_unset();
session_destroy(); // Destroy the session
$error = 'Your session is not valid';
include ("./login.php");
exit;
}
?>
(Contents logout.php)
This will be included in the login page if the variable $logout is
availabe and has a value so you could have a ‘Logout’ link on the
pages where a username is needed for access but give the ‘Logout’ link
a url of ‘login.php?logout=1’ to the end of the URL.
<?php
session_start();
empty($_SESSION['username_session']);
empty($_SESSION['expires']);
session_unset ();
session_destroy();
$error = urlencode('You have logged out');
?>
It probably seems complicated but once you get the code into the files
and see it there I think you will hopefully see it a little clearer,
let me know if it works (Not tested) and if not then get back to me.
HTH
Mike
On Dec 13, 2009, at 2:50 AM, DeltaDave wrote:
> If I have an entry page that requires a username ($username) how do
> I store that in a Cookie and then retrieve it in a subsequent page -
> or do I use a Session. My pages are all .PHP
>
> I have read the book(s) but it is not that clear! Idiots guide please.
>
> David
>
> _______________________________________________
> dynamo mailing list
> email@hidden
> Update your subscriptions at:
> http://freewaytalk.net/person/options
_______________________________________________
dynamo mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options