As we know HTTP is a stateless protocol, when a user requests one page, followed by another, HTTP does not provide a way for you to tell that both requests came from the same user. Show The idea of session control is to be able to track a user during a single session on a website. It helps us in storing the user information to be used across multiple pages. If you can do this, you can easily support logging in a user and showing content according to her authorization level or personal preferences. You can track the user's behavior, and you can implement shopping cards. Starting a SessionIn PHP, the session_start() function is used to create a client session and generate a session id. Once the session has been created, we can create any number of session variables. The session variable is created in key-value pairs. Examples
The session_start() takes no argument and causes PHP either to notice a session id that has been passed to it or create a new session id if not found. In PHP, $_SESSION is an associative array that contains all session variables. Hey everyone, i am working on a class for members section and i am having trouble with the sessions. They don't seem to be working because it's not storing the value of 1 in $_SESSION['res']
Can someone please help me out and let me know what i am doing wrong? here is the class:
class member{ var $host; var $dbc; var $sel; var $db_user; var $db_pass; var $sql; var $res; var $user; var $pass; var $status; var $row; var $sql2; function __construct(){ $this->dbc = mysql_connect(DB_SERVER,DB_USER,DB_PASS) or die(mysql_error()); $this->sel = mysql_select_db(DB_DATABASE) or die(mysql_error()); } function login(){ if($_GET['login'] == "yes"){ $this->dbc = mysql_connect(DB_SERVER,DB_USER,DB_PASS) or die(mysql_error()); $this->sel = mysql_select_db(DB_DATABASE) or die(mysql_error()); //--build query $this->sql = mysql_query("SELECT count(id) FROM " . TABLE_ADMIN . " WHERE username='" . user . "' AND password='" . pass . "'"); //Hacker SQL injection Proof $this->user = mysql_escape_string(user); $this->pass = mysql_escape_string(pass); $this->res = mysql_result($this->sql,0); if($this->res!=1){ $this->status = '<div class="error"><span>Invalid Login!</span> <p> you have entered wrong username or password!</p></div>'; } else{ $_SESSION['username'] = $this->user; $_SESSION['password'] = $this->pass; $_SESSION['result'] = $this->res; header('Location:index.php'); } } } //This function will logout user function logout(){ if(isset($_GET['logout'])){ $_SESSION = array(); if($_COOKIE[session_name()]){ setcookie(session_name(),'', time()-4200,'/'); } session_destroy(); header('Location: login.php'); } } //This function will check if user is logged in function login_check(){ //CHECK LOGIN if($this->res!=1){ header('Location: login.php'); } } }//End member classEdited April 30, 2010 by jbwebdesign Link to commentShare on other sitesMore sharing options... falkencreativePosted April 30, 2010 falkencreative
Posted April 30, 2010 Are you using session_start() on each page where you want to access the session? http://php.net/manual/en/function.session-start.php - [Instructor] In this movie, we're going to define a new class called session. And we're going to use it to help us manage our php sessions. We're mostly going to use it so that we can keep track of whether a user is logged in in the session or not. Let's remember that the way that we're keeping track of a user being logged in, is that we're going to store their id in the session. So for example, we have a function called log_in. We pass in an id, and it sets a variable in the session and then we can keep track of that variable from then on. On all subsequent page loads, we can check that variable and see if it's been set, we know the user is logged in. So we have another function called is_logged_in that will report back whether it's set or not. And then when we want the user to log out, we simply unset that variable. So that variable acts like a hand stamp, letting us know on each of the subsequent page requests after logging in, we know this user is already logged in and we don't… Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing. Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app. |