Session questions

<?Wille?> · #1 (**permalink**) 01-15-04, 04:56 AM

Im a beginner in php and i need to know some stuff sbout sessions in the project im working on.. i know that i must have session_start() in every page that i need to access sesson variables.. but do i have to save a variable so that php knows its a session variable.. if yes.. how to do that?
do i put info in regular vars or in somekind of session vars??
another thing is the $_SESSION.. is this a way to request for session vars like $var=$_REQUEST['var'] or are the session vars used as $_SESSION['the variable'].. ex. on login page after checking username and pword if true the $valid_user=1 else $valid_user=0
this is the var that i need as a session var.. then on a other page i need to check if $valid_user is 1.. so how do i get the var to the other page??
<?
$valid_user = $_SESSION['valid_user'];
/* then the ceck */
if ($valid_user == 1) { //the page
/* OR just check */
if ($_SESSION['valid_user'] == 1) { //the page
?>

the last thing ill ask now is how to destroy the vars so that nothing can be done on page when backing to it??

thank you for all help.
Wille

wheezy360 · #2 (**permalink**) 01-15-04, 11:26 AM

Whenever you want a session to remember a variable, you have to use the session_register() function, and then you can access that variable via $_SESSION.

With respect to your example:

PHP Code:


			
// ^^ Do user validation



// Register the session variable

session_register("valid_user");



// Give the session variable a value

$_SESSION["valid_user"] = 1;







/*  On the next page */



session_start();

if($_SESSION["valid_user"] == 1)

{

    // User is valid

}

else

{

    // User is not valid

}

<?Wille?> · #3 (**permalink**) 01-16-04, 03:41 AM

thank you.. ill try that as soon as i get home

<?Wille?> · #4 (**permalink**) 01-16-04, 10:10 AM

hmm.. unouthorized...
im not really sertain that i did it correctly.. if you have the time i would be gratefull if you could take a look and se if you can find any errors that i'v made. or is it just that sessions dont work on localhost (my computer .. running with XP)
this is the page where the form data is sent (checks the vaidity of user):

<?
session_start();

session_register("valid_user");

$name = $_REQUEST['namn'];
$pwd = $_REQUEST['pwd'];

if (!mysql_connect('localhost', '***', '***')) {
die('connection failed');
}
if (!mysql_select_db('DB')) {
die ('The database could not be selected');
}

$sql = mysql_query("SELECT pwd FROM member WHERE namn = '$name'");
$fetch = mysql_fetch_array($sql);
$numrows = mysql_num_rows($sql);

if($numrows != "0" & $pwd == $fetch["pwd"]){
$_SESSION['valid_user'] = 1;
} else {
$_SESSION['valid_user'] = 0;
}
if ($_SESSION['valid_user'] == 1) {

?>

<html>
<script language="JavaScript" type="text/JavaScript">

</script>
<body onLoad="MM_goToURL('self','pass_protected_file.php ');return document.MM_returnValue"> //Forvards to pass prot page

</body>
</html>
<?

} else {
die ("Error 401<br><h3> UNAUTHORIZED </h3>");
}
?>

this page seems to work without any problems
the pass protected file looks like this:

<?
session_start();
?>
<html>
<head>
<title>AuthA</title>
</head>

<body>
<?

if (!mysql_connect('localhost', '***', '***')) {
die('connection failed');
}
if (!mysql_select_db('DB')) {
die ('The database could not be selected');
}

if ($_SESSION['valid_user'] == 1):
if (isset($_GET['addevent'])):
?>

<form action="<?=$_SERVER['PHP_SELF']?>" method="post">
<h3>Skriv infon här:</h3><br>
Datum:<br>
<input type ="date" name ="date" value ="yyyy-mm-dd"><br><br>
Text:<br>
<textarea name="event" rows="5" cols="35"></textarea><br><br>
<input type ="submit" name="submitevent" value="OK">
<input name="reset" type ="reset" value="TÖM">
</form>

<?

else:
?>
yyyy-mm-dd   message <br>

<?

if (isset($_POST['submitevent'])) {
$event = $_POST['event'];
$date = $_POST['date'];
$sql = "INSERT INTO Akort SET vad='$event', datum='$date'";

if (mysql_query($sql))
{ echo('info insatt<br>');}
else
{ echo('gick inte att sätta in i databasen');}

}

if (!@mysql_query('DELETE FROM Akort where datum<CURDATE();')) {
die ("UNABLE TO DELETE OLD DATA");
}

$tabort = @mysql_query('DELETE * FROM Akort WHERE id="$rad"');
$resultat = @mysql_query('SELECT * FROM Akort ORDER BY datum');
while ($rad = mysql_fetch_array($resultat))
{
echo('<br>' . $rad['datum'] . '   ' . $rad['vad']);
}

echo('<br><a href="' . $_SERVER['PHP_SELF'] . '?addevent=1">add event</a>');

endif;
else:
die ("401 UNAUTHORIZED");
endif;

?>
<br>
<br>
<a href="logout.php">Logout</a>
</body>
</html>

thank you for all help

Wille

YourPHPPro · #5 (**permalink**) 01-16-04, 10:21 AM

Quote:

Originally Posted by wheezy360

Whenever you want a session to remember a variable, you have to use the session_register() function, and then you can access that variable via $_SESSION.

Just a note that may be of interest:

Quote:

CAUTION: If you are using $_SESSION (or $HTTP_SESSION_VARS), do not use session_register(), session_is_registered(), and session_unregister().
http://www.php.net/manual/en/functio...n-register.php