Thread: user tracking

Ok, so this might be a stupid question, but I've setup a login system and I've got that all working, but when I add pages that require access, how do I make sure that a user is logged in and once someone is logged in, how do I keep them logged in?

I do all of that through a file called config.php.

config.php checks cookies and compares them with the database, and if all is valid, it sets up a variable called $CONFIG['user'] and lets the user proceed.

Also, if all is valid, I refresh the cookies to keep them logged in.

I include config.php in every page that I need this, and use $CONFIG['user'] to see whether or not they're logged in, and decide what to show them or where to direct them to.

I'm sure there's other ways, but that's how I do it in my news manager.

would you mind posting the file or sending it to me? I think I understand what you're doing, but I always get a problem with headers being sent before I set the cookies again.

Hi!

I use the following system which is very easy to implement in any php based login system. I set cookies which expires when user closes its browser.

PHP Code:

setcookie("loggedin", "true"); 


Now the above code sets a cookie named loggedin with the value true. Now you have to add special code on the restricted pages so that it checks for the cookie and do the stuff.

PHP Code:

<?php
if (isset($HTTP_COOKIE_VARS["loggedin"])) {
        $loggedin = $HTTP_COOKIE_VARS["loggedin"];
} else {
        header ("Location: login.php");
        echo ("<a href=login.php>Click here to login</a>");
        exit;
}
if ($loggedin == "") {
        header ("Location: login.php");
        echo ("<a href=login.php>Click here to login</a>");
        exit;
}
?>

Now add this codevery above to all the restricted php pages. It will check weather the user has logged in or not ..if it has then the script continues to load if it has not then it displays the login message stuff.

I know this is very basic but this is easy to implement and is effective. I hope you like this.

Thanks!

Ok, so what happens when the user doesn't have cookies turned on? That's why I'd rather see a sessions example.

This is not tested as i don't like sessions and stuff but i have made it for you. Better test it yourself.

PHP Code:

session_start();
session_register('loggedin');
loggedin = "true"; 


Now add the following to every restricted page on the top.

PHP Code:

<?php
if (!$PHPSESSID) {
        header ("Location: login.php");
        echo ("<a href=login.php>Click here to login</a>");
        exit;
} else if ((!$loggedin) || $loggedin == "") {
        header ("Location: login.php");
        echo ("<a href=login.php>Click here to login</a>");
        exit;
}
?>

1) It'd be smarter to put it in a file and include it in every page, rather than having that at the top of every page.

2) You (AvisSoft) are using deprecated PHP code.

Why do people not like sessions? I'd rather use them because cookies don't always work with privacy settings.




PS: Kris, I love your new layout. How much for a layout for my DJ service? Thanks.

Originally posted by carp
Why do people not like sessions? I'd rather use them because cookies don't always work with privacy settings.

My only beef with them is that they wont keep users logged in for more than the length of the browser being open.

Originally posted by carp
PS: Kris, I love your new layout. How much for a layout for my DJ service? Thanks.

Thanks. PM or email me.