|
-
Feb 18th, 2003, 02:08 AM
#1
Sessions and Login
Hi,
I'm trying to create a tiny admin section for my site. What I do is have the user login using a form, and on the next page:
PHP Code:
username = $_POST["username"];
password = $_POST["password"];
$dbh=mysql_connect("localhost", "mendhakuser", "mendhakpassword") or die ('I cannot connect to the database because: ' . mysql_error());
mysql_select_db("mendhakdatabase");
$loginquery = "SELECT * FROM adminsection WHERE username = '$username' AND password = '$password'";
$loginresult = mysql_query($loginquery);
My first question is: After I get $loginresult, if I just check for the number of rows returned in $loginresult, and the answer is 1, then the user is validated... else he is not. Is this the proper method?
My second question is: How do I create a session variable and check it on every page, and how do I end it?
Thanks.
-
Feb 19th, 2003, 10:56 AM
#2
New Member
First off, I use an SQL table to store the following data:
Session ID, Username, Last Action Time (LAT)
Sooo...
first, lets assume we get a login that has been confirmed as valid. We need a session ID that will be unique.
Something along the lines of MD5($user.Time()); should work.
Now, just check the database for the supplied session. If it exists, we have a logged in user. Also remove sessions older than 10 minutes for security sake.

-Fireslash
-
Feb 19th, 2003, 12:10 PM
#3
Well, it isn't for a large site or anything. It's for my own website, so security doesn't matter. I just wanted to know what would be the best method to check if the userid and pwd are correct. Like in Q1, should I just do a row count?
-
Feb 21st, 2003, 09:46 PM
#4
*BUMPFROG*
Nobody visits the PHP forum anymore?
-
Feb 22nd, 2003, 02:47 PM
#5
Hyperactive Member
1. Yes:
$count = mysql_num_rows($loginresult);
2.
session_start();
session_register("username");
session_register("password");
$_SESSION['username'] = "blah";
session_destroy();
session_start(); needs to be at the top of every page
Kevin Carpenter
Currently Working in the CAOS (CA Operating System) Group
-
Feb 23rd, 2003, 10:59 AM
#6
Originally posted by carp
1. Yes:
$count = mysql_num_rows($loginresult);
2.
session_start();
session_register("username");
session_register("password");
$_SESSION['username'] = "blah";
session_destroy();
session_start(); needs to be at the top of every page
Thank you!
-
Feb 23rd, 2003, 04:38 PM
#7
Frenzied Member
Originally posted by carp
1. Yes:
$count = mysql_num_rows($loginresult);
2.
session_start();
session_register("username");
session_register("password");
$_SESSION['username'] = "blah";
session_destroy();
session_start(); needs to be at the top of every page
DO NOT use session_register("username"); if you set i twith $_SESSION[]. session_register() is deprecated
and no need for session_destroy(), to end a session just
$_SESSION['username'] = "";
unset($_SESSION['username']);
that is all.
fireSlash: why create a hash when php gives it to you already? the sessionID is unique so why not use that? you are creating more work then you have to.
-
Feb 23rd, 2003, 07:24 PM
#8
New Member
I am not overly fond of PHP's session system. I prefer using the smallest set of functions physically possible.
Maybe I am just making things harder than they can be, but it gives me more control over what I do with the language. Why use functions for connecting to IRC servers, FTP servers, etc, when you can write your own code to do it with fsock, have more control over the I/O, and gain a better understanding of the protocol?

-Fireslash
-
Feb 23rd, 2003, 07:29 PM
#9
Frenzied Member
I see what you are saying but for those that don't care about the protocol it is worth it.
so you want less functions as possbile, so you create your own session id but don't want to use sessions
$sessionID = session_id();
seems easy enough to me 
this way you are using 2 functions just to create a ID
MD5($user.Time());
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|