Topic awaiting preservation: Basic PHP Session Tutorial — OZONE Asylum, home of the Mad Scientists

Topic awaiting preservation: Basic PHP Session Tutorial (Page 1 of 1) $Pages that link to <a href="https://ozoneasylum.com/backlink?for=12783" title="Pages that link to Topic awaiting preservation: Basic PHP Session Tutorial (Page 1 of 1)" rel="nofollow" >Topic awaiting preservation: Basic PHP Session Tutorial <span class="small">(Page 1 of 1)</span>\$

Tyberius Prime Paranoid (IV) Mad Scientist with Finglongers From: Germany Insane since: Sep 2001	posted 06-12-2003 20:50 Prelude: Since serveral people asked me in the last couple of days about 'User Identification and Authentication With PHP Sessions', I decided to write this quick tutorial... Basic Idea: A session allows you to store information about a current visitor, without having to pass it from page to page via get or post. Like wether (and what) user is logged in, and what rights he has. Simple Usage: Most of you have a standard 'header' file that you include at the top of every page. Before printing anything, you should call session_start(). That will generate a random id for your session, which will be stored with a cookie() on the users machine. A session is usually existant about 15 minutes after the last page-load of a user, though this value may have been changed on your server (in the php.ini, actually). If session_start() detects that the user already has such an id, it will see if the corresponding session is still existant (ie. did not time out yet) and restore that. Once you have a session, you can store just about any php variable in it. The major exclusion are 'resources', for example the result of mysql_query().... Usually, you wouldn't want to do that anyhow. To store something in the current session, you would use $_SESSION['aName'] = $myVar; Get it back by using $_SESSION['aName'], on any page that has called session_start(). That's about it. QuickExample, basic user authentication: code: <?php //this must be before any printing is being done, inside or outside of the php tags. session_start(); if (isset($HTTP_POST_VARS['user'])) { if (doUserAndPasswordMatch($HTTP_POST_VARS['user'],$HTTP_POST_VARS['password'])) { loginUser($HTTP_POST_VARS['user']); } } if ($myUser = getCurrentUser()) { print 'You are logged in'. $myUser; } else { print 'You are not logged in.<br>'; printLoginForm(); } function printLoginForm() //void { print "<form method=\"post\" enctype=\"multipart/form-data\" action=\"{$_SERVER['PHP_SELF']}\">"; //phpself is the complete url of the current file... print '<input type="text" name="user" value="">'; print '<input type="password" name="password" value="">'; } function getCurrentUser() //string(username), or False { if (isset($_SESSION['username'])) return $_SESSION['username']; else return False; } function loginUser($user) //:void { $_SESSION['username'] = $user; } function doUserAndPasswordMatch($user,$password) //:boolean { //You'd probably replace that with a database lookup... return ((stringToLower($user) == "shu") && ($password == "sha")); } ?> Appendixes: () - There's a setting in php.ini, which if activated, will also transmit the session ID by appending it to post and get requests. If that's not activated on your server, but you need to send it out,you can get the current session name with session_name() and the session id with session_id, and send it via post for example with a hidden field: <input type="hidden" name="<?=session_name() ?>" value="<?=session_id() ?>"> PostPosting: All, and any, feedback is appreciate, before this baby goes into the faq. I'd be especially happy if someone could tell me once and for all wether to spell 'logged in' with one, or two. Ps: I hope the tabs make it. PPs: I really hope the tabs make it ;-) Edit PPPs: They didn't. had to [ code ] the whole thing... Edit 2, PPPPs: That looked much worse. so long, Tyberius Prime [This message has been edited by Tyberius Prime (edited 06-12-2003).]
CPrompt Maniac (V) Inmate From: there...no..there..... Insane since: May 2001	posted 06-13-2003 03:56 well that is definatly useful info. I have been wondering how to do a form log in on the page rather than the .htaccess. Now, I've gotten used to and it's not so funky. But again, good info. Later, C:\ ~Binary is best~
Skaarjj Maniac (V) Mad Scientist From: :morF Insane since: May 2000	posted 06-13-2003 07:59 Hey, thanks TP...much appreciated. BTW: Logged in is two G's [This message has been edited by Skaarjj (edited 06-13-2003).]
DmS Paranoid (IV) Inmate From: Sthlm, Sweden Insane since: Oct 2000	posted 06-13-2003 11:13 Good stuff TP. That's something that would fit in nicely over at gurusnetwork as well hint, hint /Dan {cell 260} -{ a vibration is a movement that doesn't know which way to go }-
Tyberius Prime Paranoid (IV) Mad Scientist with Finglongers From: Germany Insane since: Sep 2001	posted 06-13-2003 12:04 yes, but can it (and I) stand the scrutiny with which the gurus look at their tutorial suggestions?
Trigger Paranoid (IV) Inmate From: Insane since: Jun 2002	posted 06-13-2003 17:00 TP you beat me too it but nice work unfortuanlty itsa bit late I figured out sessions the other day Trigger
DL-44 Maniac (V) Inmate From: under the bed Insane since: Feb 2000	posted 06-13-2003 18:01 Sweet =) And there's only one way to find out if it stands up to the GN approval process - go submit it
DmS Paranoid (IV) Inmate From: Sthlm, Sweden Insane since: Oct 2000	posted 06-13-2003 20:59 Well well TP, ifI can get coding tutorials approved, then surely you can /Dan {cell 260} -{ a vibration is a movement that doesn't know which way to go }-
Tyberius Prime Paranoid (IV) Mad Scientist with Finglongers From: Germany Insane since: Sep 2001	posted 06-13-2003 21:10 ok... I posted it over at the gn. Standing by for having my ego bruised a little...

Prelude:
Since serveral people asked me in the last couple of days about 'User Identification and Authentication With PHP Sessions',
I decided to write this quick tutorial...

Basic Idea:
A session allows you to store information about a current visitor,
without having to pass it from page to page via get or post.
Like wether (and what) user is logged in, and what rights he has.

Simple Usage:
Most of you have a standard 'header' file that you include at the top of every page. Before printing anything, you
should call session_start(). That will generate a random id for your session, which will be stored with a cookie(*) on the users
machine. A session is usually existant about 15 minutes after the last page-load of a user, though this value may have been
changed on your server (in the php.ini, actually).
If session_start() detects that the user already has such an id, it will see if the corresponding session is still existant
(ie. did not time out yet) and restore that.
Once you have a session, you can store just about any php variable in it. The major exclusion are 'resources',
for example the result of mysql_query().... Usually, you wouldn't want to do that anyhow.
To store something in the current session, you would use $_SESSION['aName'] = $myVar;
Get it back by using $_SESSION['aName'], on any page that has called session_start(). That's about it.

QuickExample, basic user authentication:

code:

<?php

//this must be before any printing is being done, inside or outside of the php tags.

session_start();



if (isset($HTTP_POST_VARS['user']))

{

	if (doUserAndPasswordMatch($HTTP_POST_VARS['user'],$HTTP_POST_VARS['password']))

	{

		loginUser($HTTP_POST_VARS['user']);

	}

}



if ($myUser = getCurrentUser())

{

	print 'You are logged in'. $myUser;

}

else

{

	print 'You are not logged in.<br>';

	printLoginForm();

}



function printLoginForm() //void

{

	print "<form method=\"post\" enctype=\"multipart/form-data\" action=\"{$_SERVER['PHP_SELF']}\">"; //phpself is the complete url  of the current file...

	print '<input type="text" name="user" value="">';

	print '<input type="password" name="password" value="">';

}



function getCurrentUser() //string(username), or False

{

	if (isset($_SESSION['username']))

		return $_SESSION['username'];

	else

		return False;

}



function loginUser($user) //:void

{

	$_SESSION['username'] = $user;	

}





function doUserAndPasswordMatch($user,$password) //:boolean

{

	//You'd probably replace that with a database lookup...

	return ((stringToLower($user) == "shu") && ($password == "sha"));

}

?>

Appendixes:
(*) - There's a setting in php.ini, which if activated, will also transmit the session ID by appending it to post and get requests.
If that's not activated on your server, but you need to send it out,you can get the current session name with session_name()
and the session id with session_id, and send it via post for example with a hidden field: <input type="hidden" name="<?=session_name() ?>" value="<?=session_id() ?>">

PostPosting:
All, and any, feedback is appreciate, before this baby goes into the faq.
I'd be especially happy if someone could tell me once and for all wether to spell 'logged in' with one, or two.

Ps: I hope the tabs make it.
PPs: I really hope the tabs make it ;-)
Edit PPPs: They didn't. had to [ code ] the whole thing...
Edit 2, PPPPs: That looked much worse.

so long,
Tyberius Prime

[This message has been edited by Tyberius Prime (edited 06-12-2003).]

Topic awaiting preservation: Basic PHP Session Tutorial (Page 1 of 1)