Solved

Maintain session state with php

Posted on 2004-09-23
7
395 Views
Last Modified: 2012-08-13
I am using mysql db with php 4 server side scripting (on apache) and have implemented a login form. I need to maintain session state after a user logs in successfully so he can view, update or upload image by selecting option from html page.

At the moment a user can logon and he will be requested to enter email so he can access his record. How can I skip this useless part where email is requested and just give the user option to select from view, update and upload image once he is successfully authenticated i.e by maintaining state? I have the following sample php code to maintain state and have updated it to display variables when update_cv.php is loaded (i.e at the moment when a user selects udpate record) but I was not able to make it work. I am not sure whether $_SESSION['email']; is placed correctly or is in fact needed!! I have initially assigned 250 points but will assign double if I get quick solution ;-)

detect.php file:
<?
require("detect.php");
$_SESSION['email'];

print "var = $var<br>";
?>

update_cv.php file:
<?
session_start();

if (!session_is_registered("var")) {
  print "You are not registered<br>";
  session_register("var");

  $var = "email";
}
else {
  print "You are already logged in!<br>";
}
?>

thanks
m
0
Comment
Question by:miamati
  • 4
  • 2
7 Comments
 
LVL 27

Expert Comment

by:Diablo84
ID: 12133559
im not sure i fully follow what you are trying to do but the theory is this, when they login for example using their email address their email address can be assigned to a variable, eg:

session_start();

$_SESSION['email'] = "address@domain.com";

//or if its coming from post data for example $_SESSION['email'] = $_POST['email'];

Then to check if they are logged in to prevent them having to enter their details again you can do this

<?php
session_start();

if (!isset($_SESSION['email'])) {
  print "You are not registered<br>";
  //prehaps redirect to login page
}
else {
  print "You are already logged in!<br>";
}
?>
0
 
LVL 4

Assisted Solution

by:aratani
aratani earned 100 total points
ID: 12133631
Yes, you need to assign the $_SESSION ['e_mail'] to something. And then to make sure that the $_SESSION variable is read on every page, make sure you do the

session_start ();

on every page. If you don't use session_start () then the variables aren't loaded. To make sure you have the session variables, make sure you use this,

echo "<pre>";
print_r ($_SESSION);
echo "</pre>";

Take care

AJ
0
 

Author Comment

by:miamati
ID: 12151234
First of all tks for your feedback and sorry for getting back so late but due to unforseen circumstances I could not get back on the project. Anyway points increased as promised to 500! Now back to session state issue and I understood that what I have to do is to set session_start(); on each and every page + &_SESSION['email']=&_POST['email']  and then use the &_SESSION variable for my queries. In my case I have a login php page where user enters his email and password. If authenticated a new page 'index_user.php' with 2 options eg.  view and update record is displayed. When view is clicked the user can view his record details if $query matches his email but with current code (i.e no session state!) I have to reqest email on each screen to use it as criteria for $query  i.e
<?php
extract($_POST);
$email=$_POST['email];

$query = SELECT * from table where email='$email'";

Can I use the  $_session variable to match the user's email with correct record eg. where email=". $_session ["email"]""; and should I leave extract($_POST); and $email=$_POST['email]; and just add session_start(); ? I need to keep the user's email in memory (i.e thro' session vairiable) to use it for my sql queries. Can you please put sample code of how login page and index_user.php should start as to be honest I got confused never having used session state!?
thanks a lot mates!
m


0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 27

Accepted Solution

by:
Diablo84 earned 400 total points
ID: 12151255
If you need the email available all around the site then you would do this, the first time they login assign the post value to a session variable (you don't need to use extract incidently):

<?php
session_start();
$_SESSION['email'] = $_POST['email'];
?>

Then after that anytime you need to use the email you can do this:

<?php
session_start();

echo $_SESSION['email'];
?>

If you need to use it in a query then you would do this:

<?php
session_start();
$_SESSION['email'] = $_POST['email'];

$query = "SELECT * from table where email='".$_SESSION['email']."'";
$query = mysql_query($query) or die(mysql_error());
?>

(NOTE: instead of concatenating the session variable in the query you can also use curly brackets like this: $query = "SELECT * from table where email='{$_SESSION['email']}'";
0
 
LVL 27

Expert Comment

by:Diablo84
ID: 12151262
Slight *mistake* there, if the session value has already been set when you run the query you only need

<?php
session_start();

$query = "SELECT * from table where email='".$_SESSION['email']."'";
$query = mysql_query($query) or die(mysql_error());
?>
0
 
LVL 27

Expert Comment

by:Diablo84
ID: 12151289
Heres another method that you would use when they first log in

<?php
session_start();

$query = "SELECT * from table where email='".$_POST['email']."'";
$query = mysql_query($query) or die(mysql_error());

$_SESSION['username'] = mysql_result($query,0,"FIELD_NAME");
?>

The post value of email is immediately run in the query and then the session value is set using the results from that query. In the last line of code FIELD_NAME would be the name of the field that you are getting the result from, so if you have a username field and you need to put that value in the session variable you would replace it with username.

you can then use $_SESSION['username'] elsewhere on your site (as long as session_start(); is at the top).

This may come in hand, if you need to check if they are logged in you could check if the session is set. In the below example if the session is not set the user will be redirected to the index page (you could also, for example, redirect them to the login page so then can login).

<?php
if (!isset($_SESSION['username'])) {
 header("location: index.html");
 exit;
}
?>

good luck!
0
 

Author Comment

by:miamati
ID: 12153907
Thanks to both as I have managed to enable sessions throughout the whole site! I have used diablo84's first method which worked just great. Points splitted accodingly:

diablo84: 400
aratani: 100

Thanks again.
regards
m

0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
simplest php form 3 59
wamp versus xampp 4 43
Access Object's Property 9 22
phpmailer in WHILE loop - weird results 10 27
Generating table dynamically is the most common issue faced by php developers.... So it seems there is a need of an article that explains the basic concept of generating tables dynamically. It just requires a basic knowledge of html and little maths…
This article discusses how to create an extensible mechanism for linked drop downs.
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now