Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 440
  • Last Modified:

Maintain session state with php

I am using mysql db with php 4 server side scripting (on apache) and have implemented a login form. I need to maintain session state after a user logs in successfully so he can view, update or upload image by selecting option from html page.

At the moment a user can logon and he will be requested to enter email so he can access his record. How can I skip this useless part where email is requested and just give the user option to select from view, update and upload image once he is successfully authenticated i.e by maintaining state? I have the following sample php code to maintain state and have updated it to display variables when update_cv.php is loaded (i.e at the moment when a user selects udpate record) but I was not able to make it work. I am not sure whether $_SESSION['email']; is placed correctly or is in fact needed!! I have initially assigned 250 points but will assign double if I get quick solution ;-)

detect.php file:
<?
require("detect.php");
$_SESSION['email'];

print "var = $var<br>";
?>

update_cv.php file:
<?
session_start();

if (!session_is_registered("var")) {
  print "You are not registered<br>";
  session_register("var");

  $var = "email";
}
else {
  print "You are already logged in!<br>";
}
?>

thanks
m
0
miamati
Asked:
miamati
  • 4
  • 2
2 Solutions
 
Diablo84Commented:
im not sure i fully follow what you are trying to do but the theory is this, when they login for example using their email address their email address can be assigned to a variable, eg:

session_start();

$_SESSION['email'] = "address@domain.com";

//or if its coming from post data for example $_SESSION['email'] = $_POST['email'];

Then to check if they are logged in to prevent them having to enter their details again you can do this

<?php
session_start();

if (!isset($_SESSION['email'])) {
  print "You are not registered<br>";
  //prehaps redirect to login page
}
else {
  print "You are already logged in!<br>";
}
?>
0
 
arataniCommented:
Yes, you need to assign the $_SESSION ['e_mail'] to something. And then to make sure that the $_SESSION variable is read on every page, make sure you do the

session_start ();

on every page. If you don't use session_start () then the variables aren't loaded. To make sure you have the session variables, make sure you use this,

echo "<pre>";
print_r ($_SESSION);
echo "</pre>";

Take care

AJ
0
 
miamatiAuthor Commented:
First of all tks for your feedback and sorry for getting back so late but due to unforseen circumstances I could not get back on the project. Anyway points increased as promised to 500! Now back to session state issue and I understood that what I have to do is to set session_start(); on each and every page + &_SESSION['email']=&_POST['email']  and then use the &_SESSION variable for my queries. In my case I have a login php page where user enters his email and password. If authenticated a new page 'index_user.php' with 2 options eg.  view and update record is displayed. When view is clicked the user can view his record details if $query matches his email but with current code (i.e no session state!) I have to reqest email on each screen to use it as criteria for $query  i.e
<?php
extract($_POST);
$email=$_POST['email];

$query = SELECT * from table where email='$email'";

Can I use the  $_session variable to match the user's email with correct record eg. where email=". $_session ["email"]""; and should I leave extract($_POST); and $email=$_POST['email]; and just add session_start(); ? I need to keep the user's email in memory (i.e thro' session vairiable) to use it for my sql queries. Can you please put sample code of how login page and index_user.php should start as to be honest I got confused never having used session state!?
thanks a lot mates!
m


0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
Diablo84Commented:
If you need the email available all around the site then you would do this, the first time they login assign the post value to a session variable (you don't need to use extract incidently):

<?php
session_start();
$_SESSION['email'] = $_POST['email'];
?>

Then after that anytime you need to use the email you can do this:

<?php
session_start();

echo $_SESSION['email'];
?>

If you need to use it in a query then you would do this:

<?php
session_start();
$_SESSION['email'] = $_POST['email'];

$query = "SELECT * from table where email='".$_SESSION['email']."'";
$query = mysql_query($query) or die(mysql_error());
?>

(NOTE: instead of concatenating the session variable in the query you can also use curly brackets like this: $query = "SELECT * from table where email='{$_SESSION['email']}'";
0
 
Diablo84Commented:
Slight *mistake* there, if the session value has already been set when you run the query you only need

<?php
session_start();

$query = "SELECT * from table where email='".$_SESSION['email']."'";
$query = mysql_query($query) or die(mysql_error());
?>
0
 
Diablo84Commented:
Heres another method that you would use when they first log in

<?php
session_start();

$query = "SELECT * from table where email='".$_POST['email']."'";
$query = mysql_query($query) or die(mysql_error());

$_SESSION['username'] = mysql_result($query,0,"FIELD_NAME");
?>

The post value of email is immediately run in the query and then the session value is set using the results from that query. In the last line of code FIELD_NAME would be the name of the field that you are getting the result from, so if you have a username field and you need to put that value in the session variable you would replace it with username.

you can then use $_SESSION['username'] elsewhere on your site (as long as session_start(); is at the top).

This may come in hand, if you need to check if they are logged in you could check if the session is set. In the below example if the session is not set the user will be redirected to the index page (you could also, for example, redirect them to the login page so then can login).

<?php
if (!isset($_SESSION['username'])) {
 header("location: index.html");
 exit;
}
?>

good luck!
0
 
miamatiAuthor Commented:
Thanks to both as I have managed to enable sessions throughout the whole site! I have used diablo84's first method which worked just great. Points splitted accodingly:

diablo84: 400
aratani: 100

Thanks again.
regards
m

0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now