Solved

Maintain session state with php

Posted on 2004-09-23
7
394 Views
Last Modified: 2012-08-13
I am using mysql db with php 4 server side scripting (on apache) and have implemented a login form. I need to maintain session state after a user logs in successfully so he can view, update or upload image by selecting option from html page.

At the moment a user can logon and he will be requested to enter email so he can access his record. How can I skip this useless part where email is requested and just give the user option to select from view, update and upload image once he is successfully authenticated i.e by maintaining state? I have the following sample php code to maintain state and have updated it to display variables when update_cv.php is loaded (i.e at the moment when a user selects udpate record) but I was not able to make it work. I am not sure whether $_SESSION['email']; is placed correctly or is in fact needed!! I have initially assigned 250 points but will assign double if I get quick solution ;-)

detect.php file:
<?
require("detect.php");
$_SESSION['email'];

print "var = $var<br>";
?>

update_cv.php file:
<?
session_start();

if (!session_is_registered("var")) {
  print "You are not registered<br>";
  session_register("var");

  $var = "email";
}
else {
  print "You are already logged in!<br>";
}
?>

thanks
m
0
Comment
Question by:miamati
  • 4
  • 2
7 Comments
 
LVL 27

Expert Comment

by:Diablo84
ID: 12133559
im not sure i fully follow what you are trying to do but the theory is this, when they login for example using their email address their email address can be assigned to a variable, eg:

session_start();

$_SESSION['email'] = "address@domain.com";

//or if its coming from post data for example $_SESSION['email'] = $_POST['email'];

Then to check if they are logged in to prevent them having to enter their details again you can do this

<?php
session_start();

if (!isset($_SESSION['email'])) {
  print "You are not registered<br>";
  //prehaps redirect to login page
}
else {
  print "You are already logged in!<br>";
}
?>
0
 
LVL 4

Assisted Solution

by:aratani
aratani earned 100 total points
ID: 12133631
Yes, you need to assign the $_SESSION ['e_mail'] to something. And then to make sure that the $_SESSION variable is read on every page, make sure you do the

session_start ();

on every page. If you don't use session_start () then the variables aren't loaded. To make sure you have the session variables, make sure you use this,

echo "<pre>";
print_r ($_SESSION);
echo "</pre>";

Take care

AJ
0
 

Author Comment

by:miamati
ID: 12151234
First of all tks for your feedback and sorry for getting back so late but due to unforseen circumstances I could not get back on the project. Anyway points increased as promised to 500! Now back to session state issue and I understood that what I have to do is to set session_start(); on each and every page + &_SESSION['email']=&_POST['email']  and then use the &_SESSION variable for my queries. In my case I have a login php page where user enters his email and password. If authenticated a new page 'index_user.php' with 2 options eg.  view and update record is displayed. When view is clicked the user can view his record details if $query matches his email but with current code (i.e no session state!) I have to reqest email on each screen to use it as criteria for $query  i.e
<?php
extract($_POST);
$email=$_POST['email];

$query = SELECT * from table where email='$email'";

Can I use the  $_session variable to match the user's email with correct record eg. where email=". $_session ["email"]""; and should I leave extract($_POST); and $email=$_POST['email]; and just add session_start(); ? I need to keep the user's email in memory (i.e thro' session vairiable) to use it for my sql queries. Can you please put sample code of how login page and index_user.php should start as to be honest I got confused never having used session state!?
thanks a lot mates!
m


0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 27

Accepted Solution

by:
Diablo84 earned 400 total points
ID: 12151255
If you need the email available all around the site then you would do this, the first time they login assign the post value to a session variable (you don't need to use extract incidently):

<?php
session_start();
$_SESSION['email'] = $_POST['email'];
?>

Then after that anytime you need to use the email you can do this:

<?php
session_start();

echo $_SESSION['email'];
?>

If you need to use it in a query then you would do this:

<?php
session_start();
$_SESSION['email'] = $_POST['email'];

$query = "SELECT * from table where email='".$_SESSION['email']."'";
$query = mysql_query($query) or die(mysql_error());
?>

(NOTE: instead of concatenating the session variable in the query you can also use curly brackets like this: $query = "SELECT * from table where email='{$_SESSION['email']}'";
0
 
LVL 27

Expert Comment

by:Diablo84
ID: 12151262
Slight *mistake* there, if the session value has already been set when you run the query you only need

<?php
session_start();

$query = "SELECT * from table where email='".$_SESSION['email']."'";
$query = mysql_query($query) or die(mysql_error());
?>
0
 
LVL 27

Expert Comment

by:Diablo84
ID: 12151289
Heres another method that you would use when they first log in

<?php
session_start();

$query = "SELECT * from table where email='".$_POST['email']."'";
$query = mysql_query($query) or die(mysql_error());

$_SESSION['username'] = mysql_result($query,0,"FIELD_NAME");
?>

The post value of email is immediately run in the query and then the session value is set using the results from that query. In the last line of code FIELD_NAME would be the name of the field that you are getting the result from, so if you have a username field and you need to put that value in the session variable you would replace it with username.

you can then use $_SESSION['username'] elsewhere on your site (as long as session_start(); is at the top).

This may come in hand, if you need to check if they are logged in you could check if the session is set. In the below example if the session is not set the user will be redirected to the index page (you could also, for example, redirect them to the login page so then can login).

<?php
if (!isset($_SESSION['username'])) {
 header("location: index.html");
 exit;
}
?>

good luck!
0
 

Author Comment

by:miamati
ID: 12153907
Thanks to both as I have managed to enable sessions throughout the whole site! I have used diablo84's first method which worked just great. Points splitted accodingly:

diablo84: 400
aratani: 100

Thanks again.
regards
m

0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Author Note: Since this E-E article was originally written, years ago, formal testing has come into common use in the world of PHP.  PHPUnit (http://en.wikipedia.org/wiki/PHPUnit) and similar technologies have enjoyed wide adoption, making it possib…
These days socially coordinated efforts have turned into a critical requirement for enterprises.
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now