[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

Maintain session state with php

Posted on 2004-09-23
7
Medium Priority
?
429 Views
Last Modified: 2012-08-13
I am using mysql db with php 4 server side scripting (on apache) and have implemented a login form. I need to maintain session state after a user logs in successfully so he can view, update or upload image by selecting option from html page.

At the moment a user can logon and he will be requested to enter email so he can access his record. How can I skip this useless part where email is requested and just give the user option to select from view, update and upload image once he is successfully authenticated i.e by maintaining state? I have the following sample php code to maintain state and have updated it to display variables when update_cv.php is loaded (i.e at the moment when a user selects udpate record) but I was not able to make it work. I am not sure whether $_SESSION['email']; is placed correctly or is in fact needed!! I have initially assigned 250 points but will assign double if I get quick solution ;-)

detect.php file:
<?
require("detect.php");
$_SESSION['email'];

print "var = $var<br>";
?>

update_cv.php file:
<?
session_start();

if (!session_is_registered("var")) {
  print "You are not registered<br>";
  session_register("var");

  $var = "email";
}
else {
  print "You are already logged in!<br>";
}
?>

thanks
m
0
Comment
Question by:miamati
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
7 Comments
 
LVL 27

Expert Comment

by:Diablo84
ID: 12133559
im not sure i fully follow what you are trying to do but the theory is this, when they login for example using their email address their email address can be assigned to a variable, eg:

session_start();

$_SESSION['email'] = "address@domain.com";

//or if its coming from post data for example $_SESSION['email'] = $_POST['email'];

Then to check if they are logged in to prevent them having to enter their details again you can do this

<?php
session_start();

if (!isset($_SESSION['email'])) {
  print "You are not registered<br>";
  //prehaps redirect to login page
}
else {
  print "You are already logged in!<br>";
}
?>
0
 
LVL 4

Assisted Solution

by:aratani
aratani earned 400 total points
ID: 12133631
Yes, you need to assign the $_SESSION ['e_mail'] to something. And then to make sure that the $_SESSION variable is read on every page, make sure you do the

session_start ();

on every page. If you don't use session_start () then the variables aren't loaded. To make sure you have the session variables, make sure you use this,

echo "<pre>";
print_r ($_SESSION);
echo "</pre>";

Take care

AJ
0
 

Author Comment

by:miamati
ID: 12151234
First of all tks for your feedback and sorry for getting back so late but due to unforseen circumstances I could not get back on the project. Anyway points increased as promised to 500! Now back to session state issue and I understood that what I have to do is to set session_start(); on each and every page + &_SESSION['email']=&_POST['email']  and then use the &_SESSION variable for my queries. In my case I have a login php page where user enters his email and password. If authenticated a new page 'index_user.php' with 2 options eg.  view and update record is displayed. When view is clicked the user can view his record details if $query matches his email but with current code (i.e no session state!) I have to reqest email on each screen to use it as criteria for $query  i.e
<?php
extract($_POST);
$email=$_POST['email];

$query = SELECT * from table where email='$email'";

Can I use the  $_session variable to match the user's email with correct record eg. where email=". $_session ["email"]""; and should I leave extract($_POST); and $email=$_POST['email]; and just add session_start(); ? I need to keep the user's email in memory (i.e thro' session vairiable) to use it for my sql queries. Can you please put sample code of how login page and index_user.php should start as to be honest I got confused never having used session state!?
thanks a lot mates!
m


0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 27

Accepted Solution

by:
Diablo84 earned 1600 total points
ID: 12151255
If you need the email available all around the site then you would do this, the first time they login assign the post value to a session variable (you don't need to use extract incidently):

<?php
session_start();
$_SESSION['email'] = $_POST['email'];
?>

Then after that anytime you need to use the email you can do this:

<?php
session_start();

echo $_SESSION['email'];
?>

If you need to use it in a query then you would do this:

<?php
session_start();
$_SESSION['email'] = $_POST['email'];

$query = "SELECT * from table where email='".$_SESSION['email']."'";
$query = mysql_query($query) or die(mysql_error());
?>

(NOTE: instead of concatenating the session variable in the query you can also use curly brackets like this: $query = "SELECT * from table where email='{$_SESSION['email']}'";
0
 
LVL 27

Expert Comment

by:Diablo84
ID: 12151262
Slight *mistake* there, if the session value has already been set when you run the query you only need

<?php
session_start();

$query = "SELECT * from table where email='".$_SESSION['email']."'";
$query = mysql_query($query) or die(mysql_error());
?>
0
 
LVL 27

Expert Comment

by:Diablo84
ID: 12151289
Heres another method that you would use when they first log in

<?php
session_start();

$query = "SELECT * from table where email='".$_POST['email']."'";
$query = mysql_query($query) or die(mysql_error());

$_SESSION['username'] = mysql_result($query,0,"FIELD_NAME");
?>

The post value of email is immediately run in the query and then the session value is set using the results from that query. In the last line of code FIELD_NAME would be the name of the field that you are getting the result from, so if you have a username field and you need to put that value in the session variable you would replace it with username.

you can then use $_SESSION['username'] elsewhere on your site (as long as session_start(); is at the top).

This may come in hand, if you need to check if they are logged in you could check if the session is set. In the below example if the session is not set the user will be redirected to the index page (you could also, for example, redirect them to the login page so then can login).

<?php
if (!isset($_SESSION['username'])) {
 header("location: index.html");
 exit;
}
?>

good luck!
0
 

Author Comment

by:miamati
ID: 12153907
Thanks to both as I have managed to enable sessions throughout the whole site! I have used diablo84's first method which worked just great. Points splitted accodingly:

diablo84: 400
aratani: 100

Thanks again.
regards
m

0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
There are times when I have encountered the need to decompress a response from a PHP request. This is how it's done, but you must have control of the request and you can set the Accept-Encoding header.
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
Suggested Courses

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question