TalkPHP
Home Forums Articles Glossary Awards Register Rules Members Search Today's Posts Mark Forums Read
 
 
 
Account Login
Latest Articles
» The basic usage of PHPTAL, a XML/XHTML template library for PHP
by awuehr on 11-10-2008 in Tips & Tricks
» Vulnerable methods and the areas they are commonly trusted in.
by Village Idiot on 11-04-2008 in Classes & Objects
» Simple way to protect a form from bot
by codefreek on 10-23-2008 in Basic
» The Basics On: How Session Stealing Works
by wiifanatic on 09-12-2008 in Security & Permissions
» How to keep your forms from double posting data
by drewbee on 07-03-2008 in Tips & Tricks
IRC Channel
IRC Speech Bubble Join the friendly bunch on IRC...
(#TalkPHP on Freenode)

...Also available via a web interface.

See this thread for information on the TalkPHP Free Hugs Initiative™. Subject to availability.
Associates
Associates
CSS Tutorials
TalkPHP > Developer Forums > Advanced PHP Programming » Sessions & Functions
Reply
 
LinkBack Thread Tools Search this Thread Display Modes
Old 01-13-2008, 07:04 PM   #1 (permalink)
The Addict
Upcoming Programmer Top Contributor 
 
Rendair's Avatar
 
Join Date: Nov 2007
Location: UK
Posts: 319
Thanks: 18
Rendair is on a distinguished road
Default Sessions & Functions
Hey all i have a question.

I aint all that strong on using sessions.

I am trying to set a session using a function on a login page. When the user clicks login it it will trigger a PHP function and that function will set the session.

PHP Code:
function loginUser($username,$password){
    
    $username mysql_real_escape_string($username);
    $password mysql_real_escape_string($password);
    
        $query "SELECT * FROM example WHERE username='".$username."' AND password=PASSWORD('$password')";
        $query mysql_query($query);
        $number mysql_num_rows($query);
        
        if($number 1){
            echo "Incorrect Login Information";
        }
        else{
            
            $_SESSION["logged"] = $username;
            
            echo "You are now logged in <a href=index.php> Click Here </a>";
            
        }
    
I have placed the session_start() on the login page, the function itself is in a function file am i missing something?
__________________
www.jooney.co.uk - the online portfolio
Send a message via MSN to Rendair
Rendair is offline   		Reply With Quote
Old 01-13-2008, 07:58 PM   #2 (permalink)
Alan @ CIT
Member of the Month
The Frequenter
Member of the Month Top Contributor 
 
Alan @ CIT's Avatar
 
Join Date: Apr 2005
Location: South UK
Posts: 483
Thanks: 51
Alan @ CIT is on a distinguished road
Default
Looks fine to me. session_start() is all you need to get a session going. Then just put your variables in the $_SESSION superglobal as you have done.

Alan.
Send a message via MSN to Alan @ CIT
Alan @ CIT is offline   		Reply With Quote
The Following User Says Thank You to Alan @ CIT For This Useful Post:
Rendair (01-14-2008)
Old 01-13-2008, 09:38 PM   #3 (permalink)
The Frequenter
 
ReSpawN's Avatar
 
Join Date: Nov 2007
Location: Netherlands
Posts: 460
Thanks: 49
ReSpawN is on a distinguished road
Default
Thats the first thing you should have on your page. Next to the error reporting and some ini_set functions. I cannot press enough that you should be careful to not push any valuable and harmful information into the sessions since 'it can be used against you'. There's a cliché for ya.

If you have any other questions, you can always ask here and on MSN. Of course, Alan has no absence here so he'll be the first to reply!

Good luck Dale!
__________________
"Life is a bitch, take that bitch on a ride"
Send a message via MSN to ReSpawN
ReSpawN is offline   		Reply With Quote
The Following User Says Thank You to ReSpawN For This Useful Post:
Rendair (01-14-2008)
Old 01-13-2008, 09:43 PM   #4 (permalink)
Alan @ CIT
Member of the Month
The Frequenter
Member of the Month Top Contributor 
 
Alan @ CIT's Avatar
 
Join Date: Apr 2005
Location: South UK
Posts: 483
Thanks: 51
Alan @ CIT is on a distinguished road
Default
Quote:
Originally Posted by ReSpawN View Post
Of course, Alan has no absence here
That's worryingly true :(

Btw, TalkPHP - Understanding the Life of a Session is a good read for anyone who uses sessions

Alan
Send a message via MSN to Alan @ CIT
Alan @ CIT is offline   		Reply With Quote
Old 01-13-2008, 10:27 PM   #5 (permalink)
The Frequenter
 
ReSpawN's Avatar
 
Join Date: Nov 2007
Location: Netherlands
Posts: 460
Thanks: 49
ReSpawN is on a distinguished road
Default
Haven't read that one. I guess *clicks it to be sure* you made it? *yep, you did*.

Nice article *booked*.
__________________
"Life is a bitch, take that bitch on a ride"
Send a message via MSN to ReSpawN
ReSpawN is offline   		Reply With Quote
Old 01-13-2008, 10:37 PM   #6 (permalink)
Alan @ CIT
Member of the Month
The Frequenter
Member of the Month Top Contributor 
 
Alan @ CIT's Avatar
 
Join Date: Apr 2005
Location: South UK
Posts: 483
Thanks: 51
Alan @ CIT is on a distinguished road
Default
It's one of Wildhoney's articles :)
Send a message via MSN to Alan @ CIT
Alan @ CIT is offline   		Reply With Quote
Old 01-14-2008, 02:27 AM   #7 (permalink)
The Frequenter
Prolific Welcomer Upcoming Programmer 
 
Join Date: Sep 2007
Posts: 360
Thanks: 24
Haris is on a distinguished road
Default
PHP Code:
function loginUser($username,$password) {
    $username mysql_real_escape_string($username);
    $password mysql_real_escape_string($password);
    
        $query "SELECT * FROM example WHERE username='".$username."' AND password=PASSWORD('$password')";
        $query mysql_query($query);
        $number mysql_num_rows($query);
        
        if($number 1) {
            echo "Incorrect Login Information";
        }
        else {
            session_regenerate_id();
            $_SESSION["logged"] = $username;
            
            echo "You are now logged in <a href=index.php> Click Here </a>";
        }
PHP: session_regenerate_id - Manual

It will regenerate the session ID every time the user logins thus, preventing session hijacking.
__________________
Necessity is the mother of invention.

My blog
Haris is offline   		Reply With Quote
The Following 2 Users Say Thank You to Haris For This Useful Post:
Nor (01-14-2008), Rendair (01-14-2008)
Old 01-14-2008, 07:36 AM   #8 (permalink)
The Addict
Upcoming Programmer Top Contributor 
 
Rendair's Avatar
 
Join Date: Nov 2007
Location: UK
Posts: 319
Thanks: 18
Rendair is on a distinguished road
Default
Thank you all
__________________
www.jooney.co.uk - the online portfolio
Send a message via MSN to Rendair
Rendair is offline   		Reply With Quote
Old 01-14-2008, 10:57 AM   #9 (permalink)
The Acquainted
 
EyeDentify's Avatar
 
Join Date: Nov 2007
Location: Sweden
Posts: 106
Thanks: 13
EyeDentify is on a distinguished road
Default
@Haris

I wouldn´t go as far to say "preventing" hijacking but it will make it more difficult to hijack. :D

Thats my opinion anyway.

/EyeDentify
__________________
Of course the whole point of a doomsday machine, would have been lost if you keep it a secret.
EyeDentify is offline   		Reply With Quote
Reply

« Previous Thread | Next Thread »


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT. The time now is 10:50 PM.

 
     
Contact Us - TalkPHP - PHP Community - Archive - Top

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.1.0
Inactive Reminders By Icora Web Design