Sorry your browser is not supported!

You are using an outdated browser that does not support modern web technologies, in order to use this site please update to a new browser.

Browsers supported include Chrome, FireFox, Safari, Opera, Internet Explorer 10+ or Microsoft Edge.

Geek Culture / PHP Sessions

Author
Message
Neofish
20
Years of Service
User Offline
Joined: 7th Apr 2004
Location: A swimming pool of coke
Posted: 8th Oct 2004 01:39 Edited at: 8th Oct 2004 01:43
Link
Ok, I have decided to create this thread because it is easier than talking to people on MSN.

On my forum (see sig) I have written a login page thing that returns the user id of the username and password entered. It attempts to register the user id to the session. Anywho, it losses (if it was ever registered ) the thing that was set when I redirect it.

Can anyone give me any tips how to solve this etc...?

EDIT: I can give more detail if needed

:: Pulse Board Forums :: Want Gmail? Email me ::
Back to top
Profile PM Email Website
David T
Retired Moderator
22
Years of Service
User Offline
Joined: 27th Aug 2002
Location: England
Posted: 8th Oct 2004 01:41
Link
Current code?

Get 15 new commands, all the date / time commands left out of DBPro for free!
DOWNLOAD PLUGINS HERE: http://www.davidtattersall.me.uk/ and select "DarkBasic"
Back to top
Profile PM Email Website
Neofish
20
Years of Service
User Offline
Joined: 7th Apr 2004
Location: A swimming pool of coke
Posted: 8th Oct 2004 01:43
Link
In the source box:

:: Pulse Board Forums :: Want Gmail? Email me ::
Back to top
Profile PM Email Website
David T
Retired Moderator
22
Years of Service
User Offline
Joined: 27th Aug 2002
Location: England
Posted: 8th Oct 2004 01:58 Edited at: 8th Oct 2004 01:59
Link
First thing I notice is that you set pass as id of 2 to the index.php, don't know if that's intentional.

Secondly there's nothing to do with sessions there

Also you go the long way round - you select all users, then perform a where clause on them in PHP

Here's my php login code, complete with session aswell:



Get 15 new commands, all the date / time commands left out of DBPro for free!
DOWNLOAD PLUGINS HERE: http://www.davidtattersall.me.uk/ and select "DarkBasic"
Back to top
Profile PM Email Website
Neofish
20
Years of Service
User Offline
Joined: 7th Apr 2004
Location: A swimming pool of coke
Posted: 8th Oct 2004 02:05
Link
Quote: " First thing I notice is that you set pass as id of 2 to the index.php, don't know if that's intentional."

yes, my forum pages are viewable when the id is equal to 0002 and all the others are pages, 0001 is the news page for example.

I just realised the session_register is on my index...the code of the register is the source box

and as for your code I am looking into at the moment...

Thanks

:: Pulse Board Forums :: Want Gmail? Email me ::
Back to top
Profile PM Email Website
David T
Retired Moderator
22
Years of Service
User Offline
Joined: 27th Aug 2002
Location: England
Posted: 8th Oct 2004 02:27
Link
You're trying to register array keys. Try registering plain variables, like my code.

Get 15 new commands, all the date / time commands left out of DBPro for free!
DOWNLOAD PLUGINS HERE: http://www.davidtattersall.me.uk/ and select "DarkBasic"
Back to top
Profile PM Email Website
Neofish
20
Years of Service
User Offline
Joined: 7th Apr 2004
Location: A swimming pool of coke
Posted: 8th Oct 2004 02:34
Link
still doesnt seem to work + i noticed something wrong with my code, (not the code i gave you) but it didnt make a difference

:: Pulse Board Forums :: Want Gmail? Email me ::
Back to top
Profile PM Email Website
Neofish
20
Years of Service
User Offline
Joined: 7th Apr 2004
Location: A swimming pool of coke
Posted: 8th Oct 2004 02:46 Edited at: 8th Oct 2004 02:48
Link
my new code:


which has parts that you have got in your code (David T)

btw in your code you have loggedin=y if it works and failed=yes if it fails, shouldn't you have loggedin=n?

:: Pulse Board Forums :: Want Gmail? Email me ::
Back to top
Profile PM Email Website
the_winch
21
Years of Service
User Offline
Joined: 1st Feb 2003
Location: Oxford, UK
Posted: 8th Oct 2004 03:23 Edited at: 8th Oct 2004 03:27
Link
Why the foreach loop? there should only be one user with the username you are looking for.

Also what happens when the user gives an invalid username, the query won't return anything so what happens with the foreach loop then?

Shrink dbpro exes with upx
can i scream?
Back to top
Profile PM Website
Neofish
20
Years of Service
User Offline
Joined: 7th Apr 2004
Location: A swimming pool of coke
Posted: 8th Oct 2004 03:28
Link
ive changed the code so that wont happen

+ the query returns an array or something, and the foreach takes each row

:: Pulse Board Forums :: Want Gmail? Email me ::
Back to top
Profile PM Email Website
Richard Davey
Retired Moderator
22
Years of Service
User Offline
Joined: 30th Apr 2002
Location: On the Jupiter Probe
Posted: 8th Oct 2004 03:29
Link
The foreach loop in your latest post is redundant

If you optimise your SQL statement a little, you can avoid a load of PHP code:

$sql = "SELECT COUNT(*) AS hits FROM users WHERE user_name = '$username' AND password = '$password'";

Now do a simple:

if (mysql_result($result, 0, 'hits') > 0)
{
// user exists and password was correct
}

I hasten to add this isn't the most friendly way to do it (because you can never tell the user that it was their password that was wrong, because it might have been that their username didn't exist) - but it is quicker. If you have decent indexes on your users table MySQL can do a count() like greased lightening.

Cheers,

Rich

"I am not young enough to know everything."
- Oscar Wilde
Back to top
Profile PM Email Website
David T
Retired Moderator
22
Years of Service
User Offline
Joined: 27th Aug 2002
Location: England
Posted: 8th Oct 2004 04:42
Link
Quote: "btw in your code you have loggedin=y if it works and failed=yes if it fails, shouldn't you have loggedin=n? "


They're just flags for me to show the correct message (ie "You've been logged in" and "Please try again"). They have nothing to do with the script.

Get 15 new commands, all the date / time commands left out of DBPro for free!
DOWNLOAD PLUGINS HERE: http://www.davidtattersall.me.uk/ and select "DarkBasic"
Back to top
Profile PM Email Website
Neofish
20
Years of Service
User Offline
Joined: 7th Apr 2004
Location: A swimming pool of coke
Posted: 8th Oct 2004 05:07
Link
yeah i have them too, but you must have two $_GET's where you only need one

on the sql front, the way i query SQL (and David T does) is different so teh foreach is the only way (i know) to turn the results that EZ_SQL gives into usable thingy, with things that arent for posts etc i try to minimise it...

anywho...here is my current code, it does recognise the user and sends them to the correct place:


Thanks
N30F15H

:: Pulse Board Forums :: Want Gmail? Email me ::
Back to top
Profile PM Email Website
David T
Retired Moderator
22
Years of Service
User Offline
Joined: 27th Aug 2002
Location: England
Posted: 8th Oct 2004 05:28 Edited at: 8th Oct 2004 05:28
Link
yeah i have them too, but you must have two $_GET's where you only need one

It's not that hard... I just do this





As for your code.. this is how I would do it:

- Query for users who have the same username nad pass hash
- Get the first result out of ezsql and into $user.
- If there is a $user, then log un in as him else don't log us in.

No need for a foreach


PS - to count an array, try count()

Get 15 new commands, all the date / time commands left out of DBPro for free!
DOWNLOAD PLUGINS HERE: http://www.davidtattersall.me.uk/ and select "DarkBasic"
Back to top
Profile PM Email Website
Neofish
20
Years of Service
User Offline
Joined: 7th Apr 2004
Location: A swimming pool of coke
Posted: 8th Oct 2004 05:33
Link
Quote: "
"


yes you need $_GET to get it from the URL:

and you will need to GETs as you had two variables

to do that i have a variable called m and echo stuff depending on it...

:: Pulse Board Forums :: Want Gmail? Email me ::
Back to top
Profile PM Email Website
David T
Retired Moderator
22
Years of Service
User Offline
Joined: 27th Aug 2002
Location: England
Posted: 8th Oct 2004 06:06
Link
Quote: "yes you need $_GET to get it from the URL:"


No you don't.

Get 15 new commands, all the date / time commands left out of DBPro for free!
DOWNLOAD PLUGINS HERE: http://www.davidtattersall.me.uk/ and select "DarkBasic"
Back to top
Profile PM Email Website
Neofish
20
Years of Service
User Offline
Joined: 7th Apr 2004
Location: A swimming pool of coke
Posted: 8th Oct 2004 06:07 Edited at: 8th Oct 2004 06:09
Link
dont you, oh well, my things never work without it (*tries*)

EDIT: you appear to be right but i usually have longer var names in the code and short ones in the URL so i use GET to change it

:: Pulse Board Forums :: Want Gmail? Email me ::
Back to top
Profile PM Email Website
Rob K
Retired Moderator
22
Years of Service
User Offline
Joined: 10th Sep 2002
Location: Surrey, United Kingdom
Posted: 8th Oct 2004 06:49
Link
Quote: "(because you can never tell the user that it was their password that was wrong, because it might have been that their username didn't exist)"


I would always present the same error message whether the username was not found or whether the password was wrong. If someone is trying to illegitimately gain access to a site they have half the information if they know the username.


BlueGUI:Windows UI Plugin - All the power of the windows interface in your DBPro games.
Back to top
Profile PM Email Website
Bob 3456
20
Years of Service
User Offline
Joined: 1st Jun 2004
Location: In my computer chair
Posted: 8th Oct 2004 07:10
Link
if you cant get it to work download phpbb (phpbb.com) and look at there code, i know it works thats what i did.
Back to top
Profile PM Email
Neofish
20
Years of Service
User Offline
Joined: 7th Apr 2004
Location: A swimming pool of coke
Posted: 8th Oct 2004 07:11
Link
I looked at the code and it confused me

BTW I have phpBB on my hard-drive (not installed)

:: Pulse Board Forums :: Want Gmail? Email me ::
Back to top
Profile PM Email Website
Back to top

Login to post a reply

Server time is: 2024-09-22 18:40:01
Your offset time is: 2024-09-22 18:40:01