Alistair Baillie SS2002 wrote:[color=blue]
> Header requests must occur before any output is sent to the browser.
>
> (In my example the header() functions are simply redirecting the user to
> another file, and dont serve any other use.)
>
> - Ali
>
> "Bartosz Wegrzyn" <btgs@sbcglobal.net> wrote in message
> news:b5qee.2160$Yg4.235@newssvr17.news.prodigy.com ...
>[color=green]
>>Alistair Baillie SS2002 wrote:
>>[color=darkred]
>>>The session files on the server, will remain until the time has expired
>>>(And the web server deletes the old files, this only seems to work in
>>>linux, it doesnt work correctly in windows).
>>>
>>>However, if u have closed the browser, the link to that session will no
>>>longer exist, so there is no way to re access the session. (Or its hghly
>>>unlikley the user would be able to guess the session id).
>>>
>>>Make sure you only call session_start(); once per execution, if it
>>>appears multiple times, I would presume it would over write each other.
>>>
>>>
>>>I have stuck a very simple example on my web site;
>>>
>>>
http://www.alistairbaillie.co.uk/tmp/ Will run it
>>>
>>>
http://www.alistairbaillie.co.uk/tmp/source.php Will show you the source
>>>code.
>>>
>>>
>>>- Alistair
>>>
>>>
>>>"Bartosz Wegrzyn" <btgs@sbcglobal.net> wrote in message
>>>news:fsgee.1542$6E.440@newssvr33.news.prodigy.c om...
>>>
>>>
>>>>Alistair Baillie SS2002 wrote:
>>>>
>>>>
>>>>>Im not quite sure what you are meaning but;
>>>>>
>>>>>PHP will automatically destroy a session after a set amount of time, the
>>>>>default varies dependant on your server settings, mine is set to 20
>>>>>minutes, so there is no need for you to catch out of date sessions!
>>>>>
>>>>>I would presume that this is where your problem lies, and you are
>>>>>incorrectly destroying a session when it hasnt actually expired.
>>>>>
>>>>>Also, as session variables cant be modified without your script, you
>>>>>dont really need to confirm the username and password from the sesion,
>>>>>simply storing the username would be enough. (You can assume if the
>>>>>username was stored, the password was correct).
>>>>>
>>>>>I suggest you have a look at the session documentation at
>>>>>
http://uk.php.net/manual/en/function.session-start.php if you havnt
>>>>>already done so, as it does provide some examples.
>>>>>
>>>>>If you are still having problems, if you reply telling me exactly what
>>>>>you are trying to achieve, (Step by step), ill try and knock some code
>>>>>up as an example for you.
>>>>>
>>>>>- Alistair
>>>>>
>>>>>"Bartosz Wegrzyn" <btgs@sbcglobal.net> wrote in message
>>>>>news:tlXde.1667$Yg4.1012@newssvr17.news.prodi gy.com...
>>>>>
>>>>>
>>>>>
>>>>>>I call session_start() in my auth.php.
>>>>>>The think is that if I use the browser first time, it works.
>>>>>>Also when I logoff (wchich destroys session and goes back to login
>>>>>>screen) everything works fine.
>>>>>>
>>>>>>The problem starts when I close the browser without login off.
>>>>>>Then I have to login to every page.
>>>>>>My logout script does this:
>>>>>>
>>>>>>session_start();
>>>>>>session_destroy();
>>>>>><META HTTP-EQUIV=\"refresh\" content=\"5; URL=\login/main.php\">
>>>>>>
>>>>>>So what I though, is that if I put:
>>>>>>session_start();
>>>>>>session_destroy();
>>>>>>in this part of the code:
>>>>>>
>>>>>>// print login form and exit if failed.
>>>>>>if($num < 1){
>>>>>>echo "<center><BR><BR>You are not authenticated. Please login.<br><br>
>>>>>><form method=POST action=''>
>>>>>>username: <input type=text name=\"username\"> <BR><BR>
>>>>>>password: <input type=password name=\"password\"> <BR><BR><BR>
>>>>>><input value=login type=submit>
>>>>>></form></center>";
>>>>>>exit;
>>>>>>}
>>>>>>
>>>>>>It shoud do the same what logout does.
>>>>>>Unfortunately it does not.
>>>>>>
>>>>>>I thing that there is something that I dont know about sessions.
>>>>>>I don't like the thing that the user have to press logout.
>>>>>>It should automatically destroy the session, if the browser was closed.
>>>>>>
>>>>>>Any ideas
>>>>>>
>>>>>>Bart
>>>>>>
>>>>>>Alistair Baillie SS2002 wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>>>If 'menu' is suppost to be ur session variable, then you need to do
>>>>>>>$_SESSION['menu'];
>>>>>>>
>>>>>>>You also need to call session_start();
>>>>>>>
>>>>>>>- Ali
>>>>>>>
>>>>>>>"Bartosz Wegrzyn" <btgs@sbcglobal.net> wrote in message
>>>>>>>news:thGde.463$wj2.357@newssvr31.news.prodi gy.com...
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>>I need help with sessions.
>>>>>>>>I createt set of web site for nav with authorization.
>>>>>>>>
>>>>>>>>first I go into main.php which looks like this:
>>>>>>>>
>>>>>>>><?php
>>>>>>>>//common functions
>>>>>>>>include_once '../login/common.php';
>>>>>>>>global $LOGINDIR;
>>>>>>>>
>>>>>>>>//nav- navigation
>>>>>>>>//auth- authorization
>>>>>>>>include ("$LOGINDIR/nav.htm");
>>>>>>>>include ("$LOGINDIR/auth.php");
>>>>>>>>
>>>>>>>>$menu = $_GET['menu'];
>>>>>>>>switch($menu)
>>>>>>>>{
>>>>>>>>case 1:
>>>>>>>>include "$LOGINDIR/menu1.php";
>>>>>>>>global $LOGINDIR;
>>>>>>>>break;
>>>>>>>>
>>>>>>>>case 2:
>>>>>>>>include "$LOGINDIR/menu2.php";
>>>>>>>>global $LOGINDIR;
>>>>>>>>break;
>>>>>>>>
>>>>>>>>case 3:
>>>>>>>>include "$LOGINDIR/menu3.php";
>>>>>>>>global $LOGINDIR;
>>>>>>>>break;
>>>>>>>>
>>>>>>>>case 4:
>>>>>>>>include "$LOGINDIR/menu4.php";
>>>>>>>>global $LOGINDIR;
>>>>>>>>break;
>>>>>>>>
>>>>>>>>case 5:
>>>>>>>>include "$LOGINDIR/menu5.php";
>>>>>>>>global $LOGINDIR;
>>>>>>>>break;
>>>>>>>>
>>>>>>>>default:
>>>>>>>>include "$LOGINDIR/menudef.htm";
>>>>>>>>break;
>>>>>>>>}
>>>>>>>>
>>>>>>>>include ("$LOGINDIR/footer.htm");
>>>>>>>>?>
>>>>>>>>
>>>>>>>></td>
>>>>>>>></tr>
>>>>>>>></table>
>>>>>>>>
>>>>>>>>
>>>>>>>></body>
>>>>>>>></html>
>>>>>>>>
>>>>>>>>My auth.php looks like this:
>>>>>>>>
>>>>>>>>[root@lexon login]# cat auth.php
>>>>>>>><?php
>>>>>>>>// auth.php
>>>>>>>>include_once 'common.php';
>>>>>>>>include_once 'db.php';
>>>>>>>>dbConnect("corporate");
>>>>>>>>
>>>>>>>>// start session
>>>>>>>>session_start();
>>>>>>>>echo $_SESSION['username'];
>>>>>>>>echo $_SESSION['password'];
>>>>>>>>// convert username and password from _POST or _SESSION
>>>>>>>>
>>>>>>>>if($_POST){
>>>>>>>>if (!$_SESSION['username'] && !$_SESSION['password']) {
>>>>>>>>$_SESSION['username']=$_POST["username"];
>>>>>>>>$_SESSION['password']=$_POST["password"];
>>>>>>>>}
>>>>>>>>}
>>>>>>>>
>>>>>>>>echo "before the query";
>>>>>>>>echo $_SESSION['username'];
>>>>>>>>echo $_SESSION['password'];
>>>>>>>>
>>>>>>>>
>>>>>>>>// query for a user/pass match
>>>>>>>>$result=mysql_query("select * from users
>>>>>>>>where username='" . $_SESSION['username'] . "' and password='" .
>>>>>>>>$_SESSION['password'] . "'");
>>>>>>>>
>>>>>>>>if ($result) {
>>>>>>>>
>>>>>>>>// retrieve number of rows resulted
>>>>>>>>$num=mysql_num_rows($result);
>>>>>>>>
>>>>>>>>// print login form and exit if failed.
>>>>>>>>if($num < 1){
>>>>>>>>
>>>>>>>>echo "<center><BR><BR>You are not authenticated. Please
>>>>>>>>login.<br><br>
>>>>>>>><form method=POST action=''>
>>>>>>>>username: <input type=text name=\"username\"> <BR><BR>
>>>>>>>>password: <input type=password name=\"password\"> <BR><BR><BR>
>>>>>>>><input value=login type=submit>
>>>>>>>></form></center>";
>>>>>>>>exit;
>>>>>>>>}
>>>>>>>>
>>>>>>>>$phonenumber = mysql_result($result,0,'phonenumber');
>>>>>>>>$username = mysql_result($result,0,'username');
>>>>>>>>$userlevel = mysql_result($result,0,'userlevel');
>>>>>>>>
>>>>>>>>//check the logon time, logoff after 5min idle
>>>>>>>>if (!$_SESSION['login_time']) {
>>>>>>>>
>>>>>>>>$_SESSION['login_time']=time();
>>>>>>>>};
>>>>>>>>$lg_time = intval($_SESSION['login_time']);
>>>>>>>>
>>>>>>>>// If the session start time is greater than the current time...
>>>>>>>>if ($lg_time > time() ||
>>>>>>>>// If they have been logged in for longer than 5 minutes...
>>>>>>>>(time() - $lg_time) > 60*5) {
>>>>>>>>
>>>>>>>> unset ($_SESSION['login_time']);
>>>>>>>> unset ($_SESSION['username']);
>>>>>>>> unset ($_SESSION['password']);
>>>>>>>>
>>>>>>>> include ("logoutexp.php");
>>>>>>>> exit;
>>>>>>>>}
>>>>>>>>$_SESSION['login_time']=time();
>>>>>>>>};
>>>>>>>>mysql_close();
>>>>>>>>?>
>>>>>>>>
>>>>>>>>After the time out php goes to logoutexp.php which looks like this:
>>>>>>>>[root@lexon login]# cat logoutexp.php
>>>>>>>><?
>>>>>>>>// Login & Session example by sde
>>>>>>>>// logout.php
>>>>>>>>
>>>>>>>>include "\login\common.php";
>>>>>>>>global $LOGINDIR;
>>>>>>>>
>>>>>>>>// you must start session before destroying it
>>>>>>>>session_start();
>>>>>>>>session_destroy();
>>>>>>>>
>>>>>>>>echo "<center>For security reasons your session has expired.
>>>>>>>>
>>>>>>>>
>>>>>>>><br><br>
>>>>>>>>You will now be returned to the login page.
>>>>>>>>
>>>>>>>></center>
>>>>>>>>
>>>>>>>><META HTTP-EQUIV=\"refresh\" content=\"5; URL=\login/main.php\"> ";
>>>>>>>>exit;
>>>>>>>>?>
>>>>>>>>
>>>>>>>>
>>>>>>>>It goes back to main.php and asks for auth.
>>>>>>>>The problem is if I try to navigate the page and I will go to for
>>>>>>>>example to main.php?menu=4 I need to enter password again.
>>>>>>>>
>>>>>>>>The only org aroun is to click logoutexp.php link and then everything
>>>>>>>>is ok. I debug the script and I found out that the
>>>>>>>>$_session['username'] and password is lost.
>>>>>>>>
>>>>>>>>and ideas what is wrong?
>>>>>>>>
>>>>>>>>thanks
>>>>>>>>
>>>>>>>>bart
>>>>>>>
>>>>>>>
>>>>Thanks for your advices.
>>>>I modified mu authorization script, so it will wail until the session is
>>>>destroyed by closing the browser. This is the script:
>>>>
>>>><?php
>>>>// auth.php
>>>>error_reporting(E_ALL);
>>>>include_once 'common.php';
>>>>include_once 'db.php';
>>>>dbConnect("corporate");
>>>>
>>>>// start session
>>>>session_start();
>>>>
>>>>if ($_SESSION['authenticated']==1) {}
>>>>
>>>>else {
>>>>
>>>>// query for a user/pass match
>>>>$result=mysql_query("select * from users where username='" .
>>>>$_POST['username'] . "' and password='" . $_POST['password'] . "'");
>>>>if ($result) {
>>>>// retrieve number of rows resulted
>>>>$num=mysql_num_rows($result);
>>>>// print login form and exit if failed.
>>>>if($num < 1){
>>>>
>>>>echo "<center><BR>
>>>><BR>
>>>>You are not authenticated. Please login.<br><br>
>>>> <form method=POST action='main.php'>
>>>> username: <input type=text name=\"username\"> <BR><BR>
>>>> password: <input type=password name=\"password\"> <BR><BR><BR>
>>>> <input value=login type=submit>
>>>> </form></center>";
>>>> exit;
>>>>}
>>>>
>>>>//register sesssion authenticated
>>>>else {$_SESSION['authenticated']=true;}
>>>>
>>>>//register other values
>>>>$_SESSION['phonenumber'] = mysql_result($result,0,'phonenumber');
>>>>$_SESSION['username'] = mysql_result($result,0,'username');
>>>>$_SESSION['userlevel'] = mysql_result($result,0,'userlevel');
>>>>
>>>>};
>>>>
>>>>};
>>>>
>>>>
>>>>//close connection to db
>>>>mysql_close();
>>>>
>>>>?>
>>>>
>>>>
>>>>Now, the php.ini is set with default values.
>>>>On my website I have logout link which takes me to site which code is:
>>>><?
>>>>// Login & Session example by sde
>>>>// logout.php
>>>>
>>>>include "\login\common.php";
>>>>global $LOGINDIR;
>>>>
>>>>// you must start session before destroying it
>>>>session_start();
>>>>session_destroy();
>>>>
>>>>echo "<center>You have been successfully logged out.
>>>>
>>>>
>>>><br><br>
>>>>You will now be returned to the login page.
>>>>
>>>></center>
>>>>
>>>><META HTTP-EQUIV=\"refresh\" content=\"2; URL=\login/main.php\"> ";
>>>>?>
>>>>
>>>>If I click the link the session is destroyed (on the server session id
>>>>file becomes empty) and everything works fine if I want to log in again.
>>>>The new session has the same ID as before.
>>>>
>>>>But, when I close the browser without loggin off, the session file on the
>>>>server is not empty. It still contains the session data.
>>>>
>>>>I have to log in to every page in order to access data.
>>>>This causes to create a lot of session files on the server because every
>>>>time the auth script starts it calls session_start().
>>>>
>>>>Something is wrong, but what. Why the sessions are not destroyed if I
>>>>close the browser?
>>>>
>>>>
>>>>Thanks
>>>
>>>
>>>[/color]
>>Thanks for explaining.
>>I created this code and it works:
>>
>><?php
>>// auth.php
>>error_reporting(E_ALL);
>>include_once 'common.php';
>>include_once 'db.php';
>>dbConnect("corporate");
>>
>>// start session
>>session_start();
>>
>>if ($_SESSION['authenticated']==1) {}
>>
>>else {
>>
>>// query for a user/pass match
>>$result=mysql_query("select * from users where username='" .
>>$_POST['username'] . "' and password='" . $_POST['password'] . "'");
>>if ($result) {
>>// retrieve number of rows resulted
>>$num=mysql_num_rows($result);
>>// print login form and exit if failed.
>>if($num < 1){
>>
>>echo "<center><BR>
>><BR>
>>You are not authenticated. Please login.<br><br>
>> <form method=POST action=''>
>> username: <input type=text name=\"username\"> <BR><BR>
>> password: <input type=password name=\"password\"> <BR><BR><BR>
>> <input value=login type=submit>
>> </form></center>";
>> exit;
>>}
>>
>>//register sesssion authenticated
>>else {$_SESSION['authenticated']=true;}
>>
>>//register other values
>>$_SESSION['phonenumber'] = mysql_result($result,0,'phonenumber');
>>$_SESSION['username'] = mysql_result($result,0,'username');
>>$_SESSION['userlevel'] = mysql_result($result,0,'userlevel');
>>header("Location: main.php?".Session_Name()."=".Session_ID());
>>exit();
>>};
>>
>>};
>>header("Location: main.php?".Session_Name()."=".Session_ID()); //close
>>connection to db
>>mysql_close();
>>?>
>>
>>
>>Now on every page I want to check the auth I simply do this:
>>if ($_SESSION['authenticated']==1) {
>>
>>}
>>else {
>>echo ("
>><center>
>> <p>You are not authenticated!!!</p>
>> <p>Please go to login page <a href='auth.php'><login></a></p>
>> </center>
>> ");
>>exit;
>>};
>>
>>
>>One more question: is there any way to add include statements in the code?
>>If I try to add something, the header (" ... is not working.
>>
>>Thanks
>>[/color]
>
>
>[/color]
Is there any way to add include statements into my scrpit.
I simply want to make the webpage look nicer.
