Posted by Flaming Corncob on 07/28/06 04:43

In article <4itggiF5d676U1@individual.net>,
"J.O. Aho" <user@example.net> wrote:

> Flaming Corncob wrote:
> > Hello. Don't know if this would be the appropriate group to post this to
> > but it does have to do with PHP.
> >
> > I'm trying to put together a page using PHP to handle and manage the
> > logging in/out or accounts, keeping data such as an account ID. Now, I
> > have no clue as to how to go about doing this properly as I've never
> > tried this before and for all I know I've been going about it all wrong.
> > What I need:
> >
> > 1) Ability for someone to log into the site using an account ID and
> > password. I already use MySQL/PHP so this I believe I can handle without
> > help.
> >
> > 2) The ability for the browser to retain this bit of info as a cookie
> > (my thinking - assuming this is how it's done on most sites). This info
> > would be retained until the user "quit" the browser or the cookie
> > expires.
> >
> > Now I've already played around with cookies and sessions, but nothing
> > I've done appears to work correctly. I'm assuming for it to work cookies
> > and sessions are used together, not separate like someone suggested to
> > me. Are there any samples of code out there that actually work that I
> > could look at, or is there someone out there that knows how to go about
> > it?
>
> Sessions don't necessarily use a cookie, it can be sent over the URL too.
>
> I do suggest if you use cookies or sessions stored in cookies that you use a
> javascript to check if the cookie is enabled and let the user to know that it
> needs to be enabled if it's not. As doing this in PHP requires you to create
> a
> cookie on one page and then load another where you test if the cookie is
> there
> or not, while javascript can do this in one page.
>
>
> At the login script you check the login/pass toward the database, if ok, then
> create a cookie and store that the user is logged in in a temp database-table
> with the current ip-number.
>
> On all pages where you need to be logged in, you then check if the cookie is
> there and that the users ip-number is the same as in the database, this way
> it's less risky that someone hijacks the cookie and try to use it, but you
> have a problem if the user uses a proxy system where the proxies may have
> different ip-number, but the users who are behind a such system are few.
> If the checkup fails on something, redirect the user to the login page, if
> checkup ok, then just show the page.
>
> I do suggest you take a look at the online manual, it's full of usefull user
> comments:
> http://www.php.net/manual-lookup.php?lang=en&function=setcookie&x=0&y=0
>
>
>
> //Aho

I actually use php.net as a reference. Below is the code I'm working on
currently:

<?
session_start();
if(!isset($_SESSION['account_id']))
{
if($page=="member_post")
{
member_post($key);
}
}

echo "<html>";
echo "<head>";
echo "<BASE href='#'>";
echo "</head>";

if($key!=1701)
{
echo "<meta http-equiv='refresh'
content='0;URL=?key=1701&page=front_page'>";
}
else
{
echo "<body>";

if($page=="front_page")
{
if(!isset($_SESSION['account_id']))
{
echo "<a href='?key=1701&page=member_login'>Member Login</a>";
}
else
{
echo "Hello, ".$_SESSION['account_id']."!";
echo "<br><a href='?key=1701&page=member_logout'>Log Out</a>";
}
}
else if($page=="member_login")
{
member_login($key);
}
else if($page=="member_logout")
{
member_logout($key);
}

echo "</body>";
}

function member_login($key)
{
echo "<form action='?key=$key&page=member_post' method='post'>";
echo "Enter your Account ID:<br><input type='text' name='account_id'>";
echo "<br><input type='submit'>";
echo "</form>";
}

function member_logout($key)
{
unset($_SESSION['account_id']);
echo "<meta http-equiv='refresh'
content='0;URL=?key=$key&page=front_page'>";
}

function member_post($key)
{
$_SESSION['account_id']=$_POST['account_id'];
echo "<meta http-equiv='refresh'
content='0;URL=?key=$key&page=front_page'>";
}

?>
</html>

It works.. and it doesn't work. The problem I'm encountering is that
when I close the browser window (not quit) and reopen the browser to the
page it doesn't remember the account_id accurately. Again, I'm a real
novice at PHP and cookies/sessions, so it shows... but gotta start
somewhere.

[Back to original message]