9 replies to this topic

[yonghan]

Hi all,i need help regarding saving session into mysql and use it..Right now i'm using this code...

auth.php

session_start();

include('db.inc.php');

$email=mysql_real_escape_string($_POST['email']);

$pwd=mysql_real_escape_string($_POST['pwd']);

$sql="Select member_id,email,password,nama,type from users where email='$email' and password=md5('$pwd')";

$exec=mysql_query($sql);

$result=mysql_fetch_array($exec);

if ($result['type'] == "member")

{

$_SESSION['nama']=$result['nama'];

$_SESSION['id']=$result['member_id'];

header('location:member.php');

}

else

{

    echo 'Anda gagal login';

   header('location:index.php');

}

member.php

session_start();

include('output_fns.php');

if(!$_SESSION['nama'])

{

    header('location:index.php');

}

else

{

do_kepala('Member');

echo 'Welcome    ' . $_SESSION['nama'];

menu_member();

What should i do to save the session into mysql..I don't have a clue...Thanks a lot...

[Orjan]

This is what I do on each page:

$sessname = 'MySystem';

$sesslength = 3600 // one hour

session_name($sessname);

session_start();


// Reset the expiration time upon page load

if (isset($_COOKIE[$sessname])) {

    setcookie($sessname, $_COOKIE[$sessname], time() + $sesslength, "/");

}

to enter the session id to the database, just use the function session_id() which returns the id to be entered to the database and compared to the last value...

[yonghan]

Hi..have you ever done using database to hold sessions and call it?I'm intending to look for that tutorial..Thanks...

[Orjan]

you mean to hold the session data or only the session id?

[yonghan]

Holding

$_SESSION['nama']=$result['nama'];

$_SESSION['id']=$result['member_id']; 

Is it possible to do that?Thanks orjan..

[Orjan]

Well, the session variables are stored on the server and can be retrieved on the next page by just referring to the session id from the user. but if you want to use the database as a sesstion data storage, you need to elaborate with session_set_save_handler and create functions on how the session will handle data.

EDIT: but of course it's possible to store sql data into the session to check it's legitimy. actually it's almost needed.

[yonghan]

Have you ever done it before?Can you please give me examples how to do it??Thanks a lot...

[Orjan]

storing the id for legitimate checks, or letting the session module use mysql as storage?

I almost always use the session id for legitimate checks.
it's usually very simple, just add a "session" field to the user-table and store the session-id there, then store the user-id in the session. if it matches on next page both ways, the session is valid.

[yonghan]

Hi Jan,how to let the session module use mysql as storage..

[Orjan]

No I haven't used it, but there are examples for it at PHP: session_set_save_handler - Manual