Jump to content


Check out our Community Blogs

Register and join over 40,000 other developers!


Recent Status Updates

View All Updates

Photo
- - - - -

Creating a $_SESSION handler to check user status

align session

  • Please log in to reply
6 replies to this topic

#1 mikenco

mikenco

    CC Lurker

  • New Member
  • Pip
  • 5 posts

Posted 01 February 2012 - 06:30 PM

Hi

With out going into the technical aspects of each 'if', can anyone help guide me to see if I am on the right path to creating an include file to start/stop sessions based upon a users login status, when compared to an existing database of known users.

I hope to use this as an INCLUDE file at the head of ALL pages in which I wish to hide certain data IF the user is NOT logged in.

I have commented the code, which I hope will make what I am trying to do transparent.

Any input would be greatly appreciated.

Thanks,

Mike :)


<?php session_start();

// $layout is the top half of a div that will contain the login status bar (the closing tag is at the bottom of this include file.
$layout='
<style type="text/css">
body {
font-family: Arial, Helvetica, sans-serif;
margin:0px;
}
.loginbar {
font-size: 12px;
text-align: right;
padding-top: 5px;
padding-right: 25px;
height: 35px;
width: 100%;
color: #fff;
background-color: #404040;
}
</style>
<div class="loginbar">';

if ($_GET['logout']=='yes'){ // Has the user clicked the log out link?

start_session();
destroy_session();

} else { // No, so carry on..

if !isset($_SESSION['lastname']){ //Is a session already running?

if(!empty($_POST['user']) || !empty($_POST['pass'])) {
#READ $_POST and check $_POST['username'] && $_POST['password'] against the database entries and get the respective 'FirstName' and 'LastName' of the user.
# Set Session vars

} else (empty($_POST['user']) || empty($_POST['pass'])) {
echo $layout;
# DISPLAY LOGIN FORM -> form will resend to this page
}

} else {
echo $layout;
echo "WELCOME ".$FirstName." ".$LastName;
#display LOG OUT link. -> Link will send $_GET['logut='yes'] back to this page.
}
}
?>
</div>

<?php /*
//////////////////////////////////////////////////////////////////////////////////////////////////////////
//In any pages that this inc file is used, I will attempt to block certain bits of information like this:

<?php if ($_SESSION["lastname"]){ ?>
<p style="color:#ff0000;">This is some text that you should only be able to read if you have logged in.</p>
<?php } ?>

//////////////////////////////////////////////////////////////////////////////////////////////////////////
*/
?>


  • 0

#2 MeekLogic

MeekLogic

    CC Addict

  • Advanced Member
  • PipPipPipPipPip
  • 177 posts
  • Location:Fresno, CA
  • Programming Language:C#, PHP, JavaScript, PL/SQL, Visual Basic .NET, Lua

Posted 03 February 2012 - 11:15 PM

Hmm this code is really messy. Your on the right track though.

<?php

session_start();

switch ($_GET['action']) {
case "login": {
break;
}
case "logout": {
session_destroy();
break;
}
}

if (!empty($_SESSION['lastname'])) {

}
?>


Cleaned it up a little. I didn't change any of the logic. The !empty() is the way I use to check also.
  • 0

#3 Alexander

Alexander

    YOL9

  • Moderator
  • 3963 posts
  • Location:Vancouver, Eh! Cleverness: 200
  • Programming Language:C, C++, PHP, Assembly

Posted 04 February 2012 - 01:23 AM

[...]
if (!empty($_SESSION['lastname'])) {
[...]
The !empty() is the way I use to check also.


!empty can cause unnecessary user error, you may wish to use isset() wrapped around or before, or use isset($possiblyexists[0]) to check for nonemptiness (1+ characters) in a safer manner in one call if need be.

I hope to use this as an INCLUDE file at the head of ALL pages in which I wish to hide certain data IF the user is NOT logged in.


You can always check a session variable such as $_SESSION['userlevel']. If it does not exist you can redirect them to the login page, there is no need to display the login form in place if you must include it with every file. You can as well check for if(isset($_SESSION['userlevel']) && $_SESSION['userlevel'] == "admin") on an administration page. You'll have to find what works right, there are plenty of well written login pages in open sourced software. We even may have a few tutorials here.

You have done a great job of prototyping the structure so far.

Alexander.

Edited by Alexander, 04 February 2012 - 05:32 AM.
error -> user error

  • 0

All new problems require investigation, and so if errors are problems, try to learn as much as you can and report back.


#4 MeekLogic

MeekLogic

    CC Addict

  • Advanced Member
  • PipPipPipPipPip
  • 177 posts
  • Location:Fresno, CA
  • Programming Language:C#, PHP, JavaScript, PL/SQL, Visual Basic .NET, Lua

Posted 04 February 2012 - 01:29 AM

empty($nonexistentornull) might throw a warning but does not stop the code. In the PHP documentation if it is null it will return true. So it does checking itself. Thus adding isset() will just add an unneeded call.
  • 0

#5 Alexander

Alexander

    YOL9

  • Moderator
  • 3963 posts
  • Location:Vancouver, Eh! Cleverness: 200
  • Programming Language:C, C++, PHP, Assembly

Posted 04 February 2012 - 02:09 AM

A programmer error may be considered it accepting "0" as empty, which may in fact be a user level as an enumeration or definition (which happens to map to integer 0,) or logged_in being false with offline settings in the session or what have you.

isset() will not attempt to replace validation, and can break the if branch as to prevent excessive code execution if the variable or index were to not exist.

Alexander.
  • 0

All new problems require investigation, and so if errors are problems, try to learn as much as you can and report back.


#6 MeekLogic

MeekLogic

    CC Addict

  • Advanced Member
  • PipPipPipPipPip
  • 177 posts
  • Location:Fresno, CA
  • Programming Language:C#, PHP, JavaScript, PL/SQL, Visual Basic .NET, Lua

Posted 04 February 2012 - 02:13 AM

So looked at the PHP doc did we? Yes an integer of 0 returns empty. Back to subject though is that isset() is not the best function to call in this situation. Just my 2 cents. Every programmer is difference.
  • 0

#7 Chessur

Chessur

    CC Newcomer

  • Member
  • PipPip
  • 23 posts

Posted 04 February 2012 - 02:39 AM

The 0 will never return as an isset() because if true (1) it won't obviously return 0 (false). The thing with PHP is that it's dynamic and having empty() won't ever justify the use of isset(), which will always return either 0 or 1. I hope this helps.
  • 0





Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download