Jason Barnett wrote:
Bolla sándor wrote:
Hi,
PHP 4.2.2, MySQL 3.23.xx
I have a problem destorying the actual session_id (SID)?
I tried to use session_destroy(), session_unset, but nothing works, session_id() is always the same.
Assuming you are using cookies... are you also destroying the user's cookie in this process?
What I want to do is:
- After 30 Minutes if the user didn't do any work then let the session die
- It must be work wheter browser's cookie is set or not?
Are you creating / checking the session on every page? So long as a write is done at the end of each page visit then you shouldn't be having problems checking if the session is more than 30 minutes old.
Hi,
1. The user begins on the login form;
2. [ON EVERY PAGE EXCEPT THE LOGIN PAGE] If special session variable isn't set (MKMKOD), then let the user will be redirected to the login page
CODE: if (isset($_SESSION['MKMKOD']) and (!empty($_SESSION['MKMKOD']))) {
3. TO the login form:
3.
3.1. Session_start(); here should be create at first a new session
3.1(1/2) connect to database
3.2. Check if login is ok
3.2.1 if the user is whithin 30 minutes then rediect to the last used page (sometimes user close the browser if they don't want it)
3.2.2. if last user page is empty then redirect to the default page
3.2.3 if new login then delete the user from LOGIN table and let the user begin
. . .
I put on every page in the first line the session_start() function I put some code here to check if it works fine!:
[ON EVERY PAGE]:
session_start();
!!!/* Here must be the code for generating a new session_id */!!!
dbconnect();
if (isset($_SESSION['MKMKOD']) and (!empty($_SESSION['MKMKOD']))) {
$MKMKOD = $_SESSION['MKMKOD'];
$SQL = 'SELECT * FROM LOGIN WHERE MKMKOD = "'.$MKMKOD.'" AND (DATE_SUB(NOW(),INTERVAL 30
MINUTE) > LOGIN_TIME)';
if ($eredm=mysql_query($SQL) and (mysql_num_rows($eredm) > 0)) {
header("Location: login.php?over30");
Exit;
}
$SQL = 'UPDATE LOGIN SET LOGIN_TIME = NOW(), CURRENT_STATE = "'.$_SERVER['PHP_SELF'].'" WHERE MKMKOD ="'.$MKMKOD.'"';
mysql_query($SQL);
} else {
header("Location: login.php?nologin");
Exit;
}
[LOGIN PAGE]:
session_start();
dbconnect();
if (isset($_POST['Login'])) {
$_user_ = $_POST['USER'];
$_pwd_ = $_POST['PASSWORD'];
$_mkmkod_ = $_POST['PCODE'];
$SQL = 'SELECT * FROM USERS WHERE AZONOSITO = "'.$_user_.'" AND JELSZO = PASSWORD("'.$_pwd_.'") AND MKMKOD = "'.$_mkmkod_.'"';
if ($eredm = mysql_query($SQL) and (mysql_num_rows($eredm) > 0)) {
/* Successfully login */
//Check 30 Minute
$SQL = 'SELECT * FROM LOGIN WHERE MKMKOD = "'.$_mkmkod_.'" AND (DATE_SUB(NOW(),INTERVAL 30 MINUTE) <= LOGIN_TIME) AND HOST = "'.$_SERVER['REMOTE_ADDR'].'"';
if ($eredm=mysql_query($SQL)) {
if (mysql_num_rows($eredm) == 1) {
$sor = mysql_fetch_array($eredm);
//Redirect to last used page
if (!empty($sor['CURRENT_STATE'])) {
header("Location: ".$sor['CURRENT_STATE']);
Exit;
} else {
header("Location: partner_hirek.php");
Exit;
}
} else {
if (mysql_error()) {
die (mysql_error());
}
}
}
session_register('MKMKOD');
$_SESSION['MKMKOD'] = $_mkmkod_;
session_register('ownSID');
$_SESSION['ownSID'] = New_ID();
//Last used page redirect
$SQL = 'SELECT CURRENT_STATE FROM LOGIN WHERE MKMKOD = "'.$_mkmkod_.'"';
if ($eredm=mysql_query($SQL) and (mysql_num_rows($eredm) > 1)) {
$sor = mysql_fetch_array($eredm);
$redirect = $sor['CURRENT_STATE'];
}
//Delete user without logout
$SQL = 'DELETE FROM LOGIN WHERE MKMKOD = "'.$_mkmkod_.'"';
mysql_query($SQL);
$SQL = 'INSERT INTO LOGIN (MKMKOD, SESSION, LOGIN_TIME,HOST) VALUES (';
$SQL .= '"'.$_mkmkod_.'","'.$_SESSION['ownSID'].'",NOW(),"'.$_SERVER['REMOTE_ADDR'].'")';
if (!$eredm=mysql_query($SQL)) {
$msg[] = 'Incorrect login';
} else {
//Othes issues after login
if (isset($redirect) and !empty($redirect)) {
header("Location: $redirect");
Exit;
}
header("Location: partner_hirek.php");
Exit;
}
} else {
$msg[] = mysql_error();
}
}. . . Create page
Bye
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
