Re: Trying to understand sessions and using them to authenticate...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 8/24/07, Jason Pruim <japruim@xxxxxxxxxx> wrote:
> Hi Everyone,
>
> I'm attempting to figure out the proper way to use sessions to log
> someone into my system. The idea being, if they arn't logged in all
> they can see is the login form, and if they are logged in, they and
> have access to a database of addresses.
[snip!]

    Not the end-all-be-all, of course, but here's the basics:

<?
session_start();
if(!$_SESSION['user']) {
    if($_POST['user'] && $_POST['pass']) { // Keep in mind, PASSWORD
has meaning in MySQL
        // Do your string sanitizing here
        // (e.g. - $user = mysql_real_escape_string($_POST['user']);)
        $sql = "SELECT * FROM users WHERE user='".$user."' AND
pass='".$pass."' LIMIT 0,1;";
        $result = mysql_query($sql) or die("Wrong data supplied or
database error");
        while($row = mysql_fetch_array($result)) {
            $_SESSION['user'] = $row['user'];
            // Do whatever else you need to do here....
        }
    } else {
        // Show your login form here.
    }
} else {
    // The user is authenticated and logged in already.
}
?>

    Keep in mind that, as always, this hasn't been bug-checked,
re-read, or otherwise validated.
-- 
Daniel P. Brown
[office] (570-) 587-7080 Ext. 272
[mobile] (570-) 766-8107

Hey, PHP-General list....
50% off for life on web hosting plans $10/mo. or more at
http://www.pilotpig.net/.
Use the coupon code phpgeneralaug07
Register domains for about $0.01 more than what it costs me at
http://domains.pilotpig.net/.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux