sessions

This topic is locked

sessions	10/17/2006 2:34:53 AM
PHPRunner General questions
A alex82 author hi, i have been using a php class to start secure sessions based on user ip, secret key and other data. Every time that user arrives to a page of the script i check if session id has been modified to break the access. Session started is stored in mysql and it's destroyed after user session expire, close the browser or any problem is detected. I would like to know how can i implement this secure session class stored in mysql in all the password protected scripts generated by phprunner without altering their performance. Just need to know the part of the code that starts sessions, and how to register sessions vars too and all that i need to know to modify sessions code without altering the performance. thanks a lot

Mark as Solved Mark as not solved

4 replies


	Admin 10/17/2006
	Alex, session_start() is called in include\dbcommon.php file. So you can put all your custom sessions-specific stuff just before that line. Session variables are registered implicitly by simple assignment, i.e. $_SESSION["var"] =... Explicit session vars registering is deprecated since PHP 4.1


T	thesofa 11/11/2006
	If I declare and assign a session variable, is it available throughout the programme/web pages without furthur action? Or do i need to declare it as global in each function I make? I get my users to login against one table called Staff. They use their normal network login as the username in the PHPR login box. I wish to store their user ID instead of their login name, so I have added this custom code to my after successful login event function AfterSuccessfulLogin() { //******** Custom code ********** // put your custom code here global $conn; $str = "select * from `staff` where `pcs_ac`='".$_SESSION["UserID"]."'"; $rs = db_query($str,$conn); $datalog = db_fetch_array($rs); $_SESSION["id"] = $datalog["userid"]; } the following values apply `staff` is the table I use to authenticate against `pcs_ac` is the user's login for the network $datalog["userid"] is the value extracted from the staff table which is the numerical user ID


D	Dale 11/11/2006
	Hi thesofa, I use $SESSION variables all the time. Its an easy way to pass values from one page to another. They can be used anywhere and no need to call a global. I usually pass the $Session variable to a local variable if I need the value in a javascript function. I load a lot of my Store record values into session variables after successfull login. This way I can use the values for any email output or reports. The tax variables I use later to charge the appropriate tax on sales when creating a new invoice. My code in the global events for After successfull login function AfterSuccessfulLogin() { global $conn; $strSQL = "select * from stores"; $rs = db_query($strSQL,$conn); $data=db_fetch_array($rs); $_SESSION["tax1_id"]= $data["tax1_id"]; $_SESSION["tax2_id"]= $data["tax2_id"]; $_SESSION["tax3_id"]= $data["tax3_id"]; $_SESSION["tax1_rate"]= $data["tax1_rate"]; $_SESSION["tax2_rate"]= $data["tax2_rate"]; $_SESSION["tax3_rate"]= $data["tax3_rate"]; $_SESSION["tax1_reg"]= $data["tax1_reg"]; $_SESSION["tax2_reg"]= $data["tax2_reg"]; $_SESSION["tax3_reg"]= $data["tax3_reg"]; $_SESSION["company_name"]= $data["name"]; $_SESSION["company_address1"]= $data["address1"]; $_SESSION["company_address2"]= $data["address2"]; $_SESSION["company_city_id"]= $data["city_id"]; $_SESSION["company_postal_zip_code"]= $data["postal_zip_code"]; $_SESSION["company_phone"]= $data["phone"]; $_SESSION["company_fax"]= $data["fax"]; $_SESSION["company_email"]= $data["email"]; $_SESSION["company_www_url"]= $data["www_url"]; $_SESSION["company_year_start"]= $data["from_date"]; $_SESSION["company_year_end"]= $data["to_date"]; // Send simple email **** $email="info@vintbrew.com"; $message.= $_SESSION["UserID"]." has successfully Logged into WWW"; $subject="Successful Login to WWW"; mail($email, $subject, $message); // Redirect to another page ******** header("Location: customer_list.php"); exit(); } Also I had the almost the same snippet for After Saving an edit events on my stores record. That way if I update any info the session variables are immediately updated without have to log out and back in to refresh.


T	thesofa 11/11/2006
	Hi, DaleM Cheers

4 replies

Mark as Solved Reply