Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 5 of 5
  1. #1
    New Coder
    Join Date
    Feb 2007
    Posts
    20
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Help on session and cookies

    hi,I am new to php,please give me an idea on sessions and cookies and relationship between them and hw to use these in tht code for security.


    thaning you

  • #2
    Senior Coder timgolding's Avatar
    Join Date
    Aug 2006
    Location
    Southampton
    Posts
    1,517
    Thanks
    114
    Thanked 110 Times in 109 Posts
    Both are simular things though cookies are stored on the client and sessions are stored on the server. This should help with your decision of which to use. Remember this when you store to cookies you are sending the information across the internet. With sessions you are not and they are private to the server. Therefore you can store all sorts of information on sessions such as passwords, login info etc.

    example
    PHP Code:
    // after validating a log in post if users password and username match then
    $_SESSION["ID"]=$ID;
    $_SESSION["logged_in"]=true
    PHP Code:
    // Then on the nest page navigated to
    session_start();
    if (
    $_SESSION["loged_in"]==true)
        echo 
    'your a logged in';
    else
       echo 
    'You are not logged in'
    When I write to cookies I don't use PHP but instead use JS
    You can not say you know how to do something, until you can teach it to someone else.

  • #3
    New Coder
    Join Date
    Feb 2007
    Posts
    20
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by timgolding View Post
    Both are simular things though cookies are stored on the client and sessions are stored on the server. This should help with your decision of which to use. Remember this when you store to cookies you are sending the information across the internet. With sessions you are not and they are private to the server. Therefore you can store all sorts of information on sessions such as passwords, login info etc.

    example
    PHP Code:
    // after validating a log in post if users password and username match then
    $_SESSION["ID"]=$ID;
    $_SESSION["logged_in"]=true
    PHP Code:
    // Then on the nest page navigated to
    session_start();
    if (
    $_SESSION["loged_in"]==true)
        echo 
    'your a logged in';
    else
       echo 
    'You are not logged in'
    When I write to cookies I don't use PHP but instead use JS

    Thanks for ur rply,but i have one login page with username and password,how to give an time interval for dis login page to logout

  • #4
    New Coder
    Join Date
    Feb 2007
    Posts
    20
    Thanks
    0
    Thanked 0 Times in 0 Posts
    hi, dis is my login page,plz help me how to add session in this login page.......


    <?php ob_start();

    ?>

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
    <link rel="stylesheet" href="style.css" type="text/css">
    <!-- TemplateBeginEditable name="doctitle" -->
    <title>Login</title>
    <!-- TemplateEndEditable -->
    <!-- TemplateBeginEditable name="head" -->
    <!-- TemplateEndEditable -->
    <style type="text/css">
    <!--
    body {
    background-color: #035208;
    margin-left: 0px;
    margin-left:0;
    }
    div.del{
    background:url(/bg.jpg) center center repeat-x;
    height: 63px;
    }
    -->
    </style>
    <link href="/emp_menu.css" rel="stylesheet" type="text/css" />
    <link rel="stylesheet" type="text/css" href="/chrometheme/chromestyle.css" />

    <script type="text/javascript" src="/chromejs/chrome.js">

    /***********************************************
    * Chrome CSS Drop Down Menu- Dynamic Drive DHTML code library (www.dynamicdrive.com)
    * This notice MUST stay intact for legal use
    * Visit Dynamic Drive at http://www.dynamicdrive.com/ for full source code
    ***********************************************/

    </script>
    <style>

    div.del{
    background: url(Templates/bg.jpg) center center repeat-x;
    height:63px;
    }
    </style>

    </head>

    <body>
    <table width="990" height="286" border="0" align="center" cellpadding="0" cellspacing="0" id="Table_01">
    <tr>
    <td><img src="/images/home_01.png" width="990" height="9" alt="" /></td>
    </tr>
    <tr>
    <td height="107" valign="top"><img src="images/home_02.gif" alt="" width="233" height="107" border="0" usemap="#Map" /></td>
    </tr>
    <tr>
    <td valign="top" bgcolor="#FFFFFF"><img src="images/spacer.gif" width="1" height="1" /></td>
    </tr>
    <tr>
    <td><img src="/images/home_05.png" width="990" height="4" alt="" /></td>
    </tr>
    <tr>
    <td height="19" valign="top"><!-- TemplateBeginEditable name="main" -->
    <table bgcolor="#FFFFFF" width="990" border="0" cellspacing="0" cellpadding="0">
    <tr><td>&nbsp;</td></tr>
    <tr><td>&nbsp;</td></tr>
    <tr>
    <td><?php

    function login_form(){
    global $password,$email,$user_err,$pass_err,$error_msg;

    //echo<center><font class=\"title\">".PLEASE_ENTER_YOUR_USER."</font></center>\n";
    ?>
    <center>
    <form method="post" action="" name="loginform">
    <table border="0" cellspacing="2" cellpadding="4">
    <tr>
    <td bgcolor="#E2E2E2" align="right">EMAIL : </td>
    <td bgcolor="#E2E2E2"><input type="text" name="email" value="<?php echo $email;?>"><?php echo $user_err;?></td>
    </tr>
    <tr>
    <td bgcolor="#E2E2E2">PASSWORD : </td>
    <td bgcolor="#E2E2E2"><input type="password" name="pass" value="<?php echo $pass;?>"><?php echo $pass_err;?></td>
    </tr>
    <tr>
    <td colspan=2> <input type="checkbox" name="remember" value="ON"> REMEBER_ME</td>
    </tr>
    <tr>
    <td>&nbsp;</td>
    <td align="center"> <input type="hidden" name="maa" value="do_login">
    <input type="submit" name="login" value="LOGIN"></p>
    </td>
    </tr>
    </table> <?php echo $error_msg;?>
    </form>[<a href="home.html">HOME</a>] [ <a href="login.php?maa=Forgot_pwd">FORGOT_PASSWORD</a> ]<br><br>

    <? }?>


    <?php

    //this function will do the login porcess for you.
    function do_login()
    {
    $con=mysql_connect("10.8.6.213","XPRDEMO","Secure4xpr");
    mysql_select_db("XPRDEMO");
    $email=$_REQUEST['email'];
    $pass=$_REQUEST['pass'];
    global $remember, $user_err,$pass_err,$error_msg;

    //check username and password fields.
    if((!$email) || (!$pass))
    {
    //include("Templates/header.php");

    $reqmsg= "(<font class=\"error\">".REQUIRED."</font>)";
    if(trim(empty($email)))
    {
    $user_err= $reqmsg;
    }
    if(empty($pass))
    {
    $pass_err= $reqmsg;
    }

    //load the login form again.
    login_form();
    //include("Templates/footer.php");
    exit();
    }


    $md5_pass = md5($pass);
    $sql = mysql_query("SELECT * FROM register_users WHERE email='$email' AND pass='$md5_pass'");

    $login_check = mysql_num_rows($sql);
    if($login_check > 0)
    {
    while($row = mysql_fetch_row($sql))
    {

    $email = $row['email'];
    $password = $row['pass'];


    $info = base64_encode("$email|$password");
    if (isset($remember))
    {
    setcookie("user","$info",time()+1209600);
    }
    else
    {
    setcookie("user","$info",0);
    }
    //sql_query("UPDATE ".$prefix."_users SET ipaddress='$REMOTE_ADDR', lastlogin=NOW() WHERE userid='$userid'");
    if(isset($_REQUEST['id']))
    {
    $id=$_REQUEST['id'];
    header("location:admin/download.php?id=$id");
    exit;
    }
    else
    {
    header("location:home.html");
    }
    //print success message and redirect browser
    //msg_redirect("".LOGIN_SUCCESS."","view.php","");
    }
    //if the entered informations are wrong, then print error message.
    }
    else
    {
    //include("Templates/header.php");
    $error_msg = "<font class=\"error\">".LOGIN_ERROR."</font>";
    unset($email);
    unset($password);

    //include("Templates/header.php");
    login_form();
    //include("Templates/footer.php");
    exit();
    }
    }

    function Forgot_pwd_form(){
    global $error_msg, $email_err;
    ?>

    <center><font class="title">SEND_NEW_PASSWORD</font>
    <form method="post">
    <table border="0" cellpadding="4">
    <tr>
    <td bgcolor="#E2E2E2">FIRST NAME :</td>
    <td bgcolor="#E2E2E2" align="left"><input type="text" name="name" value="<?php echo $fname;?>"></td>
    </tr>
    <tr>
    <td bgcolor="#E2E2E2">EMAIL :</td>
    <td bgcolor="#E2E2E2"><input type="text" name="email" value="<?php echo $email;?>"><?php echo $email_err;?></td>
    </tr>
    <tr>
    <td>&nbsp;</td>
    <td>
    <input type="hidden" name="maa" value="do_Forgot_pwd">
    <input type="submit" value="SEND_PASSWORD"></p>
    </td>
    </tr>
    </table><center><?php echo $error_msg;?></center>
    </form>
    <?php

    }

    function Forgot_pwd()
    {
    Forgot_pwd_form();

    }

    function do_Forgot_pwd()
    {
    $con=mysql_connect("localhost","root","");
    mysql_select_db("XPRDEMO");
    global $fname, $email, $error_msg, $site_name ,$site_email, $site_url, $email_err;

    $fname=$_REQUEST['fname'];
    $email=$_REQUEST['email'];

    $result = mysql_query("SELECT * FROM register_users WHERE email='$email'")or die(mysql_error());
    $check = mysql_num_rows($result);
    if(trim(empty($email)))
    {

    $email_err="<b><font color=\"#FF0000\">(REQUIRED)</font></b>";
    Forgot_pwd();
    exit;
    }

    if($check == 1)
    {

    function new_pwd()
    {
    $chars = "abchefghjkmnpqrstuvwxyz0123456789";
    srand((double)microtime()*1000000);
    $i = 0;
    while ($i <= 7)
    {
    $num = rand() % 33;
    $tmp = substr($chars, $num, 1);
    $pwd = $pwd . $tmp;
    $i++;
    }
    return $pwd;
    }
    $new_pwd = new_pwd();
    $md5_password = md5($new_pwd);
    $sql = mysql_query("UPDATE register_users SET pass='$md5_password' WHERE email='$email'");

    /* $subject = "".NEW_PASSWORD."";
    $message = " \n";
    $message .= "".HELLO." $fname, \n";
    $message .= " \n";
    $message .= "".YOU_ARE_RECEIVING_EMAIL.www.a2zeservices.com." \n";
    $message .= " \n";
    $message .= "".HERE_ISIT_BELOW." \n";
    $message .= "-------------------------- \n";
    $message .= "".EMAIL.": $email \n";
    $message .= "".PASSWORD.": $new_pwd \n";
    $message .= "-------------------------- \n";
    $message .= "".YOU_MAY_LOGIN_BELOW." \n";
    $message .= "$site_url \n";
    $message .= " \n";
    $message .= "".YOU_CAN_OFCOURSE_CHANGE_PWS." \n";
    $message .= " \n";
    $message .= "-- \n";
    $message .= "-".THANKS." \n";
    $message .= "$site_name \n";
    $message .= " \n";
    $message .= "".THIS_EMAIL_AUTO_GENERATED." \n";
    $message .= "".DONT_RESPOND_WILL_IGNORED." \n";

    if(!mail($email,$subject,$message, "FROM: $site_name <$site_email>")){
    die ("".EMAIL_DIE."");
    }

    //print success message and redirect browser
    msg_redirect("".NEW_PWD_SENT_TO_YOUR_EMAIL."","users.php","10");
    */
    //this else for : if($check == 1){
    echo "Your password will be sent to your mail";
    header("location:login.php");
    }else{

    Forgot_pwd_form();
    echo "<center><font class=\"error\">".WRONG_USEREMAIL."</font></center><br>";

    }
    }




    $opt=$_REQUEST['maa'];
    switch($opt)
    {
    case "do_login" :
    do_login();
    break;
    case "Forgot_pwd":
    Forgot_pwd();
    break;

    case "do_Forgot_pwd":
    do_Forgot_pwd();
    break;
    default :
    login_form();
    break;
    }
    ?></td>
    </tr>
    <tr><td>&nbsp;</td></tr>
    <tr><td>&nbsp;</td></tr>
    </table>
    <!-- TemplateEndEditable --></td>
    </tr>
    <tr>
    <td><img src="/images/home_07.png" width="990" height="4" alt="" /></td>
    </tr>
    <tr>
    <td height="63" valign="top" background="chrometheme/bg.jpg"><div class="del">

    </div>









    </td>
    </tr>

    </table>

    </body>
    </html>
    <?php ob_end_flush(); ?>

  • #5
    Senior Coder
    Join Date
    Jan 2007
    Posts
    1,648
    Thanks
    1
    Thanked 58 Times in 54 Posts
    Please post only 1 topic per question.

    Also, please use Google.

    There are hundreds of tutorials on this subject, as it is the most common thing to program.

    Do not ask us to do your work for you.

    If you are not able to do it, then you either need to learn more PHP, or hire someone to do it for you.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •