I am trying to make a PHP article manager.

First thing I want is a member bar, If you are logged in it says welcome user otherwise it will say Not Logged In.

So, I made a page to simulate a login


Main Page


THEN IN MEMBER BAR


Could someone please help me with this. I did get it to work once, with some code changes (I removed one of the = signs somewhere leaving only a single =, then I made a logout simulator to destroy the session, but it still said I was logged in.

Thanks alot!

Well first off $_SESSION should not need to be unset because if this is the first time the user is visiting or even if they are a returning visitor, without cookies the session should be empty.

I really don't know why you need to destroy the session before you start it. Sessions are only available on one website and since there are no visible cookies in your code, then destroying a session doesn't really serve a purpose from what I see.

With coding concerned, you are missing { } around your else statement in the member bar.

With your logout function you do not need to start another session if you have the page starting the session included on the same document. The two session starts will generate errors.

The only other suggestion I would have would be to echo out the variables of the session after you log out. That way you can be sure that everything gets unset. Also if your logout code is on the same page as your login code you will receive errors because you are sending 2 headers out for redirection. If you post back consider editing your first post so we can know which document is which it would make going between the blog and the forum much easier knowning which document is which. And I am only referring to the code for logging in and logging out, the main page doesn't seem to be much of a problem.

Thank you, the session destroy / unset on the login page was me trying something to see if I could fix it, I will try the advised changes,

Thank you

I would recommend creating your own Session Control System.
Not the true name, I know, but sounds good.

Not really needed, but with this way; you know exactly what its doing and have full control over everything that handles them.

Chad

I agree with Chad. I have a Session class I use for most of my programs. I store session data in a mySQL database but for a small site SQLite may be a better choice.

Does SQLite have to be installed server-side, or can it be uploaded and just accessed? I've tried to find this out without luck...guess I'm looking in all the wrong places.

Anything installed on a server, whether its a script or a tool such as MySQL, its still server-side.

But nonetheless, I understand what you mean.



With it being a C Library, it will have to be installed via Server Administrators.

Anyways, to subject.
Not sure how others feel, but I do not really trust the security in using the built in PHP session handling.
I tend to feel better when using a Session class created by myself.

Some get the feeling that using PHP's session handling makes them feel that don't know exactly what is happening with the sessions.
With your own class, you know exactly what its doing.

Chad

Starting a session, or stopping a session... Can you get any more basic than that to create your own class, or are we talking about PHP 5.0? I can understand creating functions for session handling, but...a full class? Granted, it can make things easier since you can control the garbage stuff...but how insecure would PHP's session handling be if you still have to use the functions in your class? (I'm really interested in this, not meaning to make an argument.)

...and I said installed server-side. I'm still right, but thanks, that was what I wanted to know. I didn't know if it acted like an Access database file (*.mdb) or was a full-fledged application. Since it's so small, I wasn't sure.

Well, its a little more difficult than that. Sessions control much more than starting and stopping. That may be the basic PHP session handling, I've never used them, so I wouldn't know.

But creating your own Class allows you to do much more checks and controls. Also doing things, such as, updating a last online time or last IP visited with.

The control is much more flexible.


Actually, we are both right. A script is stilled installed server-side.
Even if you didn't have to run an install script. It was still installed. It didn't just magicly appear.

However, Access, nor any other RDMS is an application really, more of a utitlity. Some, if not most, come with GUI front-ends(or applications, if you will) to handle them.

Chad

Sorted the sessions!

just added session_start(); to the top of the main page!

Glad you got it working. I probably would have commented about that had I seen all the code.

@Chad: I'm still confused. Don't you use session_start() within your class? How is it you've never used them? Are there other ways to access the control of the session, or did someone else write a base class that you extended?

I don't use the built in PHP Session handling at all.

Its all a framework from myself.
The user visits, and session(from my class) is written into the database.

Everything from, unique IDs to general data, is all created and stored from my class.
None of it is using the built in PHP session handling.

Chad