Saturday, June 22, 2013

Session in PHP


A PHP session is used to store user information on the server. This will let the server know who you are and what you do. It is because session variables hold information about one single user.

Below is PHP code for session, first you need to create the database.

Create database in MySQL

Database name : sessionlogin

Create SQL table

CREATE TABLE `users` (
`id` BIGINT( 60 ) NOT NULL AUTO_INCREMENT PRIMARY KEY ,
`name` VARCHAR( 50 ) NOT NULL ,
`password` VARCHAR( 32 ) NOT NULL ,
`date` INT( 32 ) NOT NULL ,
`email` VARCHAR( 80 ) NOT NULL
);

connection.php

<?php 
$server = "localhost"; 
$username = "root"; 
$password = "";  
$database = "sessionlogin"; 

mysql_connect("$server", "$username", "$password") or die(mysql_error()); 
mysql_select_db("$database") or die(mysql_error()); 

?>

login.php

<?php
session_start(); // This starts the session which is like a cookie, but it isn't saved on your hdd and is much more secure.

include("connection.php");

    if(isset($_SESSION['loggedin']))
    {
        //die("You are already logged in!");
        header("location:main.php");
    } // That bit of code checks if you are logged in or not, and if you are, you can't log in again!

    if(isset($_POST['submit']))
    {
       $name = mysql_real_escape_string($_POST['username']); // The function mysql_real_escape_string() stops hackers!
       $pass = mysql_real_escape_string($_POST['password']); // We won't use MD5 encryption here because it is the simple tutorial, if you don't know what MD5 is, dont worry!
       $mysql = mysql_query("SELECT * FROM users WHERE name = '{$name}' AND password = '{$pass}'"); // This code uses MySQL to get all of the users in the database with that username and password.
       if(mysql_num_rows($mysql) < 1)
       {
         die("Password was probably incorrect!");
       } // That snippet checked to see if the number of rows the MySQL query was less than 1, so if it couldn't find a row, the password is incorrect or the user doesn't exist!

       $_SESSION['loggedin'] = "YES"; // Set it so the user is logged in!
       $_SESSION['name'] = $name; // Make it so the username can be called by $_SESSION['name']
       //die("You are now logged in!"); // Kill the script here so it doesn't show the login form after you are logged in!
       header("location:main.php");

    } // That bit of code logs you in! The "$_POST['submit']" bit is the submission of the form down below VV

echo "<form type='login.php' method='POST'>
Username: <br>
<input type='text' name='username'><br>
Password: <br>
<input type='password' name='password'><br>
<input type='submit' name='submit' value='Login'>
</form>"; // That set up the form to enter your password and username to login.

?>

main.php


<?php
session_start(); 
if(!isset($_SESSION['loggedin']))
{
    die("To access this page, you need to <a href='login.php'>LOGIN</a>"); 


?>

<?php echo "Hello there, {$_SESSION['name']}! Welcome to my site!"; ?>
<a href="logout.php">Logout</a><br>
<a href="upload.php">Upload</a><br>
<a href="report.php">Report</a>


report.php

<?php
session_start(); // NEVER forget this!
if(!isset($_SESSION['loggedin']))
{
    die("To access this page, you need to <a href='login.php'>LOGIN</a>"); // Make sure they are logged in!
} // What the !isset() code does, is check to see if the variable $_SESSION['loggedin'] is there, and if it isn't it kills the script telling the user to log in!


?>

<?php echo "Hello there, {$_SESSION['name']}! Welcome to my site!"; ?>
<a href="logout.php">Logout</a><br>
<a href="main.php">Main</a><br>
<a href="upload.php">Upload</a><br>


<?php


    include("connection.php");


    $tblename = "users";
    $result = mysql_query("SELECT * FROM $tblename where name = '{$_SESSION['name']}'");
    //$query = ("SELECT user_id FROM users WHERE user_id = '$user_id'");

    echo "<table border='1'>
    <tr>
    <th>Firstname</th>
    <th>Name</th>
    <th>Password</th>
    <th>Date</th>
    <th>Email</th>
    </tr>";

    while($row = mysql_fetch_array($result))
      {
          echo "<tr>";
          echo "<td>" . $row['id'] . "</td>";
          echo "<td>" . $row['name'] . "</td>";
          echo "<td>" . $row['password'] . "</td>";
          echo "<td>" . $row['date'] . "</td>";
          echo "<td>" . $row['email'] . "</td>";
          echo "</tr>";
      }
    echo "</table>";

    //mysql_close($con);
?>

upload.php

<?php
session_start(); // NEVER forget this!
if(!isset($_SESSION['loggedin']))
{
    die("To access this page, you need to <a href='login.php'>LOGIN</a>"); // Make sure they are logged in!
} // What the !isset() code does, is check to see if the variable $_SESSION['loggedin'] is there, and if it isn't it kills the script telling the user to log in!


?>

<?php echo "Hello there, {$_SESSION['name']}! Welcome to my site!"; ?>
<a href="logout.php">Logout</a><br>
<a href="main.php">Main</a><br>
<a href="report.php">Report</a>

logout.php

<?php
session_start();
session_destroy();
header("location:login.php");
?>

No comments:

Post a Comment

Related Posts Plugin for WordPress, Blogger...