sessions

I am trying to make a members only area and it all works for what i have but the only problem is i need to make guests login first now this works

<?php
session_start();

if($_session['valid_user'] == false) {

//do stuff, maybe a redirect?

header("Location: index.php");

}
?>

except when a user is logged in when i try to access the page that has this script in it and i then get sent to the login page weather I'm logged in or not.

Now what i need that script to do is auto detect if a user is logged in or not because if hes not then its supposed to redirect to the home page but if he is then its supposed to load the page.

i just need someone to tell me where the problem is in this script.

I think you use $_COOKIE.

...

ok can someone tell me how to use $_COOKIE?? I'm looking at this http://www.w3schools.com/php/php_cookies.asp

but i don't understand how to use this.It's making me mad.

<?php
include("include/session.php");
?>
<?php
session_start();

if($_session['valid_user'] == false) {

//do stuff, maybe a redirect?

header("Location: index.php");

}
?>

<?php
$expire=time()+60*60*24*30;
setcookie("user", "Sites7Coding", $expire);
?>

yea ok i understand now it all works one problem i am really mad now and i dont want to do what this stupid cookie value thing does.This stupid $_COOKIE only sets a cookie and then uses it on the page using the cookie to give the guest access and i dont want that!!!!!!


All i want is some stupid script edited to auto detect a user not logged in and redirect them to a darned index page and if they are logged in show the content and this stupid COOKIE dosn't do that it just gives the guest access.

This is the script i need edited because i know it works i just don't know how to set it to auto detect

<?php
session_start();

if($_session['valid_user'] == false) {

//do stuff, maybe a redirect?

header("Location: index.php");

}
?>


I'm hoping someone here understands what I'm trying to do and can help me with this. All i need to do is have some kinda script that checks to see if a member is logged in because if they aren't then they get redirected to the main page as in the index while not logged in but if they are logged in then the page allows them to view the content.

that is all i need.

Don't use sessions OR cookies for something like that.
Just make admin fields on either your users or profile table on the database--it's a lot easier and secure than what you're trying to do.

Does this alter-ego make me look stupid?

ok dude i already have that i dont want this content being viewed by somebody who isnt a registered user.

Because people will find out that the pages aren't protected from guests so then their able to access them without being a member.

THE POINT OF MEMBERS ONLY IS TO HAVE MEMBERS ONLY SO I NEED A PROTECTION SCRIPT TO BLOCK GUESTS TO SEND THEM TO THE INDEX! NOT ALLOW THEM TO ACCESS WHATEVER WEBPAGE THEY WANT!!!!!!!!

Uhhmm okay.
To check if a user is logged in or not, just use sessions/cookies.
And when I say that, just use your username session--don't make another whole session when you can just use the username one.
<?
if (!$_SESSION[username])
{
header("Location: PAGE.php");
}
?>
Oh and don't bother using isset() in your if statement. You also don't need quotes. !$_SESSION[username] works fine.

Does this alter-ego make me look stupid?

HMMM TOO BAD THAT DOSN'T WORK!!

SINCE IT DIDNT WORK THIS MORNING AND I JUST TRYED AGAIN ITS STILL NOT WORKING AND I KNOW IM DOING IT RIGHT!!

PasserbyGuy is a stupid idiot

ok sorry im kinda mad anyway this is what i get when i try to run the script.

The page loads but it dosnt matter if someone is logged in or not the script dosn't want to send guests to the index page.

So in other words the script is useless.

---

well im hoping someone can help me with this becasue if no one can then every page will probobly have to haev a login script and you will have to login to every page that you want to view before even viewing it casue i gotta get this done and no one is helping and google isnt much of a success and im searching all the time.

Umm I'm not stupid.
I'm actually very savvy at this stuff.
Could you give me the exact script for me to look at?
It works for me you know.
Maybe you forgot to start the session?
Maybe you misplaced the not operator, as some thing it is if(!($_SESSION[username])).
I don't know.
I can't help you properly unless I see what you're doing.
And instead of just posting it here, could you maybe show me the scripts highlighted on a file located on your site?
If not, this is still okay I guess.
Thanks. I'll be glad to help.

Does this alter-ego make me look stupid?

uh no i cant because its a php page for one but here is the script. Now this is the incomplete games page as in nothing on it really. games.php

<?php
include("include/session.php");
?>
<?
if (!$_SESSION[username])
{
header("Location: index.php");
}
?>
<html>
<title>Sites7Coding Games</title>
<link rel="stylesheet" type="text/css" href="http://sites7coding.co.cc/style/style.css" title="style" />
<meta http-equiv="content-type" content="text/html; charset=windows-1252" />
<body>
<div id="main">
<div id="header">
<div id="logo">
<div id="logo_text">
<!-- class="logo_colour", allows you to change the colour of the text -->
<h1>Sites7Coding</h1>
<h2>Where people go to get help coding..</h2>
</div>
</div>
<div id="menubar">
<ul id="menu">
<!-- put class="selected" in the li tag for the selected page - to highlight which page you're on -->
<li class="selected"><a href="index.php">Home-Mem</a></li>
<li><a href="/forum/">Forum</a></li>
<li><a href="contact.php">Contact Us-Mem</a></li>
</ul>
</div>
</div>
<div id="site_content">
<div class="sidebar">
<!-- insert your sidebar items here -->
<h3><u>Latest News</u></h3>
<h4>New website Designed!</h4>
<p>The website (obviously) has been redone and will hopefully continue to be edited throughout time and will become useful to some people. Others might not find this website useful but if you wish you can help make this website useful.</p>

</div>
<div id="content">
<!-- insert the page content here -->
<h1>Sites7coding Arcade</h1>

<hr>
<iframe src="http://www.facebook.com/plugins/likebox.php?href=http%3A%2F%2Fwww.facebook.com%2Fplatform&width=500&colorscheme=light&show_faces=true&border_color&stream=true&header=true&height=427" scrolling="yes" frameborder="0" style="border:none; overflow:hidden; width:500px; height:427px;" allowTransparency="true"></iframe></p>
</div>
</div>
<div id="content_footer"></div>
<script type="text/javascript">
window.Meebo||function(c){function p(){return["<",i,' onload="var d=',g,";d.getElementsByTagName('head')[0].",
j,"(d.",h,"('script')).",k,"='//cim.meebo.com/cim?iv=",a.v,"&",q,"=",c[q],c[l]?
"&"+l+"="+c[l]:"",c[e]?"&"+e+"="+c[e]:"","'"></",i,">"].join("")}var f=window,
a=f.Meebo=f.Meebo||function(){(a._=a._||[]).push(arguments)},d=document,i="body",
m=d[i],r;if(!m){r=arguments.callee;return setTimeout(function(){r(c)},100)}a.$=
{0:+new Date};a.T=function(u){a.$[u]=new Date-a.$[0]};a.v=4;var j="appendChild",
h="createElement",k="src",l="lang",q="network",e="domain",n=d[h]("div"),v=n[j](d[h]("m")),
b=d[h]("iframe"),g="document",o,s=function(){a.T("load");a("load")};f.addEventListener?
f.addEventListener("load",s,false):f.attachEvent("onload",s);n.style.display="none";
m.insertBefore(n,m.firstChild).id="meebo";b.frameBorder="0";b.id="meebo-iframe";
b.allowTransparency="true";v[j](b);try{b.contentWindow[g].open()}catch(w){c[e]=
d[e];o="javascript:var d="+g+".open();d.domain='"+d.domain+"';";b[k]=o+"void(0);"}try{var t=
b.contentWindow[g];t.write(p());t.close()}catch(x){b[k]=o+'d.write("'+p().replace(/"/g,
'\"')+'");d.close();'}a.T(1)}({network:"sites7coding_qu83gu"});

if(window.Meebo) { Meebo('makeImagesSharable', {minImageWidth:200,minImageHeight:200,shadow:'none'});Meebo('makeVideosSharable', {minVideoWidth:301,minVideoHeight:251,shadow:'none'}); }

</script>
<div id="footer">
Copyright © Sites7Coding All rights reserved</div>
</div>
<div style="text-align: center; font-size: 0.75em;"></div></body>
</body>
</html>


thats the script it all works except for your script thats in it. It dosnt show the page to the guest or the member it just redirects to the index even if the user is logged on.

What are the contents of your included file? (session.php)
If there is no session_start(), then that's your issue.
If the session_start() function IS on that file, type the function on the games page just to be safe.
And I guess I wasn't clear about what I said about highlighting the file.
The highlight_file() function highlights the source of a web page on your website, with PHP tags, variables, etc. color-coded.

Does this alter-ego make me look stupid?

Also, another thing is that the file that you are trying to include does not exist.
Yes yes, I know you would get an errir, but what's the background colour of the site?
You can't see black on black after all.

Does this alter-ego make me look stupid?

What im not trying to see black on black there is 0 black on this website its all light colors.

view it here http://sites7coding.co.cc/

and the contents of session.php is

<?
/**
* Session.php
*
* The Session class is meant to simplify the task of keeping
* track of logged in users and also guests.
*
* Written by: Jpmaster77 a.k.a. The Grandmaster of C++ (GMC)
* Last Updated: August 19, 2004
*/
include("database.php");
include("mailer.php");
include("form.php");

class Session
{
var $username; //Username given on sign-up
var $userid; //Random value generated on current login
var $userlevel; //The level to which the user pertains
var $time; //Time user was last active (page loaded)
var $logged_in; //True if user is logged in, false otherwise
var $userinfo = array(); //The array holding all user info
var $url; //The page url current being viewed
var $referrer; //Last recorded site page viewed
/**
* Note: referrer should really only be considered the actual
* page referrer in process.php, any other time it may be
* inaccurate.
*/

/* Class constructor */
function Session(){
$this->time = time();
$this->startSession();
}

/**
* startSession - Performs all the actions necessary to
* initialize this session object. Tries to determine if the
* the user has logged in already, and sets the variables
* accordingly. Also takes advantage of this page load to
* update the active visitors tables.
*/
function startSession(){
global $database; //The database connection
session_start(); //Tell PHP to start the session

/* Determine if user is logged in */
$this->logged_in = $this->checkLogin();
/**
* Set guest value to users not logged in, and update
* active guests table accordingly.
*/
if(!$this->logged_in){
$this->username = $_SESSION['username'] = GUEST_NAME;
$this->userlevel = GUEST_LEVEL;
$database->addActiveGuest($_SERVER['REMOTE_ADDR'], $this->time);
}
/* Update users last active timestamp */
else{
$database->addActiveUser($this->username, $this->time);
}


/* Remove inactive visitors from database */
$database->removeInactiveUsers();
$database->removeInactiveGuests();

/* Set referrer page */
if(isset($_SESSION['url'])){
$this->referrer = $_SESSION['url'];
}else{
$this->referrer = "/";
}

/* Set current url */
$this->url = $_SESSION['url'] = $_SERVER['PHP_SELF'];
}

/**
* checkLogin - Checks if the user has already previously
* logged in, and a session with the user has already been
* established. Also checks to see if user has been remembered.
* If so, the database is queried to make sure of the user's
* authenticity. Returns true if the user has logged in.
*/
function checkLogin(){
global $database; //The database connection
/* Check if user has been remembered */
if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookid'])){
$this->username = $_SESSION['username'] = $_COOKIE['cookname'];
$this->userid = $_SESSION['userid'] = $_COOKIE['cookid'];
}
/* Username and userid have been set and not guest */
if(isset($_SESSION['username']) && isset($_SESSION['userid']) &&
$_SESSION['username'] != GUEST_NAME){
/* Confirm that username and userid are valid */
if($database->confirmUserID($_SESSION['username'], $_SESSION['userid']) != 0){
/* Variables are incorrect, user not logged in */
unset($_SESSION['username']);
unset($_SESSION['userid']);
return false;
}

/* User is logged in, set class variables */
$this->userinfo = $database->getUserInfo($_SESSION['username']);
$this->username = $this->userinfo['username'];
$this->userid = $this->userinfo['userid'];
$this->userlevel = $this->userinfo['userlevel'];
return true;
}
/* User not logged in */
else{
return false;
}
}

/**
* login - The user has submitted his username and password
* through the login form, this function checks the authenticity
* of that information in the database and creates the session.
* Effectively logging in the user if all goes well.
*/
function login($subuser, $subpass, $subremember){
global $database, $form; //The database and form object

/* Username error checking */
$field = "user"; //Use field name for username
if(!$subuser || strlen($subuser = trim($subuser)) == 0){
$form->setError($field, "* Username not entered");
}
else{
/* Check if username is not alphanumeric */
if(!eregi("^([0-9a-z])*$", $subuser)){
$form->setError($field, "* Username not alphanumeric");
}
}

/* Password error checking */
$field = "pass"; //Use field name for password
if(!$subpass){
$form->setError($field, "* Password not entered");
}

/* Return if form errors exist */
if($form->num_errors > 0){
return false;
}

/* Checks that username is in database and password is correct */
$subuser = stripslashes($subuser);
$result = $database->confirmUserPass($subuser, md5($subpass));

/* Check error codes */
if($result == 1){
$field = "user";
$form->setError($field, "* Username not found");
}
else if($result == 2){
$field = "pass";
$form->setError($field, "* Invalid password");
}

/* Return if form errors exist */
if($form->num_errors > 0){
return false;
}

/* Username and password correct, register session variables */
$this->userinfo = $database->getUserInfo($subuser);
$this->username = $_SESSION['username'] = $this->userinfo['username'];
$this->userid = $_SESSION['userid'] = $this->generateRandID();
$this->userlevel = $this->userinfo['userlevel'];

/* Insert userid into database and update active users table */
$database->updateUserField($this->username, "userid", $this->userid);
$database->addActiveUser($this->username, $this->time);
$database->removeActiveGuest($_SERVER['REMOTE_ADDR']);

/**
* This is the cool part: the user has requested that we remember that
* he's logged in, so we set two cookies. One to hold his username,
* and one to hold his random value userid. It expires by the time
* specified in constants.php. Now, next time he comes to our site, we will
* log him in automatically, but only if he didn't log out before he left.
*/
if($subremember){
setcookie("cookname", $this->username, time()+COOKIE_EXPIRE, COOKIE_PATH);
setcookie("cookid", $this->userid, time()+COOKIE_EXPIRE, COOKIE_PATH);
}

/* Login completed successfully */
return true;
}

/**
* logout - Gets called when the user wants to be logged out of the
* website. It deletes any cookies that were stored on the users
* computer as a result of him wanting to be remembered, and also
* unsets session variables and demotes his user level to guest.
*/
function logout(){
global $database; //The database connection
/**
* Delete cookies - the time must be in the past,
* so just negate what you added when creating the
* cookie.
*/
if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookid'])){
setcookie("cookname", "", time()-COOKIE_EXPIRE, COOKIE_PATH);
setcookie("cookid", "", time()-COOKIE_EXPIRE, COOKIE_PATH);
}

/* Unset PHP session variables */
unset($_SESSION['username']);
unset($_SESSION['userid']);

/* Reflect fact that user has logged out */
$this->logged_in = false;

/**
* Remove from active users table and add to
* active guests tables.
*/
$database->removeActiveUser($this->username);
$database->addActiveGuest($_SERVER['REMOTE_ADDR'], $this->time);

/* Set user level to guest */
$this->username = GUEST_NAME;
$this->userlevel = GUEST_LEVEL;
}

/**
* register - Gets called when the user has just submitted the
* registration form. Determines if there were any errors with
* the entry fields, if so, it records the errors and returns
* 1. If no errors were found, it registers the new user and
* returns 0. Returns 2 if registration failed.
*/
function register($subuser, $subpass, $subemail){
global $database, $form, $mailer; //The database, form and mailer object

/* Username error checking */
$field = "user"; //Use field name for username
if(!$subuser || strlen($subuser = trim($subuser)) == 0){
$form->setError($field, "* Username not entered");
}
else{
/* Spruce up username, check length */
$subuser = stripslashes($subuser);
if(strlen($subuser) < 5){
$form->setError($field, "* Username below 5 characters");
}
else if(strlen($subuser) > 30){
$form->setError($field, "* Username above 30 characters");
}
/* Check if username is not alphanumeric */
else if(!eregi("^([0-9a-z])+$", $subuser)){
$form->setError($field, "* Username not alphanumeric");
}
/* Check if username is reserved */
else if(strcasecmp($subuser, GUEST_NAME) == 0){
$form->setError($field, "* Username reserved word");
}
/* Check if username is already in use */
else if($database->usernameTaken($subuser)){
$form->setError($field, "* Username already in use");
}
/* Check if username is banned */
else if($database->usernameBanned($subuser)){
$form->setError($field, "* Username banned");
}
}

/* Password error checking */
$field = "pass"; //Use field name for password
if(!$subpass){
$form->setError($field, "* Password not entered");
}
else{
/* Spruce up password and check length*/
$subpass = stripslashes($subpass);
if(strlen($subpass) < 4){
$form->setError($field, "* Password too short");
}
/* Check if password is not alphanumeric */
else if(!eregi("^([0-9a-z])+$", ($subpass = trim($subpass)))){
$form->setError($field, "* Password not alphanumeric");
}
/**
* Note: I trimmed the password only after I checked the length
* because if you fill the password field up with spaces
* it looks like a lot more characters than 4, so it looks
* kind of stupid to report "password too short".
*/
}

/* Email error checking */
$field = "email"; //Use field name for email
if(!$subemail || strlen($subemail = trim($subemail)) == 0){
$form->setError($field, "* Email not entered");
}
else{
/* Check if valid email address */
$regex = "^[_+a-z0-9-]+(.[_+a-z0-9-]+)*"
."@[a-z0-9-]+(.[a-z0-9-]{1,})*"
.".([a-z]{2,}){1}$";
if(!eregi($regex,$subemail)){
$form->setError($field, "* Email invalid");
}
$subemail = stripslashes($subemail);
}

/* Errors exist, have user correct them */
if($form->num_errors > 0){
return 1; //Errors with form
}
/* No errors, add the new account to the */
else{
if($database->addNewUser($subuser, md5($subpass), $subemail)){
if(EMAIL_WELCOME){
$mailer->sendWelcome($subuser,$subemail,$subpass);
}
return 0; //New user added succesfully
}else{
return 2; //Registration attempt failed
}
}
}

/**
* editAccount - Attempts to edit the user's account information
* including the password, which it first makes sure is correct
* if entered, if so and the new password is in the right
* format, the change is made. All other fields are changed
* automatically.
*/
function editAccount($subcurpass, $subnewpass, $subemail){
global $database, $form; //The database and form object
/* New password entered */
if($subnewpass){
/* Current Password error checking */
$field = "curpass"; //Use field name for current password
if(!$subcurpass){
$form->setError($field, "* Current Password not entered");
}
else{
/* Check if password too short or is not alphanumeric */
$subcurpass = stripslashes($subcurpass);
if(strlen($subcurpass) < 4 ||
!eregi("^([0-9a-z])+$", ($subcurpass = trim($subcurpass)))){
$form->setError($field, "* Current Password incorrect");
}
/* Password entered is incorrect */
if($database->confirmUserPass($this->username,md5($subcurpass)) != 0){
$form->setError($field, "* Current Password incorrect");
}
}

/* New Password error checking */
$field = "newpass"; //Use field name for new password
/* Spruce up password and check length*/
$subpass = stripslashes($subnewpass);
if(strlen($subnewpass) < 4){
$form->setError($field, "* New Password too short");
}
/* Check if password is not alphanumeric */
else if(!eregi("^([0-9a-z])+$", ($subnewpass = trim($subnewpass)))){
$form->setError($field, "* New Password not alphanumeric");
}
}
/* Change password attempted */
else if($subcurpass){
/* New Password error reporting */
$field = "newpass"; //Use field name for new password
$form->setError($field, "* New Password not entered");
}

/* Email error checking */
$field = "email"; //Use field name for email
if($subemail && strlen($subemail = trim($subemail)) > 0){
/* Check if valid email address */
$regex = "^[_+a-z0-9-]+(.[_+a-z0-9-]+)*"
."@[a-z0-9-]+(.[a-z0-9-]{1,})*"
.".([a-z]{2,}){1}$";
if(!eregi($regex,$subemail)){
$form->setError($field, "* Email invalid");
}
$subemail = stripslashes($subemail);
}

/* Errors exist, have user correct them */
if($form->num_errors > 0){
return false; //Errors with form
}

/* Update password since there were no errors */
if($subcurpass && $subnewpass){
$database->updateUserField($this->username,"password",md5($subnewpass));
}

/* Change Email */
if($subemail){
$database->updateUserField($this->username,"email",$subemail);
}

/* Success! */
return true;
}

/**
* isAdmin - Returns true if currently logged in user is
* an administrator, false otherwise.
*/
function isAdmin(){
return ($this->userlevel == ADMIN_LEVEL ||
$this->username == ADMIN_NAME);
}

/**
* generateRandID - Generates a string made up of randomized
* letters (lower and upper case) and digits and returns
* the md5 hash of it to be used as a userid.
*/
function generateRandID(){
return md5($this->generateRandStr(16));
}

/**
* generateRandStr - Generates a string made up of randomized
* letters (lower and upper case) and digits, the length
* is a specified parameter.
*/
function generateRandStr($length){
$randstr = "";
for($i=0; $i<$length; $i++){
$randnum = mt_rand(0,61);
if($randnum < 10){
$randstr .= chr($randnum+48);
}else if($randnum < 36){
$randstr .= chr($randnum+55);
}else{
$randstr .= chr($randnum+61);
}
}
return $randstr;
}
};


/**
* Initialize session object - This must be initialized before
* the form object because the form uses session variables,
* which cannot be accessed unless the session has started.
*/
$session = new Session;

/* Initialize form object */
$form = new Form;

?>

Uh-huh. It appears that the session_start() function is within another function (startSession).
You probably aren't calling the function to be used.
To make sure of this, try echoing out $_SESSION[username].

Does this alter-ego make me look stupid?

Also try making the script yourself instead of copying and pasting from one of those searched sites from google.

Aye...Hit me up on twitter 'do lol

SBP i didnt copy from google thiss member system i downloaded for the user login and everything else im making.

do this
<?php
if($_SESSION['username']==""){
echo" CODE HERE";
}
else{
echo"plz login";
}
?>
ok if a user not login it display whatever in the else{ tage

A true developer

with start session

Parse error: syntax error, unexpected T_IF in /home/dsialex/public_html/member/games.php on line 6

without


Parse error: syntax error, unexpected T_STRING, expecting ',' or ';' in /home/dsialex/public_html/member/games.php on line 9
Sign in

i tryed this before the <html> <?php
start_session();
if($_SESSION['username']==""){
echo"";
}
else{
echo"plz login";
}
?>
but there i get Fatal error: Call to undefined function start_session() in /home/dsialex/public_html/member/games.php on line 5

and then the error changed when i do this.

<?php
if($_SESSION['username']==""){
echo" with all my page code here";
}
else{
echo"plz login";
}
Parse error: syntax error, unexpected T_STRING, expecting ',' or ';' in /home/dsialex/public_html/member/games.php on line 10

ok now im doing this im leaving this part <?php
if($_SESSION['username']==""){
echo"
at the start before the <html> then at the end of the page i put this ";
}
else{
echo"plz login";
}
?>
What am i doing wrong??
?>

still even that way

Parse error: syntax error, unexpected T_STRING, expecting ',' or ';' in /home/dsialex/public_html/member/games.php on line 10