ok, im trying to make a very efficient and managable login system, its hard to explain so ill just list what im trying to do:
// this part will check the login
1. check for a cookie on the users hard drive
if its found then the user is auto-logged in
if its not then they will need to login
// the actual login routine
2. the submitted information from the user will be checked verses info stored in a database
if they dont match then the user isnt logged in and a cookie telling the script that they failed login is placed on their computer
the user's info is stored in an array in a cookie telling their name, password, userid, and their user level (mod, admin, user, etc..)
// here is where i start to get lost
some sort of custom session handler will be needed to store the info from the cookie in a session, but the session will also need to
store the session_id, user_id, and user_ip in a database, so taht i can have a section of my site that shows what users are online, much like the one on this forum
now ive read about 4 tutorials on this tonight and im still sitting here like "huh???" i know its pretty difficult but i still want to learn to do it on my own and not rely on a premade script (phplib, etc...)
can anyone help me out?
_thanks,
-Willlet me suggest a few adjustments:
on the login page,
destroy server side session variables
ask for username/passoword
submit to a verification page
on the verification page,
database call to verify correct username/ pass
if invalid; redirect back to login page with error message.
if valid; create session variables to hold values:
loggedIn='yes'
name='whatever'
but DONT put the users username/ password in the session variables. Leave that in the database. If you need an identifier, use a IDnumber.
as far as whos online? On each page, do an include... to see if they are logged in, and if so.. a database update to mark them as logged in. thats it.
onrender of each page ask the databse whos flag is set to logged in. Then auto call a webpage that sets these values to null after 20minutes. Each time a user hits a page the database gets updated. After 20 minutes of inactivity (predefined) the session variables are destroyed by the server, and the database record is updated to clean out inactive users.
Thats a lot, but you need to attack it one piece at a time. First, just learn how to set up session variables. Learn how they work, what their default timeout is (usually 20 minutes, but can be ajusted). Hopefully you have a bit of database experience. If not, you'll want to take a time out while you become familiar with the basics.
Then setting up the multiple queries, updates, and autocalling a webpage should be afairly easy.i know basic msyql queries like update insert delete select etc...
its the linking the cookies, to the sessions then the sessions to the database that makes my head spin
now tell me why you would want to have sessions and cookies(also called sessions) on the same site?
if you use cookies stay with cookies. if you use sessions stay with sessions. no need to make one of each.
besides sessions are cookies, but for the server. so sessions will hold anything a cookie will.
if you do it with cookies and sessions you will be confusing yourself to no end.hrmmm....
well i wanted to use cookies so that users didnt have to login everytime they visit the site. but then i looked at the code in phpbb and they used cookies for that and sessions to track who was online. at least thats what i got from looking at it.that is what sessions do. it will stay on the server for a given time. usually that is around half an hour. that is setup on the server and you don't have control of that.
so my site uses sessions and if I login and then leave for 15 minutes and come back, it will remember me.
but if you want you could use both, I was just saying that it will be a tedious job keeping all that info sperated.oh, so how would i just use sessions?
i know the very basics of session commands like
start, register, and destroy. i wouldnt know where to start with something like this. i was going to try and mimic phpbb's but that made my head hurt so, what do i need to learn?once you register a session variable you can use it like any other variable. as long as the user is on your site and the session is good it will be there. so if the user left for a day and came back, you will need to check for the variable, if no variable then have them login.
understand? if not I think I have some tutorials on sessions on my site.read them all already.
im not only trying to do this for an automatic login "grace period" but also, i want to have abox on the site that says who is online and that sort of thing.
its still a little confusingI have not had cause to use sessions so I can't provide any sample work. If I was trying to achieve what I believe you are trying to then I would do something along the lines of:
1) When member logs in store their membership ID in a session variable (probably an array)
2) Every time the page is loaded or refreshed some code would parse the array and conduct:
SELECT all_the_member_ids FROM members_table ORDER BY members_name;
3) Using mysql_fetch_array() I would then just loop through each returned row and display their username.
This should produce the list of members who are logged in.Torrent is close. take these forums for example. they use cookies and sessions. when the user comes online and the forum detects they have a cookie then the forum puts a 1 in a column on the database to signify that that user is online. when the forum can't detect the user anymore it clears that column of that user. so the database has a cache table, so to speak.Ah yes, that way way would be slightly more efficient and easier to code.hrmmm how would i go about fdoing that?that is easy. once they open the site then you check for the cookie, which has teh info you need like username id or whatever. if cookie found then update teh database table so it will know that they are online. then if they log off then just delete the cookie. so everypage will check for a cookie. and then it all depends on what you want to do once the cookie is or is not found. if not found, how far will you let them go in the site. see somethnig like that.
// this part will check the login
1. check for a cookie on the users hard drive
if its found then the user is auto-logged in
if its not then they will need to login
// the actual login routine
2. the submitted information from the user will be checked verses info stored in a database
if they dont match then the user isnt logged in and a cookie telling the script that they failed login is placed on their computer
the user's info is stored in an array in a cookie telling their name, password, userid, and their user level (mod, admin, user, etc..)
// here is where i start to get lost
some sort of custom session handler will be needed to store the info from the cookie in a session, but the session will also need to
store the session_id, user_id, and user_ip in a database, so taht i can have a section of my site that shows what users are online, much like the one on this forum
now ive read about 4 tutorials on this tonight and im still sitting here like "huh???" i know its pretty difficult but i still want to learn to do it on my own and not rely on a premade script (phplib, etc...)
can anyone help me out?
_thanks,
-Willlet me suggest a few adjustments:
on the login page,
destroy server side session variables
ask for username/passoword
submit to a verification page
on the verification page,
database call to verify correct username/ pass
if invalid; redirect back to login page with error message.
if valid; create session variables to hold values:
loggedIn='yes'
name='whatever'
but DONT put the users username/ password in the session variables. Leave that in the database. If you need an identifier, use a IDnumber.
as far as whos online? On each page, do an include... to see if they are logged in, and if so.. a database update to mark them as logged in. thats it.
onrender of each page ask the databse whos flag is set to logged in. Then auto call a webpage that sets these values to null after 20minutes. Each time a user hits a page the database gets updated. After 20 minutes of inactivity (predefined) the session variables are destroyed by the server, and the database record is updated to clean out inactive users.
Thats a lot, but you need to attack it one piece at a time. First, just learn how to set up session variables. Learn how they work, what their default timeout is (usually 20 minutes, but can be ajusted). Hopefully you have a bit of database experience. If not, you'll want to take a time out while you become familiar with the basics.
Then setting up the multiple queries, updates, and autocalling a webpage should be afairly easy.i know basic msyql queries like update insert delete select etc...
its the linking the cookies, to the sessions then the sessions to the database that makes my head spin
now tell me why you would want to have sessions and cookies(also called sessions) on the same site?if you use cookies stay with cookies. if you use sessions stay with sessions. no need to make one of each.
besides sessions are cookies, but for the server. so sessions will hold anything a cookie will.
if you do it with cookies and sessions you will be confusing yourself to no end.hrmmm....
well i wanted to use cookies so that users didnt have to login everytime they visit the site. but then i looked at the code in phpbb and they used cookies for that and sessions to track who was online. at least thats what i got from looking at it.that is what sessions do. it will stay on the server for a given time. usually that is around half an hour. that is setup on the server and you don't have control of that.
so my site uses sessions and if I login and then leave for 15 minutes and come back, it will remember me.
but if you want you could use both, I was just saying that it will be a tedious job keeping all that info sperated.oh, so how would i just use sessions?
i know the very basics of session commands like
start, register, and destroy. i wouldnt know where to start with something like this. i was going to try and mimic phpbb's but that made my head hurt
so, what do i need to learn?once you register a session variable you can use it like any other variable. as long as the user is on your site and the session is good it will be there. so if the user left for a day and came back, you will need to check for the variable, if no variable then have them login.understand? if not I think I have some tutorials on sessions on my site.read them all already.
im not only trying to do this for an automatic login "grace period" but also, i want to have abox on the site that says who is online and that sort of thing.
its still a little confusingI have not had cause to use sessions so I can't provide any sample work. If I was trying to achieve what I believe you are trying to then I would do something along the lines of:
1) When member logs in store their membership ID in a session variable (probably an array)
2) Every time the page is loaded or refreshed some code would parse the array and conduct:
SELECT all_the_member_ids FROM members_table ORDER BY members_name;
3) Using mysql_fetch_array() I would then just loop through each returned row and display their username.
This should produce the list of members who are logged in.Torrent is close. take these forums for example. they use cookies and sessions. when the user comes online and the forum detects they have a cookie then the forum puts a 1 in a column on the database to signify that that user is online. when the forum can't detect the user anymore it clears that column of that user. so the database has a cache table, so to speak.Ah yes, that way way would be slightly more efficient and easier to code.hrmmm how would i go about fdoing that?that is easy. once they open the site then you check for the cookie, which has teh info you need like username id or whatever. if cookie found then update teh database table so it will know that they are online. then if they log off then just delete the cookie. so everypage will check for a cookie. and then it all depends on what you want to do once the cookie is or is not found. if not found, how far will you let them go in the site. see somethnig like that.