#native_company# #native_desc#
#native_cta#
PHP Tutorials

Best practices: Sessions Page 2

By Paul Booker
on August 19, 2002

To gain access to this secure internet website a user has to supply a username and password in a form
this then results in a php block being executed when the script actions itself :

<?php

 if(isset($_POST['submit']) ) {     // true if form has been submitted

    session_start();

      include("inhouse_functions.inc");       

          connect_database("secure_online");    // obtain access to database   

    $SQL=" SELECT security_id FROM security

 

            WHERE username='$username' AND password= '$password' ";

                                 

              $security = @mysql_query($SQL);

                 if ( mysql_num_rows($security) ) {

                     $row mysql_fetch_array($security);  

                         $security_id $row['security_id'];

                               $sess_security_id $security_id ;                     

                                  session_register('sess_security_id');

                                      header("location: entry_page.php") ;

                 }

         // authorisation not successful show form again....                        

}

?>



<html>

 ..

<form action = "<? echo $PHP_SELF;?>" method="post">

     ... rest of the form to collect username,password and submit button

<type="hidden" name="submit" value=1>

</form>

</html>


All other pages on this secure internet website then can check to see that authentication has
occured by checking if the primary key $sess_security_id has been registered to the session :

<?php

 if( !session_is_registered('sess_security_id') ) {

            // the security_id key is registered with the session

            // on authorisation 

      header("location: index.html ");     // send to authentication page ..

}   

?>



A nice feature here is that nothing sensitive is registered to the session and the value stored
has the potential of reconstructing any security information the subsequent scripts might demand such
as checking access level privileges (U,X or P) ….

<?php

$SQL=" SELECT access_level FROM security 

                

           WHERE security_id='$sess_security_id'  "

  $security  mysql_query($SQL);

      $row mysql_fetch_array($security);  

          $access_level $row['access_level'];

             if($access_level == 'U') {

                     // content sutiable for access level U

             } ..

....

?>



Related Results via Envato Market

Related Content