PHP - Adding A Login Session Timeout

When a user logs on, I authenticate them with a session.  How do I use php to determine the time until the session will expire?  I realize I could go into the ini file but is there a php code that can query this info and echo it back?

I have a form that is very long.  Sometimes the logged-in user will spend over 20 minutes on this screen and then when they hit submit, the session has already expired and they are redirected to the login screen and anything on that form is lost.
Is there a way to reset the session timeout to zero everytime they either click the screen with the mouse, or type something into a form field (without submitting the form)?  Not sure if this would only work with javascript or if there is php code that I would put in the beginning of the action.php that looks for whether the session has timed out and if so, add the form contents to the database first before logging them out?  A php solution like that would be preferable to a javascript one.
But also if the sessiopn has already expired, then the action.php script would be less secure if I put the code there because then anyone not logged in could use that page so that's probably not the solution.  Best solution would be to reset the session timer whenever they click ont he screen or start typing in the form.

Hello All,

I have a PHP web application which will refresh itself(ajax calls connecting to the server and get the latest data) periodically. These also update the Database-based session handler class. i.e. There is NO UPDATE to the session data but the timestamp is constantly updated.


Our problem is that garbage collection does not kick in as it looks at the difference between timestamp and session_gc.maxlifetime. So, if  and the user is not interacting with the application.

Now my question is how can I force the timeout even though refreshing happens but the user is not interacting with the application and there are "phantom" session updates made by these ajax calls.

Please let me know. Thanks.

Im trying to make sessions work with my script, its finding the user/pass in the database and redirects me to the homepage after but the parts that are supposed to show when the session is set are not showing.

My code:


<?php
// Login Logic

$username = "";
$err = "";
$err_style = "";
$err_style2= "";

//Checks if there is a login cookie
if(isset($_SESSION['username'])) { 

    //if there is, it logs you in and directes you to the members page
    $_SESSION['username'] = $username;
    $_SESSION['password'] = $password;
    //$username = $_COOKIE['user_id']; 
    //$pass = $_COOKIE['pass_id'];
    $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error());$quer++;
    while($info = mysql_fetch_array( $check )) {
        if ($pass != $info['password']) {
        
        }
        else {
            header("Location: index.php");
        }
    }
}

//if the login form is submitted
if (isset($_POST['submit'])) { // if form has been submitted

    // SANITISE
    
    $username     = sanitize($_POST['username']);
    $pass        = sanitize($_POST['password']);
    $red        = sanitize($_POST['red']);
    
        // makes sure they filled it in
    if(!$_POST['username']) {
        $err = 'You did not fill in a required section';
        $err_style = "style='border: 1px solid #CC0000'";
        $show_login = 1;
    }
        if(!$_POST['password']) {
        $err = 'You did not fill in a required section';
        $err_style2 = "style='border: 1px solid #CC0000'";
        $show_login = 1;
    }
    // checks it against the database
    
    if (!$err) {
    $check = mysql_query("SELECT * FROM users WHERE username = '".$username."'")or die(mysql_error());$quer++;

    //Gives error if user dosen't exist
    $check2 = mysql_num_rows($check);
    
    if ($check2 == 0) {
        $err = 'User not found - please try again!';
        $err_style = "style='border: 1px solid #CC0000'";
        $show_login = 1;
    }
    
    while($info = mysql_fetch_array( $check )) {
        $info['password'] = stripslashes($info['password']);
        $pass = $pass;

        //gives error if the password is wrong
        if ($pass != $info['password']) {
            $err = 'Incorrect password, please try again.';
            $err_style2= "style='border: 1px solid #B02B2C;'";
            $show_login = 1;
        }
        else { 
        
        session_start();
        $_SESSION['username'] = $username;
        $_SESSION['password'] = $password;    
        
        // if login is ok then we add a cookie 
        //$hour = time() + 3600; 
        //setcookie("user_id", $username, $hour); 
        //setcookie("pass_id", $pass, $hour);    

        //then redirect them to the members area 
        
        if (!$red) {
            header("Location: index.php"); 
        } else {
            header("Location: $red.php"); 
        }
        exit;
        } 
    } 
    
    }
} 

?>


And:


<?php 
session_start();

//checks cookies to make sure they are logged in 
if(isset($_SESSION['username'])) {
     $_SESSION['username'] = $username;
    $_SESSION['password'] = $password;
    //$username = $_COOKIE['user_id']; 
    //$pass = $_COOKIE['pass_id']; 
    $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error()); $quer++;
    
    while($info = mysql_fetch_array( $check )) { 
        //if the cookie has the wrong password, they are taken to the login page 
        if ($pass != $info['password']) { 
            header("Location: login.php"); 
        } 

        //otherwise they are shown the admin area    
        else { 
        // Update some info
    
        session_start();
        $_SESSION['username'] = $username;
        $_SESSION['password'] = $password;    
    
    
        //setcookie ("user_id", $_COOKIE['user_id'], time() + 3600 );
        //setcookie ("pass_id", $_COOKIE['pass_id'], time() + 3600 );

        // Get some basic user details, so we can use these later!
        $uname  = $info['username'];
        $uID        = $info['user_id'];
        $email    = $info['email'];
        $loggedin = 1;
        $admin_user    = $info['admin'];
        } 
    } 
}
 
?>

OK when i go to my website and login i stay login in intill i sign out but when im stilled loged in and click new tab and type my website i see the login table but im already loged in so i have to click on my logo to time to make the login table go away why if you need the login code i would be happy to give it to use

Hi guys, I have a loggin page which works fine except it doesnt pass the session, could someone help me to see what mistake im making?
once users login they will be diverted to another page where is their profile page, i have echoed the session in member page but it doesnt read it.

i have attached both codes (member page and login page) below, thanks in advance for your help


code is below:
login page code:


Code: [Select]
<?php

//connect to database 
include '../include/db.php';

//we start a session here to help us pass the user login variable to other pages of the webs application while user is logged in.
session_start();

//php login

// if post has been successfully sent, do the action below

if ($_POST['login']){

// get data from form fields
$email=strip_tags($_POST['email']);
$password=strip_tags($_POST['password']);


// check if email (username) and password have been inserted, if not show an error

if($email == "" || $password == "")
echo "Please enter your email address and postcode";
else 
{

//check if email exists

$checkemail=mysql_query("SELECT * FROM member WHERE EmailAddress='$email'");


//if exists we get the information from database
if 

($getrows=mysql_num_rows($checkemail)>=1){

while ($row=mysql_fetch_array($checkemail))
{
$myemail=$row['EmailAddress'];
$mypassword=$row['Password'];
}

//convert the password to md5

$pass=md5($password);



//now we check if entered email and password match our database record
if ($myemail==$email && $mypassword==$pass)

{

$_SESSION['emailaddress']=$myemail;

//update the loggedin to 1 so we users go to next page, our website will compare if users is logged in or not
$update=mysql_query("UPDATE member SET loggedin='1' WHERE EmailAddress='$email'");

//if details exist we get the users first name  our database to pass this information along with our sessions
$getuser=mysql_query ("SELECT * FROM member WHERE EmailAddress='$email'");
while($row=mysql_fetch_array($getuser))

{
$firstname=$row['FirstName'];


}
echo "Welcome $firstname, <a href='profile.php'>Click here</a> to be directed to your profile";
}

}
else 

{
echo "This user doesn't exists";
}

}
}



?>




and this is the member page so far

Code: [Select]
<?php
//connect to database 
include '../include/db.php';

//we start a session here to help us pass the user login variable to other pages of the webs application while user is logged in.
session_start();
echo "Welcome ".$_SESSION['emailaddress']."";
?>

This should be really simple, but I just can't figure out why it isn't working. It's my first time using sessions, so I'm probably doing something silly. It's just a login to an admin page. It's for a photo gallery, that's why the database is called "photo".

This is the login page:
Code: [Select]
<?php
session_start();

if(isset($_POST['user']) && isset($_POST['password'])){
$user = $_POST['user'];
$password = sha1($_POST['password']);

$photo = new mysqli('localhost', 'user', 'password', 'photo');
$login = $photo->query("select user, sha1(password) from settings where user = '$user' and sha1(password) = '$password'");

if($login->num_rows > 0){
$_SESSION['login'] = 1;
?>
<META HTTP-EQUIV="Refresh" Content="0; URL=admin.php">
<?php
} else {
$badlogin = 1;
}
}
?>

<html>
<head>

<style>
body {margin-top: 50px;}
td {text-align: right;}
input {width: 200px;}
</style>

</head>
<body><center>

<?php
if(isset($badlogin)){
?>
<span style="color: red;">Oops! Wrong login.</span><br><br>
<?php
}
?>

<table>
<form action="admin.php" method="post">
<tr><td>User:</td><td><input type="text" name="user" /></td></tr>
<tr><td>Password:</td><td><input type="password" name="password" /></td></tr>
<tr><td></td><td><input type="submit" value="Login" /></td></tr>
</form>
</table>

</center></body>
</html>
And this is the admin page:
Code: [Select]
<?php
session_start();
if($_SESSION['login'] != 1){
?>
<META HTTP-EQUIV="Refresh" Content="0; URL=login.php">
<?php
} else {
?>

<html>
<head>



</head>
<body>

Admin stuff here.

</body>
</html>

<?php
}
?>

Hi all

I am trying to write a piece of code that takes the value from a form and checks it via an SQL table then adds the session value and the value from the SQL table into the rest of the code as a string. It is for a voucher code in a shopping basket:

if(isset($_POST['voucher_code'])) {
   
$vouchercode = $_POST['voucher_code'];

$sqlvoucher_code = mysql_query(" SELECT * FROM `voucher_codes` WHERE name = ".$vouchercode."");
$getvoucher_code = mysql_fetch_array($sqlvoucher_code);

$_SESSION['voucher_code'] = $_POST['voucher_code'];

$voucher_code = $getvoucher_code['value'];

header("Location: basket.php");

exit;

}

Every time I add a value into the form that I know is in the DB it returns a value of 0 even though the value in the DB is 15.95.

Please help!

Thanks
Pete

How can i keep adding value to a session???

I need to somehow keep storing more values into an array.
session_start();

// store session data
$_SESSION['tune_name']=$_GET['tune_name'];
$_SESSION['tune']=$_GET['tune'];

print_r($_SESSION);

So this is what i get from the print_r();
Array ( [attach] => Array ( ) [backups-2] => true [dnb] => true [house] => true [tech-house] => true [uk-garage] => true [uk-grime] => true [uk-hip-hop] => true [uncategorized] => true [warehouse] => true [views] => Music/dnb/Gold Dust (Vocal VIP Mix)_DJ Fresh_192.mp3 [tune_name] => Music/dnb/Dj Ss - We Came To Entertain (Sub Zero Remix).mp3 [tune] => Array ( ) )

ok what i need to do is everytime i click it saves that value above but just appends another value to the array so the session can keep getting larger and larger???

Any help please.

<!DOCTYPE html>
<html>
<head>
	<style type="text/css" media="screen">
		.ss
		{
			border-width: 1px;
			border-style:solid;
			width: 100px;
			height: 100px;

	</style>
	<meta charset="utf-8">
	<meta http-equiv="X-UA-Compatible" content="IE=edge">
	<title></title>
	<link rel="stylesheet" href="">
</head>
<body>
	<form action="index.php" method="post">

	<table align="center" class="ss">
		<tr>
			<td>Name<input type="text" name="name">
</td>
		</tr>
		
		<tr>
			<td>Pass&nbsp:<input type="password" name="pass">

</td>
		</tr>
		<tr>
			<td>Email<input type="text" name="eml">
</td>
<tr>
			<td><input type="submit" name="sb">
</td>
	</table>
	
		

	</form>
	
</body>
</html>
<?php 
include "db.php";
session_start();
if(isset($_POST['sb']))
{
	
	$name=mysqli_real_escape_string($con, $_POST['eml']);
	$pass=mysqli_real_escape_string($con, $_POST['pass']);
	$usr=mysqli_real_escape_string($con,'user');
    
	$std='std';
	$type='admin';
	$qer="select * from users where eml='$name' AND pass='$pass' AND type='$type'";
	$sql=mysqli_query($con,$qer);

	$qer=" select * from users where eml='$name' AND pass='$pass' AND type='$std'";
	$sql1=mysqli_query($con,$qer);

	$qer=" select * from users where eml='$name' AND pass='$pass' AND type='$usr'";
	$sql3=mysqli_query($con,$qer);


	$fe=mysqli_fetch_array($sql);
	if(is_array($fe)) {
		$name=$name;
		$pass=$pass;

        {

	
	header("location:wel.php?msg=Scuessfull login");

	
}
echo "Admin of this site";

}

else if($fe=mysqli_fetch_array($sql1)){

	if(is_array($fe)) 
	
		$name=$name;
		$pass=$pass;
echo "Moderator of the site";
{ 
	
	
	header("location:mod.php?msg=Scuessfull login");

	
}

}

else if($fe=mysqli_fetch_array($sql3)){

	if(is_array($fe)) 
		$name=$name;
		$pass=$pass;
			$_SESSION['eml'] =true;
			header("location:sim.php?msg=Scuessfull login");
echo "Simple user this site";
}



else
{
	echo "invalid pass";
   }
       }
?>

 

I don't know how to solve this error; Parse error: syntax error, unexpected '$db' (T_VARIABLE)    code:  

I'm trying to implement sessions into my website. At the moment index.php contains a login form that posts to AccountManagement.php. AccountManagement.php then checks the database to see if they have entered a correct username/password combination. This all works fine, however I would like the site to remember that a user has logged in, and not tell them that they have entered an invalid password every time they come to this page by any means other than index.php's login form (e.g. a back button on a page that follows from AccountManagement). I have tried for days to get this to work using a for loop that checks if the session is started, but I can't seem to get the placement/syntax correct.
Any help would be greatly appreciated.


AccountManagement.php:
Code: [Select]
<?php
include ("Includes/database.php");
include ("Includes/htmlheader.php");
dbconnect ("localhost", "xxxxx", "xxxxx", "xxxxx");
$query=sprintf("SELECT wowUsername, Password, UserID FROM Users WHERE (((wowUsername)=\"%s\") AND ((Password)=\"%s\"));", $_POST['Username'], $_POST['Password']);
$result=mysql_query($query);
if (!$result) {
$message  = 'Invalid query: ' . mysql_error() . "\n";
    $message .= 'Whole query: ' . $query;
    die($message);}
if (mysql_num_rows($result) !=1) {
$errormessage= "Incorrect Username or Password, please try again.";
include ("Includes/error.php");
}
else { 
$row=mysql_fetch_assoc($result);
$CustomerID = $row['UserID'];
$query2=sprintf("SELECT CustomerID, FName FROM Customers WHERE CustomerID=$CustomerID");
$result2=mysql_query($query2);
$row2=mysql_fetch_assoc($result2);
$_SESSION['UserID']=$CustomerID;
?>
 <form action="index.php" id="home" name="home" style="width: 8em"></form>
<h1>   
  Account Management
</h1>
<p><h3 align="center">Welcome <?php echo $row2['FName'];?>, use the buttons below to manage your subscriptions.<h3><br />
<h2>
<form action="Subscription.php" id="subs" name="subs">
  <p>
    <input class="button5" name="Setup" type="submit" value="New Subscription" align="center" /></p>
  </form></h2>
<form action="AccountUpdate.php" id="remove" name="remove" style="width: 8em">
  <p>
    <input class="button5" name="NewDetails" type="submit" value="Update Details" />
    </p></form>
  </p>
  <p>
  <form action="AccountCancel.php" id="remove" name="remove" style="width: 8em">
    <input name="Logout3" type="submit" class="button5" value="Cancel Account" align="right" />
    </form>
  </p>
  <p>
  <br />
  <form action="index.php" id="remove" name="remove" style="width: 8em">
    <input class="button5" name="Logout" type="submit" value="Log Out" />
  </p>
  </p>
<?php
}
?>
</div>
</body>
</html>
</form>

htmlheader.php:
Code: [Select]
<?php
error_reporting(E_ERROR | E_WARNING | E_PARSE );
if(!isset($_SESSION))
{
session_start();
$_SESSION['UserID']=0;
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><link rel="stylesheet" type="text/css" href="CSS/Styles.css"/>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Account Management</title>
</head>

<body>
</form>
<div id="content">

Registration.php

Code: [Select]
<html>
<head>
<script type="text/javascript">
 function a()
{
   var x = document.login.username.value;
   var y = document.login.pass.value;

   if(x==""&& y=="")
   {
    alert("Please insert all message!");
    return false;
   }
   if(x=="")
   {
     alert("Please insert an username!");
     return false;
   }
   if(y=="")
   {
     alert("Please insert an password!");
     return false;
   }
}
</script>
</head>
<?php
 session_start();
    mysql_connect("localhost","root") or die(mysql_error());
    mysql_select_db("cute") or die(mysql_error());
    //session_start();
    $username = $_POST['username'];
    $password = $_POST['pass'];
    if (isset($_POST["submit"]))
    {
     $log = "SELECT * FROM regis WHERE username = '$username'";
     $login = mysql_query($log);
     $number = mysql_num_rows($login);

     if ($number == 0)
     {
      print "That user does not exist in our database. <a href=registration.php><input type='button' value='Register'></a>";
     }
      if ($number > 0)
     {
      $_SESSION['is_logged_in'] = 1;
     }
     if(!isset($_SESSION['is_logged_in']))
     {
     }
     else
     {
        echo "<meta http-equiv='refresh' content='0; url=form2.php'>";
     }


    }
    else
    {


?>
 <body>
 <table border="0">
 <form name="login" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>" onsubmit="return a()">
 <tr><td colspan=2><h1>Login</h1></td></tr>
 <tr><td>Username:</td>
 <td><input type="text" name="username" maxlength="40"></td></tr>
 <tr><td>Password:</td>
 <td><input type="password" name="pass" maxlength="50"></td></tr>
 <tr><td><input type="submit" name="submit" value="Register"></a></td>
 <td><input type="submit" name="submit" value="Login"></td></tr>
 </form>
 </body>
 <?php

  }

 

 ?> </html>


form2.php

Code: [Select]
<?php
session_start();

if (!isset($_SESSION['is_logged_in'])) {
     header("Location:login.php");
     die();     // just to make sure no scripts execute
}
?>
<?php
mysql_connect("localhost","root") or die(mysql_error());
mysql_select_db("cute") or die(mysql_error());
$message=$_POST['message'];
$n=$_POST['username'];


if(isset($_POST['submit'])) //if submit button push has been detected

{


   if(strlen($message)>1)
   {
      $message=strip_tags($message);
      $IP=$_SERVER["REMOTE_ADDR"]; //grabs poster's IP
      $checkforbanned="SELECT IP from ipbans where IP='$IP'";
      $checkforbanned2=mysql_query($checkforbanned) or die("Could not check for banned IPS");

    if(mysql_num_rows($checkforbanned2)>0) //IP is in the banned list
    {
     print "You IP is banned from posting.";
    }

    else
    {
     $thedate = date("U"); //grab date and time of the post
     $insertmessage="INSERT into chatmessages (name,IP,postime,message) values('$n','$IP','$thedate','$message')";
     mysql_query($insertmessage) or die("Could not insert message");
    }
   }
}


 ?>
<html>
<head>
<script type="text/javascript">
function addsmiley(code)
{
var pretext = document.smile.message.value;
              this.code = code;
              document.smile.message.value = pretext + code;
}

function a()
{
 var x = document.smile.message.value;
 if(x=="")
 {
  alert("Please insert an message!");
  return false;
 }

}

</script>
<style type="text/css">
body{ background-color: #d8da3d }
</style>
</head>
<body>
  <form name="smile" method="post" action="form2.php" onSubmit="return a()" >
   Your message:<br><textarea name='message' cols='40' rows='2'></textarea><br>
   <img src="smile.gif" alt=":)" onClick="addsmiley(':)')" style="cursor:pointer;border:0" />
   <img src="blush.gif" alt=":)" onClick="addsmiley('*blush*')" style="cursor:pointer;border:0" />
   <input type="hidden" name="username" value="<?php echo $n;?>">
   <input type='submit' name='submit' value='Send' class='biasa'  ></form>

   
 
  <br> <br>
  </body>
</html>

My problem is after i login it redirect to login page although im had put after login page its need to go to form2.php page may i know which problem because now only im learning session

hey guys, Im trying to register a session from a login im making and for some reason its not working.


here is my code:


<?php    
session_start();
if(isset($_POST['username'])){
$username = $_POST['username']; //name of the text field for usernames
$password = $_POST['password']; //likewise here just for the password
//connect to the db
$user = 'root'; 
$pswd = ''; 
$db = 'chat';
$conn = mysql_connect('localhost', $user, $pswd);
mysql_select_db($db, $conn);
//run the query to search for the username and password the match
$query = "SELECT * FROM users WHERE username = '$username' AND password ='$password'";
$result = mysql_query($query) or die("Unable to verify user because : " . mysql_error());

//this is where the actual verification happens
    if(mysql_num_rows($result) == 1){
    //the username and password match
    //so e set the session to true

$_SESSION['username'] = $username;

$_SESSION['uID'] = $result['user_id'];

//$_SESSION['email'] = $result['email'];

    //and then move them to the index page or the page to which they need to go
    header('Location: index.php');
    }else{
    $err = 'Incorrect username / password.' ;
    }
    //then just above your login form or where ever you want the error to be displayed you just put in
    echo $err;

}

else

?>



Im trying to make it so it also gets the user_id of the user logging in and creates a session for it.

It works for the username part, and Im able to echo the username im logged in with, but for some reason it does want to work for the user_id part.

This is what doesnt register

$_SESSION['uID'] = $result['user_id'];

Thanks for the upcoming help.

I am createing a simply quiz site, where in order to participate in the quiz, you must first be logged in.
While working on my local machine, the code works perfectly.
I use the followin to create a session ID;
$_SESSION['SESS_ID'] = $member['id'];

Then, on my main page where i want dynamic code i include the following;

if(!isset($_SESSION['SESS_ID']) || (trim($_SESSION['SESS_ID']) == '')) {
   

      print ("
      <div style='float:left; width:400px; height:215px; margin-left:500px;'>
      <form class='login' method='post' action='login-form.php' style='float:right; margin-top:120px;' >
      
      <input type='submit' class='button' name='submit' value='Sign In' style='float:right ; margin-right:20px;'>
      
      </form>
      <p style=' margin-top:170px; margin-left:160px;'>New Member? Start <a href='register-form.php'>Here</a></p>
      </div>
      "
      );
      }
   else {
   print "<h4 style='float:right; text-align: right; margin-top:150px; margin-right:50px;'>Welcome ". $_SESSION['SESS_NAME']. "&nbsp;<a href='logout.php'  style='float:right; text-align:right;'>Sign Out</a></h4>
   ";


For some reason, when the site is on the server, the session ID does not seam to get passed along.
Any Ideas how to remediy this?
the website is kingdomquiz.com if anybody is interested.