PHP.. Login.. Session.. Can't wrap my mind around it =/

[SineCosine]

So..
Let's say I do not wanna' understand everything about registration and login for now because it is too overwhelming =x

And..
I wanna' understand the login part first.
Here are my questions..

01) User submits login form with Username and Password
02) User is redirected to a page that validates it
03) I use this to validate:

session_start();

				$username = $_POST[‘Username’];
				$password = $_POST[‘Password’];

				$result = mysql_query("SELECT * FROM Members WHERE Username=$username AND Password=$password");
//Assuming no MD5

04) ???

I don't get what session_start() does ._.
Also, I don't know what to do after I've found a match

I can redirect them to a members-only page, sure..
But what's to stop them from skipping the login and going straight to the members-only page?

How would the members-only page know if a user has a session? o.0

 

[GetTriggerUnit-]

There I think I have what you really need. I learned php & mysql with it.

http://www.youtube.com/watch?v=EwJujkxYLZs

From tutorial 22 to the end, he makes a forum/game with php registration key, mysql stuff, email sending and probably alot of what you need.


You can pass params via the $_GET[]; method. index.php?param=fun

 

[SineCosine]

Thank' ee.
Watching them now ^^

 

[celerisk]

$password = $_POST[‘Password’];
$result = mysql_query("SELECT * FROM Members WHERE Username=$username AND Password=$password

And if the password I enter is 'test' or 1 = 1, I can login as anyone?

NEVER pass unfiltered user input to your db.
There's an "escape" function for that.

Even better would be to spend the 20 minutes it takes on PDO and simply forget the mysql specific stuff.



" How would the members-only page know if a user has a session? "

The login page stores some info in the session. Or a self-made cookie.
If that info is missing or wrong or too old, you redirect back to login.

 

[SineCosine]

Ahh.. =x
The tutorials GTE suggested thought me all I needed to know about the Registration page xD

But nothing, and I really do mean nothing, about logging in and sessions =/
Imma' go google or something..

The cookies seem like a good idea.
So, how would I pass the data in the cookies to the php?

Other than filling in a hidden input wil cookie-data =/

 

[celerisk]

Every now and then, it's OK to read the documentation:
http://www.php.net/manual/en/function.session-start.php
Examples 1 and 2 are the basics to exchange some info from one page to another.

As in, if the login succeeded (i.e. if your username / password query returns an entry), store... whatever, the user's name for example in the session:
$_SESSION['username'] = ...

Whatever other page can use
if (!isset($_SESSION['username']))
... not logged in, redirect to login page



" Other than filling in a hidden input wil cookie-data "

...
RTFM

Still, cookies aren't fool-proof, unless encrypted (and even then it all depends).
Anyway, sessions may not be the greatest thing ever invented, but they are very easy to use, and it's all automatic.

 

[UndeadDragon]

The tutorial I wrote for The Helper may be of use to you for this: Here.

 

[SineCosine]

Thanks, celerisk!
You, too, UD!

I finally got basic, working Log in and Registration working xD
Another question:

What if I had two javascripts that needed a variable stored in a database?

<script type="text/javascript">
    var Username = '<?php 
                                  include('Config.php'); //This has all my database info like host, user, pass, database name, etc.
                                  session_start();

                                  if ($_SESSION['username']) {
                                      echo $_SESSION['username'];
                                  } else {
                                      header('Location: MainPage.html'); 
                                  }
                              ?>';
    document.getElementById('userCPButton').value = Username + '\'s CP';
</script>

<script type="text/javascript">
    var Hits = <?php

                        //This is where I have trouble.
                        //This is a seperate PHP, right?
                        //So.. Do I need to include my 'Config.php' and do 'session_start()' all over again for this PHP?

                    ?>
</script>

Oops, forgot to put them in functions, nevermind.
Not important.

[EDIT]
Am I allowed to set $_SESSION['SomeID'] more than once?
Like, after logging in successfully..

$_SESSION['username'] = $Username;
$_SESSION['LastLogin'] = $LastLogIn;

I know it's pointless because there are other ways to do it, but I just wanna' know.
To fill in the gap between what knowledge I have xD

 

[UndeadDragon]

You don't have to include anything more than once in a document. You don't have to start a session more than once in a document (unless you close the session in the middle).

>Am I allowed to set $_SESSION['SomeID'] more than once?

Yes.

 

[SineCosine]

Sweet..
Thanks!

[EDIT]
How about parsing text?
Umm..

Like, if I have a textarea (Much like the quick reply box) and I type a bunch of stuff in it.
Then, I send it over a POST method.

Is it possible to store the entire text in the database properly?
Like, with all the line-breaks, spaces, etc.

And retrieve it back with all the formatting intact <.<

[EDIT=2]
How about passing variables between PHP tags?
Possible? Allowed?

<?php
    $SESSION = $_SESSION['Username'];

    if ($SESSION) {

    } else {

    }
?>

<?php
    if ($SESSION) {

    } else {
 
    }
?>

 

[UndeadDragon]

Not sure about Edit 1, but 2:

As long as the seperate PHP tags are on the same page, you can pass variables between them.

 

[SineCosine]

Okiie Dokiie.

 

[celerisk]

" I send it over a POST method "

Ever tried to have a look at what you are being sent?
echo '<pre>', htmlspecialchars(print_r($_POST, true)), '</pre>';

 

[SineCosine]

I've not actually echo'd what was being sent ._.
I'll go try it xD

[EDIT]
I forgot what I got back because I closed it =x
Umm..

I think it went something like:

Query/Array
{

Query/Array => SomeTextThat

I type out with line breaks

}