How do i set a session via php

Jamie. · 31-10-2007, 03:32 PM

Ok i'm wanting to know how to set a session in php?
it needs to contain username and users password :S

Just im trying to learn.

RichardKnox · 31-10-2007, 03:42 PM

If you have a variable called $username you'd just set it by going

PHP Code:


<?php

$_SESSION['username'] = "$username";

?>

Jamie. · 31-10-2007, 03:44 PM

bloody hell thats pretty easy, would i do this for all or could i do it so its selects user from db then $username[username] $username[level] etc? or how would i go about this?

RichardKnox · 31-10-2007, 05:27 PM

You'd need to have a seperate session for each one I believe, but you could define somewhere a function that creates one for each session, then it'd be $username("level") etc.

Jamie. · 31-10-2007, 05:39 PM

Cheers

Invent · 31-10-2007, 05:41 PM

Make a SESSION for the users id/username.

Then just make a function which grabs the specific data from the MySQL table using their username/id.

That's one way of doing it.

Jamie. · 31-10-2007, 05:45 PM

surely thats hackable?! without providing a corrct pwrd :S

Invent · 31-10-2007, 05:48 PM

surely thats hackable?! without providing a corrct pwrd

How would it be exploitabe? O_O

You set a session with their ID/Username once they login correctly.

Then later on in your script, if you want to get say, their email you do like:

getInfo("email");

(obviously, you'd need to code the function).

How could that be exploited by a USER?

Jamie. · 31-10-2007, 05:56 PM

is there anyway u can change the session eg change the username and id :S so u can get on someone else acc?

Beau · 01-11-2007, 09:20 AM

Suggestion:

If you're using sessions for a web app, only store the users UID in a session, as this is unlikely to change for their use of the app.

You can make a function that automatically grabs the user details from the database (using their ID), and puts it in an array, like so:

PHP Code:


<?PHP

function check_user_details() {

    $uid = $_SESSION['uid'];

    $query = "SELECT * FROM `users` WHERE uid='$uid'";
    
    $query = mysql_query($query);
    
    $user = mysql_fetch_assoc($query);
    
    return $user;
    
    }
    
$user = check_user_details();
    
?>

That way, you have access to the user details, and they are fresh (ie. if the username, email, password etc is changed, they will be refreshed after each load).

Thread: How do i set a session via php

Thread Tools

How do i set a session via php

Posting Permissions