i Wrote my own login, based on session, usong session_start();
I want the script to save the SessionID in a cookie @ the cients pc...
but it doesnt work! It never set a cookie but it ever add the session id
as a variable to all relating links in the script!
What i want is, to save the sessionID ONLY in a cookie at client. And
abolish the SID in the related links!
- my browser allow cookies
- session.use_trans_sid = on (can only be changed by serverdamin)
- session.use_cookies = on
- session.use_only_cookies = off -> but if you can see in the following
sourcecode i try to set_ini('session.user_only_cookies','1');
But it doesnt work...
Can anybody help me ?
The Host allows only_cookies, i have seen it on several other pages on
the same server.
sourcecode:
<?PHP
ini_set("session.use_only_cookies", 1);
////////////////////////////////////////////////////////Verbindung
öffnen//////////////////
include('connect.php');
$verbindung = @mysql_connect($IP,$USER,$PWD);
if (!$verbindung){
echo "Keine Verbindung möglich!\n";
exit;
}else{
/////////////////////////////////LOGIN///////////////////////////////////
////////////
session_start();
$_SESSION['zaehler'] = 1;
$test = session_id();
$db_select = @MYSQL_SELECT_DB($DB);
$result = mysql_query("SELECT username FROM ".$tblprefix."_users WHERE
sessionID = 'session_id()' ");
$sessionsfound = mysql_num_rows($result);
//Session deleten wenn nicht eingeloggt
if ($sessionsfound != 1){
session_unset();
setcookie( session_name() ,"",0,"/");
$_SESSION = array();
session_destroy();
}
$session_id_string = session_id();
//////////////login - TRUE
if (($login == 'true') && ($session_id_string == '')){
$login = '';
$abfrage = "SELECT username, password FROM ".$tblprefix."_users
WHERE username = '$loginname'";
$erg = mysql_db_query($DB,$abfrage,$verbindung);
list ($username,$password) = mysql_fetch_row($erg);
if ($username == ''){
$content = 'errors/login.php?error=loginname';
}else{
$abfrage = "SELECT loginversuche FROM ".$tblprefix."_users
WHERE username = '$username'";
$erg = mysql_db_query($DB,$abfrage,$verbindung);
list ($loginversuche) = mysql_fetch_row($erg);
if($loginversuche < 5){
if($password == md5($loginpassword)){
$abfrage = "SELECT sessionID FROM ".
$tblprefix."_users WHERE username = '$username'";
$erg = mysql_db_query($DB,$abfrage,$verbindung);
list ($sessionID) = mysql_fetch_row($erg);
$abfrageupdate = "UPDATE ".$tblprefix."_users SET
lastsessionID = '$sessionID' WHERE username = '$username'";
$ergupdate = mysql_db_query($DB,$abfrageupdate,
$verbindung);
$abfrageupdate = "UPDATE ".$tblprefix."_users SET
loginversuche = '0' WHERE username = '$username'";
$ergupdate = mysql_db_query($DB,$abfrageupdate,
$verbindung);
if($dauerhafteslogin=='true'){
$dauerhafteslogin='';
setcookie($logincookiename ,session_id
(),0,"/"); //cookie fuer dauerhaftes Login setzen
}
session_start();
$_SESSION['zaehler'] = 1;
$abfrageupdate = "UPDATE ".$tblprefix."_users SET
sessionID = session_id() WHERE username = '$username'";
$ergupdate = mysql_db_query($DB,$abfrageupdate,
$verbindung);
$content = 'login/status.php';
}else{
++$loginversuche;
$abfrageupdate = "UPDATE ".$tblprefix."_users SET
loginversuche = '$loginversuche' WHERE username = '$username'";
$ergupdate = mysql_db_query($DB,$abfrageupdate,
$verbindung);
$content = 'errors/login.php?error=password';
}
}else{
$content = 'errors/login.php?error=accountblocked';
}
}
}
////////////////////ENDE login TRUE///////////////////////
if (session_id() != ''){
echo "u are logged in!<br>";
echo session_id();
}else{
echo"not logged in";
}
//////////////////////////////////ENDE
LOGIN////////////////////////////////////////
}
?>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
