> -----Original Message-----
> From: Google Kreme [mailto:[EMAIL PROTECTED]
Is that *really* your name?! :)
> The trouble comes when you
> need to time-out a session because someone never logged out
> properly. That can be hairy.
Yeah, it's so hard to do that subtraction...
------------------------8< snip >8---------------------------
<?php
require_once('classes/user.php'); // defines a class that needs to be
de-serialized in the session.
session_start(); //this must be called at the top of every page anyways.
// user.php included above is needed so the session can instantiate the User
object.
if ( !is_bool($_SESSION['login']) || $_SESSION['login'] != true ) //we
specifically test 'true' here and boolean.
{
exit("<SCRIPT>location.href='/index.php?page=".base64_encode($_SERVER['REQUE
ST_URI'])."';</SCRIPT>");
}
else
{
SQL_DB ($_SESSION['companydb']); // Connect to their default
V2_Database
SQL_QUERY("UPDATE ".$_SESSION['companydb'].".Users SET LastAccessed
= NOW() WHERE CoreID = '".$_SESSION['coreid']."' LIMIT 1");
if ((!isset($_COOKIE['sid']) && (time() - $_SESSION['last_access']
>= $_SESSION['login_timeout'])) )
{
echo "<script>alert('Your session has been idle for >
".$_SESSION['login_timeout']."
seconds.');location.href='./index.php';</script>";
require_once("/your/path/htdocs/index.php");
exit;
}
$_SESSION['last_access'] = time();
}
?>
And in case you wonder why I store the base64 of the current page, it's so
that after you authenticate them, you can gracefully pass them on to where
they were trying to go (if they weren't logged in, or had timed out),
complete with all $_GET parameters in tact...
if ($_REQUEST['page'])
header("Location: ".base64_decode($_REQUEST['page']));
else
header("Location: some_other_page.php");
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
