MODIFY YOUR PAGE_HEADER: CODE
If you've followed along with the tutorial (as you should), you know that when I say page_header,
I am refering to code that is executed on every page of your site. Earlier we mentioned that the
session_start( ); function was called in the page_header code. Again, it is important to know that one
cannot access $_SESSION variables unless this is called FOR EACH SCRIPT. So, thats why we are plugging it
in to the page_header code (executed on each page) so that we dont have to worry about it anymore.
session_start( ); also allows you to continue a session from page to page.
After this, we also connect to the database. Here is the beginning of our code:
CHECK FOR COOKIE
Now we've got that out of the way. We can get down to business. In our page_header code, we need to
check if a cookie has been set using our login script if the user selected "Remember me". If the cookie is
detected, then we need to see if the username and encrypted password they saved in the cookie match with
what is in the database. If so, we can plug in the values from the cookie (user, pass) into
$_SESSION variables, and set their logged in status to = 1.
The first condition says, if session variable logged_in is not equal to one, and a cookie is set with
the name "login_cookie" then execute code below. Code below uses the list(); function, which grabs multiple
variables in one pass. We use the explode(); function to seperate the values stored in our cookie
(accessed by $_COOKIE['login_cookie'];) where  is detected. The first part is stored in $user, the
second part is stored in $pass (via the list function).
With $user and $pass in hand, we can query the database members table to see if a user match is found
(where username = username from cookie). Next condition states, if 1 row result is returned (all
their should be), then the result from the query is put in the $passw variable. And finally, our last
condition tests if the password from the query matches the password from the cookie, then the user is
validated. We then apply the session variables for logged in status, username and password.
Ok, just we checked if a cookie was set, and logged them in if one existed. what if a cookie did not
exist (they did not choose "Remember me"), but they signed in? We can check if the session variables
are set or not - they were set at login, so they should be! So if they are not, they did not sign in or a
login was not successful.
This is all we would need. Basically, from the code above - we check if the session variables for
username and password are NOT set. If they are, then nothing is done because they are already set. If they
are not, then we set $_SESSION['logged_in'] to 0, and our $user variable to "Guest." If everything went to
plan, we should be able to echo $user and the member should see their username.
No Comments for this page.
||Rating of 5 (5 Votes)