|
-
August 31st, 2006, 03:34 PM
#3
Re: Sessions
One thing, the session needs to be created absolutely first thing in the script. Before ANYTHING else happens, start the session.
One thing I did when writing alot of PHP scripts for web development, I wrote a session handling class which is pretty handy to use. It takes care of some of the tedious junk you need to do when starting and dealing with sessions.
Here's the class code:
PHP Code:
<?php
class session {
function session($sesName = 'PHPSESSID', $sesPath = '/tmp') {
session_name($sesName);
session_save_path($sesPath);
if(!is_dir($sesPath)) {
mkdir($sesPath);
if(!is_dir($sesPath)) {
echo
"Unable to access temporary session storage!<BR>\n<BR>\n",
"This is a serious error which cannot be worked around.<BR>\n",
"Until the problem is resolved, this script will terminate here.<BR>\n",
"Thank you and have a nice day.<BR>\n";
exit;
}
}
session_start();
}
function keep() {
$argc = func_num_args();
$argv = func_get_args();
foreach(array_keys($_SESSION) as $key) {
if(array_search($key, $argv) === false) {
$this->resetParam($key);
}
}
}
function disallow() {
$argc = func_num_args();
$argv = func_get_args(); // only passed key name will be kept
foreach(array($_GET, $_POST) as $formdata) {
foreach($formdata as $key => $value) {
if(!array_search($key, $argv)) {
if(!isset($_SESSION[$key]) || $_SESSION[$key] != $formdata[$key]) {
$_SESSION[$key] = $formdata[$key];
}
}
}
}
}
function resetParam() {
$argc = func_num_args();
$argv = func_get_args();
foreach($argv as $value) {
$_SESSION[$value] = false;
session_unregister($value);
unset($_SESSION[$value]);
}
}
function val($key) {
return $_SESSION[$key];
}
function set($key, $value) {
if($value == '' || $value === false || !isset($value)) {
$this->resetParam($key);
}
else {
$_SESSION[$key] = $value;
}
}
}
?>
To use it, there are three steps. Create the class, determine what to maintain, and then enable it by setting disallows.
To create the class at the first of the php script, optionally giving a session ID and storage path for the ID:
PHP Code:
$ses = new session();
// or something like
//$ses = new session('processform', '/tmp/shoppingcart');
Second, set up a listing of form params that you want to continuously maintain in the session:
PHP Code:
$ses->keep('username', 'userid', 'loggedin');
Keep in mind that these params are always kept. You probably don't want to maintain the users password in the session.. ocne they log in, you can set the 'loggedin' session var (as an example).
And the last thing to do is, set session form params that cannot be passed in from the form. Meaning, suppose you're using the 'loggedin' param to say whether or not the user has already logged in.. well, you don't want the user to be able to pass in a GET param called 'loggedin', because they could bypass the login that way.. so, you set 'loggedin' in the disallow list:
PHP Code:
$ses->disallow('loggedin');
This means that your script can set it, and since it's in the 'keep' list, it will be persistent in the session, but the form itself cannot set it.
The disallow MUST be called. This method does the actual form->session copying.
And your session is ready to use! Any script using this will maintain the same session variables. The class comes with the following session methods:
PHP Code:
// sets which form params are persistent in the session
$ses->keep();
// sets which params cannot be passed in by the form,
// also copies form params to session. must be called
$ses->disallow();
// resets (zeroes out) any param in the list
$ses->resetParam('username', 'id', 'formcolor');
// returns the value of the session variable given
print $ses->val('username');
// sets a new value of the session variable
$ses->set('username', $returnedUserName);
And that's all there is to using it.
Hopefully even if you don't want to use it, it will give you some ideas and help you get your code working.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|
Reply With Quote
