Forum Moderators: coopster
// start session
session_start();
// convert username and password from _POST or _SESSION
if($_POST){
$_SESSION['username']=$_POST["username"];
$_SESSION['password']=$_POST["password"];
}
// query for a user/pass match
$result=mysql_query("select * from users
where username='" . $_SESSION['username'] . "' and password='" . $_SESSION['password'] . "'");
// retrieve number of rows resulted
$num=mysql_num_rows($result);
// print login form and exit if failed.
if($num < 1){
echo "You are not authenticated. Please login.<br><br>
<form method=POST action=index.php>
username: <input type=text name=\"username\">
password: <input type=password name=\"password\">
<input type=submit>
</form>";
exit;
}
?> [/php]
<?
// Login & Session example by sde
// modified version
// auth.php$current_time = now(); // added; get current timestamp
// start session
session_start();// convert username and password from _POST or _SESSION
if($_POST){
$_SESSION['username']=$_POST["username"];
$_SESSION['password']=$_POST["password"];
$_SESSION['loginTime']=$current_time; // added
$_SESSION['lastActivity']=$current_time; // added
}// query for a user/pass match
$result=mysql_query("select * from users
where username='" . $_SESSION['username'] . "' and password='" . $_SESSION['password'] . "'");// retrieve number of rows resulted
$num=mysql_num_rows($result);// print login form and exit if failed.
if($num < 1){
echo "You are not authenticated. Please login.<br><br><form method=POST action=index.php>
username: <input type=text name=\"username\">
password: <input type=password name=\"password\">
<input type=submit>
</form>";exit;
}include("inc/timeout.php"); //added; contains timeout info
?>
The following code would be inside timeout.php
<?
// Timeout Addition
// timeout.php$timeout_min = 5; //minutes of inactivity to log out after
$timeout_length = $timeout_min * 60;if ($current_time - $_SESSION['lastActivity'] > $timeout_length) {
session_destroy();echo "You have been logged out due to inactivity.
<br><br>
You will now be returned to the login page.<META HTTP-EQUIV=\"refresh\" content=\"2; URL=index.php\"> ";
exit;
}
else
$_SESSION['lastActivity'] = $current_time;?>
When you're logging in, you're doing 2 new things. You're adding a login time and a last activity time. The login time was added just to answer the "logged in only 5 minutes" part, which I'll get to in a moment.
The code in Timeout does the following:
Check the current time against the last activity time. If more than X minutes have passed since your last activity, destroy the session and force a relogin. Else, update the last activity time to right now.
If you wanted to log them out after 5 minutes of logging in, with a 5 minute cap on logins, you would just change the if statement, replacing $_SESSION['lastActivity'] with $_SESSION['loginTime']
but i want to know who to make it so the session never times out unless they logout. i know there is something tabout setting the session.cookie_lifetime but when i set it i does not seem to work as soon as they close the browser it distroys the session.
is there a way to do what i am looking for
thanks for any help
