<?php
class UserSession {
public $php_session_id;
public $native_session_id;
public $dbhandle;
public $logged_in;
public $user_id;
public $session_timeout = 3600; # 1 hour inactivity period
public function __construct() {
# Connect to database
// $conn = mysql_connect($_ENV["DATABASE_SERVER"], 'db54496', 'HQe9rpTS');
$conn = mysql_connect('localhost', 'root', '');
if (!$conn)
{
die('Could not connect: ' . mysql_error());
}
// $this->dbhandle = mysql_select_db('db54496_quark09');
$this->dbhandle = mysql_select_db('pradeep');
# Set up the handler
session_set_save_handler(
array(&$this, '_session_open_method'),
array(&$this, '_session_close_method'),
array(&$this, '_session_read_method'),
array(&$this, '_session_write_method'),
array(&$this, '_session_destroy_method'),
array(&$this, '_session_gc_method')
);
$strUserAgent = $_SERVER['HTTP_USER_AGENT'];
session_start();
}
public function _session_open_method($save_path, $session_name) {
$this->_session_gc_method();
return(true);
}
public function _session_close_method() {
}
public function _session_read_method($id) {
$strUserAgent = $_SERVER['HTTP_USER_AGENT'];
$this->php_session_id = $id;
$result = mysql_query("SELECT id, logged_in, user_id FROM user_session where ascii_session_id = '$id'");
if (mysql_num_rows($result)>0) {
$row = mysql_fetch_array($result);
$this->native_session_id = $row["id"];
if ($row["logged_in"]==1) {
$this->logged_in = true;
$this->user_id = $row["user_id"];
} else {
$this->logged_in = false;
};
} else {
$this->logged_in = false;
$result = mysql_query("INSERT INTO user_session(ascii_session_id, logged_in, user_id, user_agent) VALUES ('$id','f',0,'$strUserAgent')");
$result = mysql_query("SELECT id FROM user_session WHERE ascii_session_id = '$id'");
$row = mysql_fetch_array($result);
$this->native_session_id = $row["id"];
};
return("");
}
public function _session_write_method($id, $sess_data) {
return(true);
}
public function _session_destroy_method($id) {
return($result);
}
public function _session_gc_method() {
$result = mysql_query("DELETE FROM user_session WHERE (TIMESTAMPDIFF(SECOND,last_impression,NOW()) >". $this->session_timeout.")");
if (!$result) return (false);
else return(true);
}
public function Impress() {
if ($this->native_session_id) {
$result = mysql_query("UPDATE user_session SET last_impression = NOW() WHERE id = " . $this->native_session_id);
};
}
public function IsLoggedIn() {
return($this->logged_in);
}
public function GetUserID() {
if ($this->logged_in) {
return($this->user_id);
} else {
return(false);
};
}
public function GetSessionIdentifier() {
return($this->php_session_id);
}
public function Login($strUsername, $strPlainPassword) {
$strMD5Password = md5($strPlainPassword);
$stmt = "SELECT user_id FROM users WHERE username = '" . mysql_real_escape_string($strUsername) . "' AND password = '$strMD5Password'";
$result = mysql_query($stmt);
if (mysql_num_rows($result)>0)
{
$row = mysql_fetch_array($result);
// if ($row["validated"] != 1) return "invalid";
$this->user_id = $row["user_id"];
$this->logged_in = true;
$result = mysql_query("UPDATE user_session SET logged_in = true, user_id = " . $this->user_id . " WHERE id = " . $this->native_session_id);
return(true);
} else {
return(false);
};
}
public function LogOut() {
if ($this->logged_in == true) {
$result = mysql_query("UPDATE user_session SET logged_in = false, user_id = 0 WHERE id = " . $this->native_session_id);
$this->logged_in = false;
$this->user_id = 0;
return(true);
} else {
return(false);
};
}
}
?>
pradeepbaji 0 Newbie Poster
pradeepbaji 0 Newbie Poster
pls help me guys..
Lsmjudoka 0 Junior Poster in Training
The problem is within this query:
$stmt = "SELECT user_id FROM users WHERE username = '" . mysql_real_escape_string($strUsername) . "' AND password = '$strMD5Password'";
$result = mysql_query($stmt);Something is going wrong with the query so that it is not executing successfully, thus $result is not being set to a mysql resource. Try adding an error-checking statement into the query, like so:
$result = mysql_query($stmt) or die(mysql_error());This will give you the mysql error message, which should tell you what's going wrong.
Will Gresham 81 Master Poster
Did you even read the sticky?
pradeepbaji 0 Newbie Poster
The problem is within this query:
$stmt = "SELECT user_id FROM users WHERE username = '" . mysql_real_escape_string($strUsername) . "' AND password = '$strMD5Password'"; $result = mysql_query($stmt);Something is going wrong with the query so that it is not executing successfully, thus $result is not being set to a mysql resource. Try adding an error-checking statement into the query, like so:
$result = mysql_query($stmt) or die(mysql_error());This will give you the mysql error message, which should tell you what's going wrong.
Lsmjudoka i tried following your post and i got a statement like this "Unknown column 'user_id' in 'field list'"
pls help me..
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.