Navigation

Example PHP SESSION_START

index.php

<?
	SESSION_START();
	include("config.php");
	include("fn.php");

if (isset($_POST['login'])) 
	{ 
		if (preg_match("/^\w{4,20}$/", $_POST['usr'], $matches))
		login($tbl_user,$matches[0], $_POST['pas']); 
		else // we don't bother querying the database
		echo "Username or password not accepted";
	}
?>

<?
  if(!$_SESSION['id_user']){
?>

<center>
  <form name="login" method="post" action="">
  <input name="usr" type="text"> User<br />
  <input name="pas" type="password"> Pass<br />
  <input name="login" type="submit" value="login">&nbsp;
</form>
</center>

<?
} else {
?>
Logged
<?
}
?>

config.php

<?php
 $dbname     = "users";
 $dbserver   = "localhost";
 $dbuser     = "admin";
 $dbpass     = "secret";

 @$db = mysql_connect("$dbserver", "$dbuser", "$dbpass") or die ("Cannot connect to Database server");
 @mysql_select_db("$dbname",$db) or die ("Database not found");
 mysql_query("SET NAMES cp1250;");
?>

fn.php

function login($tbl,$usr,$pas){
  $result=GetDBData("SELECT * FROM $tbl WHERE login='$usr' AND password='".MD5($pas)."'");
  if($result[0]['login']==$usr AND $result[0]['password']==MD5($pas)){
    $_SESSION['id_user']=$result[0]['id_u'];
    //$_SESSION['rights']=$result[0]['rights'];
  } 
}

function GetDBData ($query) { 
	$returnVar="";
	$result = mysql_query("$query");
	for ($i = 0; $i < @mysql_num_rows ($result); $i ++) {
		$returnVar [$i] = mysql_fetch_array($result, MYSQL_ASSOC);
	}
	@mysql_free_result ($result);
	return ($returnVar);
}