Skip to content

Instantly share code, notes, and snippets.

@YohannParis
Last active December 11, 2015 23:29
Show Gist options
  • Save YohannParis/4677386 to your computer and use it in GitHub Desktop.
Save YohannParis/4677386 to your computer and use it in GitHub Desktop.
Session management to login somebody and attribute value to a session.
<?php
/* ============================================================================================ Initialisation ==== */
$msg = 'NO_ERROR'; // Variable for user feedback
/* ================================================================================================== Sessions ==== */
ini_set('session.use_only_cookies', true); // Starting the Session by using only cookies
session_start();
/* ============================================================================================= LogOut System ==== */
if (isset($_GET['logout']) && $_GET['logout'] == 'true' && $_SESSION['isLogin']) // If the page receive the order to log out
{
$_SESSION = array(); // Empty the Session
if (ini_get("session.use_cookies")) // Delete all information in the Cookies
{
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
session_destroy(); // Destroy the Session
}
/* ============================================================================================== LogIn System ==== */
// The user want to log in, we get the email and the password
if (isset($_POST['email']) && isset($_POST['password']))
{
if ($_POST['email'] != '' && $_POST['password'] != '')
{
if (existUser($_POST['email'], $_POST['password'])) // If the user exist we initialise the Session
{
// ---------------------------------------------------------------------------------
// When the user is log in, we stock in the session all the information
// going to be display on the website to avoid useless database connection.
// These information are not sensible!
// ---------------------------------------------------------------------------------
$_SESSION['isLogin'] = true; // Set the user is login
/*
$userInformation = userInformation($_POST['email'], $_POST['password']); // Access to the database to get the information
$_SESSION['id'] = $userInformation['ID']; // User Id
$_SESSION['FirstName'] = $userInformation['FirstName']; // User first name
$_SESSION['LastName'] = $userInformation['LastName']; // User Last name
*/
}
else {$msg = 'ERROR_LOG_IN';} // Feedback to the user
}
else {$msg = 'ERROR_LOG_IN';} // Feedback to the user
}
/* ========================================================================================== Session Security ==== */
// The Session Id is regenerate every 30 sec to avoid Session theft attack
if (!isset($_SESSION['generated']) || $_SESSION['generated'] < (time()-30)){
session_regenerate_id();
$_SESSION['generated'] = time();
}
/* ==== TODO: Remove the D day ================================================================= Display error ==== */
error_reporting(E_ALL);
ini_set("display_errors", 1);
?>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment