Last active
December 11, 2015 23:29
-
-
Save YohannParis/4677386 to your computer and use it in GitHub Desktop.
Session management to login somebody and attribute value to a session.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /* ============================================================================================ Initialisation ==== */ | |
| $msg = 'NO_ERROR'; // Variable for user feedback | |
| /* ================================================================================================== Sessions ==== */ | |
| ini_set('session.use_only_cookies', true); // Starting the Session by using only cookies | |
| session_start(); | |
| /* ============================================================================================= LogOut System ==== */ | |
| if (isset($_GET['logout']) && $_GET['logout'] == 'true' && $_SESSION['isLogin']) // If the page receive the order to log out | |
| { | |
| $_SESSION = array(); // Empty the Session | |
| if (ini_get("session.use_cookies")) // Delete all information in the Cookies | |
| { | |
| $params = session_get_cookie_params(); | |
| setcookie(session_name(), '', time() - 42000, | |
| $params["path"], $params["domain"], | |
| $params["secure"], $params["httponly"] | |
| ); | |
| } | |
| session_destroy(); // Destroy the Session | |
| } | |
| /* ============================================================================================== LogIn System ==== */ | |
| // The user want to log in, we get the email and the password | |
| if (isset($_POST['email']) && isset($_POST['password'])) | |
| { | |
| if ($_POST['email'] != '' && $_POST['password'] != '') | |
| { | |
| if (existUser($_POST['email'], $_POST['password'])) // If the user exist we initialise the Session | |
| { | |
| // --------------------------------------------------------------------------------- | |
| // When the user is log in, we stock in the session all the information | |
| // going to be display on the website to avoid useless database connection. | |
| // These information are not sensible! | |
| // --------------------------------------------------------------------------------- | |
| $_SESSION['isLogin'] = true; // Set the user is login | |
| /* | |
| $userInformation = userInformation($_POST['email'], $_POST['password']); // Access to the database to get the information | |
| $_SESSION['id'] = $userInformation['ID']; // User Id | |
| $_SESSION['FirstName'] = $userInformation['FirstName']; // User first name | |
| $_SESSION['LastName'] = $userInformation['LastName']; // User Last name | |
| */ | |
| } | |
| else {$msg = 'ERROR_LOG_IN';} // Feedback to the user | |
| } | |
| else {$msg = 'ERROR_LOG_IN';} // Feedback to the user | |
| } | |
| /* ========================================================================================== Session Security ==== */ | |
| // The Session Id is regenerate every 30 sec to avoid Session theft attack | |
| if (!isset($_SESSION['generated']) || $_SESSION['generated'] < (time()-30)){ | |
| session_regenerate_id(); | |
| $_SESSION['generated'] = time(); | |
| } | |
| /* ==== TODO: Remove the D day ================================================================= Display error ==== */ | |
| error_reporting(E_ALL); | |
| ini_set("display_errors", 1); | |
| ?> | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment