WordPress database error: [You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1]
SELECT rating_username, rating_rating, rating_ip FROM wp_ratings WHERE rating_postid =

The validation code for the pages you want private.

Vote This Post DownVote This Post Up (0 rating, 4 votes)
Loading ... Loading ...

By admin on October 3rd, 2008

PHP & MySQL Login Tutorial Series
Pt1: Introduction
Pt2: Setting up the database
Pt3: The front end and user validation
Pt4: The code to privatize a page
Pt5: Logout function and clearing the session ID

Part 4: Privatizing your pages

Now let’s look at the status function. This function will be called on every page we want to protect. It will check to see if the user has an active cookie, and will match the session id in the cookie to our session table. If there is a match, the user will be logged in. The function looks like this:

<?php
function status() {
$sessionid = $_COOKIE[test_account];
$oldtime = $time() – 3600;
$query = mysql_query(”SELECT * FROM user_sessions WHERE sessionid=’$sessionid’ AND timestamp>$oldtime”);
if(mysql_num_rows($query) == 1) {
$info = mysql_fetch_array($query);
return $info[userid];
}
return 0;
}
?>

First we’ll grab the session id that’s stored in the cookie “test_account.” The variable $oldtime is the oldest time the cookie could have been created. In this case that’s any time over the previous hour. The 3600 seconds must match the number of seconds in the setcookie function. We then query the session table for a match. If we find one we can pull the userid out of the session table and we’re logged in. Otherwise we return a 0.

Depending on your type of site, you may want to store frequently-used information in the session table for easy access. In this case, should we want to pull down the user’s username, we could use the userid pulled from the session table and then query the user_accounts table and match the user id for the account in question.

Next -> The Logout functions

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • StumbleUpon
  • Reddit
  • Webnews
  • MisterWong
  • Y!GG

Categories: Programming
Tags: , , , , , , ,

One Response to “The validation code for the pages you want private.”

  1. Tim
    Apr 5th, 2009 at 11:49 am

    Hello I am just learning a had a few questions:
    1) Do you include that entire code on every webpage you want to protect? or is it just parts and with some included on a generic login page…if there is a login page where do you place the url to send the visitor?

    2) On page 4 you state “…should we want to pull down the user’s username, we could use the userid pulled from the session table and then query the user_accounts table and match the user id for the account in question” I have been trying to write that line of code but am unable…perhaps you could help me out ?

    thank you
    Tim

Leave a Reply

You can use these XHTML tags: <a href="" title=""> <abbr title=""> <acronym title=""> <blockquote cite=""> <code> <em> <strong>

« The frontend form and the PHP user login validation script Setting up the logout functions to clear the user session ID »