Please explain authuser

Xanathos · January 16, 2012, 10:47pm

Hi guys, I’ve just opened a book on PHP and am a complete beginner. There is this program I’m sort of stuck on because the book doesn’t elaborate on certain bits. The program I’m asking about passes variables from one page to another using $_SESSION function. In the program the Username is passed from one page to another.

[code]

<?php session_start(); $_SESSION[‘username’] = “Joe12345”; $_SESSION[‘authuser’] = 1; ?> Find my Favorite Movie! <?php $myfavmovie = urlencode(“Life of Brian”); echo “”; echo “Click here to see information about my favorite movie!”; echo “”; ?> [/code]

The page the above page is linked to contains the following php code before the html code begins:
[php]<?php
session_start();
//check to see if user has logged in with a valid password
if ($_SESSION[‘authuser’] != 1) {
echo “Sorry, but you don’t have permission to view this page, you loser!”;
exit();
}
?>[/php]

My question is, what is this ‘authuser’ thing here. What is it’s purpose? A detailed answer would really be appreciated (also please keep in mind, I’m a noob :-[, so please try to explain as simply as possible).

Thanks a lot!

jSherz · January 17, 2012, 2:52pm

The book will have set the $_SESSION ‘authuser’ at some other point. You are accessing the value to check if the user has logged in. You should also use the isset function to see if the session was set before you try to use it in an if. In PHP, if you use the && or and condition (both do that same thing) then the PHP script will check if the first condition is true before even trying the second one. As and requires both to be true, if the first one is false it will not continue.

Therefore, you can use the isset and the other check(s) in the same if:

[php]if(isset($_SESSION[‘authuser’]) && $_SESSION[‘authuser’] == 1) {
// Logged in
} else {
// Not logged in
}[/php]

Xanathos · January 17, 2012, 5:41pm

thanks a lot jSherz for the reply.

Yes the book has set the $_SESSION ‘authuser’ on another page (My second code shows that). This page also contains the username and password which are saved variables that shall be passed via cookies or using sessions (I haven’t reached the part where the username and password are obtained through a form) and then passed.

I’m still not sure I fully understand the point of declaring authuser. The book also fails to mention the purpose of session_start(). So I’m basically using it without knowing what its for. If you could just help out here, I’d really appreciate it.

I haven’t reached isset functions yet, but I get the problem you’re stating about using && without isset.

jSherz · January 18, 2012, 1:41pm

Which book are you using?

[php]session_start();[/php]

Ensures that a cookie with the PHPSESSID is set (a unique ID for each visitor) and then - if session data is saved for that PHPSESSID - it fills the $_SESSION array with that data.

The point of authuser is a way of saying, if this is set, it means that the user is logged in. As sessions stay over multiple page requests, you are telling PHP that this user is authenticated.

Xanathos · January 18, 2012, 3:22pm

Which book are you using?

I'm using Beginning PHP5, Apache, MySQL Web Development, but a friend of mine has shown me a book which I feel is a lot better. So I'm going to be borrowing that from him.

[code]session_start()[/code]
Ensures that a cookie with the PHPSESSID is set (a unique ID for each visitor) and then - if session data is saved for that PHPSESSID - it fills the $_SESSION array with that data.

The point of authuser is a way of saying, if this is set, it means that the user is logged in. As sessions stay over multiple page requests, you are telling PHP that this user is authenticated.

Okay, I see now. The book hadn’t at this point mentioned these things at all. I’ll do some more reading of the theory. Thanks yet again for your time!