I have found a session example in a PHP site and modified it a little bit, It works great but I dont know how to log the person out, Im very new to sessions. Here are the login and session files
login.php
[php]
<?php
session_start();
require_once './include/session.php';
$ss = new SecureSession();
$ss->check_browser = true;
$ss->check_ip_blocks = 2;
$ss->secure_word = *****;
$ss->regenerate_id = true;
include './include/mysql.php';
mysql_connect("$host", "$user", "$pass") or die(mysql_error());
mysql_select_db("$database") or die(mysql_error());
if ($ss->Check() || isset($_SESSION['logged_in']) || $_SESSION['logged_in'])
{
header("Location: members.php");
die;
}
//if the login form is submitted
if (isset($_POST['submit']))
{
if(!$_POST['pass'] & !$_POST['username'])
{
die('You must enter a valid Username and Password');
}
if(!$_POST['username'])
{
die('You must enter a valid Username');
}
if(!$_POST['pass'])
{
die('You must enter a valid Password');
}
$check = mysql_query("SELECT * FROM USERS WHERE NAME = '".$_POST['username']."'")or die(mysql_error());
$check2 = mysql_num_rows($check);
if ($check2 == 0)
{
die('That user does not exist in our database.
Click Here to Register');
}
while($info = mysql_fetch_array( $check ))
{
$_POST['pass'] = stripslashes($_POST['pass']);
$info['PASSWORD'] = stripslashes($info['PASSWORD']);
$_POST['pass'] = md5($_POST['pass']);
if ($_POST['pass'] != $info['PASSWORD'])
{
echo "Recorded MD5 password is................";
echo $info['PASSWORD'];
?>
<?php
echo "Entered MD5 Converted Password is.";
echo ($_POST['pass']);
?>
<?php
die('Incorrect password, please try again.');
}
else
{
$ss = new SecureSession();
$ss->check_browser = true;
$ss->check_ip_blocks = 2;
$ss->secure_word = $_SERVER['REMOTE_ADDR'];
$ss->regenerate_id = true;
$ss->Open();
$_SESSION['logged_in'] = true;
header("Location: members.php");
die();
}
}
}
else
{
// if they are not logged in
?>
Login |
Username: |
|
Password: |
|
|
<?php
}
?>
[/php]
session.php
[php]
<?php
class SecureSession
{
// Include browser name in fingerprint?
var $check_browser = true;
// How many numbers from IP use in fingerprint?
var $check_ip_blocks = 0;
// Control word - any word you want.
var $secure_word = '*****';
// Regenerate session ID to prevent fixation attacks?
var $regenerate_id = true;
// Call this when init session.
function Open()
{
$_SESSION['ss_fprint'] = $this->_Fingerprint();
$this->_RegenerateId();
}
// Call this to check session.
function Check()
{
$this->_RegenerateId();
return (isset($_SESSION['ss_fprint'])
&& $_SESSION['ss_fprint'] == $this->_Fingerprint());
}
// Internal function. Returns MD5 from fingerprint.
function _Fingerprint()
{
$fingerprint = $this->secure_word;
if ($this->check_browser)
{
$fingerprint .= $_SERVER['HTTP_USER_AGENT'];
}
if ($this->check_ip_blocks)
{
$num_blocks = abs(intval($this->check_ip_blocks));
if ($num_blocks > 4)
{
$num_blocks = 4;
}
$blocks = explode('.', $_SERVER['REMOTE_ADDR']);
for ($i=0; $i<$num_blocks; $i++)
{
$fingerprint .= $blocks[$i] . '.';
}
}
return md5($fingerprint);
}
// Internal function. Regenerates session ID if possible.
function _RegenerateId()
{
if ($this->regenerate_id && function_exists('session_regenerate_id'))
{
session_regenerate_id();
}
}
}
class DestroySession
{
function Open()
{
session_destroy();
die;
}
}
?>
[/php]