View Single Post
 
Old March 1st, 2004, 10:27 PM
richard.york's Avatar
richard.york richard.york is offline
Wrox Author
Points: 5,506, Level: 31
Points: 5,506, Level: 31 Points: 5,506, Level: 31 Points: 5,506, Level: 31
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jun 2003
Location: Camby, IN, USA.
Posts: 1,706
Thanks: 0
Thanked 6 Times in 6 Posts
Default

Some more comments.. now that I've gone back and read your post again (boredom sucks).

Quote:
quote:
Can I have global variables that exist outside of any particular .php file? Is this a session variable? If so, how are they passed around pages, or do they reside in the server somewhere for the duration of the session?
Yes. Use PHP sessions. More info available at: http://www.php.net/session.

PHP sessions work like this:

User logs in, data submitted by post
-->

User authenticated using your auth scheme.
-->

Set session variable to know user is logged in. Make sure session_start() is called at the beginning of the script (scroll down for more on that). Use $_SESSION superglobal array. Don't use the session_register function. Just create and assign values like any other variable.

$_SESSION['variable_name'] = 'value';
-->

PHP writes session variable to session file on server
-->

Include Session id in every request
PHP does so with cookies automatically.
Or you can embed it in the url via "&sid=".session_id(); (Recommended, the user isn't guaranteed to use cookies.)
-->

Redirect user to next page
-->

Call session_start() on any page that needs to create or access session information, this will import the data in that session file back into the $_SESSION superglobal and again output a session id in a COOKIE. This function is called without any arguments and must appear before any output (because it outputs a COOKIE in the HTTP headers). No white space before the opening <?php delimiter.
-->

So using the above scheme..

<?php

    session_start();

    // do authentication stuff here

    // user is authenticated
    $_SESSION['logged_in'] = (condition for logged in)? TRUE : FALSE;

// redirect the user
header("Location: url/to/goto.php?sid=".session_id());
?>

Always assign a value to your bool session variable for tighter security. Also, if you use a shared server, to tighten up security look into specifying a custom session directory. Other users on the same server can look in the default session directory look at session data and possibly even highjack your user's sessions.

If you look at the URL I mentioned above there is lots of information on sessions in the PHP manual.

Hopefully I haven't left you too confused!

hth,
: )
Rich

:::::::::::::::::::::::::::::::::
Smiling Souls
http://www.smilingsouls.net
:::::::::::::::::::::::::::::::::