session_is_registered(username) equivalent in $_SESSION -PHP

[freddye]

Hello,

I am trying to make an authenticated users page. In the code I got from a site it uses " session_is_registered(username) " to check if the user is authenticated.
I know this is depreciated now so I am trying to find out what the equivalent in $_SESSION would be

What I currently have (which I don't even know is right) is:

<?php
session_start();
if(!session_is_registered(username)){
echo "Session is not Authenticated - Try Again";
}
?>

<html> (and here is where I start my page code in HTML)


doesn't seem right to me.

Thanks

[kapisco]

you can use the isset() function here's a sample

PHP Code:

session_start();

if( !isset( $_SESSION['username']) ){
   echo 'Unauthorized access';
   die();
   } 


hope this helps...

[freddye]

That seems to make sense...
after the die ()

how could I display an html page??

would I need an else statement that is followed by the html code??

Thanks ahead of time

[freecrm]

I'm not sure what the die() does here. If you want a re-direct to an access denied page, you wouldn't really need it.

before the else just put in a header line

header("Location: ../accessdenied");
exit;

The normal running script would come after the else.

Just to clarify, you can show html in php pages.

<?php tags;?> are just inserts into pages that run server side. You can mix them up with html as much as you like.

Your access denied page can be php and still contain standard html.

[Twinkie]

The best, and simplest way to authenticate a user is to store the IP instead of the user name (or both) and restrict the session to the logged in IP to prevent session hijackers.

PHP Code:

<?php

//Displays signin Form.
function DispForm($msg) {
    //Displays a text only response if the page is being sent an AJAX request.
    if ($_REQUEST["VIEW"]==="text") die("Your session has expired.");
    $html = "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">
<html xmlns=\"http://www.w3.org/1999/xhtml\">
<head>
<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" />
<title>Login</title>
<style type=\"text/css\">
body {
    background-image: url(images/Binary.jpg);
    color: #FFF;
    background-position: 40% center;
    background-repeat: no-repeat;
    background-color: #000;
    background-attachment: fixed;
}
h1 {
    color: #903;
    font-family: \"Courier New\", Courier, monospace;
    ";
        //Changes styles if a message is displayed.
        if ($msg) $html .= "margin-bottom: 0px;";
        $html .= "}
form input.field {width: 143px;}
p {margin: 12px;}
</style>
<script type=\"text/javascript\" src=\"scripts/sha1.js\"></script>
<script type=\"text/javascript\">
function $(id) {
    return document.getElementById(id);
}

function Validate() {
    if (!document.login.user.value || !\$(\"key\").value) {
        if (!document.login.user.value) document.login.user.style.backgroundColor=\"#FF7575\";
        if (!\$(\"key\").value) \$(\"key\").style.backgroundColor=\"#FF7575\";
        return false;
    }
    document.login.pass.value = hex_sha1(\$(\"key\").value);
    document.login.submit();
    return true;
}

</script>
</head>
<body><br />
<h1 align=\"center\">SQL Administration</h1>\n";
    //Displays msg username/password and logged out successfully messages.
    if ($msg===1) $html .= "\n<p style=\"color:red;margin:12px;font-family:calibri;\" align=\"center\">Invalid username or password.</p>\n";
    else if ($msg===2) $html .= "\n<p style=\"color:#4BDD3C;margin:12px;font-family:calibri;\" align=\"center\">You have logged out successfully.</p>\n";
    $html .= "<form action=\"\" method=\"post\" name=\"login\" onsubmit=\"return Validate();\">
<input type=\"hidden\" name=\"do\" value=\"login\" />
<input type=\"hidden\" name=\"pass\" value=\"\" />
<table border=\"0\" align=\"center\">
<tr><td>Username:</td>
<td><input class=\"field\" type=\"text\" name=\"user\" onfocus=\"this.style.backgroundColor='#FFFFCC';\" onblur=\"this.style.backgroundColor='#FFFFFF';\" /></td></tr>
<tr><td>Password:</td>
<td><input class=\"field\" type=\"password\" id=\"key\" onfocus=\"this.style.backgroundColor='#FFFFCC';\" onblur=\"this.style.backgroundColor='#FFFFFF';\" /></td></tr>
</table><br />
<center><input type=\"submit\" value=\" Login \" /></center>
</form>
</body>
</html>";
    die($html);
}

//Creates session amd stores login information.
function Login() {
    session_start();
    $_SESSION["ip"] = $_SERVER['REMOTE_ADDR'];
    $_SESSION["user"] = $_POST["user"];
}

//Connects to database with account information.
function DBCon() {
    global $con;
    $con = @mysqli_connect("localhost", "NO", "bleh","testdb");
    if (mysqli_connect_errno()) {
        printf("Connection failed: %s\n", mysqli_connect_error());
        exit();
    }
}

//Checks for a valid session.
session_start();
if ($_SESSION["ip"]!=$_SERVER["REMOTE_ADDR"]) {
    //Checks if user is logging in
    if ($_POST["do"]==="login" && isset($_POST["user"]) && isset($_POST["pass"])) {
        //Fetching account information.
        DBCon();
        $query = "SELECT * FROM Users WHERE User = '" . $_POST["user"] ."';";
        $res = mysqli_query($con,$query) or
            die(mysqli_error($con));
        //Checks if username exists.
        if (mysqli_num_rows($res)) {
            $res = mysqli_fetch_array($res, MYSQLI_ASSOC);
        } else DispForm(1);
        //Validates password.
        if ($_POST["pass"]===$res["Pass"]) Login();
        else DispForm(1);
    } else DispForm(0);
} else if ($_REQUEST["do"]==="logout") {
    session_destroy();
    DispForm(2);
}

?>

Here is a simple session session authentication system I made last week, and besides not setting an expiration for the cookie, it is pretty secure. The form sends a sha1 hashed password for network sniffs, but that is not necessary. Hope this answers your question =)