The problem with cookies is that the user can disable them. So to overcome the obstacle of a cookieless client, you can use the hidden field in the form to send the session ID.
This is the script for the form with the hidden field.
<?php
// Enable output buffering. No output is sent from the script
// (other than headers). It is saved in an internal buffer
ob_start();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="EN" lang="EN">
<head>
<title>Sessions without Cookies</title>
<meta Name="Author" Content="Hann So">
</head>
<body>
<p>
<?php
if (isset($_POST['submit'])) {
process_form();
}
else {
display_form();// display form for the first time
}
function display_form() {
echo <<<HTML
<h2>Login Form</h2>
<form action = "$_SERVER[SCRIPT_NAME]" method="post">
Username:
<input type="text" name="username" value="John" />
<br />
Password:
<input type="password" name="password" value="John123" />
<br />
<input type="hidden" name="PHPSESSID" value="session_id()" />
<input type="submit" name="submit" value="Log in" />
</form>
HTML;
}
function process_form() {
if ( (!empty($_POST['username'])) && (!empty($_POST['password'])) ) {
if ( ($_POST['username'] == 'John') && ($_POST['password'] == 'John123') ) {
// Start session
session_start();
$_SESSION['username'] = 'John';
$_SESSION['loggedin'] = time();
// get the name of the session and the sesion ID.
// we can also use $_POST['PHPSESSID']
$sess_name = session_name();
$sess_id = $_REQUEST[$sess_name];
// Here redirect the user to the welcome page after successfully logged in
header ("Location: welcome.php?$sess_name=$sess_id");
}
else {
// Incorrect login
echo "<p>Sorry the username and password are incorrect.</p>";
display_form();
}
}
else {
// A missing field
echo "<p>Please make sure to enter both username and password.</p>";
display_form();
}
}
?>
</p>
</body>
</html>
<?php
// Flush the buffer and end output buffering.
ob_end_flush();
?>
|
This is the script to welcome after logged in.
<?php
session_start();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="EN" lang="EN">
<head>
<title>Sessions without Cookies</title>
<meta Name="Author" Content="Hann So">
</head>
<body>
<p>
<?php
if (isset($_SESSION['username']) ) {
load_page();
}
else {
load_error();
}
function load_error() {
echo <<<HTML
<h2>You're not logged in.</h2>
<p>
Sorry you cannot view the protected page.
</p>
<p>
Please try to <a href="example_n.php">Log in</a> again.
</p>
HTML;
}
function load_page() {
echo <<<HTML
<h2>Welcome $_SESSION[username]</h2>
<p>
You can now view the protected content.
</p>
<p>
When ready, you can <a href="example_d.php">Log out</a>.
</p>
HTML;
}
?>
</p>
</body>
</html>
|