<?php
  class UserSession {
    public $php_session_id;
    public $native_session_id;
    public $dbhandle;
    public $logged_in;
    public $user_id;
    public $session_timeout = 3600;      # 1 hour inactivity period

    public function __construct() {
        # Connect to database
        // $conn = mysql_connect($_ENV["DATABASE_SERVER"], 'db54496', 'HQe9rpTS');
        $conn = mysql_connect('localhost', 'root', '');
        if (!$conn)
        {
            die('Could not connect: ' . mysql_error());
        }
        // $this->dbhandle = mysql_select_db('db54496_quark09');
        $this->dbhandle = mysql_select_db('pradeep');
        # Set up the handler
        session_set_save_handler(
          array(&$this, '_session_open_method'),
          array(&$this, '_session_close_method'),
          array(&$this, '_session_read_method'),
          array(&$this, '_session_write_method'),
          array(&$this, '_session_destroy_method'),
          array(&$this, '_session_gc_method')
        );
        $strUserAgent = $_SERVER['HTTP_USER_AGENT'];
        session_start();
    }

    public function _session_open_method($save_path, $session_name) {
      $this->_session_gc_method();
      return(true);
    }

    public function _session_close_method() {
    }

    public function _session_read_method($id) {
        $strUserAgent =  $_SERVER['HTTP_USER_AGENT'];
        $this->php_session_id = $id;
        $result = mysql_query("SELECT id, logged_in, user_id FROM user_session where ascii_session_id = '$id'");

        if (mysql_num_rows($result)>0) {
            $row = mysql_fetch_array($result);
            $this->native_session_id = $row["id"];
            if ($row["logged_in"]==1) {
                $this->logged_in = true;
                $this->user_id = $row["user_id"];
            } else {
                $this->logged_in = false;
            };
        } else {
            $this->logged_in = false;
            $result = mysql_query("INSERT INTO user_session(ascii_session_id, logged_in, user_id, user_agent) VALUES ('$id','f',0,'$strUserAgent')");
            $result = mysql_query("SELECT id FROM user_session WHERE ascii_session_id = '$id'");
            $row = mysql_fetch_array($result);
            $this->native_session_id = $row["id"];
        };

        return("");
    }

    public function _session_write_method($id, $sess_data) {
      return(true);
    }

    public function _session_destroy_method($id) {
      return($result);
    }

    public function _session_gc_method() {
        $result = mysql_query("DELETE FROM user_session WHERE (TIMESTAMPDIFF(SECOND,last_impression,NOW()) >". $this->session_timeout.")");
        if (!$result) return (false);
        else return(true);
    }

    public function Impress() {
      if ($this->native_session_id) {
        $result = mysql_query("UPDATE user_session SET last_impression = NOW() WHERE id = " . $this->native_session_id);
      };
    }

    public function IsLoggedIn() {
      return($this->logged_in);
    }

    public function GetUserID() {
      if ($this->logged_in) {
        return($this->user_id);
      } else {
        return(false);
      };
    }

    public function GetSessionIdentifier() {
      return($this->php_session_id);
    }

    public function Login($strUsername, $strPlainPassword) {
        $strMD5Password = md5($strPlainPassword);
        $stmt = "SELECT user_id FROM users WHERE username = '" . mysql_real_escape_string($strUsername) . "' AND password = '$strMD5Password'";
        $result = mysql_query($stmt);
        if (mysql_num_rows($result)>0)
        {
            $row = mysql_fetch_array($result);
            // if ($row["validated"] != 1) return "invalid";
            $this->user_id = $row["user_id"];
            $this->logged_in = true;
            $result = mysql_query("UPDATE user_session SET logged_in = true, user_id = " . $this->user_id . " WHERE id = " . $this->native_session_id);
            return(true);
        } else {
            return(false);
        };
    }

    public function LogOut() {
      if ($this->logged_in == true) {
        $result = mysql_query("UPDATE user_session SET logged_in = false, user_id = 0 WHERE id = " . $this->native_session_id);
        $this->logged_in = false;
        $this->user_id = 0;
        return(true);
      } else {
        return(false);
      };
    }
  }
?>

pls help me guys..

The problem is within this query:

$stmt = "SELECT user_id FROM users WHERE username = '" . mysql_real_escape_string($strUsername) . "' AND password = '$strMD5Password'";
$result = mysql_query($stmt);

Something is going wrong with the query so that it is not executing successfully, thus $result is not being set to a mysql resource. Try adding an error-checking statement into the query, like so:

$result = mysql_query($stmt) or die(mysql_error());

This will give you the mysql error message, which should tell you what's going wrong.

Did you even read the sticky?

The problem is within this query:

$stmt = "SELECT user_id FROM users WHERE username = '" . mysql_real_escape_string($strUsername) . "' AND password = '$strMD5Password'";
$result = mysql_query($stmt);

Something is going wrong with the query so that it is not executing successfully, thus $result is not being set to a mysql resource. Try adding an error-checking statement into the query, like so:

$result = mysql_query($stmt) or die(mysql_error());

This will give you the mysql error message, which should tell you what's going wrong.

Lsmjudoka i tried following your post and i got a statement like this "Unknown column 'user_id' in 'field list'"
pls help me..

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.