// set timeout period in seconds
$inactive = 1; // Testing. Change back to 600 when done
// check to see if $_SESSION['timeout'] is set
if(isset($_SESSION['timeout']) ) {
    $session_life = time() - $_SESSION['timeout'];
    if($session_life > $inactive)
        { session_destroy(); header("Location: index.php"); }
}
$_SESSION['timeout'] = time();

The code above works fine. This code, does not:

// Add time to the user online
$inactive = $inactive + 50;

The problem is, when the user does an action, I want 50 seconds more added to their online time. The code above is executed on the page that the user visits, and adds 50 seconds to the $inactive variable. So far, it does nothing, and the $inactive variable does not get the extra 50 seconds.

~Thanks.

I don't see how the $inactive variable will persist between visits. It is not stored in a session variable and it gets reset to 1 (or 600) immediately when the script begins. Could you provide a spec. that describes exactly how you intend this code to work?

I have no result, I changed my code to this:

<?php
session_start();

// set timeout period in seconds
$_SESSION['inactive'] = 1;

// check to see if $_SESSION['timeout'] is set
if(isset($_SESSION['timeout']) ) {
    $session_life = time() - $_SESSION['timeout'];
    if($session_life > $_SESSION['inactive'])
        { session_destroy(); header("Location: index.php"); }
}
$_SESSION['timeout'] = time();
?>

and the code on each page to this:

$_SESSION['inactive'] = $_SESSION['inactive'] + 10;

But it does nothing.

Member Avatar
LastMitch

@Djmann1013

The problem is, when the user does an action, I want 50 seconds more added to their online time. The code above is executed on the page that the user visits, and adds 50 seconds to the $inactive variable. So far, it does nothing, and the $inactive variable does not get the extra 50 seconds.

I think in order for you to add the extra time then you need to add it on the php.ini file and then used time stamp () function & set_time_limit () function. This is more than just using Session.

Here is a link about increase or decrease of time:

http://www.plus2net.com/php_tutorial/max-ex.php

Also read this which I feel you might have read it before:

http://php.net/manual/en/function.set-time-limit.php

Member Avatar
diafol
$_SESSION['inactive'] = $_SESSION['inactive'] + 10;

On each page. So what happens when you destroy the session? No more session vars. So how can you add to something that doesn't exist. Also your timeout will be dead too until set again.

I can't work out where your main script goes - in every page?

Here is the full page that contains the $_SESSION['inactive'] = $_SESSION['inactive'] + 10; value:

<?php
session_start();


mysql_connect('127.0.0.1', 'root', '');
mysql_select_db("db");

$message = mysql_real_escape_string(htmlentities($_POST['message'])); // Chat message
$username = mysql_real_escape_string(htmlentities($_POST['username'])); // Username (POSSIBLE EXPLOIT RISK HERE)
$image = mysql_real_escape_string(htmlentities($_POST['image'])); // User's profile image
$id = mysql_real_escape_string(htmlentities($_POST['id'])); // User ID
$online = "Online"; // The user is online



if (empty($message) or empty($username) or empty($image) or empty($id)) {

// Do nothing

} else {

// Add time to the user online
$_SESSION['inactive'] = $_SESSION['inactive'] + 20;

/*
$DB->Query("INSERT INTO messages ('message', 'username', 'image') VALUES ('{$message}', '{$username}', '{$image}')") or die(mysql_error());
*/

mysql_query("INSERT INTO `messages` (`message`, `username`, `image`, `user_id`, `user_online`) VALUES ('{$message}', '{$username}', '{$image}', '{$id}', '{$online}')") or die(mysql_error());


echo $message;

}

?>
Member Avatar
diafol

I'm none the wiser. Where is $_SESSION['inactive'] initalised.

How do you initalize $_SESSION['inactive'];?

Member Avatar
diafol

Where is it set for the first time?

Session.php:

<?php
session_start();

// set timeout period in seconds
$_SESSION['inactive'] = 20;

// check to see if $_SESSION['timeout'] is set
if(isset($_SESSION['timeout']) ) {
    $session_life = time() - $_SESSION['timeout'];
    if($session_life > $_SESSION['inactive'])
        { session_destroy(); header("Location: index.php"); }
}
$_SESSION['timeout'] = time();
?>

This is where it is first initialized. Then, it is included into every page like this:

session_start();

// set timeout period in seconds
$_SESSION['inactive'] = 20;

include('/home/username/public_html/session.php');
Member Avatar
diafol

Anyone else that can help?

Noted.

Coding takes time. Expirence comes from practice, NOT by rushing.

Do as I say, not as I do, right?

commented: I agree ! +6

@LastMitch I got it from a daniweb question made 4 years ago.

Member Avatar
LastMitch

I got it from a daniweb question made 4 years ago.

4 years old is very long. You're asking members to solve a code that might not be answer correctly.

I think searching for another code not on Daniweb but on google. So you can find something that is more updated and have a comment section where you can post questions about the code.