I'm building a website for me and my friends that should include a forum and a chat. I'm developing the list of the friend but I don't know how to display wich users are online and which not. The users are autenticated with sessions variable. To be able to check wich users have a session open with the autentication variable $_SESSION I created a session handler that store the session datas in the database. In the table where I store the session I added a field that for default is null and should be filled by the login script with the user id so than I can check which users are online. Unfortunatly the login script work but doesn't fill the field. no error is displayed (I have all the errors activated).
I wanted to know if there is any easyer way to check which user is online. I know just PHP language and not much of it (I can't understand the object oriented PHP).
Thanks

hi ....i am fresher in php...i am also working on creation of forums..can u send me ur entire code so that it will be very helpful for me and i will also look at ur problem and try my best to solve it.
thanks
navvy.

The code of the session handler is

<?php
// Create a connection to the database
function mysql_session_open($session_path, $session_name) {
global $conn;
$conn=mysql_pconnect("localhost", "admin", "******") or die (mysql_error());
mysql_select_db("pantarei") or die (mysql_error());
return true;
}
// Doesn't do anything
function mysql_session_close() {
global $conn;
mysql_close($conn);
return true;
}
// Select the data from the database
function mysql_session_select($SID) {
global $conn;
$query = "
SELECT sessions_value FROM sessions
WHERE sessions_id = '".$SID."' AND sessions_expiration > ". time();
$result = mysql_query($query, $conn);
if (mysql_num_rows($result)==1) {
$row = mysql_fetch_assoc($result);
$value = $row['sessions_value'];
return $value;
} else {
return "";
}
}
// Write or update the data
function mysql_session_write($SID, $value) {
global $conn;
$lifetime = get_cfg_var("session.gc_maxlifetime");
$expiration = time() + $lifetime;
$query = "
INSERT INTO sessions (sessions_id, sessions_expiration, sessions_value)
VALUES('".$SID."', '".$expiration."', '".mysql_real_escape_string($value)."')";
$result = @mysql_query($query, $conn);
if (!$result) {
$query = "
UPDATE sessions SET
sessions_expiration = '".$expiration."',
sessions_value = '".mysql_real_escape_string($value)."' WHERE
sessions_id = '".$SID."' AND sessions_expiration >". time();
$result = mysql_query($query, $conn);
}
}
// Destroy the session
function mysql_session_destroy($SID) {
global $conn;
$query = "
DELETE FROM sessions
WHERE sessions_id = '".$SID."'";
$result = mysql_query($query, $conn);
}
// Automaticaly destroy expirated sessions
function mysql_session_garbage_collect($lifetime) {
global $conn;
$query = "
DELETE FROM sessions
WHERE sessions_expiration < ".time()." OR sessions_value=''";
$result = mysql_query($query, $conn);
return @mysql_affected_rows($result);
}
// Create the session handler
session_set_save_handler("mysql_session_open", "mysql_session_close", "mysql_session_select", "mysql_session_write", "mysql_session_destroy", "mysql_session_garbage_collect");
?>

The query that create the table to store the sessions is

CREATE TABLE sessions
(sessions_id VARCHAR(32) NOT NULL,
sessions_user_id INT(10) UNSIGNED,
sessions_expiration INT NOT NULL,
sessions_value TEXT NOT NULL,
PRIMARY KEY(sessions_id));

The session handler seems to work fine, the problem is in the login script, it should write in the column sessions_user_id the id of the user that just logged in or return an error but it doesn't work and it doesn't return any error.
Here is the script

<?php
include "session_handler.php";
session_start();
include "connection.php";
$usernm=$_POST['user'];
$passw=$_POST['pass'];
$query_select="SELECT * FROM login WHERE login_user='$usernm' AND login_pass='$passw'";
$query_result=mysql_query($query_select, $conn) or die (mysql_error());
if (mysql_num_rows($query_result)!="0") {
$resarr=mysql_fetch_assoc($query_result) or die (mysql_error());
extract($resarr);
$_SESSION['auth']=$login_auth;
$_SESSION['user_id']=$login_id;
$query_sess="
UPDATE sessions
SET sessions_user_id='".$_SESSION['auth']."'
WHERE sessions_id='".mysql_real_escape_string(session_id())."'";
$res=mysql_query($query_sess, $conn) or die (mysql_error());
header("Location: http://***.***.*.*/mypage.php");
exit();
} else {
header("Location: http://***.***.*.*/error.php?error=login");
exit();
}
?>

If I run the query to set the user id in the column sessions_user_id on mysql query browser sometimes it works, sometimes get me an error that say to check the correct sintax to use after... and it print the session id string WITHOUT the last character. I have no idea what can be the cause of that.

I have also another question: I setted up all the web pages to delete the session started in the beginning if the user is not logged in with a simple if (!isset($_SESSION)) session_destroy();
The purpose of this is keep the less numbers of rows in the sessions table but then I thought that that might slow down all the pages because require one more query to execute every time.
Do you think I shoul keep this or change it?
Thanks

session_user_id is an Integer and you have qoute around it in the SQL query. That could be the problem.

It's not showing in error because you have it redirecting to a new page immeadiately.

And don't worry about destroying the session if the user isn't logged in. It won't slow the pages down(at least not noticebly) but it's not worth it.

This article has been dead for over six months. Start a new discussion instead.