PHP :: How To Check If User Is Logged In In VBulletin With PHP

How Does VBulletin Check License?
PHP is source code based. How could vBulletin sell a key for 1 year or for
multiple years. How can vBB check if the same key is used on different
servers/machines?

I guess there is some kind of call to headquater thing to report abuse. Am I
right?

I am looking at vBB 3.0.3 and 3.0 Gold. Can anyone tell me what 3.0 gold is?
Which is better? 3.03 or 3.0 gold?

Show Logged In User
I need a code that prints "Hello, $username" code can anybody help me by wrighting this out for me? I have the variable $username for the username.

Verifying User Has Logged In.
Just starting to learn a bit about sessions and I am using the following bit of code to check that the user has logged in through the login page.

<?php
session_start ();
//this code checks to see if the user is logged in, if yes allowed to continue
//If not redirected to the login page
if (@$login |= "yes")
{
header ("location: login.php");
exit();
}
session_destroy();
?>

However the protected page can be still accessed from the Browser window by using the page URL bypassing login.

How To Determine Logged In User In Oscommerce
Hi everyboy, I am working in oscommerce right now,Can anybody tell me how to
determine logged in user in oscommerce.I'll be very thankful if anybody assist
me.

LDAP For Current Logged In User
We are trying to setup LDAP for users to utilize our Intranet and
perform some CMS stuff.. (we are using Active Directory). We are able
to bind and query, no problem.. We are using PHP on IIS and MySQL as
the DB

However I am wondering if there is a way to find out who is currently
logged in and even what their LDAP distinguishedName is.. For example
in VBScript I call objUser = GetObject("LDAP://" & strUserDN)....

If nothing is built in, is there a way to combine the vbscript and php
together and get it back?

If A User Visits The Website, The IP Is Logged
I want to write a script where if a user visits the website, the IP is logged. Now if the user visits the same page again, he is redirected to another page. This is specifically aimed at my static IP users.

Unable To Show Current Logged In User
i am not sure what is going on but when i login and that works fine but if i want to show the the user who they are logged in as in the members section for example you are loged in as who ever, it does not show Code:

How To Drop TEMPORARY HEAP TABLES After User Has Logged Out?
My web site uses Mysql and PHP3. I'm using HEAP tables for rapid access. A HEAP table is created for each user as they log in, and then dropped when they log out. The problem is that some users will leave the site without logging out, and I need to drop those orphaned tables so they don't choke my RAM.

The ideal solution would be if there was some way to ascertain if the person has left the site and then trigger table removal, but I'm not familiar with such a "detector."

Another idea I had is to make the HEAP tables Temporary Tables, hoping that they stay alive until the user leaves the site. But I can't find any good documentation on the behavior of Temporary tables. Specifically, I need to know whether a PHP persistent connection [mysql_pconnect()] will maintain the tables alive as the user travels from page to page and script to script, and then will die when the person logs out. Or does anyone have a better idea for handling this problem?

I know I could also periodically run a script that would remove tables created for members who are no longer logged in, but I'd like another solution if I can find one. Any suggestions?

Currently Logged In NT User Id-password For Mail Function Usage
I am building an intranet website. My requirements are - I need to allow only registered users of my NT domain. I am acheiving this by using SSPI module(equivalent to NTLM) for apache. I am running Apache 2.0.44, with PHP 4.3.1 on win 2000. The SSPI module will throw a login screen where the user will type in his username and password.

Now the problem is I want to use the user id and password of the currently logged in user for smtp server authentication so that I can send the emails from there email account.

First, How can I achieve this? Which are the variables I willl have to use to get this info? Second, I want to sent this info for authentication in encrypted format, how do i do this?Third, how can I get the currently logged username and password without prompting the user?

Best Way To Keep User "logged In"?
I'm trying to build a web app where my users can login and view personalized data (their profile, stuff specific to them) and I'm really pulling my hair out over what would be the best way to log them in and keep them "authenticated" through out different pages.
So far I have two ways in mind.

1) Keep the username and password in session variables, and check it against the database on every page access. So each time a user clicks on a page, that page will re-evaluate them against the database to see if they are allowed to be viewing what they are viewing. This also allows me to grab their User ID, which is the primary key of that table, so I can use it to search other tables where that User ID is a forgein key.

2 Session Variables: user, pass

Problem: I am not sure if this is overkill on the database. I have to run that query every single page the user access a new page. Is this a bad thing? And since I have to re-authenticate on each page I have to keep the user/pass in session variables.

2) Use a boolean flag. The user logs in, and i compare the user/pass to a database. If yes, I store the their User ID in a session variable and set another session variable, such as $allow=true, and use that to "allow" the user to go from page to page. Each page checking the session variable "allow" and the session variable that contains the User ID so I can query the database to get their relevant information.

2 session varialbess: allow flag, User ID

Problem: If for some reason the variable name of the flag becomes known, a simple alteration of a url could allow access to the pages.

Using Php To Check User Directory
anyone knows how to check whether a person in a virtual community is online using php? can someone tell me the logic to work this out?

Imap, Check User
If imap_open(string) doesn't work i gets an error message.
I don't want that message. I tried to get around the problem by using:

if (imap_open(string) == false) {
echo("Go back and try again!");
} else {
header("Loacation: show_inbox.php");
}

but I still got that error message if the openstring's not correct.

What to do?

Check If User Has Authenticated
I've got a web site that has a mix of public and private sections.
When you first come to the site, the final option on the menu is
"Private" which forces an authentication and then gives you an
expanded menu that includes all the private sections of the site.
What I'd like to do is give users the proper menu ("public only" or
"public and private") depending on whether they have authenticated
with the site.

I thought of just checking for $_SERVER["REMOTE_USER"] or
$_SERVER["PHP_AUTH_USER"] but if you are on a public page, those don't
exist whether or not you have authenticated with the private sections.
I was hoping not to have to deal with sessions or cookies but is that
the only option I have? Or is there some value somewhere that will
tell me that a user has authenticated and that is available (to PHP)
even in the public areas?

Check User Came By $_POST
How do i check that a user came to a page by a $_POST?

Check To See If User Is Activated
i am very close at getting my login script complete however i having problems in the login section becuase it lets the user login even if they have not activated there account and i wanted o know how would i do this so that only activated users can login:

my table has a colunm called activated with yes or no, no being not activated and yes being activated Code:

Check Mysql Database For User
Im trying to check if a user exist in database table only if another check =YES:

$sql="SELECT * FROM my_members WHERE my_private=$my_private AND my_id=$my_id";

$my_private should = 'Yes' or 'No'.

If 'Yes', i need to run another check....

$sql="SELECT * FROM my_favorites WHERE my_id=$my_id AND my_uid=$sessionuser";

This check should check to see if $sessionuser exists in my_favorites.. How can i make the first one call the second only if $my_private=Yes? Or is this code even correct?

Check User/password On Included Pages
if i have itlike tihs: login.php checks the username and sets $_SESSION[] variables login to 1 username to username and password to password:

then it takes you to main.php. all that one does is include navigation and all the content. if the link is clicked. it also checks if the user's logged in. what i am wondering is.

all the pages that are to be included. is it ok not to check username/password on them and only check if the variable $inc exists. that variable is set on main.php, plus the include pages dont have session_start() on them. will that stop people from accessing them individually? they cant fake variables right?

Check If User Is On Mobile Device Or If Flash Is Disabled?
I'm currently researching the use of flash in web pages and realise that many portable devices such as mobile phones or pdas can't run flash.

Is there a way of checking if they're on a mobile device or if flash is disabled using php?

I've looked into it and it seems like it's only possible to check if flash is disabled using javascript and even then it's highly unreliable.

VBulletin
vBulletin is great but im after its security...can anyone here tell me how secure this is, bcoz i downloaded its lite version...and planning to purchase its full version...

IPB And VBulletin: Who Copied From Whom?
Somebody said IPB 1.2 copied code from vB 2.0....

Now IPB is in 2.0 and vB is in 3.0

How could a script be offered in a free version IPB and paid version vB,
while features and underlying codes are similar.

What is the MySQL problem IPB has to crash database but vB does not? Why can
IPB fix it?

VBulletin And Daylight Savings Time?
I've been programming out the time offsets for some software and want to automatically take DST into consideration. Anyhow... from my research I found out that the EU and the US are the only timezones that practice daylight savings.

This means-I'm assuming-that nations such as S America and Africa do not observe DST, which leaves a bit of a problem since they are in the same time zone as the US and Europe.

So this leaves me wondering, do I include it or not? I've noticed that with vBulletin and ezBoard, there's not option for me to select DST. Does anyone know if these products include it automatically?

Adding A Mailing List To Vbulletin Registration
I have added yes and no buttons to an option called bsmailinglist in the form for registration on my forums. Now I want to have that answer handled according to the following code. I have the yes button set to TRUE and the no button set to FALSE. After adding the folloing code to the script that handles the form (register.php), I get a parse error on the last line of php, the closing php flag. Code:

function BSwrite ($email) {
$BSfile = "bsmailinglist.txt";
$BSopen = fopen ($BSfile, "a");
if ($BSopen) {
fwrite ($BSopen, "$bsmailinglist, ");
fclose ($BSopen);
} // end BSwrite Function
if ($bsmailinglist) {
BSwrite();
}

PHP Sessions - Who Is Logged In
I have a site that allows users to create multiple projects each with multiple sections. Each project builds a result based on the answers to a series of questions (different set for each section). As they answer, those answers are stored in a table. There can be multiple users per project.

I need it set up so that only one person can access a section of a project questions at once, so I created a "Lock" column in one of the database tables. Problem is that if a user is inactive, closes the browser, etc and their session is expired / removed from the list on the server, I need to remove the lock. Best idea I came up with is to store the Session ID in the Lock column and use a Cron job that checks the session ID's on the server. If no match is found, the Lock is removed. Problem is that I don't have a clue as to how to get a list of sessions from the server to see if they match any of the sessions stored in my Lock column.

Staying Logged In
How is that sites are able to use cookies somehow to log people in whenever they arrive. I can handle all the logging in part, and the session part, but I can't work out how to prevent people having to log in every time they are away long enough for the session to expire.

Logged In Twice At The Same Time?
Without going into the details of my code: is it possible to have two
different users logged in at the same time?

I had one page where I found the username correctly set, and another
where it wasn't. (Just by checking <?= $_SERVER['PHP_AUTH_USER'] >? at
the top of each page.)

Wondering why it would be set for one page and not another (and as a
sanity check) I wrote another page which sends the basic auth headers
and so logged in again.

Now the first page shows my original username. All the other pages
(which used to show username at all) now show the second username. I can
freely switch between them too: it's very consistent. One page, user1.
All the rest: user2.

I'm really confused. I didn't think it was possible to be logged in as
two different users in the same browser against the same host at the
same time.

How Can I Stay Logged In?
I've made a CPanel on my personal website so I can log in and edit my site from there. But now I've made it as simple as I stay logged in for 1 hour.. after that I get logged out automaticly..

so what I wonder is what can I do to stay logged in untill I either close the whole site or I'm idle for moer than 5 minutes?

Staying Logged In. . .
I have created a login script and it seems to work great - most of the time?? Sometimes (and I stress. . .sometimes), it logs the user out when they go from page to page. Here is the code I use to check it user is logged in: Code:

Nav If Member Logged In
i have a navigation script that pulls url's and name's out of a database.
However there are some links i only want people who are logged in to see..
I have made the login script and only this is needed in the if statment Code:

Determine How Long It Was Since Last Logged In?
I can insert the date and time into a SQL table, but where do I go from there? What would I use to figure out the exact minutes since they were last on?

Also, the minutes need to round to hours, and hours to days.

Seeing Who Is Logged In From Encrypted Cookies
I am adding accounts to my site and have successfully implemented cookies, on log in the username and password (which first gets md5'd) entered are checked with the ones in the MySQL database. Then a cookie is set, one for the username, with the value of the md5(username) and the same for the password.

I can easily tell if someone is logged in to know what dynamic content to display, the problem is, I do not know the username, because it is encrypted.

Now I've got a few ideas on how to go about this, I could go through the Accounts table and md5 each of the usernames and check, but that would be inefficient. I've also thought about having another table with all the users who are logged in, that way I could also just set a single cookie.

Rather than fumbling around with this idea anymore I thought I'd get this right before I develop too much around it. What are some of the preferred methods around here?

How Can I Keep Data For Users That Are Not Logged In Yet
I am building a website and I want to allow users to do certain things
without logging in. I would like to allow them to keep track of certain
items, by adding them to a list.

Like if they are viewing multiple job listings in Houston, they can add each
job they care about to a list and when they are done looking at all the
jobs, they can view the list of say, 10 jobs. They can print the list or
email the list to themselves or someone else.

1st, what is the best way to track this user? IP address? I can have
multiple guest users online at any given time. I don't want to put them in
the database.

2nd, What is the best way to do this. Session variables? A session array?

What kind of data structure can I setup?

$visitorId = the ip address i get from $_SERVER['REMOTE_ADDR'] or should I
just use a session_id that php provides? Is that good enough?

$userLevel = "Guest"
$time = time();
$rememberItem = array();

Every time a visitor checks the remember me checkbox next to a job, I will
add that jobId to the $rememberItem session array.

Then when they want to see all of the jobs they asked to remember, I will
display a page that calls the database using each Id to display the title
and other info about each job. Then the user can print the page.

Effective 'Logged In' Checker?
I'm writing my own login script and have the following bit of code to check whether or not the users are logged or not. The script works, I'm just wondering if there are any security problems with it. Code:

Setting Logged In To A Variable
I am using this feature, so i can conditonally display stuff. Now, how do I set the result of the following to a variable so I can just use that, currently, I am doing it like the following:

<?php
if ((!isset($_SERVER['PHP_AUTH_USER'])) || ( !isset($_SERVER['PHP_AUTH_PW'])) ||($_SERVER['PHP_AUTH_USER'] != 'username) || ($_SERVER['PHP_AUTH_PW'] != 'passy' ));
else {
?>
SHOW RED
<?php
}
?>

Show Logout Only If Logged In
I want to show a Logout link only if a user is actually logged in. Is there a way to show a bit of PHP code ONLY if a user session exists? If so, what's the code?

Proxy Users Getting Logged Out
I have a site that has always worked fine for most users but now i'm having problems with certain users getting logged out. I'm not certain, but in some cases at least they are behind a proxy.

My site uses phpBB's login code which performs a check against a portion of the user's ip address. I'm not sure if that's the issue...it could be something else relating to cookies and proxies. I know so little about proxies.

Anyway, the phpbb session-related code does the following:

1) gets user IP and encodes it thusly:

PHP Code: ....

Displaying A List Of Members Logged In
I wish to display all of the current members who are logged into the system. I figure I can do this using their session id's and matching their usernames accordingly. Or I could create a separate table containing their username and INSERT when someone logs in and DELETE when someone logs out. Then i could display the contents of the table.

Creating A Live/logged On List
Is it possible to determine the currently logged on users? I have a login section of my site that is controlled by sessions and would like to display a list of the currently logged on users.

I did think of creating a 'live' table storing userids and adding/deleting when they login/logout. Logging in is ok, but how do you maintain the list if they just close down without letting me call the relevant unregister session functions?

Logged In Code Needing Re-adjusting?
I have a site developed where logged in users can earn virtual currency (echos) by doing certain actions. They can add items to their inventory, and sell these items to each other. I have the codes set up for all that (finally!). But all this has caused a problem to come to my attention.

If the logged in user is logged in, their echo count is displayed next to their username (for example: UsernameA Echos 100). If they leave a comment on a submitted image, they will get 10 echos and the number is updated (example: UsernameA Echos 110). If they buy an item from the shops, the number of echos gets deducted from their echo count successfully (example: UsernameA Echos 90).

So if all that is working, what`s the problem, right?

Well, if UsernameA gets any new private messages while they are logged in or if an item they sell to another person is bought, these things are not reflected. The person would have to log out, then log back in to see the "Messages (2 New)" and "Echos 100".

I`m thinking because these changes are not reflected, I might need my logged in codes re-done? Or maybe something else?

I need big time advice on what needs to be changed and how to do it. I`ll list some files that I think would be relevant:

index.php - the main page that user gets directed to when they log in
header.php - contains the info for design of the site and the navigation bar
logged.php - changes navigation bar to all info if perosn is logged in, if person is logged out, displayes login.php
login.php - form to allow person to log in
auth.php - loads session, reads from userdata for info of logged in person (such as username, how many echos they have, how many new messages they have)The posts below will show the codes for these files individually.

Member Logged In, Updating Their Details.
I have got a login system using sessions, and wanted to have a page where once the user is logged in, they can see and change/edit their details.

I have currently got two pages, modify_user.php and do_modify_user.php to try and do this, but i keep getting an error on do_modify_user.php that the query was empty. Code:

How To Allow Only Logged In Users To A Specific Webpage
I am wondering how I go about allowing those users who successfully login to be able to go to a certain page. Those users who are not logged should be re-directed to login page. I was able to get the user authentication to work fine on my site but not sure what I need to add to certain pages to check if a user is logged in.

How To Track The Total Number Of Logged In Members
I am currently working on a membership based web site. I need to display the number of members logged in that system. To do this I have set a flag in the database which is set to 1 whenever a user is logged in the system and when the user clicks on the ‘Log Out’ link a query is fired that sets the same flag to 0. To display the total number of logged in members I run a query that counts the number of records whose flag is set to 1.

However this method has a major shortcoming. When users do not click the ‘Log Out’ link but just close the browser. In such a situation the query that will set the flag field back to 0 will bot be fired and hence the user would be seen as active in the system even though the user has already left the system.

When one company is viewing the profile of another company in my site I also need to show whether that representative of the company whose profile is being viewed in logged in the system at that time or not so that if the user wants then can send a message to them.

I need some advice on how can I achieve this in the best possible way, where I can display the total number the total number of correct logged in members..

How Can I Restrict Access To Files To Logged In Users Only?
I have a folder containing file1,file2,file3. I created a login system that sets the $_SESSION['id'] to a value if the user logged it. How can I restrict the access to my folder? I want the logged in users only to access it.

Logged In Users, Sessions And Flat File .txt
I am currently working on a project whereby users login to my website and then using a form add new quick links/tabs to their navigation bar. So for instance if the user had 'home/search engines/favourites' as links on their navigation bar and they wanted to add auction sites as a group link they fill out the form which then posts the data into a flat file database. (usertabs.txt)

So far i can make the form send the link name, URL and attach the username of the person adding links so to make a id for the link name and URL. So in the flat file the structure is presently: Code:

How Do I Use Login Session To Show Spesific Areas When Logged In?
Now I need to create a site where users who are logged in can get access to additional contents, compared to anonymus users who are NOT logged inn.

Example:
On a public website with information about shoes, anyone can see the pictures and description. What I want is when a salesperson or administrator in my companys staff is logged in, he/she will be able to see some more information - about prices and stuff..

In .ASP the command for this is <% if (Session("MM_UserAuthorization")) = "Administrator" then %> {Enter the additional stuff here... Text, tables, pictures, buttons...} <% end if %>
Anyone know the similar code for .PHP?

How To Display A Webpage Logged In Via A CURL Request In An Iframe
Bascially i use cURL to log into a website, but i want to display that website in an iframe on my php page.

anyway to do this?

iframe's src is the web address but i need to login to the webpage be4.

I will test later, but maybe the curl code which logs in will set the cookie, and i dont need to worry about it and can just supply url to want to goto. Any params I need to worry about for the cookie?

PHPmyadmin Access Denied For User 'user'@'localhost'
WinMe machine as server, with Apache 2 installed and working PHP4 installed and working ( had PHP 5.05 installed and working, but i couldnt get the mysql extensions to load - phpinfo() didnt list mysql :(, so i installed PHP4, which now lists mysql when i run phpinfo). MYSQL 4.1 installed and working. I dont know the console commands too well, but i know its working ok, cos I have used a few simple DOS prompt commands to check its alive and I can connect to the database using MyODBC frontend/driver 3.51 and also using Navicat 2004.

When i try to connect to the database via PHPmyadmin from another network PC I have an error:

#1045 - Access denied for user 'user'@'localhost' (using password: YES)

I have played around alot with different settings in the config.inc.php file.... nothing seems to work.

This almost appears to be a simple login problem ( probably is too), but I can access the database locally from the Winme machine with the username and password that wont work over the network!

I have tried not using 'localhost' as the host name but the IP address of the Winme PC but I get this error:

#1130 - Host 'MYSERVERNAME' is not allowed to connect to this MySQL server

Notice: Use Of Undefined Constant User - Assumed 'user'
I have a script for a shopsystem on a Linux. There it works fine.
But when I try to run it on my Windows machine, PHP says things like

Notice: Use of undefined constant dbname - assumed 'dbname' in
c:apachehtdocsaposhop estshopclassesxxx.clas s.php on line 77

On Windows I run PHP 4.3.2
On Linux runs PHP 4.3.1

Authenticating User Common User Names
I want to create a password protected page with PHP and Mysql. I have 2 groups User and Admin. The respective groups have a common user/password. The user/password are stored in a database. I want to authenticate the user through a login form and not through a pop-up ($PHP_AUTH_USER) way.

What I want is, if a user logs in and he moves from one page to another, he should not be asked for validity again. Is this possible only with scripting (without session and $PHP_AUTH...). If yes - how do I keep track of an authorised user and unauthorised user, so that he should not be validated again. Does setting the user variable to global in all the pages do the trick.?

How To Check If User Is Logged In In VBulletin With PHP

Anybody knows how to check if a visitor in vBulletin with a PHP script?