This time, I need your help in something related to php. My users script is not working as expected, it's supposed to keep logged in 3 weeks but this just fails, after less than 60 minutes the session is destroyed and I need to login again, any suggestion?
My code:
<?php
if (!isset($_SESSION)) session_start();
mysql_connect("YOU", "DONT", "NEED") or die("database connection failed");
mysql_select_db("THIS!!!") or die("database selection failed");
$user = $_POST['username'];
$pass = $_POST['password'];
$remember = $_POST['remember'];
$token = $_POST['login-token'];
$error;
if(isset($_SESSION['username'])) {
$error = $error." :erlgd:";
}
if(empty($user)){
$error = $error." :erusr:";
}
if(empty($pass)){
$error = $error." :erpwd:";
} else
$password = md5($pass);
if(empty($error)){
$sql = "SELECT * FROM login_users WHERE username='$user' AND password='$password'";
$result = mysql_query($sql);
$count = mysql_num_rows($result);
if($count == 0){
$sql = "SELECT * FROM login_users WHERE email='$user' AND password='$password'";
$result = mysql_query($sql);
$count = mysql_num_rows($result);
if($count == 0){
$error = $error.":erwrg:";
}
}
}
// Once everything's filled out
// Just double check there are no errors first
if($error == '') {
while($row = mysql_fetch_array($result)) {
$minutes = 10080;
if($minutes == 0)
ini_set('sesion.cookie_lifetime', 0);
else
ini_set('session.cookie_lifetime', 60 * $minutes);
session_regenerate_id();
$sql = "SELECT * FROM login_activate WHERE username='$user'";
$count = mysql_num_rows(mysql_query($sql));
if ($count > 0)
$_SESSION['activate'] = 1;
else
$_SESSION['activate'] = 0;
$_SESSION['restricted'] = $row['restricted'];
$_SESSION['name'] = $row['name'];
$user_level = unserialize($row['user_level']);
$_SESSION['user_level'] = $user_level;
$sql = "SELECT level_disabled FROM login_levels WHERE level_level = '$user_level'";
$disRow = mysql_fetch_array(mysql_query($sql));
$_SESSION['level_disabled'] = $disRow['level_disabled'];
if(!empty($remember)) {
ini_set('session.cookie_lifetime', 60*60*24*100); // Set to expire in 3 months & 10 days
session_regenerate_id();
}
// And our magic happens here ! Let's sign them in
$_SESSION['username'] = $row['username'];
unset($_SESSION['token']);
echo "success";
// Redirect after it's all said and done
}
}else{
echo "error:".$error;
}
?>
Thanks!
PS: As additional data, this is a shared server.
Take a look at the session.gc_maxlifetime in /etc/php5/apache2/php.ini
Either update it there, or try putting ini_set('session.gc_maxlifetime', 60*60*24*7*3); in your script at the top
Increase that to something larger
basically, this is how long the server waits before clearing session files
You will need to use cookies to support the remember me type of behavior. When a session is destroyed on the server, the cookie is meant to act as a catalyst to start a new session as the same user, when they re-visit your site, and auto-logging them in, behind the scenes.
A Google search returns some pretty good results, most notably a reference to actual cookie code (search for autologin.php).
usually people use session_set_cookie_params() to change the lifetime of a session cookie. and you should be setting this before the first session_start() is called I believe. the default is typically set to 0 (aka when the user closes the browser window).
http://www.php.net/manual/en/function.session-set-cookie-params.php
you will also need to change the garbage collection max lifetime for session files. before your session begins, try:
ini_set(’session.gc_maxlifetime’, $lifetime_in_seconds);