Home/ Questions/Q 4060100
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-20T15:17:43+00:00

Right now I’m having a weird problem with my own written session class, the

  • 0

Right now I’m having a weird problem with my own written session class, the script is being used for checking if the user is still logged in and keeps the session intact, but I feel as my script is poorly written and not planned well enough – I do need real clarification on how to improve this script and keep sessions from being assigned to the right user at all times until the user has logged out.

The main problem I’m experiencing is the $session->user_id keeps changing to 1 which is the first user in the users table. Even when logged out and after a couple refreshes it changes to 1 which I don’t why it’s doing that.

When the user wants to log out, it clears all the cookies and resets everything with a new session but the user_id is always 0 but after a couple refreshes, it changes to 1.

The script I’m using:

<?php

class session
{
    var $session_id = '';
    var $browser = '';
    var $ip = '';
    var $isp = '';
    var $time_now = 0;
    var $cookie_data = '';
    var $cookie_store = array();
    var $user_id = 0;
    var $user_info = array();

    function session_begin()
    {
        global $db;

        $this->ip = (!empty($_SERVER['REMOTE_ADDR'])) ? $db->sql_escape($_SERVER['REMOTE_ADDR']) : '';
        $this->isp = (!empty($this->ip)) ? gethostbyip($this->ip) : '';

        if(isset($_SESSION[COOKIE_NAME]) || isset($_SESSION[COOKIE_NAME]))
        {
            if(isset($_SESSION[COOKIE_NAME]))
            {
                $stored_session = $_SESSION[COOKIE_NAME];
            }
            elseif(isset($_COOKIE[COOKIE_NAME]))
            {
                $stored_session = $_COOKIE[COOKIE_NAME];
            }

            $this->session_id = $stored_session;

            $sql = "SELECT " . SESSIONS_TABLE . ".*,
                           " . MEMBERS_TABLE . ".uid
                    FROM " . SESSIONS_TABLE . ", 
                         " . MEMBERS_TABLE . "
                    WHERE " . SESSIONS_TABLE . ".session_id = '" . $db->sql_escape($stored_session) . "'
                    LIMIT 1";

            $result = $db->sql_query($sql);

            if($db->sql_numrows($result) == 1)
            {
                while($row = $db->sql_fetchrow($result))
                {
                    if($row['uid'] == 0)
                    {
                        $this->user_id = 0; 
                    }
                    else
                    {
                        $this->user_info['uid'] = $this->user_id = $row['uid'];
                    }

                    $this->user_info['sid']     = $row['session_id'];
                    $this->user_info['browser'] = $row['session_browser'];
                    $this->user_info['ip']      = $row['session_ip'];
                    $this->user_info['isp']     = $row['session_isp'];
                }

                if($this->user_info['sid'] == $this->session_id)
                {
                    //echo 'yes';   
                }
                else
                {
                    $this->session_restart();
                }
            }
            else
            {
                $sql = "INSERT INTO " . SESSIONS_TABLE . "
                        (session_id, session_user_id, session_start, session_ip, session_isp, session_browser)
                        VALUES ('" . $this->session_id . "', '" . $this->user_id . "', '" . time() . "', '" . $this->ip . "', '" . $this->isp . "', 'wtf')";

                $result = $db->sql_query($sql);
            }
        }
        else
        {
            $_SESSION[COOKIE_NAME] = $this->session_id = $this->generate_session_id(32);
            setcookie(COOKIE_NAME, $this->session_id, time()+3600*9000*9000, '/');
        }
    }

    function session_restart()
    {
        if(isset($_COOKIE[COOKIE_NAME]))
        {
            setcookie(COOKIE_NAME, NULL, time()-3600);  
        }

        $this->user_id = 0;
        $this->session_id = $this->generate_session_id(32);
        if(setcookie(COOKIE_NAME, $this->session_id, time()+3600*9000*9000, '/'))
        {
            return true;
        }
        else
        {
            return false;   
        }
    }

    function generate_session_id($limit = 32, $symbols = false)
    {
        $string = 'a|b|c|d|e|f|g|h|i|j|k|l|m|n|o|p|q|r|s|t|u|v|w|y|z|A|B|C|D|E|F|G|H|I|J|K|L|M|N|O|P|Q|R|S|T|U|V|W|X|Y|Z|';

        if($symbols == true)
        {
            $string .= '$|@|_|-|+'; 
        }

        $ary = explode('|', $string);

        $link = '';

        shuffle($ary);

        foreach($ary as $letter)
        {
            $link .= $letter . rand(0, 9);
        }

        if(!empty($limit) || $limit != 10)
        {
            return substr($link, -$limit);
        }
        else
        {
            return substr($link, -10);
        }
    }
}

?>

The $session->session_begin() is called in the header.php which is called every time a page refresh is done. $session->session_restart() is only called when a logout has occured or the user details does not match the session details in the database.

I really have no good potential knowledge how to create a good script for keep sessions well kept and assigned to the right user – I start to get confused when I script something like this and how to keep it well written…

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    This may sound harsh, but you need to ditch the script. It’s holding you back!

    PHP has built-in session handling with extensive configuration options. In fact, you’re actually using it inside your own code… and then you’re adding on an unnecessary layer of complexity.

    Call session_start at the top of your script to open a session. PHP will do the rest. It will keep track of the user with it’s own cookie. You can set all the cookie options using the configuration.

    To log a user in, just set a value in the $_SESSION array, just like you’re doing now. All of the things you’re keeping as properties of your class — the user id, the user agent and IP, etc — can just be stored in the array. You can even regenerate the session id on login/logout, just as your current code does.

    • 0