IRGeekSauce IRGeekSauce - 2 months ago 11
MySQL Question

Not how to create a session timeout in Php, but where?

My boss purchased some web-based software (PC Repair Tracker...it's amazing), and put me in charge of installing it on our domain, configuring the database, the pricing, the look and feel (html/css). the ticketing system, etc. It's basically a template that you purchase and fully customize to meet your needs.

Configuring it wasn't too bad, even considering I am still a novice with PHP MySQL, etc. My boss requested I "make it logout after a certain time" because it contains sensitive info, and repairs are tracked by employee to know who to go to when information is needed on a device that's at our store.
What he means is that I need to write a timeout function.

The problem is not just creating the timeout function, but knowing where to put it? There are probably close to 100 files the website folder, each one of them a .php file (except for css stuff and images). Do I use the intuitive approach and start with login.php?

And how do I know what to call my variables?

The interface begins at the landing page with a login form. I don't think I would want to start at login.php, because they need to at least be logged in.

I installed FirePHP for Firefox and I noticed a function being called: It says:

GET ajaxhelpers.php?func=refreshnotifications


It pops up every minute or so. When I find that .php file, it's very short, and says:

if (array_key_exists('func',$_REQUEST)) {
$func = $_REQUEST['func'];
} else {
$func = "";
}
function nothing() {
}
function refreshnotifications() {
require("deps.php");
require_once("common.php");
echo pcrtnotify();
}
switch($func) {

default:
nothing();
break;

case "refreshnotifications":
refreshnotifications();
break;
}
?>


I also found a "validate.php" that sends a user to the login page. Could I put a function there?

<?php
include("deps.php");
$validated = false;

//Use $_COOKIE to get the cookie data . same usage as $_POST
if(isset($_COOKIE["username"])&&isset($_COOKIE["password"])) {

$user = $_COOKIE["username"];
$pass = $_COOKIE["password"];

//Begin validation code
if(isset($passwords[$user])) if($passwords[$user]== $pass) $validated = true;
//End validation code
}

if($validated) {
//Ok; don.t need to do anything
} else {
//Make user go to login page

die("<a href=../store/login.php class=\"linkbuttonmedium linkbuttongray radiusall\">please login</a>");


exit;
}
?>


Is this a good start? Sorry for the lengthy question. I'm not asking for homework advice or anything. I'm just trying to learn php in a crash course fashion because he's going to want results yesterday. Lol.

It seems like I could put a condition in there that says,

if($validated && idle_time > time_allowed) {
go to logout.php
}


But then again, I'm a php noob.

Answer

Search for session_start() and before that line add the following

session_set_cookie_params(3600,"/");

The number is in seconds. So 3600 represents one hour.