Handling sessions with procedural PHP

Question

I would like to dedicate this page to handling sessions using procedural php.

I'll begin with how I start most of my projects:

session_name('Easy_App');
session_start();

if (!isset( $_SESSION['ip'] )){
    $_SESSION['ip'] = $_SERVER['REMOTE_ADDR'];
}

if (!isset( $_SESSION['created'] )){
    $_SESSION['created'] = time();
}

if (!isset( $_SESSION['overall_views'] )){
    $_SESSION['overall_views'] = 1;
}
else {
    $_SESSION['overall_views']++;
}

if (!isset( $_SESSION['username'] )){
    $_SESSION['username'] = "";
}

if (!isset( $_SESSION['logged_in'] )){
    $_SESSION['logged_in'] = 0;
}

/*A quick method to keep pageviews to < 5 pages per 1 second per session*/
if (!isset($_SESSION['first_action'])){
   $_SESSION['first_action'] = time();
}

$first_action = $_SESSION['first_action'];
if (!isset( $_SESSION['action'] )){
   $_SESSION['action'] = 1;
}
else{
  $_SESSION['action']++;
}

$action=$_SESSION['action'];
if ($action>=5){
  unset($_SESSION['action']);
  unset($_SESSION['first_action']);
  if((time() - $first_action) <=1){
    exit("Please Don't Hammer My Site ");
  }
}

So We have a starting point:

The Start of a session with a few regularly used parameters
In the last few lines, prevention of hammering by casual users.

My question is this:

Where would you go from here? Improvements of the above code or a brief snippet of how you handle sessions using procedural php would be greatly appreciated.

The first improvement would be in formatting. That's a dense wall of text. Learn to love the Enter key. — HappyTimeGopher, Apr 28 '12 at 23:25
@KarolyHorvath Yes sir! No time machine needed. Bonus points for succinctness and clarity. — FredTheWebGuy, Apr 29 '12 at 00:35

score 1 · Accepted Answer · edited May 23 '17 at 11:55

1

Your code would not work If you are trying to STOP Hammer or FLOODING if the user doesn't keep cookies your Sessions are useless and the script is a waste ... you should try better approach using storage systems like memcache , mongoDB or redis

See : https://stackoverflow.com/a/10155437/1226894 .... this has been answered before

EDIT 1

Am not sure what you want by procedural PHP but i hope this helps

Objectives

Remove duplicate isset
Remove duplicate if Statement
Create single function to get and set $_SESSION
Trying to make everything a function and hide all variables

Final Code

session_start ();
include("procedural.function.php");
__SESSION ( 'ip', $_SERVER ['REMOTE_ADDR'] );
__SESSION ( 'created', time () );
__SESSION ( 'overall_views', 1 );
__SESSION ( 'overall_views', "++" );
__SESSION ( 'username', "" );
__SESSION ( 'logged_in', 0 );
__SESSION ( 'first_action', time () );
__SESSION ( 'action', "++" );

if (__SESSION ( 'action' ) >= 5) {
    __UNSET ( 'action' );
    __UNSET ( 'first_action' );
    if ((time () - __SESSION ( 'first_action' )) <= 1) {
        exit ( "Please Don't Hammer My Site " );
    }
}

procedural.function.php

function __SESSION($var, $value = null) {
    if ($value === null) {
        return isset ( $_SESSION [$var] ) ? $_SESSION [$var] : null;
    } else if ($value === "++") {
        isset ( $_SESSION [$var] ) ? $_SESSION [$var] ++ : $_SESSION [$var] = 0;
        return $_SESSION [$var];
    } else {
        isset ( $_SESSION [$var] ) ? $_SESSION [$var] = $value : null;
        return $value;
    }
}


function __UNSET($var) {
    unset ( $_SESSION [$var] );
}

edited May 23 '17 at 11:55

Community

1
1

answered Apr 28 '12 at 23:25

Baba

94,024
28
166
217

1

I think by "procedural php" he means no OOP. So that Memcache class might not be what he's after. – HappyTimeGopher Apr 28 '12 at 23:27
@HappyTimeGopher i only gave my opinion .. as far as i know the entire script is useless if his aim is to prevent spamming or hammer has he called it ... – Baba Apr 28 '12 at 23:29
Okay. Whether or not cookies are used was not the point of the question. How would YOU handle sessions using procedural php? BTW- Every project doesn't necessarily require memcached.Thanks for the downvote. – FredTheWebGuy Apr 28 '12 at 23:30
2

@DudeSolutions: You should probably explain what you mean by "procedural php" and better yet, include why you want to restrict yourself to it. – jedwards Apr 28 '12 at 23:31
Thanks for the clarification ... I did not down vote you ... i was just given my advice i might have misunderstood your question but your code was clear – Baba Apr 28 '12 at 23:32
@jededwards Not trying to restrict myself at all! Sure, it's not the year 2002....Just a question. This is more or less an exercise in starting a dialog of how one would handle sessions using procedural php. Nothing more! – FredTheWebGuy Apr 28 '12 at 23:36
@Baba And I agree that this snippet will not prevent flooding, surely. It works with casual users with cookies enabled, however, so I leave it in! Why not? A starting point. – FredTheWebGuy Apr 28 '12 at 23:38
You said you don't want OPP so i removed it ... am rewriting your code for improvement now – Baba Apr 28 '12 at 23:39
1

@Baba Reads like poetry! Now I'm starting wonder why people want to limit themselves to just OOP PHP :P – FredTheWebGuy Apr 29 '12 at 00:02
I'm not sure that OOP "wins" if a procedural approach can meet the same design goal. But thanks for rewriting my rather repetitive ditty for handling sessions. – FredTheWebGuy Apr 29 '12 at 00:13
Am glad i was able to help ... Just reduced function to 10 line .. if i can do more i'll try – Baba Apr 29 '12 at 00:25

Handling sessions with procedural PHP

1 Answers1