Login using sessionid or time

hi all,
i have written a code in php using sessions.below is the code…

<?php
if(!isset($_SESSION)) 
{
 session_start();
}
$now = time();
$limit = $now;
if(isset($_SESSION['last_activity']) && ($_SESSION['last_activity'] < $limit)) 
{
 $_SESSION = array();
 header('Location:logout.php');
 exit;
} 
else 
{
//the current time
$_SESSION['last_activity'] = $now;
}
?>

.
tell me how to modify in the above code that if the user is entering for first
time then using time() or sessionid it should be stored
or else if he is entering for first time then using current time() or sessionid
it must be stored…

I do not understand the question well but I guess you need a mechanism which will log out the user after specified inactivity time.
To do that lets try:

session_start();

if( isset($_SESSION["last_activity"]) ) {
  if( time() - $_SESSION["last_activity"] > LIMIT ) {
    session_destroy();
    header("Location:logout.php");
    exit;
  }
  $_SESSION["last_activity"] = time();
}
else {
  if( login() ) $_SESSION["last_activity"] = time();
}

yes but i have connected to the database
below is my code …
first it should match for username with password tell me how to modify it…

<?php
session_start();
//connect to database
mysql_connect("localhost","root","") or die("mysql_error()");
mysql_select_db("shopping") or die("mysql_error()");
?>
<form action="" method="POST">
Username:<input type="text" name="username"><p/>
Password:<input type="password" name="password"><p/>
<input type="submit" name="login" value="log in">
</form>

<?php
session_start();


//connect to database
$db = mysql_connect("localhost","root","") or die( mysql_error() );
mysql_select_db("shopping", $db) or die( mysql_error() );
mysql_set_charset("utf8", $db) or die( mysql_error() );

$islogged = FALSE;
if( isset($_SESSION["last_activity"]) ) {
  if( time() - $_SESSION["last_activity"] > LIMIT ) {
    session_destroy();
    header("Location:logout.php");
    exit;
  }
  $_SESSION["last_activity"] = time();
  $islogged = TRUE;
}
else {
  if( isset($_POST["username"]) && isset($_POST["password"]) ) {
    $result = mysql_query(
      "SELECT DISTINCT * FROM `users` WHERE " .
      "`username` = '{$_POST["username"]}' AND " .
      "`password` = '{$_POST["password"]}'"
    );

    if(!$result) die( mysql_error() );
    if( mysql_num_rows($result) ) {
      $_SESSION["last_activity"] = time();
      $islogged = TRUE;
    }
    else {
      $error = "username and password do not match";
    }
  }
}
?>

<?php if(!$islogged): ?>
<form action="<?=$_SERVER['HTTP_REQUEST']?>" method="POST">
<?php if( isset($error) ): ?>
  <p><?=$error?></p>
<?php endif; ?>
Username:
<input
  type="text"
  name="username"
  value="<?=isset($_POST['username'] ? $_POST['username'] : ''?>"
><p/>
Password:
<input
  type="password"
  name="password"
  value="<?=isset($_POST['password'] ? $_POST['password'] : ''?>"
><p/>
<input type="submit" name="login" value="log in">
</form>
<?php endif; ?>

k in ur code if my username and password matches only then it will be going to next page
here it should be “products.php”(for shopping there will be various items) and tell me how to logout…

if( !isset($_SESSION[“last_activity”]) || time() - $_SESSION[“last_activity”] > LIMIT ) {
session_destroy();
header(“Location:logout.php”);
exit;
}

// REST OF PAGE

whether this code is correct or previous code is correct what is the difference briefly tell me
and which is correct…

The longest code is a login page code, as I have written to you the action after successful login can be vary.
The second one is a products.php code.

in second code u have sent what is
// REST OF PAGE
what will it contain…

What do you think? The rest of your page

can u integrate all the code which is “login.php” and " products.php" and “logout.php”…

user.php

<?php
defined("MY_SYSTEM") or die("Direct access to this location is disallowed");
define("LIMIT", 10);

session_start();
function isLoggedIn() {

  if( !isset($_SESSION["last_activity"]) || time() - $_SESSION["last_activity"] > LIMIT) {
    session_unset();
    return FALSE;
  }
  
  $_SESSION["last_activity"] = time();
  return TRUE;
}

function redirectTo($location) {
  header("Location:{$location}");
  die();
}
?>

login.php

<?php
define("MY_SYSTEM", "1");
require_once("user.php");

//connect to database
$db = mysql_connect("localhost","db_user", "db_password") or die( mysql_error() );
mysql_select_db("db_name", $db) or die( mysql_error() );
mysql_set_charset("utf8", $db) or die( mysql_error() );

// Logged in so go to the products page
if( isLoggedIn() ) {
  redirectTo("products.php");
}

// Try to login
if( isset($_POST["username"]) && isset($_POST["password"]) ) {
  $result = mysql_query(
    "SELECT DISTINCT * FROM `users` WHERE " .
    "`username` = '{$_POST["username"]}' AND " .
    // passwords are encrypted by MySQL password function
    "`password` = password('{$_POST["password"]}')"
  );

  if(!$result) die( mysql_error() );
  
  // login successful
  if( mysql_num_rows($result) ) {
    $_SESSION["last_activity"] = time();
    redirectTo("products.php");
  }
  
  // login failed
  else {
    $error = "username and password do not match";
  }
}
?>
<form action="<?=$_SERVER['REQUEST_URI']?>" method="POST">
  <?php if( isset($error) ): ?>
  <p><?=$error?></p>
  <?php endif; ?>
  <p>
    Username:
    <input
      type="text"
      name="username"
      value="<?=isset($_POST['username']) ? $_POST['username'] : ''?>"
    />
  </p>
  <p>
    Password:
    <input
      type="password"
      name="password"
      value="<?=isset($_POST['password']) ? $_POST['password'] : ''?>"
    />
  </p>
  <p>
   <input type="submit" name="login" value="log in" />
  </p>
</form>

products.php

<?php
define("MY_SYSTEM", "1");
require_once("user.php");

if( !isLoggedIn() ) {
  redirectTo("login.php");
}

/* Show the rest of page */
?>
<h1>Hello in the products world!</h1>

in the code u posted where is “login.php” in “user.php”