PHP - Still Troubled With Session And Vat Function

Hello,

I am puzzled as to how to get this code actually working, I am using some example code, I want the code to remove the data of the logged in users, at the moment it will remove all users registered in the mysql db.

<?php
# Access session.
session_start() ;

if ( !isset( $_SESSION[ 'user_id' ] ) ) { require ( 'login_tools.php' ) ; load() ; }

# Connect to the database.
require ('connect_db.php');

// Attempt delete query execution
$sql = "DELETE FROM users WHERE user_id=user_id";
if(mysqli_query($dbc, $sql, $q)){
    echo "Records were deleted successfully.";
} else{
    echo "ERROR: Could not able to execute $sql. " . mysqli_error($dbc);
}
# Close database connection.
mysqli_close( $dbc ) ;
?>

$_session id knows that the user is logged into the control page, but for the code to remove the particular user logged in from the db, what exactly does this need?

Thank you.

Deprecated: Function session_register() is deprecated in /home/james/public_html/funshizzle.com/install/session.php on line 0


That is my error, I have no idea, What is it?

hi everyone.

i'm wondering what the best way is to create a session variable and pass it to an iframe.
i need to do something along these lines, but it doesn't seem to pass the ID. Any hints on how i should accomplish this?

Code: [Select]
session_start();
  $_SESSION['ID']=$_GET['ID']; // id from previous page
$ID=session_id();

 <iframe src="iframepage.php?ID=<?php echo $ID; ?>" style="width:680px; height:200px;" noresize="noresize" frameborder="0" border="0" scrolling="Yes" allowtransparency="true" /> </iframe>

I'm making a simple login system with MySQL and PHP (very simple, I'm just starting with PHP). The MySQL portion is done, but I need to ensure only people who are logged in can see certain content.

To check if people are logged in, my website checks that they have the $_SESSION['user'] variable set. If it is set, then it lets them continue through the website, if not, it tells them to login. Is that enough security, or can people simply inject a session cookie into their browser to spoof that they are logged in?

My idea was to generate a session key cookie when they login (just a random string of letters and numbers) and store that in the database, then on every page, check to make sure their session key is the same thing that's in the database. Is this necessary? It seems expensive.

Just curious how other people feel about this.  I am working on an application where a lot of info is pulled from MySQL and needed on multiple pages.     Would it make more sense to...   1.  Pull all data ONCE and store it in SESSION variables to use on other pages    2.  Pull the data from the database on each new page that needs it   I assume the preferred method is #1, but maybe there is some downside to using SESSION variables "too much"?   Side question that's kind of related:  As far as URLs, is it preferable to have data stored in them (i.e. domain.com/somepage.php?somedata=something&otherdata=thisdata) or use SESSION variables to store that data so the URLs can stay general/clean (i.e. domain.com/somepage.php)?   Both are probably loaded questions but any possible insight would be appreciated.   Thanks! Greg
Edited by galvin, 04 November 2014 - 10:30 AM.

Evening!

I've been iffing and ahhing over this and well im not too sure, hence the post.

Code: [Select]
// Redirects if there is no session id selected and echos the error on the previous page
if(!isset($_GET['get']) || ($_GET['getget'])){
header("Location: #.php?error");
}
So it should simply check if get is set if it isnt then see if getget is set?

If not redirect and show the error.

Now ive tried it and even when get/getget is set it still redirects, probably something silly. Care to share anyone?

Harry.

Hello all, I have some piece of code that is nested like this


$variable = 'This is a global argument';
function parentFunction($variable) {
function childFunction() {
echo 'Argument of the parent function is '.$GLOBALS['variable'];
}
childFunction();
}
parentFunction(5);


What I want to know is - Is there a way to access a variable from the parent function without passing arguments to the child function? (Something like how classes have parent::?). I don't want to use $GLOBALS because it might cause some variable collision, and I didn't want to pass arguments because incase I decide to change the arguments in the parent function I'd have to do it in the child function aswell. From my searching around in the Internet it seems like this is not possible, but if theres a slight chance that there might be something out there, i'm willing to give it a shot .

Thanks in advance

I have this function completely written in my class file that I am working on.  The point to this function is to be able to check the login of a user or administrator for either of the control panels associated with my site.

It will check the session intime as well as the page / module referenced.  Once it passes all those checks, it will check and ensure the emailaddress/password stored in the current session still holds true and the account is still active...  if the account is still active it will update the lastActivity as well as update all of the session variables with what is currently in the database.

What I am looking for is basically a look at the function, see if it looks good..  If there is any part to it that could create security holes for the site just off the login function itself...

Usage: $q->validUser($_SESSION['user'], $_mod);

<?php
 function validUser($sess, $p) {

if ($sess['inTime'] == '' && $p != 'login' && $p != 'logout') {
session_destroy();
$login = '0';
$_int = '';
return $login;
} else if ($sess['inTime'] < time()-3600 && $p != 'login') {
$sess['inTime'] = '';
session_destroy();
$this->check_login($sess, $p);
} else {
$this->user = $sess['emailAddress'];
$this->pass = $sess['password'];

$login = $this->sql_query("SELECT * FROM users WHERE emailAddress = '".$this->user."' AND password = '".$this->pass."' 
   AND status = '1' LIMIT '1'");
if ($login = $this->sql_numrows($login) < 1) {
$sess['inTime'] == '';
session_destroy();
$login = '0';
} else {
// logged in, lets update the database for last_activity AND the session.

$this->sql_query("UDATE users SET lastActivity = '".now()."' WHERE
  emailAddress = '".$this->user."'");
$login = $this->sql_query("SELECT * FROM users WHERE emailAddress = '".$this->user."' AND password = '".$this->pass."' 
       AND status = '1' LIMIT '1'");
$login = mysql_fetch_assoc($login);
foreach ($login as $key => $value)
{ 
$sess[$key] = $value;
}
$sess['inTime'] = time();
$login = '1';
}
return $login;
}
}

?>

That is the main function, sql_query and sql_numrows is:

<?php
function sql_query($query = "", $transaction = FALSE) {
unset($this->query_result);

if ($query != "") {
$this->num_queries++;
if ($transation == BEGIN_TRANSACTION && !$this->in_transation) {
$result = mysql_query("BEGIN", $this->db_connect_id);
if (!$result) {
return false;
}
$this->in_transaction = TRUE;
}

$this->query_result = mysql_query($query, $this->db_connect_id);
} else {
if ($transaction == END_TRANSACTION && $this->in_transaction ) {
$result = mysql_query("COMMIT", $this->db_connect_id);
}
}
if ($this->query_result) {
unset($this->row[$this->query_result]);
unset($this->rowset[$this->query_result]);

if ($transaction == END_TRANSACTION && $this->in_transaction ) {
$this->in_transaction = FALSE;
if (!mysql_query("COMMIT", $this->db_connect_id)) {
mysql_query("ROLLBACK", $this->db_connect_id);
return false;
}
}
return $this->query_result;
} else {
if ($this->in_transaction ) {
mysql_query("ROLLBACK", $this->db_connect_id);
$this->in_transaction = FALSE;
}
return false;
}
}

function sql_numrows($query_id = 0) {
if(!$query_id) {
$query_id = $this->query_result;
}
return ($query_id) ? mysql_num_rows($query_id) : false;
} ?>

Any insight that can help to benefit these functions would be appreciated.

I need to call usort from a class function, and I'm puzzled about how to define the comparison function.

I've tried to define the comparison function in the same class, but I can't get usort to call it. I found one hint that it will work if I make the comparison function static, but I tried that, and it didn't work for me.

If I define the comparison function outside the class, it won't have access to object properties that it needs to operate.

The only solution I can think of is to define the comparison function outside the class and put the object properties it needs in globals. Is there a cleaner way to do this?

Question 1) Is the only and proper way to call a parent function "parent::function()"?  Are there other/better ways from within a child function?

Question 2) What are the deciding factors for when to make a function or attribute static?  How do you make that decision?  Assuming 5.3...

Thanks.

I want to define a function instead of repeating query in all my php pages. I call a function by passing an $id value and from that function i have to get all the info related to that id, like name, description and uom.    I am trying to do this, but i dont know how to get these values seperately.   here is my function  

function items($item_id)
{
$details = array(); 
$result = mysql_query("select item_id, name, uom, description from items where item_id=".$item_id."") or die (mysql_error());
while($row = mysql_fetch_array($result))
{
$details[] = array((stripslashes($row['name'])), (stripslashes($row['uom'])), (stripslashes($row['description'])));
}
return $details;
}

and i call my function like this

$info = items($id);

Can somebody guide me in this    

When I put this chunk of code into it's own function:


function fetch_all ($dbc, $query) {

include ('knuffix_list_func.php');

pagination_start ($dbc, $query);

$offset = $pag_array[0];

$rows_per_page = $pag_array[1];

$query = $query . " LIMIT $offset, $rows_per_page";

echo "test query: " . $query;

knuffix_list ($query, $dbc);

pagination_end ($pag_array);
}


And when I echo out the query as you can see in the example, then I notice that the variables $offset and $rows_per_page never get appended.
I set the variable $pag_array to a global inside the function pagination_start(). It usually works when I DON'T wrap a function around this chunk of code, but if I do wrap a function around everything then the global suddenly won't work anymore.

Btw, this also won't work if I wrap a function around the function DECLARATIONS.

Any ideas, how I could make it work?

im using a function which connects to a db called 'comments' and then inside that function i again called another function that will connect to the db 'main' to get avatars.... but as i put Code: [Select]
mysql_select_db("main") or die(mysql_error()); on the new function, the original function stops to fetch rows.

i tried to remove "mysql_select_db("main") or die(mysql_error());" and used the new function to return some text only and it worked, so i guess the connection to the db was the problem... i tried doing Code: [Select]
mysql_query("SELECT * FROM  main.avatar
INNER JOIN main.list ON main.avatar.title=main.list.id
WHERE main.avatar.page_id='$id'"); but it also didnt work

I've followed the PHP Freaks pagination tutorial which you can find here.

And I also got it to work, the only problem is that the script won't work when I use the query outside of the function.

Here's the function:



<?php 
function knuffix_list ($query, $dbc) {

// find out how many rows are in the table:
$query_row = "SELECT COUNT(*) FROM con";
$query_run = mysqli_query ($dbc, $query_row);
$row = mysqli_fetch_row($query_run);
$num_rows = $row[0];

// number of rows to show per page
$rows_per_page = 5;

// find total pages -> ceil for rounding up
$total_pages = ceil($num_rows / $rows_per_page);

// get the current page or set a default
if (isset($_GET['current_page']) && is_numeric($_GET['current_page'])) {

// make it an INT if it isn't

$current_page = (int) $_GET['current_page'];

} else {

// default page number

$current_page = 1;

}


// if current page is greater than total pages then set current page to last page
if ($current_page > $total_pages) {

$current_page = $total_pages;

}

// if current page is less than first page then set current page to first page
if ($current_page < 1) {

$current_page = 1;

}

// the offset of the list, based on current page
$offset = (($current_page - 1) * $rows_per_page);

echo "test " . $query;

// SCRIPT ONLY WORKS IF I INSERT QUERY HERE

$query

= "SELECT * FROM con, user WHERE con.user_id = user.user_id ORDER BY contributed_date DESC LIMIT $offset, $rows_per_page";

$data = mysqli_query ($dbc, $query) or die (mysqli_error ($dbc));

// Loop through the array of data

while ($row = mysqli_fetch_array ($data)) {

global $array;

// Variables for the table

$con_id = $row['con_id'];

$likes_count = $row['likes'];

$dislikes_count = $row['dislikes'];

$dbuser_name = $row['nickname'];

$dbuser_avatar = $row['avatar'];

$user_id = $row['user_id'];

// The TABLE

echo "<table padding='0' margin='0' class='knuffixTable'>";

echo "<tr><td width='65px' height='64px' class='avatar_bg' rowspan='2' colpan='2'><img src='avatar/$dbuser_avatar' alt='avatar' /></td>";

echo "<td class='knuffix_username'><strong><a href='profile.php?user=$dbuser_name' title='Profile of $dbuser_name'>" . $dbuser_name . "</a> ___ " . $user_id . "____ <form action='' method='POST'><button type='submit' name='favorite' value='fav'>Favorite</button></form>";

echo "</strong><br />" . $row['category'] .  " | " . date('M d, Y', strtotime($row['contributed_date'])) . "</td></tr><tr><td>";

echo "<form action='' method='post'>

<button class='LikeButton' type='submit' name='likes' value='+1'>Likes</button>

<button class='DislikeButton' type='submit' name='dislikes' value='-1'>Dislikes</button>

<input type='hidden' name='hidden_con_id' value='" . $con_id . "' />

</form></td><td class='votes'>Y[" . $likes_count . "] | N[" . $dislikes_count . "]</td></tr>";

echo "<tr><td class='knuffix_name' colspan='3'><strong>" . htmlentities($row['name']) . "</strong><br /></td></tr>";

echo "<tr><td colspan='2' class='knuffix_contribution'><pre>" . $row['contribution'] . "</pre><br /></td></tr>";

echo "</table>";

// POST BUTTONS inside the table

$likes = $_POST['likes'];

$dislikes = $_POST['dislikes'];

$con_id = $_POST['hidden_con_id'];

$favorite = $_POST['favorite'];

$array = array ($likes, $dislikes, $con_id, $user_id, $favorite);

}

/********* build the pagination links *********/

// BACKWARD
// if not on page 1, show back links and show << link to go back to the very first page
if ($current_page > 1) {

echo " <a href='{$_SERVER['PHP_SELF']}?current_page=1'><<</a> ";

// get previous page number and show < link to go to previous

$prev_page = $current_page - 1;
 

echo " <a href='{$_SERVER['PHP_SELF']}?current_page=$prev_page'><</a> ";

}

// CURRENT
// range of number of links to show
$range = 3;

// loop to show links in the range of pages around current page
for ($x = ($current_page - $range); $x < (($current_page + $range) + 1); $x++) {

// if it's a valid page number...

if (($x > 0) && ($x <= $total_pages)) {

// if we're on current page

if ($x == $current_page) {

// highlight it but don't make a link out of it

echo "[<b>$x</b>]";

// if it's not the current page then make it a link

} else {

echo "<a href='{$_SERVER['PHP_SELF']}?current_page=$x'>$x</a>";

}

}
}


// FORWARD
// if not on the last page, show forward and last page links
if ($current_page != $total_pages) {

// get next page

$next_page = $current_page + 1;

// echo forward link for next page

echo " <a href='{$_SERVER['PHP_SELF']}?current_page=$next_page'>></a> ";

// echo forward link for last page

echo " <a href='{$_SERVER['PHP_SELF']}?current_page=$total_pages'>>></a> ";

}

/***** end building pagination links ****/

mysqli_close($dbc);

}

?>


As you can see above, the script will only work if I put the query right below the $offset variable and above the $data variable.

I put the test echo above the query to see how the query looks like when I induce the query from the outside through the function parenthesis into the function, and this is what I get printed out:


test SELECT * FROM con, user WHERE con.user_id = user.user_id ORDER BY contributed_date DESC LIMIT ,


Obviously the $offset and the $rows_per_page variables are not set, when I induce the query from the outside into the function.

So in that sense my question is:

How can I induce the query from the outside into the function SO THAT the $offset and the $rows_per_page variables are set as well and NOT empty?


p.s.

I need the query outside of the function because I'm using a sort by category functionality.