|
PHP - Session Question
Hi Guys
New to php so stick with me. I'm trying to create a simple login script that will grant a user access to content that is only viewable by those people who are logged in. I'm ok doing the login part and authenticating the password etc. But once the user gets directed to the content page how can I ensure that only a registered user who is logged in sees that page? (probably missing something very obvious here). I've tried reading around but not found much on this specific question. Should I set the user's username and password (which is encrypted) as session variables and authenticate them as the first stage of each page they visit? Or is there a better way of doing this? Don't worry, not looking for you to write the code just a description of the best way of doing it would be great! Thanks, Drongo Similar TutorialsIm pretty new to PHP, but have managed to create a login system for a small site, my question relates to why Im entering a certain piece of code, I understand the code apart from the getting the information from a form and assigning it to a variable, I have a username form with one submit button, (username) which goes to a script called register.php I have this in my php: <?php error_reporting(E_ALL & ~E_NOTICE & ~E_DEPRECATED); $username=$_POST['username']; session_register("username"); header("location:index2.php"); ?> then in my index2.php page i have this: <?php error_reporting(E_ALL & ~E_NOTICE & ~E_DEPRECATED); session_start(); $username= $_SESSION['username']; ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>My Page</title> </head> <body> <p> Hi <?php echo $username; ?> </p> </body> </html> Ive simplified what ive done here,why am I declaring a variabel to get the form contents? cant I just get the contents? and then register? I dont need a variable.. If I remove the line, it doesnt work obviously.. thanks Hi all a small question. I was wondering if someone knows what would be the approach to achieve the following. on a page I show a random number. If the page refreshes (selfreferencing) It shows a new random number but also a the previous number, and this must be able to repeat itself : ) So to make it more visible: New Random number = 98765 Previous Number = 56412 This is what I have but it's ofc not working because ones the session var has been set it will not show the previous variable but the very first one. <?php session_start(); $random_number .= mt_rand(1,100000); if(!isset($_SESSION['number'])){ $_SESSION['number']=$random_number; } // echo all out: echo 'New random number is: '.$random_number; echo 'Previous number is: '.$_SESSION['number']; ?> I bet i need another variable to store the previous one in but for some reasons my brains don't work at the moment What is the best practice to use cookies and sessions? Should i create a cookie and keep inside the cookie the name of the username the user has logged in or a session? How am i supposed to compine theese two? Is there any example or a tutorial on this? For example how does php freaks sessions and cookies work. Hi guys, I was wondering if we have table of seats in a cinema (which makes the quantity to 1) and two users are booking the same seat at the same time on our application. How can we prevent that? I though if we create a session or even update that seat row and then if user doesn't finish the booking/or leave the browser on fora while in 10-15 minutes, that session still remains on. I'm sure we can expire that session how can we prevent both users have the same session and if one doesn't complete the purchase for any reason then how session can automatically update the database after that 15 minutes? Thanks in advance. I have a business social network site on hosting server. I am wondering if sessions are enough secure. ini_set('session.use_only_cookies', 1); //this prevent Session Fixation? session_start(); if($_SESSION['loggedIn'] && $_SESSION['userIP']==$_SERVER["REMOTE_ADDR"]) // extra security //user is logged in, assign all data to this profile from session else //user is not logged in, no data are assigned Would you consider that as enough secure? is it necessary to store users session on db? if so please explain someone why? and block multiple session login. say if im logged in and someone else tries to log into my id from some other place how would i stop that to happen? any idea and example would be appreciated. hi guys. i am trying to set a variable to the session global variable. I've initialized the session with session_start(); at the very beginning of my website, and then i try finding if a session variable has been set like so if(isset($_SESSION['user'])) { print 'user is logged in'; } but this works in reverse. i have not set any session variables, but asking if it is set, results in an affirmative answer. so i am thinking this is because of register_globals. because i went to read about register_globals, and it says that if register_globals is turned off, i cannot use any other varibale except members of the session array. i dont know what that is yet, but a question befo in the php manual it says register_globals is deprecated, and it appears i need to enable it to set other variables as session variables besides it's associative array. if this is true, how to enable register_globals and allow other variables to be used as session variables? in this page http://maximaart.com/newscp/ i have this problem Code: [Select] Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/maximasy/public_html/newscp/index.php:1) in /home/maximasy/public_html/newscp/index.php on line 2 my source code is <?php session_start(); include_once("config.php"); include_once("functions.php"); $errorMessage = ''; if (isset($_POST['txtUserId']) && isset($_POST['txtPassword'])) { if ($_POST['txtUserId'] === "$user" && $_POST['txtPassword'] === "$pass") { // the user id and password match, $_SESSION['basic_is_logged_in'] = true; require("main.php"); exit;?> I am trying to create an index page which contains registration and login field the problem that i get is on successful login a warning is displayed session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at C:\xampp\htdocs\Eventz.com\index.php:116) in C:\xampp\htdocs\Eventz.com\index.php on line 235 This is the login part of my index.php this tag is inside an html table below the login form I also have a registration form and its php code above the login form Code: [Select] <?php if (isset($_REQUEST['pass'])) { $id=$_POST['id']; $pass=$_POST['pass']; $conn =mysql_connect("localhost","root",""); if (!$conn) { die('Could not connect: ' . mysql_error()); } /* checking connection....success! */ $e=mysql_select_db('test', $conn); if(!$e) { die(''.mysql_error()); } else { echo 'database selected successfully'; } if (isset($_REQUEST['id']) || (isset($_REQUEST['pass']))) { if($_REQUEST['id'] == "" || $_REQUEST['pass']=="") { echo "login fields cannot be empty"; } else { $sql=mysql_query("Select email,password from login where email='$id' AND password='$pass'"); $count=mysql_num_rows($sql); if($count==1) /* $count checks if username and password are in same row */ { session_start(); $_SESSION['id']=$id; echo "</br>Login Successful</br>"; } else { echo "</br>invalid</br>"; echo "please try to login again</br>"; } } } } ?> Any help or suggestion would be appreciated I am having trouble resolving an error. Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/s519970/public_html/header.php:27) in /home/s519970/public_html/admin/login.php on line 2 What I can gather is I can't use "header (Location: 'admin.php')" after i've used session_start(). I have tried to replace the header (Location: 'admin.php') with this: echo "<script>document.location.href='admin.php'</script>"; echo "<script>'Content-type: application/octet-stream'</script>"; I've been trying to read up on solutions but haven't been able to get it sorted. If anyone can offer some advice that would be greatly appreciated as im new to php. Code: [Select] <?php session_start(); if(isset($_SESSION['user'])) echo "<script>document.location.href='admin.php'</script>"; echo "<script>'Content-type: application/octet-stream'</script>"; ?> <div id="loginform"> <form action="dologin.php" method="post"> <table> <tr> <td><span>Username:</span></td> <td><input type="text" name="username" /></td> </tr> <tr> <td><span>Password:</span></td> <td><input type="password" name="password" /></td> </tr> <tr> <td colspan="2" align="right"><input type="submit" name="login" value="Login" /></td> </tr> </table> </form> </div> I have tried using require_once('yourpage.php'); before my <head></head> tags in the header document where I've specified the html information but this doesn't seem to work. I've been advised to use ob_start("ob_gzhandler"); but I am not sure how to implement this. Any advice is greatly appreciated! hi everyone. i'm wondering what the best way is to create a session variable and pass it to an iframe. i need to do something along these lines, but it doesn't seem to pass the ID. Any hints on how i should accomplish this? Code: [Select] session_start(); $_SESSION['ID']=$_GET['ID']; // id from previous page $ID=session_id(); <iframe src="iframepage.php?ID=<?php echo $ID; ?>" style="width:680px; height:200px;" noresize="noresize" frameborder="0" border="0" scrolling="Yes" allowtransparency="true" /> </iframe> I'm making a simple login system with MySQL and PHP (very simple, I'm just starting with PHP). The MySQL portion is done, but I need to ensure only people who are logged in can see certain content. To check if people are logged in, my website checks that they have the $_SESSION['user'] variable set. If it is set, then it lets them continue through the website, if not, it tells them to login. Is that enough security, or can people simply inject a session cookie into their browser to spoof that they are logged in? My idea was to generate a session key cookie when they login (just a random string of letters and numbers) and store that in the database, then on every page, check to make sure their session key is the same thing that's in the database. Is this necessary? It seems expensive. Just curious how other people feel about this. I am working on an application where a lot of info is pulled from MySQL and needed on multiple pages.
Would it make more sense to...
1. Pull all data ONCE and store it in SESSION variables to use on other pages
2. Pull the data from the database on each new page that needs it
I assume the preferred method is #1, but maybe there is some downside to using SESSION variables "too much"?
Side question that's kind of related: As far as URLs, is it preferable to have data stored in them (i.e. domain.com/somepage.php?somedata=something&otherdata=thisdata) or use SESSION variables to store that data so the URLs can stay general/clean (i.e. domain.com/somepage.php)?
Both are probably loaded questions but any possible insight would be appreciated.
Thanks!
Greg
Edited by galvin, 04 November 2014 - 10:30 AM. Evening! I've been iffing and ahhing over this and well im not too sure, hence the post. Code: [Select] // Redirects if there is no session id selected and echos the error on the previous page if(!isset($_GET['get']) || ($_GET['getget'])){ header("Location: #.php?error"); } So it should simply check if get is set if it isnt then see if getget is set? If not redirect and show the error. Now ive tried it and even when get/getget is set it still redirects, probably something silly. Care to share anyone? Harry. when in a form, I wish to build a conditional that if the response to a radio button is a value of 2 (female), it will display an input requesting for users maiden name. If not 2 goes to the next input statement. Here is code I was experimenting with: <html> <body> <form action="" name="test" method='POST'> <input type="radio" id="sex" value=1 checked><label>Male</label> <input type="radio" id="sex" value=2><label>Femaleale</label> <?php $result = "value"; if ($result == 2) echo "<input type='int' id='gradYear' size='3' required>"; else echo "Not a female!" ?> <input type="submit" value="GO"> </form> </body> </html> The code passes debug, however, Not a Female is displayed. My question is - Can I do this and if so, what value do I test against id='sex' or value. I tried each one but gave the same results. I realize that $_POST[sex] would be used after the submit button is clicked. But this has me stumped. Thanks for the assis in advance. hello all, What I want to do is, make the session ID clickable in a url here Code: [Select] Login Successful <a href="user.php">Conitnue</a> so when a user logs in, his ID gets in the link of Continue so he can only see his information so for example, if his id is 10, then the url would be ....user.php?id=10 giving me Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /home/enriquec/public_html/admincenter.php on line 6 this is my code Code: [Select] <?php require "header.php";?> <?php if ($_SESSION['username']) echo "Welcome, "."$_SESSION['username']."; else die("You must be logged in!"); ?> <?php require "footer.php":?> Code: [Select] <?php session_start(); if(!session_is_registered(myusername)){ header("location:./default.php"); } ?> My session works fine but I am just wondering how I can echo the current sessions username? Thanks Hi I am looking for help with a working script to input multiple lines of data , but i am looking for each line of data to have the $_SESSION[userid] entered into each line, ie into the table $_SESSION[userid], name, surname, age Many Thanks <? include "include/session.php"; include "include/z_db.php"; // check the login details of the user and stop execution if not logged in require "check.php"; // If member has logged in then below script will be execuated. // let us collect all data of the member $row=mysql_fetch_object(mysql_query("select * from plus_signup where userid='$_SESSION[userid]'")); if(isset($_POST['submit'])) { foreach($_POST['person'] as $person) { $name= mysql_real_escape_string($person['name']); $surname= mysql_real_escape_string($person['surname']); $age= mysql_real_escape_string($person['age']); $values[] = "('$name', '$surname', '$age')"; } $query = "INSERT INTO plus_signup (name,surname,age) VALUES " . implode(', ', $values); $result = mysql_query($query) or die("Error!<br />Query: $query<br />Error: " . mysql_error()); } ?> <form method="POST" action='multi.php' name=""> <table> <tr> <td>Name<input type="text" name="person[0][name]"></td> <td>surname<input type="text" name="person[0][surname]"></td> <td>age<input type="text" name="person[0][age]"></td> </tr> <tr> <td>name<input type="text" name="person[1][name]"></td> <td>surname<input type="text" name="person[1][surname]"></td> <td>age<input type="text" name="person[1][age]"></td> </tr> <tr> <td>name<input type="text" name="person[2][name]"></td> <td>surname<input type="text" name="person[2][surname]"></td> <td>age<input type="text" name="person[2][age]"></td> </tr> </table> <td><p> <input type="submit" name="submit" value="add"> </p> <p> </p>| <a href=update-profile.php>back</a>| </form> <? require "bottom.php"; ?> <center><br>| <a href=update-profile.php>back</a>|<br></center> </body> </html> How to add more data into $_SESSION? I have following code: Code: [Select] if(isset($_GET['poredi']) && $_GET['poredi'] == "upo"){ $idp = intval($_POST['idp']); $sql = "SELECT * FROM product WHERE product_id={$idp}"; $query=mysql_query($sql); if(mysql_num_rows($query)!=0){ $row=mysql_fetch_array($query); $_SESSION['poredi'] = $row['product_id']; } } On click it need to store more product_id, and after that i have to be able to do query with data (find all data with product_id)? |
|||||||