|
PHP - Session In Mysql Database
Hey guys,
I'm working a project that requires sessions be stored within the database, as the project I'm working on is on a shared host. But I'm having a problem with getting the data of a session in the database, the other fields like session_id, session_updated, session_created are working fine. I think I've got a bug in my code, but I just can't detect it (frustrating). Database connection class db extends mysqli { private $host; private $user; private $pass; private $db; function __construct( $host='localhost', $user='user', $pass='pass', $db='website' ) { $this -> host = $host; $this -> user = $user; $this -> pass = $pass; $this -> db = $db; parent::connect( $host, $user, $pass, $db ); if( mysqli_connect_error( ) ) { die( 'Connection error ('.mysqli_connect_errno( ).'): '.mysqli_connect_error( ) ); } } function __destruct( ) { $this -> close( ); } } Session handler class sessionHandler { private $database; private $dirName; private $sessTable; private $fieldArray; function sessionHandler() { // save directory name of current script $this -> database = new db; $this -> dirName = dirname(__file__); $this -> sessTable = 'sessions'; } function open( $save_path, $session_name ) { return TRUE; } function close() { //close the session. if ( !empty( $this -> fieldarray ) ) { // perform garbage collection $result = $this->gc( ini_get ( 'session.gc_maxlifetime' ) ); return $result; } return TRUE; } function read( $session_id ) { $sql = " SELECT * FROM sessions WHERE session_id=( '$session_id' ) LIMIT 1 "; $result = $this -> database -> query( $sql ); if( $result -> num_rows > 0 ) { $data = $result -> fetch_array( MYSQLI_ASSOC ); $this -> fieldArray = $data; $result -> close(); return $data; } return ""; } function write( $session_id, $session_data ) { //write session data to the database. if ( !empty( $this -> fieldArray ) ) { if ( $this -> fieldArray['session_id'] != $session_id ) { // user is starting a new session with previous data $this -> fieldArray = array(); } } $this -> fieldArray['session_id'] = $session_id; $this -> fieldArray['session_data'] = $session_data; $this -> fieldArray['session_updated'] = time(); $this -> fieldArray['session_created'] = time(); $session_id = $this -> database -> escape_string( $session_id ); $session_data = $this -> database -> escape_string( $session_data ); $session_updated = time(); $session_created = time(); $sql = " INSERT INTO sessions ( session_id, session_data, session_updated, session_created ) VALUES ( '$session_id', '$session_data', '$session_updated', '$session_created' ) "; if( $this -> database -> query( $sql ) !== TRUE ) { return FALSE; } return TRUE; } function destroy( $session_id ) { $sql = " DELETE FROM sessions WHERE session_id=('$session_id') "; if( $this -> database -> query( $sql ) !== TRUE ) { return FALSE; } return TRUE; } function gc( $max_lifetime ) { return TRUE; } function __destruct() { //ensure session data is written out before classes are destroyed //(see http://bugs.php.net/bug.php?id=33772 for details) @session_write_close(); } } The call $session_class = new sessionHandler; session_set_save_handler( array( &$session_class, 'open' ), array( &$session_class, 'close' ), array( &$session_class, 'read' ), array( &$session_class, 'write' ), array( &$session_class, 'destroy' ), array( &$session_class, 'gc' ) ); if( !session_start() ) { exit(); } Any help at all would be appreciated. Kind Regards Mike Similar TutorialsThis topic has been moved to Miscellaneous. http://www.phpfreaks.com/forums/index.php?topic=343257.0 Hola, I'm trying to create a web form to insert info into my database using session variables. I'm at my wits end at this point. The reset button does its job but when you click submit it doesn't do anything. I'm using the template from the lynda.com essential php web form tutorials. Any help would be appreciated Here is the client-side header code I'm working with, <?php header("Expires: Thu, 17 May 2001 10:17:17 GMT"); // Date in the past header ("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); // always modified header ("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1 header ("Pragma: no-cache"); // HTTP/1.0 session_start(); if (!isset($_SESSION['SESSION'])) require ( "include/session_init.php"); $arVal = array(); require_once("include/session_funcs1.php"); // make sure the seesion vars are initialized... reset ($arVal); while (list ($key, $val) = each ($arVal)) { if (!isset($_SESSION[$key])) $_SESSION[$key] = ""; } if ($_SESSION["eventgenre_sel"] == "") $_SESSION["eventgenre_sel"] = 0; // if the bFlg is true then some validation problems in the data. // namely a blank field or a submission without the feedback page. // just present a general error... $flg = ""; $error = ""; if (isset($HTTP_GET_VARS["flg"])) $flg = $HTTP_GET_VARS["flg"]; switch ($flg) { case "red": $error = "<br><font class=\"txt12_red\">Please fill out all the required fields.<br>Please Try Again.<BR></font>"; break; case "blue": $error = "<br><font class=\"txt12_red\">Your Session has Expired.<br>Please Try Again.</font><BR>"; break; case "pink": $error = "<br><font class=\"txt12_red\"><BR>The Special Code you entered is not valid.<br>Please Try Again or Leave that field blank.</font><BR>"; break; case "white": $error = "<br><font class=\"txt12_red\"><BR>The fields are too long for our Database.<br>Please correct your data via this form.</font><BR>"; break; default: $error = ""; } ?> <?php echo $_SERVER['SCRIPT_NAME']."<BR>"; ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <link rel="stylesheet" type="text/css" href="detect800.css"/> <link rel="stylesheet" type="text/css" href="detect1024.css"/> <script type="text/javascript" src="jquery.js"></script> <script type="text/javascript" src="detect.js"></script> <link href="http://ajax.googleapis.com/ajax/libs/jqueryui/1.7.2/themes/base/ui.all.css" rel="stylesheet" type="text/css" /> <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js" type="text/javascript"></script> <script src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.0/jquery-ui.min.js" type="text/javascript"></script> <script src="jquery.ui.datetimepicker.js" type="text/javascript"></script> <script type="text/javascript"> $(function() { $('#eventdate').datetimepicker(); }); </script> <script src="imageflow.js" type="text/javascript"></script> <script src="highslide-full.js" type="text/javascript"></script> <script src="autosuggest.js" type="text/javascript"></script> <script type="text/javascript"> hs.graphicsDir = 'graphics/'; </script> <script language="javascript"> function SubmitForm() { var form = document.forms[0]; var bRequired = true; if((form.eventname.value.length < 1) || (form.eventvenue.value.length < 1) || (form.eventdate.value.length < 1) || (form.eventgenre.value.length < 1) || (form.eventprice.value.length < 1) || (form.eventpromoter.value.length < 1) || (form.eventflyer.value.length < 1)) { alert("Please fill out all the required fields."); bRequired = false; } if (!bRequired) return false; form.eventgenre_sel.value = form.state.selectedIndex; form.submit(); } function ResetForm() { var form = document.forms[0]; form.eventname.value = ""; form.eventvenue.value = ""; form.eventdate.value = ""; form.eventgenre.value = ""; form.eventprice.value = ""; form.eventpromoter.value = ""; form.eventflyer.value = ""; form.eventgenre_sel.value = ""; } </script> </head> This is the client side form code <form action="scripts/register.php" method="post" name="userevent" id="userevent"> <input name="eventgenre_sel" type="hidden" id="eventgenre_sel" value="<?php echo $_SESSION['eventgenre_sel'] ?>" /> <?php echo $error; ?> <fieldset> <label for="eventname" accesskey="n" ><span>Event Name</span> <input type="text" name="eventname" id="eventname" value="<?php echo $_SESSION['eventname_sel'] ?>" size="32" maxlength="30" /></label> <div id="autosuggest"><ul><li></li></ul></div> <label for="eventvenue" accesskey="v" ><span>Event Venue</span> <input type="text" name="eventvenue" id="eventvenue" size="32" value="<?php echo $_SESSION['eventvenue'] ?>" maxlength="30" /></label> <script type="text/javascript"> var venues = new Array("Republik", "HiFi Club", "Bamboo Tiki Room", "Tantra", "Jubilee Auditorium", "Ironwood Stage & Grill", "Broken City", "Soda", "Amsterdam Rhino", "Olympic Plaza", "Stampede Casino", "Habitat Living Sound", "Cantos Music Foundation", "Flames Central", "Prince's Island Park", "Beat Niq Jazz & Social Club", "Giuseppe's Italian Market", "BLVD", "Fourth on 4th", "Opus on 8th", "Local 510", "Local 522", "Raw Bar", "Jupiter Restaurant & Bar", "Vern's", "Lord Nelson's", "Kings Head Pub", "Blind Beggar Pub", "Viscous Circle", "Milk Tiger Lounge", "Pengrowth Saddledome", "Tubby Dog", "Marquee Room", "Distillery Public House", "Cafe Koi", "Mikey's Juke Joint & Eatery", "Palomino", "Atlantic Trap & Gill", "Drake Inn", "Radiopark Music Room", "Rusty Cage South", "Big Al's Good Times Bar", "Rose & Crown", "Tudor Rose Pub", "Elbow River Casino & Lounge", "Rusty Cage Central", "Rusty Cage South", "Rusty Cage North", "Olive Grove", "Shamrock Hotel", "Woody's Taphouse Southland", "Woody's Taphouse Country Hills", "Murrieta's West Coast Bar & Grill", "Stageline Saloon", "Pig & Pint", "Ranchman's", "Red Pepper Pub", "Stavro's Steak House & Lounge Ranchlands", "Stageline Saloon", "Whiskey"); new AutoSuggest(document.getElementById("eventvenue"),venues); </script> <label for="eventdate" accesskey="d" ><span>Event Date</span> <input type="text" name="eventdate" id="eventdate" value="<?php echo $_SESSION['eventdate'] ?>" size="32" maxlength="30" /></label> <label for="eventgenre" accesskey="g" ><span>Event Genre</span> <select name="eventgenre" id="eventgenre"> <option value="none">--select one--</option> <option value="HipHop">Hip-Hop</option> <option value="Funk">Funk</option> <option value="Soul">Soul</option> <option value="Metal">Metal</option> <option value="Punk">Punk</option> <option value="Blues">Blues</option> <option value="Jazz">Jazz</option> <option value="Trance">Trance</option> <option value="Breaks">Breaks</option> <option value="Electro">Electro</option> <option value="House">House</option> <option value="DNB">Drum'N'Bass</option> <option value="Dubstep">Dubstep</option> <option value="Lounge">Lounge</option> <option value="Top40">Top 40</option> </select> </label> <label for="eventprice" accesskey="p" ><span id="eventprice">Event Price</span> <input type="text" name="eventprice" id="eventprice" value="<?php echo $_SESSION['eventprice'] ?>" size="6" maxlength="4"/></label> <label for="eventpromoter" accesskey="c" ><span id="eventpromoter">Event Promoter</span> <input type="text" name="eventpromoter" id="eventpromoter" value="<?php echo $_SESSION['eventpromoter'] ?>" size="25" maxlength="23"/></label> <label for="eventflyer" accesskey="f" ><span id="eventflyer">Event Flyer (jpg or png MAX 300kb)</span> <input type="file" name="eventflyer" id="eventflyer" value="<?php echo $_SESSION['eventflyer'] ?>" size="25" maxlength="23"/></label> <input type="button" name="Reset" value="Reset" onclick="ResetForm();"> <input type="button" name="Submit" value="Submit" onsubmit="return validateForm(this);" onclick="SubmitForm(); return false; " > </fieldset> </form> <script language="javascript"> // set the selection box values... var form = document.forms[0]; form.eventgenre.selectedIndex = parseInt("<?php echo $_SESSION['eventgenre_sel'] ?>"); </script> And this is the server-side code. <?php $debug = FALSE; /************************************************************ Adjust the headers... ************************************************************/ header("Expires: Thu, 17 May 2001 10:17:17 GMT"); // Date in the past header ("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); // always modified header ("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1 header ("Pragma: no-cache"); // HTTP/1.0 /***************************************************************************** Check the session details. we will store all the post variables in session variables this will make it easier to work with the verification routines *****************************************************************************/ session_start(); if (!isset($_SESSION['SESSION'])) require_once( "include/session_init.php" ); $arVal = array(); require_once("include/session_funcs1.php"); reset ($_POST); while (list ($key, $val) = each ($_POST)) { if ($val == "") $val = "NULL"; $arVals[$key] = (get_magic_quotes_gpc()) ? $val : addslashes($val); if ($val == "NULL") $_SESSION[$key] = NULL; else $_SESSION[$key] = $val; if ($debug) echo $key . " : " . $arVals[$key] . "<br>"; } /********************************************************************************************** Make sure session variables have been set and then check for required fields otherwise return to the registration form to fix the errors. **********************************************************************************************/ // check to see if these variables have been set... if ((!isset($_SESSION["eventname"])) || (!isset($_SESSION["eventvenue"])) || (!isset($_SESSION["eventdate"])) || (!isset($_SESSION["eventgenre"])) || (!isset($_SESSION["eventprice"])) || (!isset($_SESSION["eventpromoter"])) || (!isset($_SESSION["eventflyer"]))) { resendToForm("?flg=red"); } // form variables must have something in them... if ($_SESSION['eventname'] == "" || $_SESSION['eventvenue'] == "" || $_SESSION['eventdate'] == "" || $_SESSION['eventgenre'] == "" || $_SESSION['eventprice'] == "" || $_SESSION['eventpromoter'] == "" || $_SESSION['eventflyer'] == "") { resendToForm("?flg=red"); } // make sure fields are within the proper range... if (strlen($_SESSION['eventname']) > 35 || strlen($_SESSION['eventvenue']) > 35 || strlen($_SESSION['eventdate']) > 35 || strlen($_SESSION['eventgenre']) > 35 || strlen($_SESSION['eventprice']) > 35 || strlen($_SESSION['eventpromoter']) > 35 || strlen($_SESSION['eventflyer']) > 35 ) { resendToForm("?flg=white"); } /********************************************************************************************** Insert into the database... **********************************************************************************************/ $query = "INSERT INTO td_events (seventname, seventvenue, seventdate, seventgenre, seventprice, seventpromoter, seventflyer) " ."VALUES (".$arVals['eventname'].", ".$arVals['eventvenue'].", ".$arVals['eventdate'].", ".$arVals['eventgenre'] .", ".$arVals['eventprice'].", ".$arVals['eventpromoter'].", ".$arVals['eventflyer'].")"; //echo $query; $result = mysql_query($query) or die("Invalid query: " . mysql_error() . "<br><br>". $query); $insertid = mysql_insert_id(); /*** This following function will update session variables and resend to the form so the user can fix errors ***/ function resendToForm($flags) { reset ($_POST); // store variables in session... while (list ($key, $val) = each ($_POST)) { $_SESSION[$key] = $val; } // go back to the form... //echo $flags; header("Location: ./user_registration.php".$flags); exit; } ?> <p>SUCCESS!<br> The event was entered in the database!<br> You probably want to redirect to a thank you page or send an email to the user for confirmation.<br> <br> <br> Here are the variables...<br> <?php reset ($arVals); while (list ($key, $val) = each ($arVals)) { echo $key . " : " . $arVals[$key] . "<br>"; } echo "<br><br>The SQL Statment was:<br>"; echo $query."<br><br><br><br>"; ?> </p> <p> </p> <p> </p> <p> </p> <p> </p> <p> </p> <p> </p> <p> </p> <?php /********************************************************************************************** CREATES THUMBNAIL **********************************************************************************************/ //define a maxim size for the uploaded images define ("MAX_SIZE","1024"); // define the width and height for the thumbnail // note that theese dimmensions are considered the maximum dimmension and are not fixed, // because we have to keep the image ratio intact or it will be deformed define ("WIDTH","500"); define ("HEIGHT","650"); // this is the function that will create the thumbnail image from the uploaded image // the resize will be done considering the width and height defined, but without deforming the image function make_thumb($img_name,$filename,$new_w,$new_h) { //get image extension. $ext=getExtension($img_name); //creates the new image using the appropriate function from gd library if(!strcmp("jpg",$ext) || !strcmp("jpeg",$ext) || !strcmp("JPG",$ext)) $src_img=imagecreatefromjpeg($img_name); if(!strcmp("png",$ext) || !strcmp("PNG",$ext)) $src_img=imagecreatefrompng($img_name); //gets the dimmensions of the image $old_x=imageSX($src_img); $old_y=imageSY($src_img); // next we will calculate the new dimmensions for the thumbnail image // the next steps will be taken: // 1. calculate the ratio by dividing the old dimmensions with the new ones // 2. if the ratio for the width is higher, the width will remain the one define in WIDTH variable // and the height will be calculated so the image ratio will not change // 3. otherwise we will use the height ratio for the image // as a result, only one of the dimmensions will be from the fixed ones $ratio1=$old_x/$new_w; $ratio2=$old_y/$new_h; if($ratio1>$ratio2) { $thumb_w=$new_w; $thumb_h=$old_y/$ratio1; } else { $thumb_h=$new_h; $thumb_w=$old_x/$ratio2; } // we create a new image with the new dimmensions $dst_img=ImageCreateTrueColor($thumb_w,$thumb_h); // resize the big image to the new created one imagecopyresampled($dst_img,$src_img,0,0,0,0,$thumb_w,$thumb_h,$old_x,$old_y); // output the created image to the file. Now we will have the thumbnail into the file named by $filename if(!strcmp("png",$ext)) imagepng($dst_img,$filename); else imagejpeg($dst_img,$filename); //destroys source and destination images. imagedestroy($dst_img); imagedestroy($src_img); } // This function reads the extension of the file. // It is used to determine if the file is an image by checking the extension. function getExtension($str) { $i = strrpos($str,"."); if (!$i) { return ""; } $l = strlen($str) - $i; $ext = substr($str,$i+1,$l); return $ext; } // This variable is used as a flag. The value is initialized with 0 (meaning no error found) // and it will be changed to 1 if an error occurs. If the error occurs the file will not be uploaded. $errors=0; // checks if the form has been submitted if(isset($_POST['Submit'])) { //reads the name of the file the user submitted for uploading $image=$_FILES['eventflyer']['name']; // if it is not empty if ($image) { // get the original name of the file from the clients machine $filename = stripslashes($_FILES['eventflyer']['name']); // get the extension of the file in a lower case format $extension = getExtension($filename); $extension = strtolower($extension); // if it is not a known extension, we will suppose it is an error, print an error message // and will not upload the file, otherwise we continue if (($extension != "jpg") && ($extension != "jpeg") && ($extension != "JPG") && ($extension != "PNG") && ($extension != "png")) { echo '<h1>Unknown extension!</h1>'; $errors=1; } else { // get the size of the image in bytes // $_FILES[\'image\'][\'tmp_name\'] is the temporary filename of the file in which // the uploaded file was stored on the server $size=getimagesize($_FILES['eventflyer']['tmp_name']); $sizekb=filesize($_FILES['eventflyer']['tmp_name']); //compare the size with the maxim size we defined and print error if bigger if ($sizekb > MAX_SIZE*500) { echo '<h1>You have exceeded the size limit!</h1>'; $errors=1; } //we will give an unique name, for example the time in unix time format $image_name=$filename; //the new name will be containing the full path where will be stored (images folder) $newname="flyers/".$image_name; $copied = copy($_FILES['eventflyer']['tmp_name'], $newname); //we verify if the image has been uploaded, and print error instead if (!$copied) { echo '<h1>Copy unsuccessfull!</h1>'; $errors=1; } else { // the new thumbnail image will be placed in images/thumbs/ folder $thumb_name='flyers/thumb_'.$image_name; // call the function that will create the thumbnail. The function will get as parameters // the image name, the thumbnail name and the width and height desired for the thumbnail $thumb=make_thumb($newname,$thumb_name,WIDTH,HEIGHT); }} }} //If no errors registred, print the success message and show the thumbnail image created if(isset($_POST['Submit']) && !$errors) { echo "<h1>Thumbnail created Successfully!</h1>"; echo '<img src="'.$thumb_name.'">'; } ?> Just curious how other people feel about this. I am working on an application where a lot of info is pulled from MySQL and needed on multiple pages.
Would it make more sense to...
1. Pull all data ONCE and store it in SESSION variables to use on other pages
2. Pull the data from the database on each new page that needs it
I assume the preferred method is #1, but maybe there is some downside to using SESSION variables "too much"?
Side question that's kind of related: As far as URLs, is it preferable to have data stored in them (i.e. domain.com/somepage.php?somedata=something&otherdata=thisdata) or use SESSION variables to store that data so the URLs can stay general/clean (i.e. domain.com/somepage.php)?
Both are probably loaded questions but any possible insight would be appreciated.
Thanks!
Greg
Edited by galvin, 04 November 2014 - 10:30 AM. Hi A part of my site allows users to send messages to other users. When a member is logged on, they see a panel on the left with a link to the messages page. If there is a message they have not seen, it looks like messages(1). As this panel is on every page, the message(1) is displayed on every page. My question is a general one which i've always wondered about - I determine whether all messages have been read or not from the database. Should I go once to the database when user logs on, and save this value to a session, or should i go to the database each time the member goes to a new page.... The reason I ask is because I am saving a lot of data in the session already so where do I draw the line between saving stuff to a session and just repeatedly going to the database.. Well, I have been able to create a registration and login page. Now I am trying to make an "Edit Profile" page but I can't seem to be able to pull up their primary key field which is called "userID" and I need help doing this. How would I get it from the MySQL database? I have these two files and I need to solve the problem that I need the user data in the role column to be taken when logging in. I have written it so that the data can be extracted from the database, but it does not work for me that it is “forwarded” from process.php to admin.php . Please don’t know what the error is that the admin.php file doesn’t want to load $ _SESSION['Role'] from process.php ? Thanks to everyone for helping and here is the code: process.php
<?php
require_once('connect.php');
session_start();
if(isset($_POST['Login']))
{
if(empty($_POST['Username']) || empty($_POST['Password']))
{
header("location:index.php?Empty= Please Fill in the Blanks");
}
else
{
$query="select * from role_test where Username='".$_POST['Username']."' and Password='".md5($_POST['Password'])."'";
$result=mysqli_query($con,$query);
if(mysqli_fetch_assoc($result))
{
$_SESSION['User']=$_POST['Username'];
while($row = mysqli_fetch_array($result) ){
$_SESSION['Role']=$row['role'];
}
header("location:admin.php");
}
else
{
header("location:index.php?Invalid= Please Enter Correct User Name and Password ");
}
}
}
else
{
echo 'Not Working Now Guys';
}
?>
admin.php
<?php
session_start();
if(!(isset($_SESSION['User'])))
{
header("Location: index.php");
exit(0);
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Role</title>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
</head>
<body>
<?php
$_SESSION['Role']=$role;
echo $role;
?>
</body>
</html>
Anyone could help or giude how to secure this script by storing session into database?
login.php
<?php
//Start session
session_start();
//Include database connection details
require_once('config.php');
//Get ip
function get_client_ip() {
$ipaddress = '';
if ($_SERVER['HTTP_CLIENT_IP'])
$ipaddress = $_SERVER['HTTP_CLIENT_IP'];
else if($_SERVER['HTTP_X_FORWARDED_FOR'])
$ipaddress = $_SERVER['HTTP_X_FORWARDED_FOR'];
else if($_SERVER['HTTP_X_FORWARDED'])
$ipaddress = $_SERVER['HTTP_X_FORWARDED'];
else if($_SERVER['HTTP_FORWARDED_FOR'])
$ipaddress = $_SERVER['HTTP_FORWARDED_FOR'];
else if($_SERVER['HTTP_FORWARDED'])
$ipaddress = $_SERVER['HTTP_FORWARDED'];
else if($_SERVER['REMOTE_ADDR'])
$ipaddress = $_SERVER['REMOTE_ADDR'];
else
$ipaddress = 'UNKNOWN';
return $ipaddress;
}
//Array to store validation errors
$errmsg_arr = array();
//Validation error flag
$errflag = false;
//Function to sanitize values received from the form. Prevents SQL injection
function clean($str) {
$str = @trim($str);
if(get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
return mysql_real_escape_string($str);
}
//Sanitize the POST values
$login = clean($_POST['login']);
$password = clean($_POST['password']);
$ip = get_client_ip();
//Input Validations
if($login == '') {
$errmsg_arr[] = 'Login ID missing';
$errflag = true;
}
if($password == '') {
$errmsg_arr[] = 'Password missing';
$errflag = true;
}
/* if($login != '' || $password != '') {
if($login !='admin' && $ip !=''.$log_ip.''){
$errmsg_arr[] = 'Your IP <b>'.$ip.'</b> is not recognized...';
$errflag = true;
}
}
*/
//If there are input validations, redirect back to the login form
if($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
//header("location: index.php");
echo ('<meta http-equiv="refresh" content="0;url=index.php">');
exit();
}
//Create query
$qry="SELECT * FROM members WHERE login='$login' AND passwd='".$_POST['password']."'";
$result=mysql_query($qry);
//Check whether the query was successful or not
if($result) {
if(mysql_num_rows($result) == 1) {
//Login Successful
session_regenerate_id();
$member = mysql_fetch_assoc($result);
$_SESSION['SESS_MEMBER_ID'] = $member['member_id'];
$_SESSION['SESS_LOGIN_NAME'] = $member['login'];
$_SESSION['SESS_PASS'] = $member['passwd'];
session_write_close();
//header("location: member-index.php");
echo ('<meta http-equiv="refresh" content="0;url=member-index.php">');
exit();
}else {
//Login failed
//header("location: login-failed.php");
echo ('<meta http-equiv="refresh" content="0;url=login-failed.php">');
exit();
}
}else {
die("Query failed");
}
?>
auth.php (included on top of all php pages
<?php
//Start session
session_start();
//Check whether the session variable SESS_MEMBER_ID is present or not
if(!isset($_SESSION['SESS_MEMBER_ID']) || (trim($_SESSION['SESS_MEMBER_ID']) == '')) {
//header("location: access-denied.php");
echo ('<meta http-equiv="refresh" content="0;url=access-denied.php">');
exit();
}
?>
Hi, I'm working with sessions for the first time and have been able to put a member's id into the database. However, when I try and put their display name into the database I got a message saying Unknown column 'xyz' in 'field list' xyz was the display name for the session. Just can't seem to see what I'm doing wrong. In the code below, I even tried changing $_SESSION['member_display_name'] to $_SESSION['member_id'], in which case the correct id was inserted into both the member_id and the member_display_name fields in the database, so I know the table is set up correctly. Any tips? Code: [Select] //**********************SEND TO DATABASE**************************** include 'mysql_connect.php'; $query = "INSERT INTO uploads (date, member_id, upload_name, upload_title, upload_type, subject, topic, year, status, keywords, description, member_display_name, firstname, lastname)" . "VALUES (NOW(), ".$_SESSION['member_id'] . ",'$upload_nameX', '$upload_title', '".$EXPLODED_STRING[1]."', '$subject', '$topic', '$year', '$status', '$keywords', '$description', ".$_SESSION['member_display_name'] . ", '$firstname', '$lastname')"; //if($query){echo 'data has been placed'} mysql_query($query) or die(mysql_error()); $upload_id = mysql_insert_id(); //***********************END OF DATABASE CODE*********************** At the moment I am creating a search function for my website. The approach I have in mind is a pseudo-PHP database. To give an example: A HTML form will submit the results to a PHP file. HTML FORM - Colour: Black PHP RESULT PAGE - if ($_POST['color'] == 'Black') {readfile("./products/black/*.html");} HTML FORM - Price: <$50 PHP RESULT PAGE - if ($_POST['Price'] == '<$50') {readfile("./products/less50/*.html");} The problem here is if there is an item that is black and costs less than $50, then its going to be listed twice. There is probably some code I can write to ommit the listing of duplicate entries, but it is probably going to be messy, so I am wondering if its better to use a centralized MySQL database, rather than a pseudo-PHP database? I've never used MySQL and don't know much about it and this is my first real attempt at using PHP. I am trying to create a website that after you receive an email you have to use the email address and password to confirm account. Then the next page allows you to change your password. I want to save the users email from the first page and use it in the SQL statement in the second page to locate the user in the DB and update the data. There must be some problem with the way I have my code logically set up. It will make it to the 2nd step but then it will go back to the main email confirmation page. <?php include('common.php'); include('db.php'); session_start(); session_register('umail'); session_register('password'); session_register('pwd1'); session_register('pwd2'); if(!isset($_POST['email']) && !isset($_POST['password'])) { ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "BLOCKED URL"> <html> <head> This is a test of my patience</head> <meta http-equov="Content-Type" content="text/html; charset=iso-8859-1"/> </head> <body> <form method="post" action="<?=$_SERVER['PHP_SELF']?>"> Email: <input type="text" name="email" size="8" /> password:<input type="password" name="password" size="8" /> <input type ="submit" name ="submit" value ="submit" /> </form> </body> </html> <? exit; } else { $umail = $_SESSION['umail'] = $_POST['email']; $password = $_SESSION['password'] = $_POST['password']; dbConnect("web2"); $sql ="SELECT * FROM `user` WHERE email ='$umail'"; $result = mysql_query($sql); $row = mysql_fetch_assoc($result); if(!$result) error('Contact DB admin'); if($result='') error('not in db'); if($_SESSION['umail'] != $row['email'] && $_SESSION['password'] != $row['password']) error('Wrong email or password'); } if(!isset($_POST['pwd1']) && !isset($_POST['pwd2'])) { ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "BLOCKED URL"> <html> <head> This is a test of my patience</head> <meta http-equov="Content-Type" content="text/html; charset=iso-8859-1"/> </head> <body> <form method="post" action="<?=$_SERVER['PHP_SELF']?>"> password: <input type="text" name="pwd1" size="8" /> password confirmation:<input type="password" name="pwd2" size="8" /> <input type ="submit" name ="submit" value ="submit" /> </form> </body> </html> <? } else { $pwd1 = $_SESSION['pwd1'] = $_POST['pwd1']; $pwd2 = $_SESSION['pwd2'] = $_POST['pwd2']; if($_SESSiON['pwd1'] == $_SESSION['pwd2']) { dbConnect("web2"); mysql_query("UPDATE user SET password ='$pwd1' WHERE email ='$umail'"); $sql="SELECT * FROM 'user' WHERE email='$umail'"; $result = mysql_query($sql); $row = mysql_fetch_assoc($result); if($_SESSION['pwd1'] != $row['password']) { ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "(BLOCKED URl"> <html> <head> This is a test of my patience</head> <meta http-equov="Content-Type" content="text/html; charset=iso-8859-1"/> </head> <body> <form method="post" action="<?=$_SERVER['PHP_SELF']?>"> password: <input type="text" name="pwd1" size="8" /> password confirmation:<input type="password" name="pwd2" size="8" /> <input type ="submit" name ="submit" value ="submit" /> </form> </body> </html> <? } else { error(' the man'); session_unset(); session_destroy(); } } } ?> Came a long way with the code since Friday and have another issue.
I can echo the session username on my pages but not into the insert command to the database. I need this so when a user logs in only their data will be seen. Here is the code pages.
Here is the page code this does echo the username
Logged in as <?php echo "$username"; ?>
<?php
// Start session
session_start() ;
$username = $_SESSION['username'];
// Include required functions file
require_once('include/db/functions.inc.php') ;
// Check login status ... if not logged in, redirect to login screen
if (check_login_status() == false) {
redirect('login.php') ;
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Add A New Tank(WAD)</title>
<style type="text/css"></style>
</head>
<body>
<p align="center"><a href="../test/index.php">Home</a> | <a href="../test/register.php">Register</a> | <a href="../test/login.php">Login</a> | <a href="../test/tank.php">Add Tank</a> | <a href="../test/fish.php">Add Fish</a> | <a href="../test/plants.php">Add Plants</a> | <a href="../test/water-test.php">Add Water Test</a> | <a href="../test/include/login/logout.inc.php">Logout</a></p></p>
<p>Logged in as <?php
echo "$username";
?> </p>
<table width="810" border="2" align="center">
<tr>
<td>
<table width="800" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
<td align="center" bgcolor="#FFFFFF" scope="col"><h2><b>Your Tanks(WAD)</b></h2></td>
</tr>
<form action="/test/include/tank/tank.inc.php" method="post" name="tank" id="tank">
<table border="2" align="center" cellpadding="0">
<tr>
<td><div align="left"><b>Tank Name: </b> </div></td>
<td><div align="left">
<input type="text" name="tankname" size="25" />
</div></td>
</tr>
<tr>
<td><div align="left"><b>Date Filled With Water: </b> </div></td>
<td><div align="left">
<input type="text" name="date" size="25" />
</div></td>
</tr>
<tr>
<td><div align="left"><b>Length: </b> </div></td>
<td><div align="left">
<input type="text" name="length" size="25" />
</div></td>
</tr>
<tr>
<td><div align="left"><b>Depth: </b> </div></td>
<td><div align="left">
<input type="text" name="depth" size="25" />
</div></td>
</tr>
<tr>
<td><div align="left"><b>Height: </b> </div></td>
<td><div align="left">
<input type="text" name="height" size="25" />
</div></td>
</tr>
<tr>
<td><div align="left"><b>Volume: </b> </div></td>
<td><div align="left">
<input type="text" name="volume" size="25" />
</div></td>
</tr>
<tr>
<td><div align="left"><b>Type of Tank: </b> </div></td>
<td><div align="left">
<input type="text" name="type" size="25" />
</div></td>
</tr>
<tr>
<td></div></td></tr>
<tr>
<td><div align="left"><b>Notes: </b> </div></td>
<td><div align="left">
<p>
<textarea name="notes" cols="50" rows="10"></textarea>
</p>
</div></td>
</tr>
<tr>
<th colspan="2"><p>
<input type="submit" value="Add New Tank" />
</p></th>
</tr>
</table>
</form>
<tr>
<td align="center" valign="top" bgcolor="#FFFFFF"><div align="center"><font size="2"> © 2014 <a href="http://www.pctechtime.com">PC TECH TIME</a> </font> </div></td>
</tr>
</table>
<tr>
<td></td></td></tr>
<tr>
<td></tr></td></tr>
</table>
</body>
</html>
This is tank.inc.php which works except for the username being inserted into the database. I did try removing the mysqli_close($con); but that didn't help. I did have it working when I removed the mysqli_close($con); but then I logged out and then back in and it stopped?
<?php
include_once "../../../test/include/db/db.inc.php";
// escape data and set variables
$tankname = mysqli_real_escape_string($con, $_POST['tankname']);
$date = mysqli_real_escape_string($con, $_POST['date']);
$length = mysqli_real_escape_string($con, $_POST['length']);
$depth = mysqli_real_escape_string($con, $_POST['depth']);
$height = mysqli_real_escape_string($con, $_POST['height']);
$volume = mysqli_real_escape_string($con, $_POST['volume']);
$type = mysqli_real_escape_string($con, $_POST['type']);
$notes = mysqli_real_escape_string($con, $_POST['notes']);
$username = $_SESSION['username'];
// # setup SQL statement
$sql="INSERT INTO tank (tankname, username, date, length, depth, height, volume, type, notes)
VALUES ('$tankname', '$username', '$date', '$length', '$depth', '$height', '$volume', '$type', '$notes')";
if (!mysqli_query($con,$sql)) {
die('Error: ' . mysqli_error($con));
}
echo 'New Tank Added ';
mysqli_close($con);
?>
I'm helping out a friend who owns a boarding kennel. She would like an online site where she or a client can register, add their dogs to their profile and other info. I know CSS and HTML but have very, very little experience in PHP, I figured it would be fun to give this a try and learn something new. So far I've managed to create a register and log in area, and now I'm trying to make it possible for someone to add a dog breed from a drop down list to their "page" after they've logged in. I cannot get the data to insert into that specific user's table. I'm trying to use the session id and session username as the variable, and this is where the problem comes in. If I type the userid and the username out then the data will update fine...but that's not practical. I need it to know which user is logged in and update them accordingly. Anyway, what I'm typing here makes sense in my head but I've been staring at this computer all day and it's possible I'm way out in left field, so here's the code to see for yourself. (chances are it's something totally obvious....or I have stuff in there that doesn't belong, I haven't a clue.) Thank you in advance to anyone willing to help me out! The form <?php session_start(); $_SESSION['userid']=$userid;?> <html><body> <h4></h4> <form action="process.php" method="post"> <select name="breed" id="breed"> <option value="collie">Collie</option> <option value="aussie">Aussie</option> </select> <select name="sex"> <option>Dog</option> <option>Bitch</option> </select> <input type="submit" /> </form> </body></html> The php for that form <?php session_start(); $_SESSION['userid']=$userid; $_SESSION['Username']=$username;?> <html><body> <?php $host="localhost"; // Host name $username="silver_phptest"; // Mysql username $password="bowser"; // Mysql password $db_name="silver_phptestingbase"; // Database name $tbl_name="users"; // Table name // Connect to server and select database. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); // Get values from form $breed=$_POST['breed']; // Insert data into mysql mysql_query("UPDATE users SET dogs = '$breed' WHERE userID = '$userid'"); // close connection mysql_close(); ?> </body></html> Unfortunately I have no code for this yet cuz I don;t even know if its possible... I am programming an application that is used by a couple of stores, which could end up being a lot of stores. Anyways, the basis is that the stores would, though a separate application (and therefore separate database) create a username and password, I now want to use this username and password to do the following 1. Allow them to login to my application using the same username and password 2. I want the store the username in a session to pull tables based on the username from my database For instance, a user has the login store123, after loggin in it now pulls the information from the tables store123_items, store123_prices, store123_settings, etc. Now my database will have quite a lot of store###_tables I am, sadly, a noobie to PHP and I do recall seeing an article (somewhere on the net, and I stupidly forgot to bookmark it, knowing I would need it eventually) on how to access multiple databases easily. Now because they are both under my account I can use the same username and password for both, its accessing the MySQL username/password database and storing the info I know I am lacking on how to do it. Any ideas? i need to create search in database like this select everything from database but it cant be included rows where session id is equal to id of user code Code: [Select] $datum = "$godina-$mjesec-$dan"; $event_select = mysql_query("SELECT * FROM events WHERE event_date='$datum'"); //izlistat evente while ($events = mysql_fetch_array($event_select)) { $id_user = $events['id_user']; $user_select= mysql_query("SELECT * FROM users WHERE id='$id_user' "); $user = mysql_fetch_array($user_select); ... creating table i tried to put something like AND id!=$_SESSION[id] but it didnt work so i need create table for every row where id_user is not equal to session id now it works and i get table for every row do i need if loop or? I'm trying to learn how to code the proper way. There's a few things im worried about,but overall im worried about clogging up the server. so what should i keep in mind while coding, to avoid this? I'm thinking, keep insert and update to a minimum? as in, when possible, use session to keep track of data until i absolutly have to add that data to a database? is that a correct thought? what about once the data is in the database, how much trouble is it to ask for the selected data inside a database? should i be worried about overdoing request of data from databases? on the other hand, should i be worried about having too many sessions travelling around with a user. why? Im just asking to get a better feel for how to do things the proper way, i would hate to have a website built, only to find out that what i built is only a bat, that would bash the hell out of a server i wanted to put it on. Hi All! I've written up a script for my website. It\ is basically a virtual job quest. My queries are all correct it just isn't registering the variable for the session. It is $-SESSION[theid']. I want to be bale to use it in my table but I get an error. How do I write this in my SQL query for it to work. The page (when no errors), doesn't show my data. Here is my ocde: Code: [Select] <?php session_start(); include("config536.php"); ?> <html> <head> <link rel="stylesheet" type="text/css" href="style.css" /> </head> <?php if(!isset($_SESSION['username'])) { echo "<ubar><a href=login.php>Login</a> or <a href=register.php>Register</a></ubar><content><center><font size=6>Error!</font><br><br>You are not Logged In! Please <a href=login.php>Login</a> or <a href=register.php>Register</a> to Continue!</center></content><content><center><font size=6>Messages</font><br><br></center></content>"; } if(isset($_SESSION['username'])) { echo "<nav>$shownavbar</nav><ubar><img src=/images/layout/player.gif><a href=status.php>$showusername</a>.......................<img src=/images/layout/coin.gif> $scredits</ubar><content><center><font size=6>Basic Quests</font><br><br>"; $startjob = $_POST['submit']; $jobq = "SELECT * FROM jobs WHERE username='$showusername'"; $job = mysql_query($jobq); $jobnr = mysql_num_rows($job); if($jobnr == "0") { ?> <form action="<?php echo "$PHP_SELF"; ?>" method="POST"> <input type="submit" name="submit" value="Start Job"></form> <?php } if(isset($startjob)) { $initemidq = "SELECT * FROM items ORDER BY RAND() LIMIT 1"; $initemid = mysql_query($initemidq); while($ir = mysql_fetch_array($initemid)) { $ids = $ir['itemid']; } mysql_query("INSERT INTO jobs (username, item, time, completed) VALUES ('$showusername', '$ids', 'None', 'No')"); $wegq = "SELECT * FROM items WHERE itemid='$ids'"; $weg = mysql_query($wegq); while($wg = mysql_fetch_array($weg)) { $im = $wg['image']; $nm = $wg['name']; $id = $wg['itemid']; } $_SESSION['theid'] = $id; echo "<font color=green>Success! You have started this Job!</font><br><br>Please bring me this item: <b>$nm</b><br><br><img src=/images/items/$im><br><br><br>"; echo $_SESSION['theid']; } if($jobnr == "1") { $finish = $_POST['finish']; $okgq = "SELECT * FROM items WHERE itemid='$yes'"; $ok = mysql_query($okgq); while($ya = mysql_fetch_array($ok)) { $okname = $ya['name']; $okid = $ya['itemid']; $okimage = $ya['image']; } echo "Where is my <b>$okname</b>?<br><br><img src=/images/items/$okimage><br><br><br>"; echo $_SESSION['theid']; ?> <form action="<?php echo "$PHP_SELF"; ?>" method="POST"> <input type="submit" name="finish" value="I have the Item"></form> <?php } } if(isset($finish)) { $cinq = "SELECT * FROM uitems WHERE theitemid='$_SESSION[theid]'"; $cin = mysql_query($cinq); $connr = mysql_num_rows($cin); if($connr != "0") { echo "<font color=green>Success! You have the item.</font>"; } else { echo "<font color=red>Error! You do not have my item!</font>"; } } ?> . I basically just want to know how I can set this session as a variable. Also..I have a user login on every page and I want to be able to destroy JUST THE "theid" session and NOT the username session. How would I do that too? thanks for the help in advance! so i work on wowroster.net making upgrades to roster i have created a user lib for the sit and im now adding sessions but im getten some odd issues.... this is one of the inserts and sent to mysql_query example Code: [Select] UPDATE `roster_sessions` SET `session_user_id` = '0', `session_last_visit` = '1331544818', `session_browser` = '', `session_ip` = '127.0.0.1', `session_time` = '1331545718', `session_page` = 'p=guild-main&a=g:1' WHERE `session_id` = '6m7js82r848kk2s90sjfmuj325' YET.. this is what i get in my database sql dump from my admin Code: [Select] INSERT INTO `roster_sessions` (`sess_id`, `session_id`, `session_user_id`, `session_last_visit`, `session_start`, `session_time`, `session_ip`, `session_browser`, `session_forwarded_for`, `session_page`, `session_viewonline`, `session_autologin`, `session_admin`) VALUES ('5764d5713a7f24c82b30d271460bf68c', '6m7js82r848kk2s90sjfmuj325', '3', 0, 1331544818, 1331545718, '127.0.0.1', '', '', 'addons-main-images-shadow', 0, 0, 0); any clue at all... Hey guys, Currently Im using: $row = mysql_fetch_array($result) or die(mysql_error()); echo $row['user_family']. " - ". $row['user_registered']; $row['user_family'] = $fam; $_SESSION['family'] = $fam; to take data from a mysql table & set it as SESSION family. However, I cant seem to get this to set. The information IS being taken from mysql because its being echo'd earlier up in the code, but its just not passing to the session. Any ideas? Can someone please explain to me why I cant seem to get my mysql update line to work. I have been trying for a while an still nothing. I am new in php and need some help getting this to work. Please be gentle. a good explaination in newbie talk would be appreciated. The session variable I echoed out does work so I know I am reading the variable in from the other page. thanks <?php session_start(); /* Server side scripting with php CISS 225 Lab # Final Project */ //This section will create variables collected from information sent //by the post method on the createUserProcess. /* $_SESSION['city'] = $_POST['city']; $_SESSION['state'] = $_POST['state']; $_SESSION['zipCode'] = $_POST['zipCode']; $_SESSION['profession'] = $_POST['profession']; $_SESSION['activities'] = $_POST['activities']; $_SESSION['hobbies'] = $_POST['hobbies']; */ $city = $_POST['city']; $state = $_POST['state']; $zipCode = $_POST['zipCode']; $profession = $_POST['profession']; $activities = $_POST['activities']; $hobbies = $_POST['hobbies']; $db = mysql_connect("localhost", "root", ""); mysql_select_db("accountprofile",$db); echo $_SESSION['Email']; //$query = "UPDATE accountprofile SET city = '$city', state = '$state', zipcode = '$zipCode', profession = '$profession', " . " //activities = '$activities', hobbies = '$hobbies' WHERE lastName = 'Hildebrand'"; $query = "UPDATE accountprofile SET city = '$city', state = '$state', zipcode = '$zipCode', profession = '$profession', activities = '$activities', hobbies = '$hobbies' WHERE userName = " .$_SESSION['Email'].""; mysql_query($query,$db); if (mysql_error()) { echo "$query<br />"; echo mysql_error(); } echo "THANK YOU!<br />"; echo "Your profile has been completed!<br />"; ?> |
|||||||