|
PHP - Need Help Setting A Session Variable
I have a form where users enter name, username, password etc. The values are posted to a MySQL table where I also have a field called 'ID' that auto increments. I want to store that ID in a SESSION variable that I can carry over to other pages. Need help in doing this please.
Similar TutorialsHi girls and boys I am trying to set a variable if a session OR a cookie has been set, but am unsure on how to write the statement... if (isset($_SESSION['name'])||isset($_COOKIE['name'])) {$variable = $_SESSION['name']||$_COOKIE['name'];} Obviously not working there, but just need a pointer here. any help is appreciated... i'm creating a page counter which updates a value in a database each time the page is loaded. I'm trying to make it so that it checks to see if a session has been set, if not, it updates the database, and then sets the session. This way it wont update every time someone refreshes the page. $id=$_GET['id']; if(!isset($_SESSION[$id])){ $_SESSION[$id]= $id; $views = $row['views'] + 1; $update_views=mysql_query("UPDATE topic SET views='".$views."' WHERE topic_id='".$id."'") i want to set the session variable as that of the page id ($id) The problem is that it keeps updating the database everytime the page is reloaded. I'm not sure if i'm setting the session variable correctly. Any ideas would be great Thanks Hi guys,
I would like to have a security measure in place to prevent unauthorized access to my site without a valid log on.
At the moment, it would let anyone in without destroying the session and redirecting to index page.
What would i "use" that's created in the session? what's the "best" practice
My understanding is that the session variable is stored in the browser, after a successful log in, that session variable is like baton or a key that's "passed" onto the next page.
- if someone tried to bypass the log on with the session then access is denied or redirected away.
So on my index page to start i have:
<?php session_start(); /* clear all session variable */ $_SESSION = array(); /* set a session variable for later use */ $_SESSION['what_page'] = "admin00"; ?>What do i need to have to use the session against unauthorized access? my guess is:
if(!isset($_SESSION['what_page']) || $_SESSION['what_page'] != "index.php") {
$_SESSION = array();
session_destroy();
header("Location: index.php");
exit();
}
So to me that means;
- if 'what_page' is not set from the index page, don't go any further, re-direct (back to index)
If i remove this and use a known username and password, i am able to log into the correct page, but this session validation is the bit that's not working
please could you help?
I have created a test account in my database with a user level of -1 and i think my code might be wrong but i am hoping someone can spot where i have gone wrong as i cannot, also a similar problem with another session variable loggedIn this is what i get when i login this is on the index page.
Notice: Undefined index: loggedIn in C:\xampp\htdocs\Login\index.php on line 11 Notice: Undefined index: loggedIn in C:\xampp\htdocs\Login\index.php on line 17 You must be logged in to view this page!Index page source code:
<?php
session_start();
error_reporting(E_ALL | E_NOTICE);
ini_set('display_errors', '1');
require 'connect.php';
if($_SESSION['loggedIn'] == 1) {
//Do Nothing
exit();
} else if($_SESSION['loggedIn'] != 1) {
echo "You must be logged in to view this page!";
exit();
}
if($_SESSION['user_level'] == -1) {
header("Location: banned.php");
} if(isset($_SESSION['username'])) {
echo "<div id='welcome'> Welcome, ". $_SESSION['username'] ." <br> </div> ";
}
?>
Also if you need my login source code:
<?php
error_reporting(E_ALL | E_NOTICE);
require 'connect.php';
session_start();
if (isset($_POST['submit'])) {
$username = trim($_POST['username']);
$password = trim($_POST['password']);
if (empty($username)) {
echo "You did not enter a username, Redirecting...";
echo "<meta http-equiv='refresh' content='2' URL='login.php'>";
exit();
}
if (empty($password)) {
echo "You did not enter a password, Redirecting...";
echo "<meta http-equiv='refresh' content='2' URL='login.php'>";
exit();
}
//Prevent hackers from using SQL Injection to hack into Database
$username = mysqli_real_escape_string($con, $_POST['username']);
$password = mysqli_real_escape_string($con, $_POST['password']);
$result = $con->query("SELECT * FROM $tbl_name WHERE username='$username' AND password='$password'");
$row = $result->fetch_array();
$user_level = $row['user_level'];
// check to make sure query did execute. If it did not then trigger error use mysqli::error to see why it failed
if($result->num_rows > 0)
{
//Set default user
$_SESSION['loggedIn'] == 1;
$_SESSION['user_level'] == 1;
$_SESSION['username'] == trim($_POST['username']);
header("Location: index.php");
exit();
} else if($row['user_level'] == 1) {
$_SESSION['user_level'] == 1;
//Location admin
header("Location: admin.php");
exit();
} else if($row['user_level'] == -1) {
$_SESSION['user_level'] == -1;
$_SESSION['username'] == trim($_POST['username']);
//Location banned
header("Location: banned.php");
exit();
} else if($_SESSION['loggedIn'] == true) {
//Location default user home page
header("index.php");
} else {
echo "Invalid Username/Password";
}
//Kill unwanted session
} if(isset($_POST['killsession'])) {
session_destroy();
echo "<br> <br> The Session Destroyed. (Basically means you have been logged out)";
exit();
}
?>
I appreciate all help
Hey guys, Currently Im using: $row = mysql_fetch_array($result) or die(mysql_error()); echo $row['user_family']. " - ". $row['user_registered']; $row['user_family'] = $fam; $_SESSION['family'] = $fam; to take data from a mysql table & set it as SESSION family. However, I cant seem to get this to set. The information IS being taken from mysql because its being echo'd earlier up in the code, but its just not passing to the session. Any ideas? Hi all, Yesterday I moved a web application from a normal cookie session to a use_trans_sid session because some users' browser didn't accept cookies. This works great, but the session used to last for 45 minutes (set with session.gc_maxlifetime), but after the change the session times out faster. (How) can I set the session length if I use use_trans_sid? Thanks, Base PS: PHP version 5.2.13-1 Record set has 2 text fields in the form which is set in a full repeat recordset browse. So, we get a long list of every record in the database. However, I want to be able to click on a single record and make another page appear. I can do this if the display is set as a table without using a text field form -- just the record variable and using a hyperlink. But, I want to use the text field. Wrapping the form only gets me the value of the last record displayed. Help would be appreciated. My login script stores the user's login name as $_SESSION[ 'name'] on login. For some unapparent reason, i'm getting errors stating that $user and $priv are undefined variables, though I've attempted to define $user as being equal to $_SESSION['name'], using $user to look up the the user's privilege level (stored as the su column ) in the SQL table, and then where the result of the sql query is $priv which is then evaluated in an if statement. I can't seem to figure out why this might not be working. The code I'm using:
<?php
session_start();
function verify() {
//verify that the user is logged in via the login page. Session_start has already been called.
if (!isset($_SESSION['loggedin'])) {
header('Location: /index.html');
exit;
}
//if user is logged in, we then lookup necessary privleges. $_SESSION['name'] was written with the login name upon login. Privleges // are written in db as a single-digit integer of of 0 for users, 1 for administrators, and 2 for special users.
$user === $_SESSION['name'];
//Connect to Databse
$link = mysqli_connect("127.0.0.1", "database user", "password", "database");
if (!$link) {
echo "Error: Unable to connect to MySQL." . PHP_EOL;
echo "Debugging errno: " . mysqli_connect_errno() . PHP_EOL;
echo "Debugging error: " . mysqli_connect_error() . PHP_EOL;
exit;
}
//SQL Statement to lookup privlege information.
if ($result = mysqli_query($link, "SELECT su FROM accounts WHERE username = $user", MYSQLI_STORE_RESULT)) {
//LOOP TO CYCLE THROUGH SQL RESULTS AND STORE Privlege information as vairable $priv.
while ($row = $result->fetch_assoc()) {
$priv === $row["su"];
}
}
// close SQL connection.
mysqli_close($link);
// Verify privleges and take action. Only a privlege of "1" is allowed to view this page. A privlege of "2" indicates special
//accounts used in other scripts that have certain indermediate additional functions, but are not trusted administrators.
if ($priv !== 1) {
echo $_SESSION['name'];
echo "you have privlege level of $priv";
echo "<br>";
echo 'Your account does not have the privleges necessary to view this page';
exit;
}
}
verify();
?>
Hello everyone, I can get Test 2 to successfully operate the if statement using a variable variable. But when I try the same method using a session variable (Test 1) the if statement is not executed. Please could you tell me why the if statement in Test 1 is not being executed? Code: [Select] <?php # TEST 1 $_SESSION[test_variable] = "abcd"; $session_variable_name = "_SESSION[test_variable]"; if ($$session_variable_name == "abcd") { echo "<br>line 373, abcd<br>"; } # TEST 2 $test_variable = "efgh"; $test_variable_name = "test_variable"; if ($$test_variable_name == "efgh") { echo "<br>line 379, efgh<br>"; } ?> Many thanks, Stu
v=$("#txtusername");
$.post('../actions/check.php',{user:v.val().toLowerCase()},function(d){
if(d=='available'){
$("#usernamemessage").html("<span style='color:green;'>Username is available</span>");
}else if(d=='not-available'){
$( "#txtusername" ).effect( "shake" );
$('#txtusername').css('border', 'solid 2px blue');
var iserror = '1'
alert(iserror);
}
});
alert(iserror);
The first alert displays '1', however, the second displays 'undefined'. Why is this?Thanks Attempting to set a variable = NOW() + INTERVAL 90 DAY; I can run SELECT DATE_ADD(NOW(), INTERVAL 90 DAY using MYSQL, but don't know how to move result to a variable. Hi I'm having a problem getting a query to work. I have a simple form with user input for start and end date with format: 2009-03-19 (todays date): $Startdate = $_POST['date']; This works well when something is entered into the form, and afterwards using my query: SELECT COUNT(*) as total FROM mydb WHERE Date BETWEEN '$Startdate' AND '$EndDate' ........ Problem is if user submits the form without entering anything in the date input fields, which makes sense. I want to check if inputs has been made, and if not set af default date, but can't make it work:
if (isset($_POST['date']) && $_POST['date'] !='') {
$Startdate = $_POST['date'];}
else { $Startdate = '1980-01-01';}
How can I set $Startdate to something that can be used in the query as below doesn't work? When I run 'select 1700-price as blah from goldclose as t2 order by dayid desc limit 1' by itself in mysql I get a numerical result: one row, one column. In my php script, the 1700 is actually a variable. so here it is $changequery = sprintf("select $goldprice-price as change from goldclose order by dayid desc limit 1"); $change = mysql_query(changequery); while ($row = mysql_fetch_array($change)) { printf("$row[0]"); } mysql_free_result($changeresult); I get the following error, Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in <b>/root/fuzzy/htmlmain4.php on line 99 Warning: mysql_free_result(): supplied argument is not a valid MySQL result resource in <b>/root/fuzzy/htmlmain4.php on line 103 Not sure why? All i want is to get the result of that select statement into a variable such as $change Hi I am using very simple code. Here it is Code: [Select] <?php session_start(); $user = "guest"; $uid = "1"; echo $_SESSION['user']."<br />"; echo $_SESSION['uid']; ?> it displays this error Code: [Select] Notice: Undefined index: user in C:\wamp\www\DealDash\index.php on line 5 Notice: Undefined index: uid in C:\wamp\www\DealDash\index.php on line 6 how can I solve this problem? Help please I wonder whether someone can help me please. I'm using the script below to create a page whereby users are presented with a list of image folders they have created. Clicking on any of the folders allows the user to drill down and view the individual images. Code: [Select] <?php session_start(); $_SESSION['username']=$_POST['username']; $_SESSION['locationid']=$_POST['locationid']; ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <?php //This variable specifies relative path to the folder, where the gallery with uploaded files is located. $galleryPath = 'UploadedFiles/' . $_SESSION['username'] . '/' . $_SESSION['locationid'] . '/'; $absGalleryPath = realpath($galleryPath) . DIRECTORY_SEPARATOR; $descriptions = new DOMDocument('1.0'); $descriptions->load($absGalleryPath . 'files.xml'); $items = array(); for ($i = 0; $i < $descriptions->documentElement->childNodes->length; $i++) { $xmlFile = $descriptions->documentElement->childNodes->item($i); $path = $xmlFile->getAttribute('name'); $path = explode('/', $path); $t = &$items; for ($j = 0; $j < count($path); $j++) { if (empty($t[$path[$j]])) { $t[$path[$j]] = array(); } $t = &$t[$path[$j]]; } $t['/src/'] = $xmlFile->getAttribute('source'); $t['description'] = $xmlFile->getAttribute('description'); $t['size'] = $xmlFile->getAttribute('size'); } $basePath = empty($_GET['path']) ? '' : $_GET['path']; if ($basePath) { $basePath = explode('/', $basePath); for ($j = 0; $j < count($basePath); $j++) { $items = &$items[$basePath[$j]]; } } $files = array(); $dirs = array(); function urlpartencode(&$item, $index) { $item = rawurlencode($item); } foreach ($items as $key => $value) { if (isset($value['/src/'])) { $value['/src/'] = explode('/', $value['/src/']); array_walk($value['/src/'], 'urlpartencode'); $value['/src/'] = implode('/', $value['/src/']); $files[] = array( 'name' => $key, 'src' => $value['/src/'], 'description' => htmlentities($value['description'], ENT_COMPAT, 'UTF-8'), 'size' => htmlentities($value['size'], ENT_COMPAT, 'UTF-8') ); } else { $dirs[] = $key; } } $basePath = empty($_GET['path']) ? '' : $_GET['path']; $up = dirname($basePath); if ($up == '.') { $up = ''; } sort($files); sort($dirs); ?> <head> <title>View Image Folders</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <link href="Styles/style.css" rel="stylesheet" type="text/css" /> <script src="Libraries/jquery/jquery-1.4.3.min.js" type="text/javascript"></script> <style type="text/css"> <!-- .style1 { font-size: 14px; margin-top: 5px; margin-right: -50px; } --> </style> <body style="font-family: Calibri; color: #505050; margin-right: 160px; margin-left: -180px;"> <div align="right" class="style1"> <a href = "index.php" /> Add Images <a/> → <a href = "javascript:document.imagefolders.submit()"> View All Images </a> </div> <form id="imagefolders" name="imagefolders" class="page" action="gallery.php" method="post" enctype="application/x-www-form-urlencoded"> <div id="container"> </div> <div id="center"> <div class="aB"> <div class="aB-B"> <?php if ('Uploaded files' != $current['title']) :?> <?php endif;?> <div class="demo"> <input name="username" type="hidden" id="username" value="IRHM73" /> <input name="locationid" type="hidden" id="locationid" value="1" /> <div class="inner"> <div class="container"> <div class="gallery"> <table class="gallery-link-table" cellpadding="0" cellspacing="0"> <thead> <tr class="head"> <th class="col-name"> Name </th> <th class="col-size"> Size </th> <th class="col-description"> Description </th> </tr> </thead> <tbody> <tr class="directory odd"> <td class="col-name"> <a href="?path=<?php echo rawurlencode($up); ?>">..</a> </td> <td class="col-size"> </td> <td class="col-description"> </td> </tr> <?php $i = 1; ?> <?php foreach ($dirs as $dir) : ?> <tr class="directory <?php $i++; echo ($i % 2 == 0 ? 'even' : 'odd'); ?>"> <td><a href="?path=<?php echo rawurlencode(($basePath ? $basePath . '/' : '') . $dir); ?>"><?php echo htmlentities($dir, ENT_COMPAT, 'UTF-8'); ?></a></td> <td>Folder</td> <td></td> </tr> <?php endforeach; ?> <?php foreach ($files as $file) : ?> <tr class="<?php $i++; echo ($i % 2 == 0 ? 'even' : 'odd'); ?>"> <td><a target="_blank" href="<?php echo $galleryPath . $file['src']; ?>"><?php echo htmlentities($file['name'], ENT_COMPAT, 'UTF-8'); ?></a></td> <td><?php echo htmlentities($file['size'], ENT_COMPAT, 'UTF-8'); ?></td> <td><?php echo htmlentities($file['description'], ENT_COMPAT, 'UTF-8'); ?></td> </tr> <?php endforeach; ?> </tbody> </table> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </form> </body> </html> I can create the list of folders, but when I click on any of these, instead of being able to view the images, I receive the following error: Quote Warning: DOMDocument::load() [domdocument.load]: I/O warning : failed to load external entity "/homepages/2/d333603417/htdocs/development/UploadedFiles/files.xml" in /homepages/2/d333603417/htdocs/development/imagefolders.php on line 16 Warning: Invalid argument supplied for foreach() in /homepages/2/d333603417/htdocs/development/imagefolders.php on line 52 Line 16 is this line Code: [Select] $descriptions->load($absGalleryPath . 'files.xml'); and line 52 is this Code: [Select] foreach ($items as $key => $value){ However, if I change this line Code: [Select] $galleryPath = 'UploadedFiles/' . $_SESSION['username'] . '/' . $_SESSION['locationid'] . '/'; to Code: [Select] $galleryPath = 'UploadedFiles/' . 'IRHM73' . '/' . '1' . '/'; i.e. replacing the 'Session Variables' with the actual values, the page works. I've been working on this for days now, and I just can't find the solution. I just wondered whether someoen could perhaps have a look at this and let me know where I'm going wrong. Many thanks and regards Need help declaring some session variable guys. I have a login form where the member enters his 1. Pilot Callsign 2. Password I want to declare that Pilot Callsign as the session variable on authentication. Using that Pilot Callsign session variable, I will fetch data from the database relevant to his profile. I already have the whole login page coded along with the restricted access pages (not coded by me). Check this out 1. Page is coded like this and working PERFECTLY --- Code: [Select] <?php // *** Validate request to login to this site. if (!isset($_SESSION)) { session_start(); } $loginFormAction = $_SERVER['PHP_SELF']; if (isset($_GET['accesscheck'])) { $_SESSION['PrevUrl'] = $_GET['accesscheck']; } if (isset($_POST['pilot_callsign'])) { $loginUsername=$_POST['pilot_callsign']; $password=$_POST['password']; mysql_select_db($database_brn_system, $brn_system); $LoginRS__query=sprintf("SELECT pilot_callsign, password, staff_level, firstname FROM pilots WHERE activated = 1 AND pilot_callsign=%s AND password=%s", GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text")); $LoginRS = mysql_query($LoginRS__query, $brn_system) or die(mysql_error()); $loginFoundUser = mysql_num_rows($LoginRS); if ($loginFoundUser) { $loginStrGroup = mysql_result($LoginRS,0,'staff_level'); if (PHP_VERSION >= 5.1) {session_regenerate_id(true);} else {session_regenerate_id();} //declare two session variables and assign them $_SESSION['MM_Username'] = $loginUsername; $_SESSION['MM_UserGroup'] = $loginStrGroup; ?> --- 2. As you can see, there already is a session variable declared for Pilot Callsign But on the next page "Restricted Access Page", when I try to call this same Session Variable, it doesn't work. I tried doing this <?php echo $_SESSION['MM_Username'] ?> Moreover, I even tried to fetch data from the table like this - SELECT * FROM pilots WHERE pilot_callsign=$_SESSION['MM_Username'] Doesn't work hi all , i am working on a script which is oop driven and i m not much familiar with it, i appericiate if someone can help me to solve this problem , so basicaly current script is only setting one session variable to true if user login $_SESSION['is_successful_login'] , here is my code <?php include('files/db.php'); class ajaxLoginModule { private $timeout = null; private $target_element = null; private $wait_text = null; private $form_element = null; private $wait_element = null; private $notify_element = null; function __construct() { include ('config.php'); $msql = new Db; $msql->connect(); $this->is_login(); } function get_config() { $this->set_ajax_config(); } function set_ajax_config() { $this->timeout = AJAX_TIMEOUT; $this->target_element = AJAX_TARGET_ELEMENT; $this->wait_text = AJAX_WAIT_TEXT; $this->wait_element = AJAX_WAIT_ELEMENT; $this->notify_element = AJAX_NOTIFY_ELEMENT; $this->form_element = AJAX_FORM_ELEMENT; } function initLogin($arg = array()) { $this->get_config(); $this->login_script(); } function initJquery() { return "<script type='text/javascript' src='files/jquery-1.3.2.min.js'></script>"; } function login_script() { include ('files/login_script.php'); } function is_login() { if(isset($_POST['username'])) { $username = $_POST['username']; $password = $_POST['password']; $strSQL = "SELECT * FROM ".USERS_TABLE_NAME." WHERE username ='$username' AND password = '$password' "; $result = mysql_query ($strSQL); $row = mysql_fetch_row($result); /* //THIS IS WHAT I NEED $_SESSION['user'] = $row['username']; $_SESSION['id'] = $row['id']; */ $exist = count($row); if($exist >=2) { $this->jscript_location(); } else { $this->notify_show();} exit; } } function notify_show() { echo "<script>$('.".AJAX_NOTIFY_ELEMENT."').fadeIn();</script>"; } function jscript_location() { $this->set_session(); echo "<script> $('#container').fadeOut();window.location.href='".SUCCESS_LOGIN_GOTO."'</script>"; } function set_session() { session_start(); $_SESSION['is_successful_login'] = true; } } ?> i comment that line what i need is username and id to store in those session variables $_SESSION['user'] = $row['username']; $_SESSION['id'] = $row['id'] i tried to add code in function set_session but did not helped, appreciate for any help. Thanks Is it good practice to put an oop object in session variable Question about variable variables and using session variables for them. O.K. So if I have: $foo = 3; $_SESSION['bar'] = "foo"; $$_SESSION['bar'] should equal the value of $foo, however I can't get it to work. Can someone tell me what I am doing wrong..... is it formatting??? Thanks, Thomas |
|||||||