PHP - Setting A Variable If A Session Or Cookie Isset

Hi.

Link to project: www.smarttreff.moo.no
Login user: admin
login pw: 123

When i login the login form wont disapear. If i return to the index(Hjem) page without logging out, the loginform disapear. I am ussing session for the login

So the basicly, i want the loginform do disapear at once when the user has pushed login button(Logg in)

(dont laught at my "cut and past" for the include meny.. i just made the design and chopped it to bits and put it into includes)

Index.php
Code: [Select]


<?php
session_start();

include("css.php");
include("header.php");
include("meny.php");
?>




    <td width="596" valign="top"><table width="100%" border="0" cellpadding="15">
      <tr>
        <td class="tabell" valign="top" align="left">
       
       
        Main
       
       
        </td>
      </tr>
    </table></td>
  </tr>
</table>

<?php
include("footer.php");
?>

meny.php
Code: [Select]
<table width="800" border="0">
  <tr>
    <td width="198" valign="top"><table width="100%" border="0" cellpadding="15">
      <tr>
        <td align="left" valign="top" class="tabell">
        <a href="index.php">Hjem</a> <br />
        Når og hvor <br />
        For hvem <br />
       
        Spørsmål og svar<br />
        Forum <br />
        <br />
        <br />
        Samarbeidspartnere
        </td>
      </tr>
    </table>
      <br />
      <table width="100%" border="0" cellpadding="15">
        <tr>
          <td class="tabell" valign="top" align="left">
 <?php


if(isset($_SESSION['username']))
echo "Velkommen, " .$_SESSION['username']. "!<a href='innlogget.php'>Medlemsnyheter</a><br><a href='logout.php'>Log ut</a>";

else {
include("loginform.php");
}
?>
          </td>
        </tr>
      </table></td>
    <td width="15">&nbsp;</td>

Here is my code that sets the cookie for a year:


//set a cookie for a year
setcookie('user', $username, time()+31536000);


My code that unsets it:


<?php
unset($_COOKIE['user']);

header("LOCATION:index.php");
?>


Why doesn't it log the user out?

Hi, I'm pretty new to php, and to this site as well, so please bear with me...

I have a table in my database which has "user_id" as its primary key, and i want to set the values under this as a cookie.
I've put in bold the main things that are affecting it (I think).

As is, the mysite_userid cookie does not set properly, and I get an error like this "Header may not contain more than a single header, new line detected...."

Any help would be really appreciated!!

<?php

include("connect.php");

$match = "select user_id from $table where username = '".$_POST['username']."'
and password = '".$_POST['password']."';";

$qry = mysql_query($match)
or die ("Could not match data because ".mysql_error());
$num_rows = mysql_num_rows($qry);

if ($num_rows <= 0) {
echo "Sorry, there is no username ".$_POST['username']." with the specified password.
";
echo "Try again";
exit;
}

$remember = strip_tags($_POST['remember']);

if ($remember) {
          setcookie("loggedin", "TRUE", time()+3600*24);
         setcookie("mysite_username", "".$_POST['username']."");
         header("Location: members.php");
        }
else {


setcookie("loggedin", "TRUE");
setcookie("mysite_username", "".$_POST['username']."");
setcookie("mysite_userid", $qry);

$site_username = $HTTP_COOKIE_VARS["mysite_username"];
$site_userid = $HTTP_COOKIE_VARS["mysite_userid"];

header("Location: members.php?user=$site_userid");

}
?>

I have a web application in which there are two php files index.php and  include.php .

include.php is loaded to a DIV tag inside index.php on click of button using Jquery . Both these php files share a common varible through cookie which is used to keep track of the data retrived by include.php . This variable will be updated each time include.php retrives data .
These php code work fine  Mozilla and chrome  but not in IE . When i checked the cookie value it is same through out without setting .

Please help .

Thanks in advance ,
Rahul

hi
today i was checking a site as i m learning more about curl. i see i was not able to get image with curl.
they have stopped hotlinking and was not finiding anyway to show me image on my localhost so making this thread for any pro help.

here is my code:

$ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, "http://www.pixhost.org/show/2019/5530476_banner.png");
    curl_setopt($ch, CURLOPT_USERAGENT, "Opera/9.80 (Windows NT 5.1; U; en) Presto/2.5.24 Version/10.54");
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
   curl_setopt($ch, CURLOPT_COOKIE, 'pixhostads=1');
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    $result = curl_exec ($ch);
echo $result ;

if i run that script it will show me that page but it says pictures is hotlinked and cant display, so i tried to see cookie but i m not sure if i am doing it right. on that url u must need to click "Click to continue" before u can see image.

Please can someone help why its not showing me the correct image and any way to pass it?
thanks

Can someone help me understand why when I run this script I can see that {$_SESSION['user_level']} has changed for each user I login into for, but, for some reason the elseif statement never gets executed although I can see thru the debug line of i inserted (line 4: echo statement for user_level) does show that the 'user_level' variable does equals '1'? WHY?

How come only the 'first_name" If  statement executes and never the elseif?

Code: [Select]
<?php   //  Changing Header Due to User Status     


// Add links if the user is an administrator:  


if ( isset($_SESSION['first_name'])) {  

    echo 'Welcome user';
    echo ", {$_SESSION['first_name']}!";     
echo ", {$_SESSION['user_level']}!"; 
    echo '<a href="../registration/login/logout.php" title="Logout"> | Logout</a>
    <a href="../registration/login/change_password.php" title="Change Your Password"> | Change Password</a>
    <a href="../addevent/" title="My Events"> | My Events</a>
    <a href="../addvenue/" title="My Places"> | My Places</a>
    <a href="../registration/login/register.php" title="Register for the Site"> | Register</a>
    <a href="../registration/login/forgot_password.php" title="Password Retrieval"> | Retrieve Password</a>
';

} 

elseif ( isset($_SESSION['user_level']) == '1' ) { 

    echo 'Welcome Admin';
    echo ", {$_SESSION['first_name']}!";     
 //   echo ", {$_SESSION['user_level']}!";
    echo '<a href="../registration/login/logout.php" title="Logout"> | Logout</a>
    <a href="../registration/login/change_password.php" title="Change Your Password"> | Change Password</a>
    <a href="../addevent/" title="My Events"> | My Events</a>
    <a href="../addvenue/" title="My Places"> | My Places</a>
    <a href="../registration/login/register.php" title="Register for the Site"> | Register</a>
    <a href="../registration/login/forgot_password.php" title="Password Retrieval"> | Retrieve Password</a>
';
    echo '<a href="view_users.php" title="View Users">  | Users</a>
    <a href="../registration/login/view_activities_types.php" title="All Activity Choice Types">  | Activity Choices</a>
    <a href="../registration/login/admin/add_activity_type.php" title="Add Activity Choices"> | Add Activity Choices</a>
';

}

else {

//  echo ", {$_SESSION['user_level']}!";

}

Hi All,

I have a secure website which always checks the cookies is not expired and the session id is set.
When someone doesn't browse for the period of the cookie it will expire however the session id stays valid
until he logout. A lot of people don't logout so the pages will still be accessable for them or others who use
their pc.

Is there a way to destroy the session id when the cookies expires?

Marco

hey guys im using a session cookie to store a user_id, only if user has clicked to remember me on the login form...that way when autenticating it checks id in db and if matching a user it logs in automatically.   now the problem i want to just remove user_id from a session cookie.  if i use the code below to delete the user_id session then it will remove all session cookies.    is there a way just to remove 1 session cookie?  thank you

// create session cookie
session_start();
session_set_cookie_params('3600', 'C:\Users\Ricky\Desktop\www\BiSi\private\tmp\session', 'http://127.0.0.1/', true, true);
ini_set('session.gc_probability', 1);
session['user_id'] = 1;

//delete session cookies
setcookie (session_name(), null, time() - 3600);
session_regenerate_id(true);

any help/advise would be greatful...cheers guys  

hello all,

I have a client that wants to protect their web page with a password protected landing page. Once the password is entered the user is directed to a "disclaimer" page that they have to agree to first before going into the site. I have put both the landing page and the disclaimer page in my root directory and then the site I put in a sub directory /cms/

in the main site index.php I check for the post password and then set a $_COOKIE for the user that will expire in 1 month
<?php 
// this goes on the very top of the index.php file in the template you are using
//check if user has entered password and needs cookie set
if(isset($_POST['fpass']) && !isset($_COOKIE['fpass'])) setcookielive('fpass', $_POST['fpass'], strtotime( '+1 month' ));


function setcookielive($name, $value='', $expire=0, $path='', $domain='', $secure=false, $httponly=false) {
    //set a cookie as usual, but ALSO add it to $_COOKIE so the current page load has access
    $_COOKIE[$name] = $value;
    return setcookie($name,$value,$expire,$path,$domain,$secure,$httponly);
}

The next thing I do is check if a user is trying to access the main site with having the COOKIE - if so I redirect the user to the landing page
//check if user has not entered password
if (!isset($_COOKIE['fpass']) || $_COOKIE['fpass'] == "") header('location: http://www.mypage.com');

This works fine up to this point.
Now my problem is that I also need to check if a user has the month long cookie set but is trying to access the main page without viewing the disclaimer page first.
I thought this would work:
//check if the user has a cookie set but is on a new session
if (isset($_COOKIE['fpass']) && !isset($_SESSION['fpass'])) header('location: http://www.mypage.com/disclaimer.php');
But this only throws the user into a loop of "disclaimer" -> "landing page" -> "disclaimer" etc. They can never get into the main site.

How do I check for the cookie and whether the user has visited the disclaimer page - but then allow the user to continue once they go to the disclaimer page?

NB: the $_SESSION is not set until the main site.

Hi,

I'd like to know the security of assuming session variables and using them for secure membership systems.

Could a malicious user not create a session, then change the session username to another user and effectively login as that user?

As I see it, no. Because session data is stored on the server and only a session id is stored on the client by way of a cookie.

But what if we used cookies? What is the solution to this? Because I know I could easily change ANY variables within a cookie.

I guess storing cookie data via db would help. But what is the best practice solution?

I see a lot of code which simply checks for a cookie with the variable 'logged_in' to true. It then manages the user by username or userid which are stored within the cookie but which can be changed with ease by a malicious user.

Hi to everyone, I'm new to the forum and I'm posting here because I ended up in a logical problem for my next script development. I need to get some data of external websites (with vbulletin board), perfectly legal. Using file_get_contents i can print the page content on my server and then use jquery's powerful selectors to get my data.   The problem is that these data are shown only to logged in users so i would need this script (maybe using cURL?) to either login to the external website and then persists the connection or maybe if the user who is executing my script is already logged in that website then use his login? (most likely impossible I think..)   This is my code so far (found on some sites and merged into this)

$data = array('vb_login_username' => 'Scanu', 'vb_login_password' => 'grgfgrgrfbtgbt');
$ch = curl_init(); 
curl_setopt($ch,    CURLOPT_URL,            "http://www.vbulletin.org/forum/login.php?do=login"); 
curl_setopt($ch,    CURLOPT_AUTOREFERER,         true); 
curl_setopt($ch,    CURLOPT_COOKIESESSION,         true); 
curl_setopt($ch,    CURLOPT_FAILONERROR,         false); 
curl_setopt($ch,    CURLOPT_FOLLOWLOCATION,        false); 
curl_setopt($ch,    CURLOPT_FRESH_CONNECT,         true); 
curl_setopt($ch,    CURLOPT_HEADER,             true); 
curl_setopt($ch,    CURLOPT_POST,                 true); 
curl_setopt($ch,    CURLOPT_RETURNTRANSFER,        true); 
curl_setopt($ch,    CURLOPT_CONNECTTIMEOUT,     30); 
curl_setopt($ch,    CURLOPT_POSTFIELDS,         $data); 
$result = curl_exec($ch); 
curl_close($ch);


$pattern = "#Set-Cookie: (.*?; path=.*?;.*?)\n#"; 
preg_match_all($pattern, $result, $matches); 
array_shift($matches); 
$cookie = implode("\n", $matches[0]); 


$ch = curl_init(); 
curl_setopt($ch,    CURLOPT_URL,            "http://www.vbulletin.org/forum/"); 
curl_setopt($ch,    CURLOPT_COOKIE,                $cookie); 
curl_setopt($ch,    CURLOPT_AUTOREFERER,         true); 
curl_setopt($ch,    CURLOPT_COOKIESESSION,         true); 
curl_setopt($ch,    CURLOPT_FAILONERROR,         false); 
curl_setopt($ch,    CURLOPT_FOLLOWLOCATION,        false); 
curl_setopt($ch,    CURLOPT_FRESH_CONNECT,         true); 
curl_setopt($ch,    CURLOPT_HEADER,             false); 
curl_setopt($ch,    CURLOPT_POST,                 false); 
curl_setopt($ch,    CURLOPT_RETURNTRANSFER,        true); 
curl_setopt($ch,    CURLOPT_CONNECTTIMEOUT,     30); 
$result = curl_exec($ch); 
curl_close($ch);
echo $result;
?>

It just shows the same page for unregistered users. Any help or advice is appreciated, i'm very new to this type of script..

Hi, I am just recently getting this error message:Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /home/XXX/chordsandguitar.com/index.php:46) in /home/jchords/chordsandguitar.com/index.php on line 48

this is no doubt related to the fact that my site has been hacked along with 1000's of others that are on dreamhost. I don't know if it's related to php file permissions some of my files may have had had their permission set for read-write when they should not have been. They have all been changed to the more restrictive 755 or 644.

So here is how I am using the session_start to store some variables:

Code: [Select]

session_start();

if (!isset($_SESSION["count"]))
{
$_SESSION["count"]=0;
}
else
$_SESSION["count"]++;

if ($_SESSION["count"] == 0)
{
$scale_menu = 'C';
$variation_menu = 'maj';
$code_id = '1';
}
else
{
//allows retreiving the value of the drop-downs after the Select button has been pushed
// has to be skipped on the first access or overwrites starting vars. to null
if (isset($_GET['s_menu']))
$scale_menu = $_GET['s_menu'];
else
$scale_menu = $_GET['scale_menu'];
}


So any ideas why I am getting this error?

Thanks,

Jacques

I don't know why but I'm failing hard at GoogleFu today. I can't find a tutorial on how to store a session id in a cookie and then call it on the server. session_id says it replaces the cookie it makes if you set the id via session_id, even if it's the same id...but I'm not sure if that really matters.

Can anyone help point me in the right direction to a good tutorial/give me some insight on this subject? I want to store the session id in a cookie to keep a user logged in for 2 weeks or so (unless they log out of course).

I did find some tutorials on how to re-route the session handlers for open/close/read/write session functions which allow me to store the session in a database. Is this what I want?

Sorry for the newbie question,

Thanks,
Justin

The default PHP Session name on my webspace server is PHPSESSID.

Does that mean that the session cookie will be called PHPSESSID?

The reason i ask is that in a couple of places i can't use PHP to update the information in the session cookie (because PHP is parsed before the webpage loads) and so i need to use Javascript to update a cookie which i would prefer to be the session cookie used by PHP.

I guess i'm asking what the name of the cookie is, how i would refer to it in Javascript (if that is even possible) so that i can update it and whether this would cause any issues with the info already stored in the session cookie by PHP.

Cheers

NM

Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /home/bakerde1/public_html/oceangamer.com/login.php:1) in /home/bakerde1/public_html/oceangamer.com/login.php on line 2

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/bakerde1/public_html/oceangamer.com/login.php:1) in /home/bakerde1/public_html/oceangamer.com/login.php on line 2

These are my error messages, here is my code. I don't know if it is the UTF-8 code at the start, but if it is can anyone recommend a binary editor to remove this. If it isn't what is the problem?

<?php  
  session_start();



$username = $_POST['username'];
$password = base64_decode($_POST['password']);


$errors = array();

if($username == 'User Name' || $username == ''){
  $errors[] = 'Please enter a valid username';
}

if($password == 'Password' || $password == ''){
  $errors[] = 'Please enter a valid password';
}

$link = mysql_connect("localhost","*****","******") or die ("Could not connect!");
mysql_select_db("chef");

$query = mysql_query("SELECT * FROM `users` WHERE `username`='$username'");
$numrows = mysql_num_rows($query);

if ($numrows!=0)
{
while($row = mysql_fetch_assoc($query))
{
$dbusername = $row['username'];
$dbpassword = $row['password'];
}
if ($username==$dbusername&&$password==$dbpassword)
{ 
$_SESSION['user'] = $username;
while ($row = mysql_fetch_array($res)) {
   $type = $row['Type'];
}
if ($type == "0") {
header("location: chefpanel.php");
}else{
header("location: restpanel.php");
}
}
else
 $errors[] = 'Username or Password Incorrect';
}
else
 $errors[] = 'Username or Password Incorrect';
?>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>