PHP - Creating And Checking Session Problems

Hi.

Link to project: www.smarttreff.moo.no
Login user: admin
login pw: 123

When i login the login form wont disapear. If i return to the index(Hjem) page without logging out, the loginform disapear. I am ussing session for the login

So the basicly, i want the loginform do disapear at once when the user has pushed login button(Logg in)

(dont laught at my "cut and past" for the include meny.. i just made the design and chopped it to bits and put it into includes)

Index.php
Code: [Select]


<?php
session_start();

include("css.php");
include("header.php");
include("meny.php");
?>




    <td width="596" valign="top"><table width="100%" border="0" cellpadding="15">
      <tr>
        <td class="tabell" valign="top" align="left">
       
       
        Main
       
       
        </td>
      </tr>
    </table></td>
  </tr>
</table>

<?php
include("footer.php");
?>

meny.php
Code: [Select]
<table width="800" border="0">
  <tr>
    <td width="198" valign="top"><table width="100%" border="0" cellpadding="15">
      <tr>
        <td align="left" valign="top" class="tabell">
        <a href="index.php">Hjem</a> <br />
        Når og hvor <br />
        For hvem <br />
       
        Spørsmål og svar<br />
        Forum <br />
        <br />
        <br />
        Samarbeidspartnere
        </td>
      </tr>
    </table>
      <br />
      <table width="100%" border="0" cellpadding="15">
        <tr>
          <td class="tabell" valign="top" align="left">
 <?php


if(isset($_SESSION['username']))
echo "Velkommen, " .$_SESSION['username']. "!<a href='innlogget.php'>Medlemsnyheter</a><br><a href='logout.php'>Log ut</a>";

else {
include("loginform.php");
}
?>
          </td>
        </tr>
      </table></td>
    <td width="15">&nbsp;</td>

Most of my website is written in php4. My hosting server has support for both 4 and 5 just by changing file extension. .php which is the default supports 4, .php5 of course supports 5. The problem I am having is that the pages with the .php5 extensions are not recognizing session variables. Is there something I should be doing differently in 5 for my session variables?

For example a variable request like this returns 0

print $_SESSION['FULLNAME'];

Please Help!! Thank you in advance?

Hi I am having issues with the following code.  I cannot get the table to produce a subtotal multiplying the value of 'ITEMQTY' which is a text field in the form in which the user enters by the 'ITEMPRICE' field which value is located in a text document.


<h1>SHOPPING CART</h1><img src="images/cart.png" alt="Cart" width="100" height="100"/>
<a href="browse_index.php">CLICK HERE TO CONTINUE SHOPPING</a>
<?php

  if(isset($_POST['submit']))
  {

$itemname = $_POST['h1'];

//echo $_SESSION['itemname'][$itemname];

  unset($_SESSION['itemqty'][$itemname]);

  unset($_SESSION['itemprice'][$itemname]);

  unset($_SESSION['itemname'][$itemname]);
  

}
  echo "<br/><br/>";
  echo "<table border='8' cellpadding='10' >";
  echo "<tr><th>Name</th><th>Quantity</th><th>Price</th><th>Subtotal</th></tr>";
  foreach($_SESSION['itemname'] as $key => $value)
  
  $subtotal = ($_SESSION['itemprice']*($_SESSION['itemqty'];
{

echo
'<tr>
<td>'.$_SESSION['itemname'][$key].'</td>
<td><input type="text" name="t1" value='.$_SESSION['itemqty'][$key].'></td>
<td>'.$_SESSION['itemprice'][$key].'</td>
<td>'.$_SESSION['h2'][$key].'</td>
<td><form id="f1" method="post" name="f1"><input type="submit" name="submit" value = "delete"><input type="hidden" name="h1" value='.$key.'></td>
</tr>
<tr><form id="t1" method="post" action="summary.php" name="t1"><input type="submit" name="order" value="SUBMIT ORDER"></tr>';

}

  echo "</table>";
  

?>

What I'm trying to accomplish is your average session login w/ a cookie-based "remember me" feature.

I can log in fine, I can set cookies, I can access those cookies, and I can use that data to log in just as if the user had logged in manually.

The problem is logging out. But the bigger problem is figuring out why.

You see, it works perfect. It logs in and it log out, so long as I am outputting data to the page. I was outputting a session variable and the cookies I set to make sure they were all working right; and they were. But then as soon as I disable those echoes, all of a sudden it won't log out anymore.

So then I turn them on to see what the data says and BAM, I'm logged out. I log back in fine, I log back out fine, so I turn em off again.

I log in fine. I can't log out. I try multiple times. I close my browser and open a new one. Still logged in. I try a few more times, still logged in. I turn the output back on, load the page again and I'm logged out.

So... WTF? (my code to follow)

I am trying to create an index page which contains registration and login field
the problem that i get is on successful login a warning is displayed
session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at C:\xampp\htdocs\Eventz.com\index.php:116) in C:\xampp\htdocs\Eventz.com\index.php on line 235

This is the login part of my index.php
this tag is inside an html table below the login form
I also have a registration form and its php code above the login form


Code: [Select]
<?php
if (isset($_REQUEST['pass']))
{
    $id=$_POST['id'];
    $pass=$_POST['pass'];

    $conn =mysql_connect("localhost","root","");
    if (!$conn)
    {
   die('Could not connect: ' . mysql_error());
    }
/*
checking connection....success!
*/
    $e=mysql_select_db('test', $conn);
    if(!$e)
    {
   die(''.mysql_error());
    }
    else
    {
   echo 'database selected successfully';
    }

    if (isset($_REQUEST['id'])  || (isset($_REQUEST['pass'])))
    {
        if($_REQUEST['id'] == "" || $_REQUEST['pass']=="")
        {
       echo "login fields cannot be empty";
        }
        else
        {
            $sql=mysql_query("Select email,password from login where email='$id' AND password='$pass'");
            $count=mysql_num_rows($sql);
            if($count==1) 

    /* $count checks if username and password are in same row */
            {   
                session_start();
                $_SESSION['id']=$id;
                echo "</br>Login Successful</br>";
            }
            else
            {
           echo "</br>invalid</br>";
           echo "please try to login again</br>";

            }
        
        }   
    }
}
?>


Any help or suggestion would be appreciated

I am having trouble resolving an error.

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/s519970/public_html/header.php:27) in /home/s519970/public_html/admin/login.php on line 2

 What I can gather is I can't use "header (Location: 'admin.php')" after i've used session_start(). I have tried to replace the header (Location: 'admin.php') with this:

                echo "<script>document.location.href='admin.php'</script>";
      echo "<script>'Content-type: application/octet-stream'</script>";

I've been trying to read up on solutions but haven't been able to get it sorted. If anyone can offer some advice that would be greatly appreciated as im new to php.

Code: [Select]
<?php
  session_start();
  if(isset($_SESSION['user']))

                echo "<script>document.location.href='admin.php'</script>";
echo "<script>'Content-type: application/octet-stream'</script>";
?>

<div id="loginform">

<form action="dologin.php" method="post">
<table>
<tr>
<td><span>Username:</span></td>
<td><input type="text" name="username" /></td>
</tr>
<tr>
<td><span>Password:</span></td>
<td><input type="password" name="password" /></td>
</tr>
<tr>
<td colspan="2" align="right"><input type="submit" name="login" value="Login" /></td>
</tr>
</table>
</form>

</div>
I have tried using require_once('yourpage.php'); before my <head></head> tags in the header document where I've specified the html information but this doesn't seem to work. I've been advised to use ob_start("ob_gzhandler"); but I am not sure how to implement this.

Any advice is greatly appreciated!

in this page
 http://maximaart.com/newscp/
i have this problem
Code: [Select]
Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/maximasy/public_html/newscp/index.php:1) in /home/maximasy/public_html/newscp/index.php on line 2

my source code is

<?php
session_start();
include_once("config.php"); 
include_once("functions.php");
$errorMessage = '';
if (isset($_POST['txtUserId']) && isset($_POST['txtPassword'])) {
if ($_POST['txtUserId'] === "$user" && $_POST['txtPassword'] === "$pass") {
// the user id and password match,
$_SESSION['basic_is_logged_in'] = true;
require("main.php");
exit;?>

I'm making a simple login system with MySQL and PHP (very simple, I'm just starting with PHP). The MySQL portion is done, but I need to ensure only people who are logged in can see certain content.

To check if people are logged in, my website checks that they have the $_SESSION['user'] variable set. If it is set, then it lets them continue through the website, if not, it tells them to login. Is that enough security, or can people simply inject a session cookie into their browser to spoof that they are logged in?

My idea was to generate a session key cookie when they login (just a random string of letters and numbers) and store that in the database, then on every page, check to make sure their session key is the same thing that's in the database. Is this necessary? It seems expensive.

hi everyone.

i'm wondering what the best way is to create a session variable and pass it to an iframe.
i need to do something along these lines, but it doesn't seem to pass the ID. Any hints on how i should accomplish this?

Code: [Select]
session_start();
  $_SESSION['ID']=$_GET['ID']; // id from previous page
$ID=session_id();

 <iframe src="iframepage.php?ID=<?php echo $ID; ?>" style="width:680px; height:200px;" noresize="noresize" frameborder="0" border="0" scrolling="Yes" allowtransparency="true" /> </iframe>

Just curious how other people feel about this.  I am working on an application where a lot of info is pulled from MySQL and needed on multiple pages.     Would it make more sense to...   1.  Pull all data ONCE and store it in SESSION variables to use on other pages    2.  Pull the data from the database on each new page that needs it   I assume the preferred method is #1, but maybe there is some downside to using SESSION variables "too much"?   Side question that's kind of related:  As far as URLs, is it preferable to have data stored in them (i.e. domain.com/somepage.php?somedata=something&otherdata=thisdata) or use SESSION variables to store that data so the URLs can stay general/clean (i.e. domain.com/somepage.php)?   Both are probably loaded questions but any possible insight would be appreciated.   Thanks! Greg
Edited by galvin, 04 November 2014 - 10:30 AM.

Hi,
I'm creating an upload section that limits users to upload the following file types:

.pdf
.zip
.rar
.doc
.jpeg
.gif

When getting the type for .pdf files, it comes up as:
application/force-download

and for .rar files it comes up as:
application/x-download

If I do a check that says:

if ($type=="application/force-download" || $type=="application/x-download")

then will users only be able to upload .PDF and .RAR files? I'm assuming these two types will allow other formats as well.

If this is the case, how can I check the extension of the file before the user is able to upload it. I was thinking of somehow capturing the last 3 letters of the filename, and then doing the check that way, except I'm not sure how to go about this. Any insight appreciated!

So basically I have a site, and on that site, I have a page that submits a form and updates a database. I have it set up so that someone can enter in Multiple values into a textarea, one on each line, and it will submit each of those values as a new row in the database, but for the life of me, I cannot figure out how to check those values against the actual users.

It is basically a point system, where the staff can award points users of the site. But at the moment, a Staff member could enter in Jibberish, and it would insert that into the database, but I want it to check my users table to make sure the user exists before it inserts it into the database.

here is my code:
<?php
include 'global.php';

echo $headersidebar;


if ($_COOKIE['access'] == $accessstaff)
{





if(count($_POST))
{



$array = preg_split('/(\r?\n)+/', $_POST['studentname']);
foreach($array as $students)
   {
   
   $statusmsg = '<center><span style="background: #A6FF9E;">You have successfully submitted points to the database.</span></center>';
   
   mysql_query("INSERT INTO points (giver, receiver, points, category, reason, date, status) VALUES ('{$_COOKIE['username']}', '{$students}', '{$_POST['pointamt']}', '{$_POST['pointcat']}', '{$_POST['pointreason']}', '{$date}', 'Validating')");
   }
}


$addpointspage = $statusmsg . '

<form action="submit_points.php" method="post">

<table class="table" >

<tr>

<td colspan="10">

<h1><strong><center>Submit Points</center></strong></h1>

</td>

</tr>

<tr>

<td colspan="10" rowspan="100">

<center>Please remember to follow the house point limits when submitting house points.</center>

</td>

</tr>

</table>

<table class="table">

<tr>

<td style="width: 15%;" valign="top">

Student Name:<br> <span style="font-size: 60%;">(List as many as you want; One per Line)</span>

</td>

<td colspan="10">

<center><textarea name="studentname" cols="60" rows="10"></textarea></center>

</td>

</tr>

<tr>

<td style="width: 15%;" valign="top">

Amount of Points:

</td>

<td>

<input style="position: relative; left: 16px;" type="text" size="15" name="pointamt" />

</td>

<td>

Do not put anything that is not a number into this box.

</td>

</tr>

<tr>

<td style="width: 15%;" valign="top">

Point Category:

</td>

<td colspan="10">

<select name="pointcat" style="position: relative; left: 16px;">

<option SELECTED value="">-------</option>

<option>Class Work</option>

<option>Class Exam</option>

<option>Extra Work</option>

<option>Contests</option>

<option>Teacher\'s Assistant</option>

<option>Negative Points</option>

</select>

</td>

</tr>

<tr>

<td style="width: 15%;" valign="top">

Reason:

</td>

<td colspan="10">

<input style="position: relative; left: 16px;" name="pointreason" type="text" size="80" />

</td>

</tr>

<tr>

<td>

</td>

<td colspan="10">

<input style="position: relative; left: 16px;" type="submit" value="Submit Points" />

</td>

</tr>

</table

</form>



';

}

elseif (1==1)
{
$addpointspage = $accessdenied;
}



echo

'

<!-- start content -->

<div id="content">

<div class="post">

<div class="entry">

<p><strong>' . $addpointspage . '</p>

<p class="links">' . $addpointslink . '</p>

</div>

</div>

</div>

<!-- end content -->

<div style="clear: both;">&nbsp;</div>

</div>

<!-- end page -->
</div>';








echo $footer;





?>


I am fairly new to PHP, so I would appreciate any help someone could give me; I am not too good with arrays and such, so this one has got me stumped.

Hello!

Does anyone know an effective way to track inactive idlers in daily basis?
So that it will count the amount of days no data has been posted to the table. 

E.g.

User posts latest data and inserts timestamp 1282228120 which reads Thursday, August 19th 2010, 14:28:40 (GMT)
The days for inactivity should output as 8 days because no data has been posted from 20th August to today - 28th August.

Anyway I can achieve this?
Any information is appreciated, thanks.

Hello all, it's been a while! Good to be back.

I am having trouble with a script I'm trying to modify to seach for domains with specific extensions.

Now, I have never done any domain checking before and I'm a little bewildered.

The script uses an array and checks the input against each extension using the array.
Each line looks similar to:
Code: [Select]
'.com' => array('whois.crsnic.net','No match for'),

What does the whois.crsnic.net mean? I assume it's a register/database of domains?

$characterIDs = explode(',', $_POST['characterIDList']);

After the explode I want to take all those values and do a select statement in a database table for any of the values that match any of the values inside that variable variable. Not sure how to do this since there is no limit to how may there could be.