|
PHP - Need Help Understanding $_session
Hi i'm new to the forum and i'm wondering if anyone here could help me out with the problem i'm having. the script i have uses $_SESSION['userid'] = $users['id']; and i'm not exactly sure how to read that .. any information would be helpful. thanks in advance
Similar TutorialsI've taken and redesigned a whole bunch of example and tutorial code pieces for my small project. I have a MySQL database working now (I realized it's easier than using flat files) and I need to get user accounts working. I'm having a lot of trouble understanding how PHP sessions work. Assuming a user has logged in and is now clicking on links and browsing around, on each page load, don't I need to check the session variable to load his username, and also check that his session is current? How do I check that the session is current? None of the examples / tutorials that I'm finding online even mention how my code is to know which user the page is being served to. Does session_start() have a magic feature that makes this check unnecessary? I know I can use cookies, but I figured I would code it without since some articles seem to indicate that cookies don't have to be required to support typical user session functionality. Back with more noob questions so I was following a page in setting up a login system and so far it works how I want except for one minor thing So I want when a user is logged into the system to see Profile div instead of Login and Register and I do that in my index.php with the following
<?php if(isset($_SESSION['username'])){
echo
"<div class='profile'>
<a href='logout.php'>Logout</a>
</div>
";
}
else{
echo
"<div class='loginregister'>
<a href='login.php'>Login</a>
<a href='register.php'>Register</a>
</div>
";
}
?>
So when a user logs in it hits the login.php which looks like this
<?php
require('dbconnect.php');
session_start();
// When form submitted, check and create user session.
if (isset($_POST['username'])) {
$username = stripslashes($_REQUEST['username']); // removes backslashes
$username = mysqli_real_escape_string($conn, $username);
$password = stripslashes($_REQUEST['password']);
$password = mysqli_real_escape_string($conn, $password);
// Check user is exist in the database
$query = "SELECT * FROM `Users` WHERE User='$username'
AND password='" . md5($password) . "'";
$result = mysqli_query($conn, $query) or die(mysql_error());
$rows = mysqli_num_rows($result);
if ($rows == 1) {
$_SESSION['username'] = $username;
// Redirect to user dashboard page
header("Location: index.php");
} else {
echo "<div class='form'>
<h3>Incorrect Username/password.</h3><br/>
<p class='link'>Click here to <a href='login.php'>Login</a> again.</p>
</div>";
}
} else {
and it starts the session_start() function whilst also allocating $_SESSION['username'] = $username so in theory when index.php loads if SHOULD (?) hit the correct if statement in the index.php file now outputting the Profile div instead of the Login and Register div. Except it doesn't. However when I include the auth_session.php at the top of my index.php file like (currently uncommented to test)
//<?php //include auth_session.php file on all user panel pages
//include("auth_session.php");
//?>
with the Auth_session file looking like
<?php
session_start();
if(!isset($_SESSION["username"])) {
header("Location: login.php");
exit();
}
else {
}
?>
It does show the correct Profile div instead of the Login and Register div. So I'm trying to understand what is happening here as from the look of it the $_SESSION['username'] is allocated within login.php and the session_start() function is also started in login.php So why would I need auth_session.php to be ran in order for the correct divs to show (I've not included auth_session.php as I want people to be able to see the site that aren't logged in) Warm regards
First let me explain my code. This is later included in project_status.php] . In project_status.php] , I have included another file project_status_app.php which contains a HTML form.
<?php
include 'inc_fn_header_and_menu.php';
function includeFile($file,$variable) {
$var = $variable;
include($file);
}
if (isset($_GET['id']) && $_GET['id']!="") {
$pid = $_GET['id'];
$_SESSION['pidForApproval'] = $_GET['id'];
$query = 'SELECT * FROM `profile` WHERE pid ='.'\''.$pid.'\'';
$result=mysqli_query($db,$queryToRetrievePP) or die("There are no records to display ... \n" . mysqli_error());
foreach ($result as $row) {
$status = $row['status'];
}
}
...........some PHP and HTML code.......
<div id="customerPurchaseApprovalForm">
<?php
echo '<p>APPROVAL FOR CUSTOMER PURCHASE</p>';
$discountApprovalStatus = "Granted";
if ($discountApprovalStatus == "Granted") {
includeFile("project_status_app.php",$highestannualvalue);
} else {
//.........
}
In project_status_app.php I am attempting to retrieve pidForApproval from the $_SESSION array.
<?php
// put your code here UPDATE `pp` SET `customer_purchase_remarks` = 'hahaha' WHERE `pp`.`id` = 207;
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
include '../../inc/fastlogin.php';
$sql = "UPDATE pp SET customer_purchase_remarks ='{$_POST['remarkstxt']}' WHERE pp.pid='{$_SESSION['pidForApproval']}'";
$result = mysqli_query ( $fastdb, $sql ) ;
if (mysqli_affected_rows($fastdb) != 1) {
$_SESSION['err_cpa_rmks'] = "<p>Error while updating WHERE id='{$_SESSION['pidForApproval']}'</p>";
//echo "<p>Error while updating WHERE id='{$_POST['pidForApproval']}'</p>".mysqli_error($fastdb);
} else {
$_SESSION['suc_cpa_rmks'] = "<p>Records was updated successfully.</p>";
//echo "Records was updated successfully.";
}
header ("location: project_status.php?id="$_SESSION['pidForApproval']);
exit();
}
?>
When I load project_status.php, project_status_app.php is supposed to display the form. Once the user fills in the form the and the submit button has been pressed, the UPDATE statement is supposed to run and then it is supposed to navigate back to project_status.php?id=FA142. But the update is failing and the when the project_status.php is loaded back, the url looks like this http://localhost/fast/project_status.php?id= . The id is empty. It is supposed to be something like this http://localhost/fast/project_status.php?id=FA142. With the id being populated at the
header ("location: project_status.php?id=".$_SESSION['pidForApproval']);
Missing some information. Hello everyone, I am working on a form that is similar to a shopping cart system and I am thinking of creating a button that submits the checked value and saves them to a $_SESSION variable. And also a link that links to a cart.html that takes the values of a $_SESSION variable. I am have trouble figuring what tag/attribute should I use in order to achieve that.
Right now my code attached below submits the checked values to cart.html directly. However I want my submit button to save the checked box to a $_SESSION variable and STAY on the same page. And then I will implement a <a> to link to the cart.php.
I researched a little bit about this subject and I know it's somewhat related to ajax/jquery. I just wanted to know more about it from you guys. I appreciate your attention for reading the post and Thanks!
Below is the form that I currently have:
<form name= "finalForm" method="POST" action="cart.php">
<input type="Submit" name="finalSelected"/>
<?php foreach($FinalName as $key => $item) {?>
<tr>
<td><input type="checkbox" name="fSelected[]" value="<?php echo htmlspecialchars($FinalID[$key])?>" />
<?php echo "$FinalID[$key] & $item";?>
</td>
</tr>
<?php } ;?>
Below is the code for cart.php
<?php
require ('connect_db.php');
if(isset($_POST['finalSelected']))
{
if(!empty($_POST['fSelected']))
{
$chosen = $_POST['fSelected'];
foreach ($chosen as $item)
echo "aID selected: $item </br>";
$delimit = implode(", ", $chosen);
print_r($delimit);
}
}
if(isset($delimit))
{
$cartSQL = "SELECT * from article where aID in ($delimit)";
$cartQuery = mysqli_query($dbc, $cartSQL) or die (mysqli_error($dbc));
while($row = mysqli_fetch_array($cartQuery, MYSQLI_BOTH))
{
$aTitle[] = $row[ 'name' ];
}
}
?>
<table>
<?php if(isset($delimit)) {
$c=0; foreach($aTitle as $item) {?>
<tr>
<td>
<?php echo $aTitle[$c]; $c++;?>
</td>
</tr>
<?php }}?>
</table>
PHP 5.3.3 I am trying to redirect a user (currently logged in) to a page where they are able to edit a posted comment. To keep things secure I am using a forms hidden input value to pass the {postID} to a redirect page Code: [Select] <form name="post_edit" method="post" action="post-edit-redirect.php" > <input type="hidden" name="local" id="local" value="<?php echo $row_rsPosts['postID']; ?>" /> <input type="image" src="../imgs/managepost.png" name="submit" /> </form> On the redirect page (simplified below) I am setting the {postID} in a SESSION before redirecting to the user to the page to edit their post with the new $_SESSION val for {postID} set. Code: [Select] session_start(); $id = $_REQUEST['local']; $_SESSION['postID']=$id; header("Location: edit-post.php"); This is working fine in every browser except IE (some one please just put an end to it), where when the edit-post.php page is reached the $_SESSION['postID'] is empty. If I regenerate the session ID from the redirect page as below IE then sets the SESSION ok. Code: [Select] session_start(); session_regenerate_id(); $id = $_REQUEST['local']; $_SESSION['postID']=$id; header("Location: edit-post.php"); However there should be no need to do this and would rather not if there is no need. Any help on why IE is not setting the SESSION is appreciated, and I hope I am not covering old ground here however I am unable to find a solution anywhere. - Cheers For the last few hours I have been pulling my hair out on a session not storing when I moved from local host to my vps. I have been setting sessions like: $_SESSION['mydata'] = $variable; This works no problem on my wamp installation. However to get it to work on my vps, I have to store them like this $_SESSION[mydata] = $variable; Can someone please explain to me why this is the case? edited Hey, i was reading some code and i find this: if(stristr($_SESSION["s"]["user"]["asdasd"]),$someString) How the double/triple [] in $_SESSION works ? PS: I tryied to google it but it was kinda hard to search :X Thanks. Hi i have made a login in system for a website iam trying to make. after you log in im trying to display the members username via the $_session created in the check_login.php. but when i Echo or print_r the $_session all is get is "welcome array" its like its not passing any information via the $_session from page to page. here is my code thanks in advance. Check_login.php session_start(); // username and password sent from form $myusername=$_POST['myusername']; $mypassword=md5($_POST["mypassword"]); // To protect MySQL injection (more detail about MySQL injection) $myusername = stripslashes($myusername); $mypassword = stripslashes($mypassword); $myusername = mysql_real_escape_string($myusername); $mypassword = mysql_real_escape_string($mypassword); $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1){ // Register $myusername, $mypassword and redirect to file "login_success.php" $_SESSION["myusername"]==$myusername; $_SESSION["mypassword"]; header("location:login_success.php"); } else { echo "Wrong Username or Password"; } ?> login_success.php <? session_start(); if($_SESSION['myusername']="$myusername"){ header("location:main_login.php"); } Echo "welcome" . $_SESSION['$myusername']; ?> thanks The $_Session has a url variable. Using a Dom how do I properly do: Code: [Select] html->load($_SESSION['variable']) I was thinking about breaking down the session to retrieve the value inside but I don't know how. Hiya, I'm quite new to php. My script was working fine till I transferred to a new host. The login system doesn't seem to register the $_SESSION 'userid' variable, so the proper page won't load because it thinks I'm not logged in. login.php - processes the login information Code: [Select] <?php session_start(); include('functions.php'); connect(); // note: session_start needs to be on every document apart // from index.php, login.php and register.php $username = protect($_POST['username']); $password = protect($_POST['password']); // the password and username from the inputs are stored in variables if ($username&&$password) { // if both the username and password variables are true $query = mysql_query("SELECT * FROM users WHERE username='$username'"); $numrow = mysql_num_rows($query); if ($numrow!=0) { // if $numrow does not equal nothing while ($row = mysql_fetch_assoc($query)) { $userid = $row['userid']; $dbusername = $row['username']; $dbpassword = $row['password']; } if ($username==$dbusername&&md5($password)==$dbpassword) { // $password gets encrypted so it can be checked on the database password $_SESSION['username'] = $username; $_SESSION['userid'] = $userid; // used for sessions knowing who is logged in header("Location:main.php"); // redirects to main.php page after successful login } else { echo "Incorrect password"; } } else { ?> <html> <head> <title>University Crusade</title> <link rel="stylesheet" href="css/style.css" type="text/css" media="screen"> <meta name="viewport" content="width=device-width, minimum-scale=1,maximum-scale=1, user-scalable=no"> </head> <body> <div id="wrapper"> <?php die (" That account doesn't exist...<br /><a href=\"index.php\">try again,</a> <a href=\"register.php\">or register an account.</a> "); } } else { die("Please enter a username and password"); } ?> </div> <div id="footer"> </div> </body> </html> and the main.php - after login.php it takes the user here Code: [Select] <?php session_start(); include('functions.php'); connect(); ?> <html> <head> <title>University Crusade</title> <link rel="stylesheet" href="css/new.css" type="text/css" media="screen"> <meta name="viewport" content="width=device-width, minimum-scale=1,maximum-scale=1, user-scalable=no"> </head> <body> <?php if (isset($_SESSION['userid'])) { include('safe.php'); ?> <ul id="tab-nav"> <li><a href="stats.php" id="tab-character">CHARACTER</a></li> <li><a href="games.php" id="tab-games">GAMES</a></li> <li><a href="account.php" id="tab-account">ACCOUNT</a></li> </ul> <div id="wrapper"> <h2 id="name">Hello, <?php echo $_SESSION['username'] ?>!</h2> <p> Welcome to UNIVERSITY CRUSADE the fantasy-themed pervasive web game! </p> <p> To start playing, begin with clicking the "games" button at the top of the screen, from there choose a challenge and follow the instructions </p> <p> What are the other buttons for? Well, the "account" button (top-right) is where you can change settings for your account - things like changing your password, deleting your account etc. The "character" button (top-left) when clicked takes you to your character, you can change your display picture, view your statistics and battle other players. </p> <p> More help with the game is available in the "account" section, this includes a detailed game manual describing in-detail game concepts and information. </p> </div> <div id="footer"> <a href="logout.php" class="button">log me out</a> </div> <?php } else { die (" <div id=\"wrapper\"> <p>Opps! You don't seem to be logged in...</p> <a class=\"button\" href=\"index.php\">login now</a><br /> <p>Don't have an account? No worries, just <a href=\"register.php\">register for one.</a></p> </div> "); } ?> </body> </html> I appreciate any help, as I'm left scratching my head. I'm trying to make a link to an SQL database survive though page reloads, and it's not working. Connecting, I use this: function link_to_converted_database() { $link = mysqli_init(); if (!$link) { die('mysqli_init failed'); } if (!mysqli_options($link, MYSQLI_INIT_COMMAND, 'SET AUTOCOMMIT = 1')) { die('Setting MYSQLI_INIT_COMMAND failed'); } if (!mysqli_options($link, MYSQLI_OPT_CONNECT_TIMEOUT, 50)) { die('Setting MYSQLI_OPT_CONNECT_TIMEOUT failed'); } if (!mysqli_real_connect($link, 'redacted', 'redacted', 'redacted')) { die('Connect Error (' . mysqli_connect_errno() . ') ' . mysqli_connect_error()); } comment( ' Success... ' . mysqli_get_host_info($link) ); if (mysqli_query($link,'USE conversion_database')) { comment("now using conversion_database."); } else { die('Conversion database unusable (' . mysqli_connect_errno() . ') ' . mysqli_connect_error()); } $_SESSION['mysql_link']=$link; echo "<!--\n"; var_dump($_SESSION['mysql_link']); echo "\n-->\n"; return(true); } Subsequent SQL commands work fine using $_SESSION['mysql_link'], and the var_dump returns: object(mysqli)#2 (17) { ["affected_rows"]=> int(0) ["client_info"]=> string(48) "mysqlnd 5.0.7-dev - 091210 - $Revision: 294543 $" ["client_version"]=> int(50007) ["connect_errno"]=> int(0) ["connect_error"]=> NULL ["errno"]=> int(0) ["error"]=> string(0) "" ["field_count"]=> int(0) ["host_info"]=> string(24) "192.168.1.101 via TCP/IP" ["info"]=> NULL ["insert_id"]=> int(0) ["server_info"]=> string(16) "5.1.48-community" ["server_version"]=> int(50148) ["sqlstate"]=> string(5) "00000" ["protocol_version"]=> int(10) ["thread_id"]=> int(194) ["warning_count"]=> int(0) } After a page changes, all my $_SESSION vars work fine except for $_SESSION['mysql_link']. It's still there, but SQL queries bomb, and var_dump returns: Warning: var_dump(): Property access is not allowed yet in C:\Program Files (x86)\Apache Software Foundation\Apache2.2\htdocs\voicereader\serverstate.php on line 595 Warning: var_dump(): Property access is not allowed yet in C:\Program Files (x86)\Apache Software Foundation\Apache2.2\htdocs\voicereader\serverstate.php on line 595 Warning: var_dump(): Couldn't fetch mysqli in C:\Program Files (x86)\Apache Software Foundation\Apache2.2\htdocs\voicereader\serverstate.php on line 595 Warning: var_dump(): Couldn't fetch mysqli in C:\Program Files (x86)\Apache Software Foundation\Apache2.2\htdocs\voicereader\serverstate.php on line 595 Warning: var_dump(): Couldn't fetch mysqli in C:\Program Files (x86)\Apache Software Foundation\Apache2.2\htdocs\voicereader\serverstate.php on line 595 Warning: var_dump(): Couldn't fetch mysqli in C:\Program Files (x86)\Apache Software Foundation\Apache2.2\htdocs\voicereader\serverstate.php on line 595 Warning: var_dump(): Couldn't fetch mysqli in C:\Program Files (x86)\Apache Software Foundation\Apache2.2\htdocs\voicereader\serverstate.php on line 595 Warning: var_dump(): Couldn't fetch mysqli in C:\Program Files (x86)\Apache Software Foundation\Apache2.2\htdocs\voicereader\serverstate.php on line 595 Warning: var_dump(): Couldn't fetch mysqli in C:\Program Files (x86)\Apache Software Foundation\Apache2.2\htdocs\voicereader\serverstate.php on line 595 Warning: var_dump(): Couldn't fetch mysqli in C:\Program Files (x86)\Apache Software Foundation\Apache2.2\htdocs\voicereader\serverstate.php on line 595 Warning: var_dump(): Couldn't fetch mysqli in C:\Program Files (x86)\Apache Software Foundation\Apache2.2\htdocs\voicereader\serverstate.php on line 595 Warning: var_dump(): Couldn't fetch mysqli in C:\Program Files (x86)\Apache Software Foundation\Apache2.2\htdocs\voicereader\serverstate.php on line 595 Warning: var_dump(): Couldn't fetch mysqli in C:\Program Files (x86)\Apache Software Foundation\Apache2.2\htdocs\voicereader\serverstate.php on line 595 Warning: var_dump(): Couldn't fetch mysqli in C:\Program Files (x86)\Apache Software Foundation\Apache2.2\htdocs\voicereader\serverstate.php on line 595 object(mysqli)#1 (17) { ["affected_rows"]=> NULL ["client_info"]=> NULL ["client_version"]=> int(50007) ["connect_errno"]=> int(0) ["connect_error"]=> NULL ["errno"]=> NULL ["error"]=> NULL ["field_count"]=> NULL ["host_info"]=> NULL ["info"]=> NULL ["insert_id"]=> NULL ["server_info"]=> NULL ["server_version"]=> NULL ["sqlstate"]=> NULL ["protocol_version"]=> NULL ["thread_id"]=> NULL ["warning_count"]=> NULL } There's got to be a way to save my SQL linkages so that I don't have to reconnect to the SQL database every time I want to see if new data has arrived, but this doesn't seem to be it. My PHP version is PHP 5.3.2.0. Thanks for any help. I have parts of my webpage protected with the following Code: [Select] session_start(); if(!isset($_SESSION['myusername'])){ header("Location:login.php"); } else { $username = $_SESSION['myusername']; } How secure is this? The goal is so people who don't have access to the page (don't have a login account) cannot get access Thanks for any tips hello all, hoping someone can help, i am still pretty new to php and i am stuck on creating a php cart. the code i have below is working, but the problem i am having is i need a store in the session array i am struggling to get my head around it so hoping someone can help here. i am hoping to have $product_id (which is currently in) $option1,2,3 and $text (for a textarea box) heres my function file function get_product() { echo "Hello"; } function add_product() { $product_id = $_POST['product_id']; if ($product_id == 'NULL') { echo "No Product Selected!"; } if (isset($_SESSION['cart'][$product_id])) { $_SESSION['cart'][$product_id]++; echo "<script>window.location='product.php'</script>"; }else{ $_SESSION['cart'][$product_id] = 1; echo "<script>window.location='product.php'</script>"; } } function increase_product() { $product_id = $_GET['product_id']; $_SESSION['cart'][$product_id]++; echo "<script>window.location='cart.php'</script>"; } function decrease_product() { $product_id = $_GET['product_id']; $_SESSION['cart'][$product_id]--; echo "<script>window.location='cart.php'</script>"; } function empty_cart() { unset($_SESSION['cart']); echo "<script>window.location='cart.php'</script>"; } }() my product page (currently with out the extra form items (option1,2,3 etc) include '_class/cart.php';$core->session($mode = 'start');if(isset($_POST['buy'])){$cart->add_product();}?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><title>Product</title></head><body><?php $core->navbar();?><form method="post" action=""><input name="product_id" type="hidden" value="Coffee" /><h1>Cup Of Coffee</h1><p>Buy me you know you want too!</p><input name="buy" type="submit" value="Add To Basket" id="buy" /></form><form method="post" action=""><input name="product_id" type="hidden" value="Biscuits" /><h1>Barrel Of Biscuits</h1><p>When Coffee Just Gives You The Munchies!</p><input name="buy" type="submit" value="Add To Basket" id="buy" /></form></body></html>() my include cart file if (isset($_SESSION['cart'])) {//Session Cart foreach($_SESSION['cart'] as $product_id => $quantity){//Session Array if($quantity < 1){//Quantity Less Then 1 unset($_SESSION['cart'][$product_id]); echo "<script>window.location='cart.php'</script>"; }//End Quantity Less Then 1 if(!$_SESSION['cart']){//Cart Array Empty unset($_SESSION['cart']); echo "<script>window.location='cart.php'</script>"; }//End Cart Array Empty if ($product_id != NULL){//Show Products echo '<h1>' . $product_id . '</h1>'; echo "Quantity <br>"; ?><a href="cart.php?product_id=<?php echo $product_id; ?>&option=increase">+</a> <?php echo $quantity; ?> <a href="cart.php?product_id=<?php echo $product_id; ?>&option=decrease">-</a><?php }//End Show Products }//End Session Array require 'library/paypal.php'; }else{ echo "Your Basket Is Empty"; }//End Session Cart() and my actual cart file include '_class/cart.php';$core->session($mode = 'start');?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><title>Cart</title></head><body><?php$core->navbar(); if (isset($_GET['product_id']['option'])) { $product_id = $_GET['product_id']; $option = $_GET['option']; if ($option == 'decrease'){ $cart->decrease_product(); } if ($option == 'increase'){ $cart->increase_product(); } }elseif (isset($_GET['option'])){ $option = $_GET['option']; if ($option == 'empty'){ $cart->empty_cart(); } }else{ require 'library/cart.php'; }?><p><a href="cart.php?option=empty">Empty Cart</a></p></body></html>() please explain answers or exmples as clear as possible thanks everyone I just got through a server problem with a variable named $_SESSION['id'] What would happen was when I loaded a mysql request with id in it (usually what i name the main key in a table) it would overwrite the value in the $_SESSION without specifically asking it to ie $_SESSION['id']=$id; This was on an acenet server I have the same thing on a bluehost server and wampserver and never had a problem What I did on acenet was rename $_SESSION['id'] when declaring it to $_SESSION['usernumber'] and all my issues stopped Anyone know why? Is it a acenet problem? My problem is fixed im just wondering if anyone has had a similar issue????? Hello, I am currently making a small website that requires two languages. This is the class I made: Code: [Select] <?php class languages { public function __construct() { if(!isset($_SESSION['language'])) { $_SESSION['language'] = 'nl'; } $lang = isset($_GET['lang']) ? $_GET['lang'] : ""; $languages = array('en', 'nl'); if(in_array($lang, $languages)) { $_SESSION['language'] = $lang; } } } $languages = new languages; $language = $_SESSION['language']; ?> Now as soon I use index.php?lang=en, the website will display it self in English but, as soon I remove the &lang=en from the URI, the language gets not stored in the session and it displays nl agian. Can somebody help me? Thank you! Hello all, I have this at the top of my page to ensure that only logged in users can see the content Code: [Select] if(!isset($_SESSION['myusername'])){ header("Location:login.php"); exit; } else { $username = $_SESSION['myusername']; } This, of course is checked in the login form against a database and only stored in $_SESSION once it's verified... Now, my question is -- how secure is this? For example, could someone have $_SESSION['myusername'] set from another webpage, then navigate to mine and be able to see the protected content? Just wanted to know if $_Session was a global thing or does php require cookies setup?
I assumed that I could do something like this:
PAGE: A.php
session_start();
$_Session['Cat'] = 'Meow';
// -----------------------
PAGE: B.php
if (isset($_Session['Cat']) && !empty($_Session['Cat'])){
echo $_Session['Cat'];
}
OUTPUT: Meow
// -----------------------
PAGE: C.php
if (isset($_Session['Cat']) && !empty($_Session['Cat'])){
echo $_Session['Cat'];
}
OUTPUT: Meow
I can't seem to get this to work.
Page: Handler.inc
// ========================================================= Session Log in / out
public function logon($username, $password){
if ($username == "admin" && $password == "coffee"){
session_start();
$_SESSION['USER_STATUS'] = '1';
echo 'IN SESSION LOGIN HANDLER';
echo $_SESSION['UserLogged'];
}
}
public function logout(){
$_SESSION['USER_STATUS'] = '0';
echo 'IN SESSION LOGOUT HANDLER';
session_destroy();
//session_unset();
}
Page: index.php
if (!isset($_SESSION['USER_STATUS']) && empty($_SESSION['USER_STATUS']) || $_SESSION['USER_STATUS'] == 0){
if (isset($_POST['username']) && !empty($_POST['username']) && isset($_POST['password']) && !empty($_POST['password'])){
$username = $_POST['username'];
$password = $_POST['password'];
echo $handler->logon($username, $password);
}
<LOGIN FORM CODE>
}else{
if (isset($_SESSION['USER_STATUS']) && !empty($_SESSION['USER_STATUS']) || $_SESSION['USER_STATUS'] == 1){
echo 'Session name: '. $_SESSION['USER_STATUS'];
}
if (isset($_POST['btn_logout']) && !empty($_POST['btn_logout'])){
$handler->logout();
echo '<br />Logged out<br />';
}
<LOGOUT FORM BUTTON CODE>
}
Could someone point me in the right direction please. It does not seem to hold its session.
// SESSION TEST if ($_SESSION['username']) { require_once("../mysql.php"); // Find Username from Session ID // Find Username from ID $finduser="SELECT username FROM users WHERE id='$_SESSION[username];'"; $finduserquery=mysql_query($finduser)or die(mysql_error()); $userfetch = mysql_fetch_array($finduserquery); // Set Username Variable $userfromid = $userfetch['username']; echo "lol" . ucwords($userfromid); } else { } Everytime I load this page more than once when logged in, it seems to turn the variable blank. Therefore making the user not be able to view other pages that use a session. Help? Thanks What types of data can the $_SESSION cookie store? Objects? Resources? And how are these stored in text form? |
|||||||