|
PHP - Session Problems
Hi there i have a login script to access an area which is restricted on my website rather than having 2 logon scripts i want 1 logon script to create one of two sessions this script is what i wrote from a tutorial but the session allows access to both areas which i dont want, can someone please help me change it to work but talk me through it so i can learn from this:
Create Session: if($count==1 & $row['flight']=="vulcan"){ session_start(vmyusername); session_start(vmypassword); header("location:vulcan/index.php"); }else if($count==1 & $row['flight']=="valiant"){ session_start(myusernamev); session_start(mypasswordv); header("location:valiant/index.php"); }else { echo "Wrong Username or Password"; } Check login: <? session_start(); if(!session_is_registered(myusernamev)){ header("location:../login.php"); } ?> //or <? session_start(); if(!session_is_registered(vmyusername)){ header("location:../login.php"); } ?> Any help will be greatly appriciated Thanks Blink359 Similar TutorialsHi there i have made a mistake setting or checking my sessions and was not sure what it is because i cant reach my locked content Creating: session_start(); if ($role="valiant") { $_SESSION["username"] =="valiant"; header("location: 1/index.php"); }elseif($role="vulcan") { $_SESSION["username"] =="vulcan"; header("location: 2/index.php"); }else{ echo "Wrong Username or Password"; } Checking: <?php // Inialize session session_start(); // Check, if username session is NOT set then this page will jump to login page if (!isset($_SESSION['username']) || $_SESSION['username'] != "valiant") { header("location:../index.php"); } ?> //OR <?php // Inialize session session_start(); // Check, if username session is NOT set then this page will jump to login page if (!isset($_SESSION['username']) || $_SESSION['username'] != "vulcan") { header("location:../index.php"); } ?> Any help will be great Thanks, Blink359 Hi. Link to project: www.smarttreff.moo.no Login user: admin login pw: 123 When i login the login form wont disapear. If i return to the index(Hjem) page without logging out, the loginform disapear. I am ussing session for the login So the basicly, i want the loginform do disapear at once when the user has pushed login button(Logg in) (dont laught at my "cut and past" for the include meny.. i just made the design and chopped it to bits and put it into includes) Index.php Code: [Select] <?php session_start(); include("css.php"); include("header.php"); include("meny.php"); ?> <td width="596" valign="top"><table width="100%" border="0" cellpadding="15"> <tr> <td class="tabell" valign="top" align="left"> Main </td> </tr> </table></td> </tr> </table> <?php include("footer.php"); ?> meny.php Code: [Select] <table width="800" border="0"> <tr> <td width="198" valign="top"><table width="100%" border="0" cellpadding="15"> <tr> <td align="left" valign="top" class="tabell"> <a href="index.php">Hjem</a> <br /> Når og hvor <br /> For hvem <br /> Spørsmål og svar<br /> Forum <br /> <br /> <br /> Samarbeidspartnere </td> </tr> </table> <br /> <table width="100%" border="0" cellpadding="15"> <tr> <td class="tabell" valign="top" align="left"> <?php if(isset($_SESSION['username'])) echo "Velkommen, " .$_SESSION['username']. "!<a href='innlogget.php'>Medlemsnyheter</a><br><a href='logout.php'>Log ut</a>"; else { include("loginform.php"); } ?> </td> </tr> </table></td> <td width="15"> </td> Most of my website is written in php4. My hosting server has support for both 4 and 5 just by changing file extension. .php which is the default supports 4, .php5 of course supports 5. The problem I am having is that the pages with the .php5 extensions are not recognizing session variables. Is there something I should be doing differently in 5 for my session variables? For example a variable request like this returns 0 print $_SESSION['FULLNAME']; Please Help!! Thank you in advance? Hi I am having issues with the following code. I cannot get the table to produce a subtotal multiplying the value of 'ITEMQTY' which is a text field in the form in which the user enters by the 'ITEMPRICE' field which value is located in a text document. <h1>SHOPPING CART</h1><img src="images/cart.png" alt="Cart" width="100" height="100"/> <a href="browse_index.php">CLICK HERE TO CONTINUE SHOPPING</a> <?php if(isset($_POST['submit'])) { $itemname = $_POST['h1']; //echo $_SESSION['itemname'][$itemname]; unset($_SESSION['itemqty'][$itemname]); unset($_SESSION['itemprice'][$itemname]); unset($_SESSION['itemname'][$itemname]); } echo "<br/><br/>"; echo "<table border='8' cellpadding='10' >"; echo "<tr><th>Name</th><th>Quantity</th><th>Price</th><th>Subtotal</th></tr>"; foreach($_SESSION['itemname'] as $key => $value) $subtotal = ($_SESSION['itemprice']*($_SESSION['itemqty']; { echo '<tr> <td>'.$_SESSION['itemname'][$key].'</td> <td><input type="text" name="t1" value='.$_SESSION['itemqty'][$key].'></td> <td>'.$_SESSION['itemprice'][$key].'</td> <td>'.$_SESSION['h2'][$key].'</td> <td><form id="f1" method="post" name="f1"><input type="submit" name="submit" value = "delete"><input type="hidden" name="h1" value='.$key.'></td> </tr> <tr><form id="t1" method="post" action="summary.php" name="t1"><input type="submit" name="order" value="SUBMIT ORDER"></tr>'; } echo "</table>"; ?> What I'm trying to accomplish is your average session login w/ a cookie-based "remember me" feature. I can log in fine, I can set cookies, I can access those cookies, and I can use that data to log in just as if the user had logged in manually. The problem is logging out. But the bigger problem is figuring out why. You see, it works perfect. It logs in and it log out, so long as I am outputting data to the page. I was outputting a session variable and the cookies I set to make sure they were all working right; and they were. But then as soon as I disable those echoes, all of a sudden it won't log out anymore. So then I turn them on to see what the data says and BAM, I'm logged out. I log back in fine, I log back out fine, so I turn em off again. I log in fine. I can't log out. I try multiple times. I close my browser and open a new one. Still logged in. I try a few more times, still logged in. I turn the output back on, load the page again and I'm logged out. So... WTF? (my code to follow) in this page http://maximaart.com/newscp/ i have this problem Code: [Select] Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/maximasy/public_html/newscp/index.php:1) in /home/maximasy/public_html/newscp/index.php on line 2 my source code is <?php session_start(); include_once("config.php"); include_once("functions.php"); $errorMessage = ''; if (isset($_POST['txtUserId']) && isset($_POST['txtPassword'])) { if ($_POST['txtUserId'] === "$user" && $_POST['txtPassword'] === "$pass") { // the user id and password match, $_SESSION['basic_is_logged_in'] = true; require("main.php"); exit;?> I am having trouble resolving an error. Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/s519970/public_html/header.php:27) in /home/s519970/public_html/admin/login.php on line 2 What I can gather is I can't use "header (Location: 'admin.php')" after i've used session_start(). I have tried to replace the header (Location: 'admin.php') with this: echo "<script>document.location.href='admin.php'</script>"; echo "<script>'Content-type: application/octet-stream'</script>"; I've been trying to read up on solutions but haven't been able to get it sorted. If anyone can offer some advice that would be greatly appreciated as im new to php. Code: [Select] <?php session_start(); if(isset($_SESSION['user'])) echo "<script>document.location.href='admin.php'</script>"; echo "<script>'Content-type: application/octet-stream'</script>"; ?> <div id="loginform"> <form action="dologin.php" method="post"> <table> <tr> <td><span>Username:</span></td> <td><input type="text" name="username" /></td> </tr> <tr> <td><span>Password:</span></td> <td><input type="password" name="password" /></td> </tr> <tr> <td colspan="2" align="right"><input type="submit" name="login" value="Login" /></td> </tr> </table> </form> </div> I have tried using require_once('yourpage.php'); before my <head></head> tags in the header document where I've specified the html information but this doesn't seem to work. I've been advised to use ob_start("ob_gzhandler"); but I am not sure how to implement this. Any advice is greatly appreciated! I am trying to create an index page which contains registration and login field the problem that i get is on successful login a warning is displayed session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at C:\xampp\htdocs\Eventz.com\index.php:116) in C:\xampp\htdocs\Eventz.com\index.php on line 235 This is the login part of my index.php this tag is inside an html table below the login form I also have a registration form and its php code above the login form Code: [Select] <?php if (isset($_REQUEST['pass'])) { $id=$_POST['id']; $pass=$_POST['pass']; $conn =mysql_connect("localhost","root",""); if (!$conn) { die('Could not connect: ' . mysql_error()); } /* checking connection....success! */ $e=mysql_select_db('test', $conn); if(!$e) { die(''.mysql_error()); } else { echo 'database selected successfully'; } if (isset($_REQUEST['id']) || (isset($_REQUEST['pass']))) { if($_REQUEST['id'] == "" || $_REQUEST['pass']=="") { echo "login fields cannot be empty"; } else { $sql=mysql_query("Select email,password from login where email='$id' AND password='$pass'"); $count=mysql_num_rows($sql); if($count==1) /* $count checks if username and password are in same row */ { session_start(); $_SESSION['id']=$id; echo "</br>Login Successful</br>"; } else { echo "</br>invalid</br>"; echo "please try to login again</br>"; } } } } ?> Any help or suggestion would be appreciated I'm making a simple login system with MySQL and PHP (very simple, I'm just starting with PHP). The MySQL portion is done, but I need to ensure only people who are logged in can see certain content. To check if people are logged in, my website checks that they have the $_SESSION['user'] variable set. If it is set, then it lets them continue through the website, if not, it tells them to login. Is that enough security, or can people simply inject a session cookie into their browser to spoof that they are logged in? My idea was to generate a session key cookie when they login (just a random string of letters and numbers) and store that in the database, then on every page, check to make sure their session key is the same thing that's in the database. Is this necessary? It seems expensive. hi everyone. i'm wondering what the best way is to create a session variable and pass it to an iframe. i need to do something along these lines, but it doesn't seem to pass the ID. Any hints on how i should accomplish this? Code: [Select] session_start(); $_SESSION['ID']=$_GET['ID']; // id from previous page $ID=session_id(); <iframe src="iframepage.php?ID=<?php echo $ID; ?>" style="width:680px; height:200px;" noresize="noresize" frameborder="0" border="0" scrolling="Yes" allowtransparency="true" /> </iframe> Evening! I've been iffing and ahhing over this and well im not too sure, hence the post. Code: [Select] // Redirects if there is no session id selected and echos the error on the previous page if(!isset($_GET['get']) || ($_GET['getget'])){ header("Location: #.php?error"); } So it should simply check if get is set if it isnt then see if getget is set? If not redirect and show the error. Now ive tried it and even when get/getget is set it still redirects, probably something silly. Care to share anyone? Harry. Just curious how other people feel about this. I am working on an application where a lot of info is pulled from MySQL and needed on multiple pages.
Would it make more sense to...
1. Pull all data ONCE and store it in SESSION variables to use on other pages
2. Pull the data from the database on each new page that needs it
I assume the preferred method is #1, but maybe there is some downside to using SESSION variables "too much"?
Side question that's kind of related: As far as URLs, is it preferable to have data stored in them (i.e. domain.com/somepage.php?somedata=something&otherdata=thisdata) or use SESSION variables to store that data so the URLs can stay general/clean (i.e. domain.com/somepage.php)?
Both are probably loaded questions but any possible insight would be appreciated.
Thanks!
Greg
Edited by galvin, 04 November 2014 - 10:30 AM. class curl2{ private $curl_init; private $CURLOPT_URL; public function connect(){ $this->curl_init = curl_init(); } public function debug(){ curl_setopt($this->curl_init, CURLOPT_VERBOSE, TRUE); $fp = fopen("curl2.txt", "w"); curl_setopt($this->curl_init, CURLOPT_STDERR, $fp); curl_setopt($this->curl_init, CURLOPT_RETURNTRANSFER, TRUE); } public function setUrl($url = null){ $this->CURLOPT_URL = $url; curl_setopt($this->curl_init, CURLOPT_URL, $this->CURLOPT_URL); } public function execute(){ $out = curl_exec($this->curl_init); curl_close($this->curl_init); return $out; } } $curl2 = new curl2; $curl2->connect(); $curl2->setUrl("http://www.linuxformat.co.uk"); $curl2->debug(); echo $curl2->execute(); It display a blank page like attachment result1.jpg, but if I move the $fp = fopen("curl2.txt", "w"); curl_setopt($this->curl_init, CURLOPT_STDERR, $fp); curl_setopt($this->curl_init, CURLOPT_RETURNTRANSFER, TRUE); from function debug() and join it with function execute() like this: public function execute(){ $fp = fopen("curl2.txt", "w"); curl_setopt($this->curl_init, CURLOPT_STDERR, $fp); curl_setopt($this->curl_init, CURLOPT_RETURNTRANSFER, TRUE); $out = curl_exec($this->curl_init); curl_close($this->curl_init); return $out; } it return me Linuxformat content ( expected result ) like result2.jpg below is the working code : class curl2{ private $curl_init; private $CURLOPT_URL; public function connect(){ $this->curl_init = curl_init(); } public function debug(){ curl_setopt($this->curl_init, CURLOPT_VERBOSE, TRUE); } public function setUrl($url = null){ $this->CURLOPT_URL = $url; curl_setopt($this->curl_init, CURLOPT_URL, $this->CURLOPT_URL); } public function execute(){ $fp = fopen("curl2.txt", "w"); curl_setopt($this->curl_init, CURLOPT_STDERR, $fp); curl_setopt($this->curl_init, CURLOPT_RETURNTRANSFER, TRUE); $out = curl_exec($this->curl_init); curl_close($this->curl_init); return $out; } } $curl2 = new curl2; $curl2->connect(); $curl2->setUrl("http://www.linuxformat.co.uk"); $curl2->debug(); echo $curl2->execute(); Why I couldn't split "CURLOPT_STDERR, CURLOPT_RETURNTRANSFER" with "curl_exec" This is weird. I thought session_destroy erased your session id: echo "session is ".session_id(); session_destroy(); echo "<br>session now is ".session_id(); When I run it i get: Code: [Select] session is mkqb0m49ktbtt1g34r6e67g012 session now is But when I reload the page I get the same thing! Code: [Select] session is mkqb0m49ktbtt1g34r6e67g012 session now is If session_id was destroyed (it echoed blank to prove this) why does it get repopultaed with the same session id when I reload the browser? I'm trying to make my own shopping cart for the first time and having a problem getting products to add to it. All I get is "No product in cart.". Its nothing special now, I'm just trying to reach the first stepping stone of adding something successfully to the session. index.html Code: [Select] <?php session_start(); ?> <?php $cart = $_SESSION['cart']; if (!$cart) { echo "No product in cart."; } if ($cart) { foreach ($id) { echo $id; } } ?> <A href="index.html?action=add&id=1">Add to cart</A> What have I done wrong and what am I suppose to do? Why is my SESSION not getting set in the code below?! Code: [Select] <?php // Initialize a session. session_start(); // Initialize Logged-In Status. $_SESSION['loggedIn'] = FALSE; // Display Logged-In Status. echo '<p>$_SESSION[\'loggedIn\'] = ' . $_SESSION['loggedIn'] . '</p>'; exit(); When I run this I get... $_SESSION['loggedIn'] = Debbie I am building an app (PHP and MySQL)and I had been using a lot of GET calls to get info from URLs, but the more I thought about it, the more I didn't like the possibility of people being able to mess with the URLs. So I am in the process of changing everything to use SESSION variables to store data across pages, rather than GET. The way I see it, SESSION variables are completely behind the scenes so they seem to be the better option. Am I right, or is GET better than SESSION for some reason? Hi People, I am on a deadline and finding that my code does not work in php5 and I have to change it to work. Just wonder if anyone can spot the obvious within my code. This all worked in php4 but now I have to rewrite it. Basically its a little order system. <? include("inc/connect.php"); // Continue start session. // We need to first check to see if an item with the SID and cat and product_code exists in the database, // if it does then we need to update that item, if not then we need to add the item // clean out any malicious data foreach ($_REQUEST as $k => $v) { $_REQUEST[$k] = (get_magic_quotes_gpc() ? strip_tags($v) : strip_tags(addslashes($v))); } session_start(); { $sql = "SELECT * FROM orders WHERE sid = '$PHPSESSID' AND product_id = '$product_id' "; $sql_result = mysql_query($sql); if (mysql_num_rows($sql_result) ==0) { # setup SQL statement $SQL = " INSERT INTO orders (sid,product_id,product_title,qty,standard_price,deluxe_price) VALUES ('$PHPSESSID','$product_id','$product_title','$qty','$standard_price','$deluxe_price')"; #execute SQL statement $result = mysql_db_query( azflowers,"$SQL",$connection ); # check for error if (!$result) { echo("ERROR: " . mysql_error() . "\n$SQL\n"); } } else { # setup SQL statement $SQL = " UPDATE orders SET qty = qty +1 WHERE sid = '$PHPSESSID' AND product_id = '$product_id' "; #execute SQL statement $result = mysql_db_query( azflowers,"$SQL",$connection ); # check for error if (!$result) { echo("ERROR: " . mysql_error() . "\n$SQL\n"); } } header("Location: http://www.site.com/site/cart.php?sid=$PHPSESSID"); exit; } ?> Hi I am looking for help with a working script to input multiple lines of data , but i am looking for each line of data to have the $_SESSION[userid] entered into each line, ie into the table $_SESSION[userid], name, surname, age Many Thanks <? include "include/session.php"; include "include/z_db.php"; // check the login details of the user and stop execution if not logged in require "check.php"; // If member has logged in then below script will be execuated. // let us collect all data of the member $row=mysql_fetch_object(mysql_query("select * from plus_signup where userid='$_SESSION[userid]'")); if(isset($_POST['submit'])) { foreach($_POST['person'] as $person) { $name= mysql_real_escape_string($person['name']); $surname= mysql_real_escape_string($person['surname']); $age= mysql_real_escape_string($person['age']); $values[] = "('$name', '$surname', '$age')"; } $query = "INSERT INTO plus_signup (name,surname,age) VALUES " . implode(', ', $values); $result = mysql_query($query) or die("Error!<br />Query: $query<br />Error: " . mysql_error()); } ?> <form method="POST" action='multi.php' name=""> <table> <tr> <td>Name<input type="text" name="person[0][name]"></td> <td>surname<input type="text" name="person[0][surname]"></td> <td>age<input type="text" name="person[0][age]"></td> </tr> <tr> <td>name<input type="text" name="person[1][name]"></td> <td>surname<input type="text" name="person[1][surname]"></td> <td>age<input type="text" name="person[1][age]"></td> </tr> <tr> <td>name<input type="text" name="person[2][name]"></td> <td>surname<input type="text" name="person[2][surname]"></td> <td>age<input type="text" name="person[2][age]"></td> </tr> </table> <td><p> <input type="submit" name="submit" value="add"> </p> <p> </p>| <a href=update-profile.php>back</a>| </form> <? require "bottom.php"; ?> <center><br>| <a href=update-profile.php>back</a>|<br></center> </body> </html> I am producing a php script which will include some AJAX in the resultant web page, which will send some data to another php script for processing. If I create a php session in my original script, will the same session be accessed by the second script being run by the AJAX or will it create a new session? |
|||||||