PHP - Need Help With Session In Script

I'm making a simple login system with MySQL and PHP (very simple, I'm just starting with PHP). The MySQL portion is done, but I need to ensure only people who are logged in can see certain content.

To check if people are logged in, my website checks that they have the $_SESSION['user'] variable set. If it is set, then it lets them continue through the website, if not, it tells them to login. Is that enough security, or can people simply inject a session cookie into their browser to spoof that they are logged in?

My idea was to generate a session key cookie when they login (just a random string of letters and numbers) and store that in the database, then on every page, check to make sure their session key is the same thing that's in the database. Is this necessary? It seems expensive.

hi everyone.

i'm wondering what the best way is to create a session variable and pass it to an iframe.
i need to do something along these lines, but it doesn't seem to pass the ID. Any hints on how i should accomplish this?

Code: [Select]
session_start();
  $_SESSION['ID']=$_GET['ID']; // id from previous page
$ID=session_id();

 <iframe src="iframepage.php?ID=<?php echo $ID; ?>" style="width:680px; height:200px;" noresize="noresize" frameborder="0" border="0" scrolling="Yes" allowtransparency="true" /> </iframe>

Evening!

I've been iffing and ahhing over this and well im not too sure, hence the post.

Code: [Select]
// Redirects if there is no session id selected and echos the error on the previous page
if(!isset($_GET['get']) || ($_GET['getget'])){
header("Location: #.php?error");
}
So it should simply check if get is set if it isnt then see if getget is set?

If not redirect and show the error.

Now ive tried it and even when get/getget is set it still redirects, probably something silly. Care to share anyone?

Harry.

Just curious how other people feel about this.  I am working on an application where a lot of info is pulled from MySQL and needed on multiple pages.     Would it make more sense to...   1.  Pull all data ONCE and store it in SESSION variables to use on other pages    2.  Pull the data from the database on each new page that needs it   I assume the preferred method is #1, but maybe there is some downside to using SESSION variables "too much"?   Side question that's kind of related:  As far as URLs, is it preferable to have data stored in them (i.e. domain.com/somepage.php?somedata=something&otherdata=thisdata) or use SESSION variables to store that data so the URLs can stay general/clean (i.e. domain.com/somepage.php)?   Both are probably loaded questions but any possible insight would be appreciated.   Thanks! Greg
Edited by galvin, 04 November 2014 - 10:30 AM.

Hi everyone!

I've been working on a php script to replace links that contain a query with direct links to the files they would redirect to.

Hi i have this upload script which works fine it uploads image to a specified folder and sends the the details to the database.
but now i am trying to instead make a modify script which is Update set so i tried to change insert to update but didnt work can someone help me out please
this my insert image script which works fine but want to change to modify instead
Code: [Select]
<?php
mysql_connect("localhost", "root", "") or die(mysql_error()) ;
mysql_select_db("upload") or die(mysql_error()) ;

// my file the name of the input area on the form type is the extension of the file
//echo $_FILES["myfile"]["type"];

//myfile is the name of the input area on the form 
$name = $_FILES["image"] ["name"]; // name of the file
$type = $_FILES["image"]["type"]; //type of the file
$size = $_FILES["image"]["size"]; //the size of the file
$temp = $_FILES["image"]["tmp_name"];//temporary file location when click upload it temporary stores on the computer and gives it a temporary name
$error =array(); // this an empty array where you can then call on all of the error messages
$allowed_exts = array('jpg', 'jpeg', 'png', 'gif'); // array with the following extension name values
$image_type = array('image/jpg', 'image/jpeg', 'image/png', 'image/gif'); // array with the following image type values
$location = 'images/'; //location of the file or directory where the file will be stored
$appendic_name = "news".$name;//this append the word [news] before the name so the image would be news[nameofimage].gif

// substr counts the number of carachters and then you the specify how how many you letters you want to cut off from the beginning of the word example drivers.jpg it would cut off dri, and would display vers.jpg
//echo $extension = substr($name, 3);

//using both substr and strpos, strpos it will delete anything before the dot in this case it finds the dot on the $name file deletes and + 1 says read after the last letter you delete because you want to display the letters after the dot. if remove the +1 it will display .gif which what we want is just gif
$extension = strtolower(substr($name, strpos ($name, '.') +1));//strlower turn the extension non capital in case extension is capital example JPG will strtolower will make jpg
// another way of doing is with explode
// $image_ext strtolower(end(explode('.',$name))); will explode from where you want in this case from the dot adn end will display from the end after the explode

$myfile = $_POST["myfile"];

     if (isset($image)) // if you choose a file name do the if bellow
       {
       
       // if extension is not equal to any of the variables in the array $allowed_exts error appears
        if(in_array($extension, $allowed_exts) === false )
       {
         $error[] = 'Extension not allowed! gif, jpg, jpeg, png only<br />'; // if no errror read next if line
       }
        // if file type is not equal to any of the variables in array $image_type error appears
        if(in_array($type, $image_type) === false)
       {
          $error[] = 'Type of file not allowed! only images allowed<br />';     
       }
       
        // if file bigger than the number bellow error message
        if($size > 2097152)
       {
          $error[] = 'File size must be under 2MB!';     
       }
       
       // check if  folder exist in the server
        if(!file_exists ($location))
       {
          $error[] = 'No directory ' . $location. ' on the server Please create a folder ' .$location;     
       }
            
     }
     // if no error found do the move upload function
       if (empty($error)){
           if (move_uploaded_file($temp, $location .$appendic_name))
           {
             // insert data into database first are the field name teh values are the variables you want to insert into those fields appendic is the new name of the image
mysql_query("INSERT INTO image (myfile ,image)
 VALUES ('$myfile', '$appendic_name')") ;
           exit();
           }
         }
       else
          {
        foreach ($error as $error)
           {
               echo $error;
           }
        }
      
     
  
//echo $type;
?>

I'm having trouble echoing $year in my script. Listed below is the script, just below ,$result = mysql_query("SELECT * FROM $dbname WHERE class LIKE '%$search%'") or die(mysql_error());, in the script I try to echo $year. It doesn't show up in the table on the webpage. Everything else works fine. Any help wold be appreciated greatly. Thanks in advance.



<?php
include 'config2.php';

$search=$_GET["search"];

// Connect to server and select database.
mysql_connect($dbhost, $dbuser, $dbpass)or die("cannot connect");
mysql_select_db("vetman")or die("cannot select DB");


$result = mysql_query("SELECT * FROM $dbname WHERE class LIKE '%$search%'") or die(mysql_error());
// store the record of the "" table into $row
//$current = '';
echo "<table align=center border=1>";
echo "<br>";
echo "<tr>";
echo "<td align=center>";
?>
<div style="float: center;"><a><h1><?php echo $year; ?></h1></a></div>


<?php
echo "</td>";
echo "</tr>";
echo "</table>";


// keeps getting the next row until there are no more to get
if($result && mysql_num_rows($result) > 0)

{
    $i = 0;
    $max_columns = 2;
    echo "<table align=center>";
echo "<br>";
    while($row = mysql_fetch_array($result))
   {
       // make the variables easy to deal with
       extract($row);

       // open row if counter is zero
       if($i == 0)

          echo "<tr>";

          echo "<td align=center>";
          ?>
          <div style="float: left;">
          <div><img src="<?php echo $image1; ?>"></div>

  </div>


          <?php
          echo "</td>";

       // increment counter - if counter = max columns, reset counter and close row
       if(++$i == $max_columns)
       {
           echo "</tr>";
           $i=0;
       }  // end if
   } // end while
} // end if results

// clean up table - makes your code valid!
if($i > 0)
{
    for($j=$i; $j<$max_columns;$j++)
        echo "<td>&nbsp;</td>";
   echo '</tr>';
}
mysql_close();
 ?>
</table>

I'm trying to use this script known as SimpleImage.php that can be found here <a href="http://www.white-hat-web-design.co.uk/articles/php-image-resizing.php">link</a> I'm trying to include what is on the bottom of the page to my existing script can anyone help me I've tried several ways but its not working.
Code: [Select]
<?php 
session_start();
error_reporting(E_ALL);
ini_set('display_errors','On');

//error_reporting(E_ALL); 


// image upload folder
    $image_folder = 'images/classified/'; 
// fieldnames in form
$all_file_fields = array('image1', 'image2' ,'image3', 'image4');
// allowed filetypes
$file_types = array('jpg','gif','png');
// max filesize 5mb
$max_size = 5000000;
//echo'<pre>';print_r($_FILES);exit;

$time = time();
$count = 1;

foreach($all_file_fields as $fieldname){ 
if($_FILES[$fieldname]['name'] != ''){

$type = substr($_FILES[$fieldname]['name'], -3, 3);

// check filetype
if(in_array(strtolower($type), $file_types)){

//check filesize
if($_FILES[$fieldname]['size']>$max_size){
$error = "File too big. Max filesize is ".$max_size." MB";

}else{

// new filename
$filename = str_replace(' ','',$myusername).'_'.$time.'_'.$count.'.'.$type;

// move/upload file
$target_path = $image_folder.basename($filename);
move_uploaded_file($_FILES[$fieldname]['tmp_name'], $target_path);

//save array with filenames
$images[$count] = $image_folder.$filename;
$count = $count+1;

}//end if

}else{ $error = "Please use jpg, gif, png files";

}//end if
}//end if
}//end foreach



if($error != ''){ echo $error;
}else{


/* --------------------------------------------------------------------------------------------------
SAVE TO DATABASE ------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------- */
?>

Hello,

I stored a fsockopen function in a separate "called.php" file, in order to run it as another thread when it needs.
The called script should return results to the "master.php" script.
I'm able to run the script to get the socket working, and I'm able to get results from the called script. I tried for hours but I can't do the twice both 

My master.php script (with socket working):

Code: [Select]
<?php
$command = "(/mnt/opt/www/called.php $_SERVER[REMOTE_ADDR] &) > /dev/null";
$result = exec($command);
echo ("result = $result\r\n");
?>

and my called.php script
Code: [Select]
#!/mnt/opt/usr/bin/php-cli -q
<?php
$device = $_SERVER['argv'][1];
$port = "8080";
$fp = fsockopen($device, $port, $errno, $errstr, 5);
fwrite($fp, "test");
fclose($fp);
echo ("normal end of the called.php script");
?>

In the master script, if I use
Code: [Select]
$command = "(/mnt/opt/www/called.php $_SERVER[REMOTE_ADDR] &) > /dev/null";
the socket works, but I have nothing in $result
(note also that I don't anderstand why the ( ... &) are needed!?)

and if I use
Code: [Select]
$command = "/mnt/opt/www/called.php $_SERVER[REMOTE_ADDR]";
I have the correct text "normal end of the called.php script" in $result but the socket connection is not performed (no errors in php logs)

Could you help me to find a way to let's work the two features correctly together?
Thank you.

hey guys im really just after a bit of help/information on 2 things (hope its in the right forum).   1. basically I'm wanting to make payments from one account to another online...like paypal does...im wondering what I would need to do to be able to do this if anyone can shine some light please?   2.as seen on google you type in a query in the search bar and it generates sentences/keywords from a database   example:   so if product "chair" was in the database whilst typing "ch" it would show "chair" for a possible match   I know it would in tale sql & json but im after a good tutorial/script of some sort.   if anyone can help with some information/sites it would be much appreciated.   Thank you

hello all,

What I want to do is, make the session ID clickable in a url here

Code: [Select]
Login Successful <a href="user.php">Conitnue</a>

so when a user logs in, his ID gets in the link of Continue so he can only see his information

so for example, if his id is 10, then the url would be ....user.php?id=10

Is there anyway to work out the age of a session, i.e the time that has elapsed since it was created?

Cheers

I am having trouble calling the  session var "email" from the landing page. Here is the code that I am using. I am not even sure the session "email" is starting or registering.

Code: [Select]
$referer = $_SERVER['HTTP_REFERER'];

$email = $_POST['email'];

$sql="SELECT * FROM users WHERE email='$email' ";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $email, table row count must be 1 row

if($count==1){
// Session Register email
session_start();
  $_SESSION['email'] = $email;

header("location:".$referer2." ");
exit();
 }

Hi,
I have a PHP page that includes this JS:

Code: [Select]
<script type="text/javascript">
AC_FL_RunContent( 'codebase','http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=9,0,28,0','width','465','height','80','class','FlashBorder','src','img/skype_banner_eng','quality','high','pluginspage','http://www.adobe.com/shockwave/download/download.cgi?P1_Prod_Version=ShockwaveFlash','movie','img/skype_banner_eng' ); //end AC code
                            </script>
skype_banner_eng is a flash movie in English. I need to get this movie to change to a different languagdepending on the language variable loaded. I have done this with jpg images by doing this:

Code: [Select]
header_<?php echo ($_SESSION['session_idioma']);?>.jpg
but whenI try to do the same within the JS it doesn't work....any ideas ?

Thanks

Firstly, I am new to the forum, so hello 

I am trying to code a login script for my website. I have got the login to work but how do I get it to create a session so the user stays logged in until they log out?

Also how can I prevent access to success.php and fail.php so they cannot be accessed directly. I am new to PHP so please explain in detail for me.

Here is my code...

Code: [Select]
<?php
ob_start();
$host=""; // Host name 
$username=""; // Mysql username 
$password=""; // Mysql password 
$db_name=""; // Database name 
$tbl_name=""; // Table name

mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");
 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword'];
$mypassword=md5($mypassword);

$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE email='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

$count=mysql_num_rows($result);

if($count==1){
session_register("myusername");
session_register("mypassword"); 
header("location:success.php");
}
else {
header("location:fail.php");
}

ob_end_flush();
?>