|
PHP - Good Or Bad Idea To Store An Object In Session?
I have a class "Login" that handles login, registration, checking if someone's logged in and authorization stuff. I would prefer to be able to instantiate this just once per session and then reuse that. however, I don't know if there's drawbacks to storing this object in the session.
For example, will this lead to too much memory usage of the session object? Is it slow to keep retrieving an object from session? Would it be faster and better on the server to just re-instantiate and then destroy the object every page request? Similar TutorialsI was wondering if this is faster or better performance. Each time a user submit's a post on my forum I will make it +1 the .txt file on my main server directory called test.txt, then I can just call that on my main forum index to show the amount of total posts our board has, instead of using mysql queries to sum all of it from the tables... good idea? or am i retarded? This topic has been moved to MySQL Help. http://www.phpfreaks.com/forums/index.php?topic=305934.0 Hi, I want to maintain users who log in a webpage and each time they leave, I want to record the current time, so this sounds silly but do I just set in my db table in a field that tracks a user's last log in with DEFAULT: CURRENT_TIMESTAMP? db structu user_id lastActivity lastSession (stores TIMESTAMP of last time user logged in) Any help much appreciated Currently I am adding the concept of "entitlements" to my website. In the past, my "article.php" script would simply look to the URL for which article was being requested and then load it. However now that I am also adding the concept of "premium content" for "paid members", I need a way to control who sees what. What I am wondering is - from a security standpoint - how much information I should load into the $_SESSION variable. For instance, right now when a user logs in, I think I just store the "memberID" and "FirstName" and possibly "Username". It would be more efficient when a Member logs in to also retrieve their "Membership Plan" and store that in the $_SESSION variable, so that as they browse my website, each page can simply grab $_SESSION['MembershipPlan'] and run that through a function that I need to build and then determine if the user gets to access said page. However, maybe it would be more secure to have it so when a user lands on page XYZ, I would look at their "memberID" and query the database to get their "MembershipPlan"? Any thoughts on each approach? Again, my main concern is *security*, but I also suppose this plays into "performance".
Anyone could help or giude how to secure this script by storing session into database?
login.php
<?php
//Start session
session_start();
//Include database connection details
require_once('config.php');
//Get ip
function get_client_ip() {
$ipaddress = '';
if ($_SERVER['HTTP_CLIENT_IP'])
$ipaddress = $_SERVER['HTTP_CLIENT_IP'];
else if($_SERVER['HTTP_X_FORWARDED_FOR'])
$ipaddress = $_SERVER['HTTP_X_FORWARDED_FOR'];
else if($_SERVER['HTTP_X_FORWARDED'])
$ipaddress = $_SERVER['HTTP_X_FORWARDED'];
else if($_SERVER['HTTP_FORWARDED_FOR'])
$ipaddress = $_SERVER['HTTP_FORWARDED_FOR'];
else if($_SERVER['HTTP_FORWARDED'])
$ipaddress = $_SERVER['HTTP_FORWARDED'];
else if($_SERVER['REMOTE_ADDR'])
$ipaddress = $_SERVER['REMOTE_ADDR'];
else
$ipaddress = 'UNKNOWN';
return $ipaddress;
}
//Array to store validation errors
$errmsg_arr = array();
//Validation error flag
$errflag = false;
//Function to sanitize values received from the form. Prevents SQL injection
function clean($str) {
$str = @trim($str);
if(get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
return mysql_real_escape_string($str);
}
//Sanitize the POST values
$login = clean($_POST['login']);
$password = clean($_POST['password']);
$ip = get_client_ip();
//Input Validations
if($login == '') {
$errmsg_arr[] = 'Login ID missing';
$errflag = true;
}
if($password == '') {
$errmsg_arr[] = 'Password missing';
$errflag = true;
}
/* if($login != '' || $password != '') {
if($login !='admin' && $ip !=''.$log_ip.''){
$errmsg_arr[] = 'Your IP <b>'.$ip.'</b> is not recognized...';
$errflag = true;
}
}
*/
//If there are input validations, redirect back to the login form
if($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
//header("location: index.php");
echo ('<meta http-equiv="refresh" content="0;url=index.php">');
exit();
}
//Create query
$qry="SELECT * FROM members WHERE login='$login' AND passwd='".$_POST['password']."'";
$result=mysql_query($qry);
//Check whether the query was successful or not
if($result) {
if(mysql_num_rows($result) == 1) {
//Login Successful
session_regenerate_id();
$member = mysql_fetch_assoc($result);
$_SESSION['SESS_MEMBER_ID'] = $member['member_id'];
$_SESSION['SESS_LOGIN_NAME'] = $member['login'];
$_SESSION['SESS_PASS'] = $member['passwd'];
session_write_close();
//header("location: member-index.php");
echo ('<meta http-equiv="refresh" content="0;url=member-index.php">');
exit();
}else {
//Login failed
//header("location: login-failed.php");
echo ('<meta http-equiv="refresh" content="0;url=login-failed.php">');
exit();
}
}else {
die("Query failed");
}
?>
auth.php (included on top of all php pages
<?php
//Start session
session_start();
//Check whether the session variable SESS_MEMBER_ID is present or not
if(!isset($_SESSION['SESS_MEMBER_ID']) || (trim($_SESSION['SESS_MEMBER_ID']) == '')) {
//header("location: access-denied.php");
echo ('<meta http-equiv="refresh" content="0;url=access-denied.php">');
exit();
}
?>
Hello I have included a simple login system into my website. When a user logs in, a session is started and he stays connected throughout the whole website until logging out again. The user logs in via his e-mailaddress and a password, which are stored in a mysql database. Now I want to add a page on which a user that is logged in, can see and edit his own information (password, cellphone number, e-mail, etc.). Or easier: instead of showing "Welcome!" showing "Welcome, John!". I thought about storing the e-mailaddress into the session, and then trying to access it to select the correct record (to edit afterwards). But so far, I haven't booked any success. I have to say that this is the first time I'm working with sessions as well, so this is very new to me. Thank you in advance for any help! Unfortunately I have no code for this yet cuz I don;t even know if its possible... I am programming an application that is used by a couple of stores, which could end up being a lot of stores. Anyways, the basis is that the stores would, though a separate application (and therefore separate database) create a username and password, I now want to use this username and password to do the following 1. Allow them to login to my application using the same username and password 2. I want the store the username in a session to pull tables based on the username from my database For instance, a user has the login store123, after loggin in it now pulls the information from the tables store123_items, store123_prices, store123_settings, etc. Now my database will have quite a lot of store###_tables I am, sadly, a noobie to PHP and I do recall seeing an article (somewhere on the net, and I stupidly forgot to bookmark it, knowing I would need it eventually) on how to access multiple databases easily. Now because they are both under my account I can use the same username and password for both, its accessing the MySQL username/password database and storing the info I know I am lacking on how to do it. Any ideas? What's the best way to store shopping cart information? I want things to stay in the cart for up to 2 weeks after they're added, without the need for somebody to log-in to their account to store them. Should I store the information in a database some how and then set a cookie referencing the cart_id in the db? Is it good practice to put an oop object in session variable Hello, Here's my system. Once a user is successfully logged in, a new instance of a User class is created. The constructor of this class grabs the details of the logged-in user from a database and stores them inside properties in the User class. The problem is, obviously I'd want to access these properties from any page I require them to be able to display user data, so I looked into storing the User object in a Session. When I tried implementing this, I ran into a bunch of errors and I couldn't figure it out. Here's an example: After a user has logged in, I had the following code: Code: [Select] $_SESSION['user'] = new User($this->username); I was under the impression that this assigns a user object to a session. But it's not working as I receive this error: Quote Notice: Undefined index: user in ../v2/admin/index.php on line 18 Then on the page I want to display the name of the current user logged-in, I had this code: Code: [Select] $_SESSION['user']->get_Name(); But then I get this error: Quote Fatal error: Call to a member function get_IP() on a non-object in ../v2/admin/index.php on line 18 Can tell me what I have to do, to make this work? Thanks. I have created an object and assigned values as follows: Code: [Select] $car_object =& new Car(); $car_object->offer = 'Sale'; $car_object->type = 'Sport Car'; $car_object->location = "Buffalo, New york"; How can I store the $car_object inside a session variable? How can I get the $car_object out from the session variable? Please help a novice. Urgent. I have two test files. First file: (test.php) <?php session_start(); function __autoload($class) { include "../libs/$class.php"; } $_SESSION = new session("ttocskcaj",84824526893564); echo "Welcome ".$_SESSION->getUsername(); echo '<p><a href="test2.php">Test 2</a></p>'; Second File (test2.php) <?php session_start(); function __autoload($class) { include "../libs/$class.php"; } print_r($_SESSION); echo "Welcome ".$_SESSION->getUsername(); echo '<p><a href="test.php">Test 1</a></p>'; But the second file just returns this; Code: [Select] Array ( ) Fatal error: Call to a member function getUsername() on a non-object in C:\xampp\htdocs\main\zend\TFFW\public\test2.php on line 4 Here's the session class https://github.com/ttocskcaj/The-Forum-Framework/blob/master/libs/session.php Is it even possible to save objects in a session? If so, what's going wrong? Hi First of all, I know VERY little about PHP, The effort below is a wile guess that has gone wrong. I get this error Parse error: syntax error, unexpected T_IF in /home/repairyo/public_html/shop/includes/content/viewOrders.inc.php on line 57 I have no idea what ive done wrong, may be I am stupid for attempting it. Cheers Paul This is the original code Code: [Select] $view_orders->assign('VAL_STATE',$lang['glob']['orderState_'.$orders[$i]['status']]); This is the modified code Code: [Select] $view_orders->assign('VAL_STATE',$state = $results[$i]['status'] if ($state == '1') { "<font color='#ff9900'>".$lang['glob']['orderState_'.$results[$i]['status']]."</font>"; } else if ($state == '2') { "<font color='#009900'>".$lang['glob']['orderState_'.$results[$i]['status']]."</font>"; } else if ($state == '4') { "<font color='#cc0000'>".$lang['glob']['orderState_'.$results[$i]['status']]."</font>"; } else if ($state == '5') { "<font color='#cc0000'>".$lang['glob']['orderState_'.$results[$i]['status']]."</font>"; } else if ($state == '6') { "<font color='#cc0000'>".$lang['glob']['orderState_'.$results[$i]['status']]."</font>"; } else if ($state == '7') { "<font color='#ff9900'>".$lang['glob']['orderState_'.$results[$i]['status']]."</font>"; } else { $lang['glob']['orderState_'.$orders[$i]['status']]); } Hello all, I have an error handler that I need to append messages to (First name not right, Last name not right, etc) I'm using a session array to handle all error messages titled GORB. How come this code won't work? $_SESSION['GORB']['message'][] = "First name wrong"; $_SESSION['GORB']['message'][] = "Last name wrong"; How can I get it to work? I already have the handler output written and functioning fine, I just need to get it to loop over an array of errors instead of just one. in this page http://maximaart.com/newscp/ i have this problem Code: [Select] Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/maximasy/public_html/newscp/index.php:1) in /home/maximasy/public_html/newscp/index.php on line 2 my source code is <?php session_start(); include_once("config.php"); include_once("functions.php"); $errorMessage = ''; if (isset($_POST['txtUserId']) && isset($_POST['txtPassword'])) { if ($_POST['txtUserId'] === "$user" && $_POST['txtPassword'] === "$pass") { // the user id and password match, $_SESSION['basic_is_logged_in'] = true; require("main.php"); exit;?> I am having trouble resolving an error. Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/s519970/public_html/header.php:27) in /home/s519970/public_html/admin/login.php on line 2 What I can gather is I can't use "header (Location: 'admin.php')" after i've used session_start(). I have tried to replace the header (Location: 'admin.php') with this: echo "<script>document.location.href='admin.php'</script>"; echo "<script>'Content-type: application/octet-stream'</script>"; I've been trying to read up on solutions but haven't been able to get it sorted. If anyone can offer some advice that would be greatly appreciated as im new to php. Code: [Select] <?php session_start(); if(isset($_SESSION['user'])) echo "<script>document.location.href='admin.php'</script>"; echo "<script>'Content-type: application/octet-stream'</script>"; ?> <div id="loginform"> <form action="dologin.php" method="post"> <table> <tr> <td><span>Username:</span></td> <td><input type="text" name="username" /></td> </tr> <tr> <td><span>Password:</span></td> <td><input type="password" name="password" /></td> </tr> <tr> <td colspan="2" align="right"><input type="submit" name="login" value="Login" /></td> </tr> </table> </form> </div> I have tried using require_once('yourpage.php'); before my <head></head> tags in the header document where I've specified the html information but this doesn't seem to work. I've been advised to use ob_start("ob_gzhandler"); but I am not sure how to implement this. Any advice is greatly appreciated! I am trying to create an index page which contains registration and login field the problem that i get is on successful login a warning is displayed session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at C:\xampp\htdocs\Eventz.com\index.php:116) in C:\xampp\htdocs\Eventz.com\index.php on line 235 This is the login part of my index.php this tag is inside an html table below the login form I also have a registration form and its php code above the login form Code: [Select] <?php if (isset($_REQUEST['pass'])) { $id=$_POST['id']; $pass=$_POST['pass']; $conn =mysql_connect("localhost","root",""); if (!$conn) { die('Could not connect: ' . mysql_error()); } /* checking connection....success! */ $e=mysql_select_db('test', $conn); if(!$e) { die(''.mysql_error()); } else { echo 'database selected successfully'; } if (isset($_REQUEST['id']) || (isset($_REQUEST['pass']))) { if($_REQUEST['id'] == "" || $_REQUEST['pass']=="") { echo "login fields cannot be empty"; } else { $sql=mysql_query("Select email,password from login where email='$id' AND password='$pass'"); $count=mysql_num_rows($sql); if($count==1) /* $count checks if username and password are in same row */ { session_start(); $_SESSION['id']=$id; echo "</br>Login Successful</br>"; } else { echo "</br>invalid</br>"; echo "please try to login again</br>"; } } } } ?> Any help or suggestion would be appreciated Hey all, I want to have an object that has a property which is an object containing instances of other objects. I try this: Code: [Select] class Blog extends Posts { public $has_posts; public function __construct($a,$b,$c){ $has_posts = (object) array_merge((array) $a, (array) $b, (array) $c); } } class Posts { public $b; public function __construct($b){ $this->b = $b; } } $post1 = new Posts(1); $post2 = new Posts(2); $post3 = new Posts(3); $blog = new Blog($post1,$post2,$post3); var_dump($blog->has_posts); //null foreach($blog->has_posts as $post){ //Invalid argument supplied for foreach() echo $post->b; } But as you see, has_posts is null, not an object containing other objects. Thanks for response. I'm making a simple login system with MySQL and PHP (very simple, I'm just starting with PHP). The MySQL portion is done, but I need to ensure only people who are logged in can see certain content. To check if people are logged in, my website checks that they have the $_SESSION['user'] variable set. If it is set, then it lets them continue through the website, if not, it tells them to login. Is that enough security, or can people simply inject a session cookie into their browser to spoof that they are logged in? My idea was to generate a session key cookie when they login (just a random string of letters and numbers) and store that in the database, then on every page, check to make sure their session key is the same thing that's in the database. Is this necessary? It seems expensive. hi everyone. i'm wondering what the best way is to create a session variable and pass it to an iframe. i need to do something along these lines, but it doesn't seem to pass the ID. Any hints on how i should accomplish this? Code: [Select] session_start(); $_SESSION['ID']=$_GET['ID']; // id from previous page $ID=session_id(); <iframe src="iframepage.php?ID=<?php echo $ID; ?>" style="width:680px; height:200px;" noresize="noresize" frameborder="0" border="0" scrolling="Yes" allowtransparency="true" /> </iframe> |
|||||||