PHP - Help With Session Variables Please

I am finally making the upgrade from PHP 5.3 to PHP 7.3.  When converting over the code I noticed that session some sessions are not being processed.  My test code for this is below:

 

session_start(); 
include ("../includes/connect.inc");

echo "hiiiiiiii: ".$currentDate;
echo "He  ".$_SESSION['user'];


if (isset($_SESSION['user']))
{
	$user = $_SESSION['user'];
	$currentDate = date("Y/m/d");

}
else
{
	echo "Session not started: ";
}

 

My include is listed below:

$link = mysqli_connect('localhost', 'root', ''); 
if (!$link) { 
    die('Could not connect: ' . mysql_error("Connection error message")); 
} 
mysqli_select_db($link, 'dbname') or die (mysqli_error($link)); 



date_default_timezone_set('America/Chicago');

define ("TZ_CORRECTION", 43200);

$bkcolor = "#FFFFFF";

$currentDate = (Date("Y-m-d"));

I am not getting the message "Session not started or the current date from the include".   

If it matters I am using WAMP as my testing server

Any help is greatly appreciated.

Hi,

I'm having a wierd problem related to session variables. It looks like variables would get duplicated inside same session, which of course should not be possible.

Background:
This problem exists on one page script which creating a quote request system where users can select different products and get quote for those. Quote system creates quote ID per customer and all products selected in one session should go under the same quote ID. Problem is that sometimes when user selects products second quote ID is created and after that products are randomly added into both of quotes. While trying to solve this problem I added simple logs to see what's going on, those are added below.

Problem seems to be caused by duplicated session variables. At somepoint it looks like session variables are not defined any more and new quote ID is created. After that the old and new session variables seems to be used randomly.

To demonstrate the problem I added session variable called 'counter' which is defined if it does not exist and incremented always when page is reloaded by submitting the form. As you can see from below logs the 'counter' variable seems to have duplicate values, see the quote value to separate two different session variable "sets".


<?php session_start();
echo "\n Current session id: ".session_id();
echo "\n _SESSION['quote']: ".$_SESSION['quote'];
$_SESSION['counter'] = isset($_SESSION['counter'])? $_SESSION['counter'] +1 : 0;
echo "\n _SESSION['counter']: ".$_SESSION['counter'];


Output when page is reloaded(form submitted):
 
 Current session id: r5i15u4s9e20ud4j6jke8ln376
 $_SESSION['quote']: 
 $_SESSION['counter']: 0
 set  _SESSION['quote']: 984
 
 Current session id: r5i15u4s9e20ud4j6jke8ln376
 $_SESSION['quote']:
 $_SESSION['counter']: 0
 set  _SESSION['quote']: 985
 
 Current session id: r5i15u4s9e20ud4j6jke8ln376
 $_SESSION['quote']: 985
 $_SESSION['counter']: 1
 
 Current session id: r5i15u4s9e20ud4j6jke8ln376 
 $_SESSION['quote']: 985 
 $_SESSION['counter']: 2 
 
 Current session id: r5i15u4s9e20ud4j6jke8ln376 
 $_SESSION['quote']: 984 
 $_SESSION['counter']: 1 
 
 Current session id: r5i15u4s9e20ud4j6jke8ln376 
 $_SESSION['quote']: 985 
 $_SESSION['counter']: 3 
 
 Current session id: r5i15u4s9e20ud4j6jke8ln376 
 $_SESSION['quote']: 984 
 $_SESSION['counter']: 2 


Could anyone explain how the 'counter' can behave such way inside same session (based on session ID)?
This is far beyond my knowledge and I would highly appreciate any advice or tip how to solve this porblem. Thanks.

BestRegards,
Laowai

Question about variable variables and using session variables for them. O.K. So if I have:

$foo = 3;
$_SESSION['bar'] = "foo";

$$_SESSION['bar']  should equal the value of $foo, however I can't get it to work. Can someone tell me what I am doing wrong..... is it formatting???

Thanks,
Thomas

Hello everyone and thanks in advance for the help. I am working on a permission system for a site I am creating that will be used to restrict access to various areas of the site. I have a table with all the permission that is linked to a group that the user is a member of. I then use a query to get a list of the permission ids the user is part of and put those into the session array. I used a basic login script I found online I planned on modifying to add my own features and to make more secure.

Originally it had just a member id and member name variable in the session array saved in the login script which are both working fine after login. I am using a dynamic variable to set one session variable for each permission with the id being the changing part in the variable name. The problem I found is that the new variables are not being set. When i removed the redirect from my login script so I could check the problem I found that the temp variable, which is also set before it saves to the session array, is blank as well. If I hit refresh on my browser the new variables become set and all is well.

I was talking to nvee in irc chat who said I need to make a function on the page I am redirected to that checks if the variable exists. I looked through the original code of the login script I am using and found that this seems to be how they did it as well so I added an if statement to my index page to check if the variable has a value with and without using if isset. In both cases the new variable is still not getting set. He also gave me some pointers to help make my login checks more secure but the main thing IM concerned with right now is to make my new permission variables accessible to the session. My login script is available in my pastebin.

Hi All! I've written up a script for my website. It\ is basically a virtual job quest. My queries are all correct it just isn't registering the variable for the session. It is $-SESSION[theid']. I want to be bale to use it in my table but I get an error. How do I write this in my SQL query for it to work. The page (when no errors), doesn't show my data. Here is my ocde:

Code: [Select]
<?php
session_start();
include("config536.php");
?>
<html>
<head>
<link rel="stylesheet" type="text/css" href="style.css" />
</head>

<?php
if(!isset($_SESSION['username'])) {
echo "<ubar><a href=login.php>Login</a> or <a href=register.php>Register</a></ubar><content><center><font size=6>Error!</font><br><br>You are not Logged In! Please <a href=login.php>Login</a> or <a href=register.php>Register</a> to Continue!</center></content><content><center><font size=6>Messages</font><br><br></center></content>";
}

if(isset($_SESSION['username'])) {
echo "<nav>$shownavbar</nav><ubar><img src=/images/layout/player.gif><a href=status.php>$showusername</a>.......................<img src=/images/layout/coin.gif> $scredits</ubar><content><center><font size=6>Basic Quests</font><br><br>";

$startjob = $_POST['submit'];
$jobq = "SELECT * FROM jobs WHERE username='$showusername'";
$job = mysql_query($jobq);
$jobnr = mysql_num_rows($job);

if($jobnr == "0") {
?>
<form action="<?php echo "$PHP_SELF"; ?>" method="POST">
<input type="submit" name="submit" value="Start Job"></form>
<?php
}
if(isset($startjob)) {
$initemidq = "SELECT * FROM items ORDER BY RAND() LIMIT 1";
$initemid = mysql_query($initemidq);
while($ir = mysql_fetch_array($initemid)) {
$ids = $ir['itemid'];
}
mysql_query("INSERT INTO jobs (username, item, time, completed) VALUES ('$showusername', '$ids', 'None', 'No')");
$wegq = "SELECT * FROM items WHERE itemid='$ids'";
$weg = mysql_query($wegq);
while($wg = mysql_fetch_array($weg)) {
$im = $wg['image'];
$nm = $wg['name'];
$id = $wg['itemid'];
}
$_SESSION['theid'] = $id;

echo "<font color=green>Success! You have started this Job!</font><br><br>Please bring me this item: <b>$nm</b><br><br><img src=/images/items/$im><br><br><br>";
echo $_SESSION['theid'];
}

if($jobnr == "1") {
$finish = $_POST['finish'];
$okgq = "SELECT * FROM items WHERE itemid='$yes'";
$ok = mysql_query($okgq);
while($ya = mysql_fetch_array($ok)) {
$okname = $ya['name'];
$okid = $ya['itemid'];
$okimage = $ya['image'];
}
echo "Where is my <b>$okname</b>?<br><br><img src=/images/items/$okimage><br><br><br>";
echo $_SESSION['theid'];
?>
<form action="<?php echo "$PHP_SELF"; ?>" method="POST">
<input type="submit" name="finish" value="I have the Item"></form>
<?php
}
}

if(isset($finish)) {
$cinq = "SELECT * FROM uitems WHERE theitemid='$_SESSION[theid]'";
$cin = mysql_query($cinq);
$connr = mysql_num_rows($cin);
if($connr != "0") {
echo "<font color=green>Success! You have the item.</font>";
} else {
echo "<font color=red>Error! You do not have my item!</font>";
}

}
?>
. I basically just want to know how I can set this session as a variable. Also..I have a user login on every page and I want to be able to destroy JUST THE "theid" session and NOT the username session. How would I do that too? thanks for the help in advance!

About to pull my hair out.  Looks simple, I think it's simple, but something is not behaving.  I have a simple login page (loginpage.php) which checks a database for the FamilyID and Password, if it is a match, then it redirects them to userspage.php.  I eventually want to use the FamilyID as a filter for my database so I only show the stuff relative to that FamilyID.  Using CS5 and the built in functions, and it looks to me that the session variable 'MM_Username' should contain the FamilyID which is "adminid" in my database.  It appears to work since it sends me to my userspage.php when I enter a valid FamilyID and Password, but it will not show me my session variable on the that page!!! PLEASE PLEASE HELP...Slap me in the face if it's a stupid question, but I have spent WAY too much time trying to figure what is wrong.  I have included my code:

 

CODE FOR LOGINPAGE.PHP

 

<?php require_once('Connections/MyTest.php'); ?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
  if (PHP_VERSION < 6) {
    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
  }

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;   
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}
?>
<?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
  session_start();
}

$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
  $_SESSION['PrevUrl'] = $_GET['accesscheck'];
}

if (isset($_POST['familyid'])) {
  $loginUsername=$_POST['familyid'];
  $password=$_POST['password'];
  $MM_fldUserAuthorization = "";
  $MM_redirectLoginSuccess = "userspage.php";
  $MM_redirectLoginFailed = "loginpage.php";
  $MM_redirecttoReferrer = false;
  mysql_select_db($database_MyTest, $MyTest);
 
  $LoginRS__query=sprintf("SELECT adminid, password FROM `admin` WHERE adminid=%s AND password=%s",
    GetSQLValueString($loginUsername, "int"), GetSQLValueString($password, "text"));
   
  $LoginRS = mysql_query($LoginRS__query, $MyTest) or die(mysql_error());
  $loginFoundUser = mysql_num_rows($LoginRS);
  if ($loginFoundUser) {
     $loginStrGroup = "";
   
if (PHP_VERSION >= 5.1) {session_regenerate_id(true);} else {session_regenerate_id();}
    //declare two session variables and assign them
    $_SESSION['MM_Username'] = $loginUsername;
    $_SESSION['MM_UserGroup'] = $loginStrGroup;     

    if (isset($_SESSION['PrevUrl']) && false) {
      $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
    }
    header("Location: " . $MM_redirectLoginSuccess );
  }
  else {
    header("Location: ". $MM_redirectLoginFailed );
  }
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>

<body>
<form id="form1" name="form1" method="POST" action="<?php echo $loginFormAction; ?>">
  <p>
    <label for="familyid">FamilyID:</label>
    <input type="text" name="familyid" id="familyid" />
  </p>
  <p>
    <label for="password">Password:</label>
    <input type="text" name="password" id="password" />
  </p>
  <p>
    <input type="submit" name="Submit" id="Submit" value="Submit" />
  </p>
</form>
</body>
</html>

 

 

CODE FOR USERSPAGE.PHP

 

<?php
if (!isset($_SESSION)) {
  session_start();
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>

<body>
<strong>YOU MADE IT!
</strong>
<?php echo $_SESSION['MM_Username']; ?>
</body>
</html>

 

 

THANKS IN ADVANCED!!!

I have created a test account in my database with a user level of -1 and i think my code might be wrong but i am hoping someone can spot where i have gone wrong as i cannot, also a similar problem with another session variable loggedIn this is what i get when i login this is on the index page.

Notice: Undefined index: loggedIn in C:\xampp\htdocs\Login\index.php on line 11

Notice: Undefined index: loggedIn in C:\xampp\htdocs\Login\index.php on line 17
You must be logged in to view this page!

Index page source code: 

<?php

session_start();

error_reporting(E_ALL | E_NOTICE);

ini_set('display_errors', '1');

require 'connect.php';

if($_SESSION['loggedIn'] == 1) {

	//Do Nothing

	exit();
	
} else if($_SESSION['loggedIn'] != 1) {

	echo "You must be logged in to view this page!";

	exit();
}

if($_SESSION['user_level'] == -1) {

	header("Location: banned.php");

} if(isset($_SESSION['username'])) {

	echo "<div id='welcome'> Welcome, ". $_SESSION['username'] ." <br> </div> ";

}

?>

Also if you need my login source code: 

<?php
error_reporting(E_ALL | E_NOTICE);

require 'connect.php';

session_start();

if (isset($_POST['submit'])) {
   
    $username = trim($_POST['username']);
    $password = trim($_POST['password']);
   
    if (empty($username)) {
       
        echo "You did not enter a username, Redirecting...";
       
        echo "<meta http-equiv='refresh' content='2' URL='login.php'>";
       
        exit();
       
    }
   
    if (empty($password)) {
       
        echo "You did not enter a password, Redirecting...";
       
        echo "<meta http-equiv='refresh' content='2' URL='login.php'>";
       
        exit();
       
    } 
   
    //Prevent hackers from using SQL Injection to hack into Database
    $username = mysqli_real_escape_string($con, $_POST['username']);
    $password = mysqli_real_escape_string($con, $_POST['password']);

	$result = $con->query("SELECT * FROM $tbl_name WHERE username='$username' AND password='$password'");

	$row = $result->fetch_array();

	$user_level = $row['user_level'];


// check to make sure query did execute. If it did not then trigger error use mysqli::error to see why it failed
if($result->num_rows > 0)
{

//Set default user
	$_SESSION['loggedIn'] == 1;
	$_SESSION['user_level'] == 1;
	$_SESSION['username'] == trim($_POST['username']);
	header("Location: index.php");
	exit();	
} else if($row['user_level'] == 1) {

		$_SESSION['user_level'] == 1;

		//Location admin 
		header("Location: admin.php");

		exit();

	} else if($row['user_level'] == -1) {

		$_SESSION['user_level'] == -1;

		$_SESSION['username'] == trim($_POST['username']);

		//Location banned
		header("Location: banned.php");

		exit();
	} else if($_SESSION['loggedIn'] == true) {

		//Location default user home page
		header("index.php");
	} else {

		echo "Invalid Username/Password";
	}


  //Kill unwanted session
} if(isset($_POST['killsession'])) {

	session_destroy();
	echo "<br> <br> The Session Destroyed. (Basically means you have been logged out)";
	exit();

	}

?>

I appreciate all help

Hi

Maybe a strange request and perhaps someone here knows a better way of doing what I want.

I have a sign up form on my website that automatically pulls the session var 'name' and places this in the text field for "Reference". That way I know which agent signed up a customer.

What I need to do now though is allow this variable to be injected through the url for click through banners.

This what I've done (within the header HTML Tags):

Code: [Select]
if ($_GET['Reference'] == '')
{
$_SESSION['Name']        = $my->name;
}
else
{
$_SESSION['Name']        = $_GET['Reference'];
}

However, even though this is loaded on EVERY page view the variable is empty if the user clicks another page.

I am having probelm in saving Session variables ALthough I'm writing session_start();
in the header of my php script and saving the values of Session array in the next page. It does not print the values or show right results.

Code: [Select]
session_start();
require_once ("functions.php");

$token=$_GET['t'];
if(!isset($token)){
 
$name = stripslashes($_POST['username']);
$email = stripslashes($_POST['email']);

check_validate_input($name, $email);
}
if($token=='register')
{
show_registration_form();
}
  $my_model = new model();
  $arr_info = $my_model->check_members($name,$email);
 
   if (($arr_info==NULL)&&($token!='register'))
    {   
    echo '<p> Hello Guest</p><br />';
       show_mailing_form();
    }
   
  else if (($arr_info['role']=='user')||($arr_info['role'] == 'admin'))
    {
         $_SESSION['userId']=$arr_info['id'];
         $_SESSION['user_role']=$arr_info['role'];
         $_SESSION['user_name']=$arr_info['name'];
        print_r  ($_SESSION);}
here it does not print session array.

Hello all, I just wrote a php website to communicate with a database and it has a login based on the users email and password, they login on the first page and then the php checks for every page they visit if they indeed logged in before and not just found out what php file to open to get where they want to be. For this I used session variables to store both e-mail and password. The login info gets posted from the 1st(login) site to the 2nd site where it is checked for the first time, after that the login info isn't posted to the next page anymore, but just checked, this works for the 3rd page but when the user hits for the 4th page the variables are lost(I can't echo them either). However if I'd go from the 2nd page directly to the 4th page the page will load, however the 5th will then get my security-msg. So offcourse, I am wondering how this might have happened and how to fix this problem, here's some of the code I wrote:

This is the check for the logininfo:

<?php
include('SessionStart.php');
include('logindata.php');

$db = mysql_connect($host, $user, $pw);

if (!$db)
{
   echo "<br />Helaas, u heeft geen verbinding met de database.";
   exit();
} else
{
   mysql_select_db("teammanagementtool", $db);
   
$sql24 = "SELECT * FROM leidinggevenden";
$allesarray = mysql_query($sql24);

$i = 0;
while ($mails = mysql_fetch_array($allesarray)) {
   $mailtjes[$i] = $mails['lg_mailadres'];
   $i = $i+1;
}
   
   echo "...".$_SESSION['sessie']['email']."...".$_SESSION['sessie']['password']."...".$session_name."...";
   
if (in_array($_SESSION['sessie']['email'],$mailtjes)) {

   $sql25 = "SELECT lg_wachtwoord FROM leidinggevenden WHERE lg_mailadres = '".$_SESSION['sessie']['email']."'";
   $pass = mysql_query($sql25);
   $pasje = mysql_fetch_array($pass);
   if ($_SESSION['sessie']['password'] != $pasje['lg_wachtwoord']) {
      echo "<script>alert('U bent hier op incorrecte manier terecht gekomen!');</script>";
      echo "<meta http-equiv='refresh' content='0;URL=index.php' />";
      exit();   
   } else if ($_SESSION['sessie']['password'] = "" || $_SESSION['sessie']['email'] = ""){
      echo "<script>alert('U bent hier op incorrecte manier terecht gekomen!');</script>";
      echo "<meta http-equiv='refresh' content='0;URL=index.php' />";
      exit();   
   } else {
   }
} else {
   echo "<script>alert('U bent hier op incorrecte manier terechtgekomen!');</script>";
   echo "<meta http-equiv='refresh' content='0;URL=index.php' />";
   exit();   
}

?>

And this is the code in my SessionStart.php:

<?php
$session_name = 'sessie';
$session_exp_time = 10000 ;

$previous_name = session_name($session_name);

ini_set('session.gc_maxlifetime',   $session_exp_time);
ini_set('session.gc_probability', '1');
ini_set('session.gc_divisor', '1000');
ini_set('session.name', $session_name);
ini_set('session.cookie_domain', '');
ini_set('session.cookie_lifetime', 0 );
 
session_set_cookie_params($session_exp_time, '/', '');
session_start();

if (isset($_COOKIE[$session_name]))
setcookie($session_name, $_COOKIE[$session_name], 2147483647 , '');
?>

the includes are at the start of all of my pages, I only do a session_unset() at my index.php(the login page).
and my 2nd page gets:
$_SESSION['sessie']['email'] = $_POST['email'];
$_SESSION['sessie']['password'] = $_POST['password'];
from the login.

I could really use some help here, thanks in advance.

Hello! I'm a bit of a novice on PHP variables still and perhaps I'm trying to run before I can walk.

I have an SQL database that I am able to successfully write to without any problems. I have also created a session variable for the user id number that I am able to retrieve on a later page. My problem is that I have hit a wall when it comes to retrieving the data from the database based upon the session variable user id.  Here is my code and error:

$_SESSION['ID_ASSIGNED']=$_POST[KSU_ID]; //this line takes the form data and successfully assigns it to the session variable on an earlier page

echo $_SESSION['ID_ASSIGNED']; //that line works normally.

Here's my problem code (the line starting with $result ). The line works fine if I input: $result = mysql_query("SELECT * FROM $usertable WHERE KSU_ID='some id number'");:

<?php

$result = mysql_query("SELECT * FROM $usertable WHERE KSU_ID=$_SESSION['ID_ASSIGNED']");

$row = mysql_fetch_array($result);

   echo "<br />Participant Number:";
   echo $row['ID'];

   echo "<br />Name: ";
   echo $row['lname'];
   echo  ",&nbsp;";
   echo $row['fname'];

   echo "<br />Student Number:";
   echo $row['KSU_ID'];

   echo "<br />Age: ";
   echo $row['age'];

   echo "<br />Gender: ";
   echo $row['gender'];

   echo "<br />Grade: ";
   echo $row['grade'];

mysql_close($con);
?>

I have some difficulty identifying why the session variables' values have disappeared in my PHP code.  When I try to echo their values, nothing shows up and when I try to compare the values, it does not work.   There are no error messages to indicate something has gone wrong?   Can someone assist? Attached Files  x.txt   6.29KB   1 downloads

I have a PHP page that offers various information from a single text file. This text file is

encrypted on the server HD.

Upon initial entry into the page, the user enters an encryption/decryption KEY and the

encrypted file is decrypted to clear text and it is available for viewing.

I have some parameters that I store in PHP session variables. I do this since various

subsequent actions by the user will require these parameters. The code is written and the whole process seems to

work well.

Since the info in these session variables is sensitive, I need to understand WHERE they are

stored. I know that it is a file on the HD, but after hours of reading the PHP Manual on

sessions, I am not finding where (HD directory) that storage is.

I have a typical shared hosting account for my web site. Mostly I want to discover is, are

the session variables in y User/file hierarchy, or are they stored in a system area where

the PHP is installed.

Whew. Sorry this was so long.

Thank you,
xphp

Hello everyone, I'm sitting here in a position where I can't work on my site or test any code, but my mind is racing about what I can do to solve a particular problem that I have.  I won't get into the problem because it would take more time to type than I have right now, but I have an idea for a simple solution, just not sure if it will work or not.  So, here's my question: Is it possible to have multiple session variables during a session?

Such as:
$email=$_SESSION['email'];
$user=$_SESSION['userid'];

If this is possible, my problem is solved (I think)... otherwise, I have to keep thinking about it.  Thanks for any help!

Having some problems with PHP session i currently use cookies to log users in, but i have decided to use php session instead but i can get it to work, it simply dose not pass the variables unless include session id in every single link on my website,

can anyone tell me where i am going wrong


these are the session setting from php.in


 session.use_cookies = 1
session.use_only_cookies = 0
session.name = usersesid
session.auto_start = 1
session.cookie_lifetime = 0
session.referer_check = 1
session.cache_expire = 180
session.use_trans_sid = 1