PHP - Php Sessions Being Lost
I'm creating a script and having problems with the log in portion using sessions. Everything works fine when I set the sessions for the log in which is in the root directory. The problem arises when I try to create an admin area and cross from the user side to the admin side which is in a different directory of its own. I do an echo to check for the sessions in admin area and all are lost.
/root <--sessions work 100% Click link to go to /root/admin <--- sessions are lost and yes all pages have session_start() Any advice would gladly be appreciated! Thanks Here is login code: <?php session_start(); include("admin/db/db_connect.php"); $myusername=$_POST['myusername']; $mypassword=$_POST['mypassword']; $myusername = stripslashes($myusername); $mypassword = stripslashes($mypassword); $myusername = mysql_real_escape_string($myusername); $mypassword = mysql_real_escape_string($mypassword); $sql="SELECT * FROM members WHERE user_name='$myusername' and user_pass='$mypassword'"; $result=mysql_query($sql); $rows=mysql_fetch_array($result); $status = $rows['status']; $user_id = $rows['user_id']; if(($status!="") && ($status==0)){ $m="Your Account has not been activated or is suspended!"; $m = base64_encode($m); header("location:login.php?m=$m"); exit(); } $count=mysql_num_rows($result); if($count==1){ $_SESSION['myusername'] = $myusername; $_SESSION['myuser_id'] = $user_id; if($user_id == "1"){ $_SESSION['admin'] = $myusername . $user_id; } //echo $user_id . $myusername."<p></p>"; //echo $_SESSION['myusername'] . $_SESSION['myuser_id'] . $_SESSION['admin']; //exit(); $m="Login Successful!"; $m = base64_encode($m); header("location:members.php?m=$m"); } else { $m="Login Failed, Please Try Again!"; $m = base64_encode($m); header("location:login.php?m=$m"); } ?> That works fine for members area and other files in root: <?php session_start(); include("inc/vars.php"); include("admin/db/db_connect.php"); include("inc/page_header.php"); if(!isset($_SESSION['myusername'])){ header("location:login.php"); } ?> <?php $m = $_GET['m']; $m = base64_decode($m); ?> <?php include("inc/page_footer.php");?> But it doesn't for this script in admin: <?php session_start(); $log = $_SESSION['myusername']; $in = $_SESSION['myuser_id']; $key = $log . $in; echo "<p>-->". $log . $in ."<--</p>"; echo $key."<-- Key"; exit(); //testing if($_SESSION['admin'] !== $key){ header("location:/login.php"); } $ImageDirx = "../sopImages/"; $func = $_GET["func"]; $picid = $_GET["picid"]; $dothis = $_GET["dothis"]; if($func != "" && $picid != "" && $dothis != ""){ function DoDelete($picid,$dothis) { include ("../inc/vars.php"); include ("db/db_connect.php"); include ("admin_header.php"); $query ="SELECT * FROM listings WHERE picid='$picid'"; $result = mysql_query($query); $row = mysql_fetch_array($result); $delete = $row["imagefile"]; // Delete image from server & DATABASE //echo $ImagePth . $delete;exit(); $sql = "DELETE FROM listings WHERE picid='$picid'"; $result = mysql_query($sql); @unlink($ImagePth . $delete); } function DoStatusC($func,$picid,$dothis) { include ("../inc/vars.php"); include ("db/db_connect.php"); include ("admin_header.php"); if($func == hold){ $Nactive = "n"; } else{ $Nactive = "y";} $query ="SELECT * FROM listings WHERE picid='$picid'"; $result = mysql_query($query); $myrow = mysql_fetch_array($result); $picid = $myrow["picid"]; $active = $myrow["active"]; $sql ="UPDATE listings SET active='$Nactive' WHERE picid='$picid'"; $result = mysql_query($sql); } if($func == "delete"){ DoDelete($picid,$dothis); } else { DoStatusC($func,$picid,$dothis); } } if (empty($_GET["dothis"])) { shownew(); Die(); } else {$dothis = $_GET["dothis"];} if($dothis == "echonew"){shownew(); die();} elseif($dothis == "echoactive"){showactive(); die();} elseif($dothis == "echoall"){showall(); die();} elseif($dothis == "resetDB"){DoresetDB(); die();} // Retrieve all images from the db function showall() { include("../inc/vars.php"); include ("db/db_connect.php"); include ("admin_header.php"); $query = "SELECT * FROM listings ORDER BY id DESC"; $result = mysql_query($query); $num = mysql_num_rows($result); if ($num == "0") {print("No Results");include("admin_footer.php"); die();} if ($num < "20") {$Xwarning = "WARNING: There are not enough images for this script to work correctly.<br>";} print("<font color='red'>$Xwarning</font>"); print("<font color='blue'>$num</font> Image(s)<br>"); if($num > 0){ $i=0; echo ""; while($i < $num){ $id = mysql_result($result, $i, "id"); $owner_id = mysql_result($result, $i, "owner_id"); $picid = mysql_result($result, $i, "picid"); $imagename = mysql_result($result, $i, "imagename"); $imagefile = mysql_result($result, $i, "imagefile"); $active = mysql_result($result, $i, "active"); $query2 ="SELECT * FROM members WHERE user_id='$owner_id'"; $result2 = mysql_query($query2); $myrow2 = mysql_fetch_array($result2); $name = $myrow2["user_name"]; if ($active == "n") {$status = "Hold";} else {$status = "Active";} if ($active == "n") {$statusL = "<a href=\"inedx.php?func=allow&picid=$picid&dothis=echoall\">Click to Allow</a>";} else {$statusL = "<a href=\"index.php?func=hold&picid=$picid&dothis=echoall\">Click to Hold</a>";} echo "<table border=\"0\" cellspacing=\"1\" style=\"border-collapse: collapse\" bordercolor=\"#111111\" width= \"585\"> <tr><td width=\"237\"><img src='../i.php?src=/".$ImageDir."".$imagefile."&h=&w=150&zc=0'></td> <td width=\"341\" valign=\"top\"><b>Submitted By:</b> <a href=\"member.php?user_id=".$owner_id."\">". $name."</a><br><b>Website:</b> ".$website."<br><b>Image Name:</b> ".$imagename."<br><b>Status:</b> ".$status."<br><br><a href=\"index.php?func=delete&picid=$picid&dothis=echoall\">Delete</a> | ".$statusL."</td> </tr>\n</table><hr color=\"#0000FF\" align=\"left\" width=\"570\" size=\"1\">"; $i++; } echo ""; } include("admin_footer.php"); } function shownew() { // Retrieve all new images from the db include("../inc/vars.php"); include ("db/db_connect.php"); include ("admin_header.php"); $query = "SELECT * FROM listings WHERE active='n' ORDER BY id DESC"; $result = mysql_query($query); $num = mysql_num_rows($result); if ($num == "0") {print("No Results"); include("admin_footer.php"); die();} print("<font color='blue'>$num</font> Image(s)<br>"); if($num > 0){ $i=0; echo ""; while($i < $num){ $id = mysql_result($result, $i, "id"); $owner_id = mysql_result($result, $i, "owner_id"); $picid = mysql_result($result, $i, "picid"); $imagename = mysql_result($result, $i, "imagename"); $imagefile = mysql_result($result, $i, "imagefile"); $active = mysql_result($result, $i, "active"); $query2 ="SELECT * FROM members WHERE user_id='$owner_id'"; $result2 = mysql_query($query2); $myrow2 = mysql_fetch_array($result2); $name = $myrow2["user_name"]; if ($active == "n") {$status = "Hold";} else {$status = "Active";} if ($active == "n") {$statusL = "<a href=\"index.php?func=allow&picid=$picid&dothis=echonew\">Click to Allow</a>";} else {$statusL = "<a href=\"index.php?func=hold&picid=$picid&dothis=echonew\">Click to Hold</a>";} echo "<table border=\"0\" cellspacing=\"1\" style=\"border-collapse: collapse\" bordercolor=\"#111111\" width= \"585\"> <tr><td width=\"237\"><img src='../i.php?src=/".$ImageDir."".$imagefile."&h=&w=150&zc=0'></td> <td width=\"341\" valign=\"top\"><b>Submitted By:</b> <a href=\"member.php?user_id=".$owner_id."\">". $name."</a><br><b>Website:</b> ".$website."<br><b>Image Name:</b> ".$imagename."<br><b>Status:</b> ".$status."<br><br><a href=\"index.php?func=delete&picid=$picid&dothis=echonew\">Delete</a> | ".$statusL."</td> </tr>\n</table><hr color=\"#0000FF\" align=\"left\" width=\"570\" size=\"1\">"; $i++; } echo ""; } include("admin_footer.php"); } function showactive(){ // Retrieve all Active images from the db include("../inc/vars.php"); include ("db/db_connect.php"); include ("admin_header.php"); $query = "SELECT * FROM listings WHERE active='y' ORDER BY id DESC"; $result = mysql_query($query); $num = mysql_num_rows($result); if ($num == "0") {print("No Results");include("admin_footer.php"); die();} if ($num < "20") {$Xwarning = "WARNING: There are not enough images for this script to work correctly.<br>";} print("<font color='red'>$Xwarning</font>"); print("<font color='blue'>$num</font> Image(s)<br>"); if($num > 0){ $i=0; echo ""; while($i < $num){ $id = mysql_result($result, $i, "id"); $owner_id = mysql_result($result, $i, "owner_id"); $picid = mysql_result($result, $i, "picid"); $imagename = mysql_result($result, $i, "imagename"); $imagefile = mysql_result($result, $i, "imagefile"); $active = mysql_result($result, $i, "active"); $query2 ="SELECT * FROM members WHERE user_id='$owner_id'"; $result2 = mysql_query($query2); $myrow2 = mysql_fetch_array($result2); $name = $myrow2["user_name"]; if ($active == "n") {$status = "Hold";} else {$status = "Active";} if ($active == "n") {$statusL = "<a href=\"index.php?func=allow&picid=$picid&dothis=echoactive\">Click to Allow</a>";} else {$statusL = "<a href=\"index.php?func=hold&picid=$picid&dothis=echoactive\">Click to Hold</a>";} echo "<table border=\"0\" cellspacing=\"1\" style=\"border-collapse: collapse\" bordercolor=\"#111111\" width= \"585\"> <tr><td width=\"237\"><img src='../i.php?src=/".$ImageDir."".$imagefile."&h=&w=150&zc=0'></td> <td width=\"341\" valign=\"top\"><b>Submitted By:</b> <a href=\"member.php?user_id=".$owner_id."\">". $name."</a><br><b>Website:</b> ".$website."<br><b>Image Name:</b> ".$imagename."<br><b>Status:</b> ".$status."<br><br><a href=\"index.php?func=delete&picid=$picid&dothis=echoactive\">Delete</a> | ".$statusL."</td> </tr>\n</table><hr color=\"#0000FF\" align=\"left\" width=\"570\" size=\"1\">"; $i++; } echo "$warning"; } include("admin_footer.php"); } ?> Similar TutorialsI'm not a PHP Einstein, but i'm certainly not a stranger and i've never seen this behaviour before. If you have any suggestions please let me know. Thanks in advance. I have multiple $_SESSION variables set when a user logs into thier account that never change unless they log out. (id, first_name, last_name, etc.) I have one additional variable set for logged-in users that keeps track of the last "Account" page they visited (info, settings, main, etc.), so that when they leave their "Account" pages to browse the site and then return to "Account", they will land on the last "Account" page they visited. The issue is this - When a logged-in user sits idle for a while, the $_SESSION variables that were set when they first logged in are lost. Only those variables. Not the "Account" page variable or other misc variables that are created during thier browsing of pages. I don't have any inactivity or idle functionality that would log them off. I dont have any code that unsets these variables unless they click "log out". And if they do click "log out", the "Account" page variable would be unset too. Any ideas? hi in a php file I assign a value to a tag. and with it make a condition for mysql command. but when run query and then using a form for sending some values to a function, all thin is work , but the vale of tag erased. when i trying to define this tag as global I see below errors. Code: [Select] Parse error: parse error, unexpected '=', expecting ',' or ';' in C:\Apache2\htdocs\bill\desktop\send_game.php on line 64 Hi im looking to set up a booking a taxi system for the local taxi firms in my area . I woudl be running it through a website where the user will log on choose where they want to go when etcetc these details will be sent to all the taxi companies in the area ( there are only about 5 companies) they will provides quotes such as time est price etc then the user will accept which ever quote they want. Now i know i need to proberbly store the details into a table then get the taxi companies to fill out the rest then provide the full details to the user to accept or decline but i dont know where to start i have all of the layouts ready but do i start by getting the user to enter the first details get them to be stored into a database then how would i get the companies to pick up the correct customer details any ideas? Or are there anys cripts out there that i can use at all Thank You while($row = mysql_fetch_array($results, MYSQL_NUM)) { $total_price = $row["Computer_price"] + $total_price ; $total_items = $number_of_items = $number_of_items + 1; } This is the code and its telling em there is a parse error with line 16 which is the "while" line of code any suggestions at all? Thank you Ok I have NEVER had problem like this before. First of all, I am not that great with cookies or headers. But I know how to set cookies & sessions & how to use them. Any way, this is the most important feature & page on my app. Its for the register page, it sets a cookie that is needed to prevent fraud. I did the development of this script on my local server & this is my first time testing it on a real server. My issue is, I keep getting the damn headers already sent error; Code: [Select] Warning: Cannot modify header information - headers already sent by (output started at /../../..//mysite.com/admin/includes/linkmysql.php:2) in /../../../mysite.com/reg.php on line 36 I literally tried everything. I completely rewrote the page to work around this. I cannot stress enough how important this cookie is. I dont udnerstand. The php is b4 all the html, etc etc. There should be no other "headers being sent". Heres the code; <?php require_once 'is_email.php'; $result = is_email(@$email, true, true); if (isset($_POST['register_clicked']) && $_POST['register_clicked']==1) { $uname = $_POST['uname']; $upasswd = $_POST['passwd']; $email = $_POST['email']; if (!(strlen($uname) > 0 && strlen($uname) < 31)) echo '<td colspan="3" align="center" class="FormError"> USERNAME length must be between 1 and 30! </td>'; else if (!(strlen($upasswd) > 0 && strlen($upasswd) < 41)) echo '<td colspan="3" align="center" class="FormError"> PASSWORD length must be between 1 and 30! </td>'; else if ($upasswd != $_POST['passwdconf']) echo '<td colspan="3" align="center" class="FormError"> PASSWORD doesn\'t match! </td>'; else if (!is_email($email)) echo "<td colspan='3' align='center' class='FormError'>{$email} is not a valid email address! (result code $result)</td>"; else { include_once('admin/includes/linkmysql.php'); include('admin/includes/func.php'); if (!newuser($uname, $upasswd, $email)) echo "<td colspan='3' align='center' class='FormError'>Username already in use!</td>"; else { echo '<strong><font color="black">Registration Completed!</font></strong>'; $value = "no-delete"; setcookie("Muffins", $value, mktime (0, 0, 0, 12, 31, 2015)); #if (isset($_POST['autologin'])) #{ add_login($uname); $_SESSION['login_name'] = $uname; ?> <!--<script language="javascript" type="text/javascript"> window.location.href = "index.php?a=home"; </script> --> <?php } } } ?> <?php if (isset($_COOKIE['Muffins'])) { Header ('Location: http://mysite.com/index.php?a=noreg'); } ?> line 36 is obviously the line with the setcookie. I have no idea why it is referencing the include file, it has two lines of code that defines the mysql connections. This code is at the top of the page, before all the HTML etc. NO reason why it should be giving me header errors rigght!?? Im having the same issue with another page. I ban users thru setting a value in a mysql table, when the "system" notices the ban value is set, it redirects them to an account banned page using a header. BUT ITS THE SAME ******** THING!!!!! NEVER in my YEARS of coding have I ran into such AN ANNOYING & SENSELESS ISSUE! Sorry I am just SO frustrated, due to this I have not worked on this in days I pretty much gave up. I cannot launch this site that I have been working on for years without this working. THANK YOU FOR ALL YOUR HELP!!! Much appreciated. Since I cant undo the MD5 is it safe to say record their password again with out MD5 in the data base and use that to mail them their password if they forgot it? http://content.screencast.com/users/DeviousDan/folders/Jing/media/a563187c-93fe-4ec7-b496-41e50554b639/2011-01-02_2220.png As you can see, I print_r the results array and it has a key of aim, I then try to access the aim value on line 44 and as you can see, it's an undefined Index. I've officially forgotten all basics of PHP, any fresh eyes wanna give some insight? Thanks. hi i insert some values in a table, that goes well but right after the insert, i call the value of $matchidcheck, wich has just been inserted to the db correctly and it gives me the value of 0 ... in the $mes so it isnt forwarding correctly either how is this possible? $insertSite_sql3 = "INSERT INTO ffa_mapvotes (matchid,playerid,mapid,mapname) VALUES ($matchidcheck,$playerid,$vote3,'$vote3checker')"; $insertSite3= mysql_query($insertSite_sql3); $mes="$matchidcheck Vote Succesfull ... Please Wait ..."; return success($mes,'./ffacheckin.php?match=$matchidcheck'); if i replace the last line with return success($mes,'./ffacheckin.php?match=112'); it works ... kinda new in php so hope somebody can help me im about to get mad with this i have 2 pages index.htm and list_tbl.php in the index.htm i have a textbox so the customers write what they want to find in my site with a search button like this : <form id="form1" name="form1" method="post" action="list_tbl.php" target="_blank"> in the list_tbl.php is like this <?php $srch = $_POST['prod_search']; $se = "%"; '$all' = $se.$srch.$se; $msj="You look for : "; $msj2=$mensaj.$srch; $regis=" your search match :"; $regis2=" Items"; $conn = mysql_connect('localhost','root','pass') or trigger_error("tbl_die", E_USER_ERROR); . . . . . works fine if i write 4 example "blue metal" in the index the php page get me You Look for blue metal Your search match XX items but if the filter get more then 1 page when i clik in the next link the filter is gone the "blue metal" string is lost and i have all the items in the table why the $_post Value is lost after paginate??? 1000 TNX Hello all, I just wrote a php website to communicate with a database and it has a login based on the users email and password, they login on the first page and then the php checks for every page they visit if they indeed logged in before and not just found out what php file to open to get where they want to be. For this I used session variables to store both e-mail and password. The login info gets posted from the 1st(login) site to the 2nd site where it is checked for the first time, after that the login info isn't posted to the next page anymore, but just checked, this works for the 3rd page but when the user hits for the 4th page the variables are lost(I can't echo them either). However if I'd go from the 2nd page directly to the 4th page the page will load, however the 5th will then get my security-msg. So offcourse, I am wondering how this might have happened and how to fix this problem, here's some of the code I wrote: This is the check for the logininfo: <?php include('SessionStart.php'); include('logindata.php'); $db = mysql_connect($host, $user, $pw); if (!$db) { echo "<br />Helaas, u heeft geen verbinding met de database."; exit(); } else { mysql_select_db("teammanagementtool", $db); $sql24 = "SELECT * FROM leidinggevenden"; $allesarray = mysql_query($sql24); $i = 0; while ($mails = mysql_fetch_array($allesarray)) { $mailtjes[$i] = $mails['lg_mailadres']; $i = $i+1; } echo "...".$_SESSION['sessie']['email']."...".$_SESSION['sessie']['password']."...".$session_name."..."; if (in_array($_SESSION['sessie']['email'],$mailtjes)) { $sql25 = "SELECT lg_wachtwoord FROM leidinggevenden WHERE lg_mailadres = '".$_SESSION['sessie']['email']."'"; $pass = mysql_query($sql25); $pasje = mysql_fetch_array($pass); if ($_SESSION['sessie']['password'] != $pasje['lg_wachtwoord']) { echo "<script>alert('U bent hier op incorrecte manier terecht gekomen!');</script>"; echo "<meta http-equiv='refresh' content='0;URL=index.php' />"; exit(); } else if ($_SESSION['sessie']['password'] = "" || $_SESSION['sessie']['email'] = ""){ echo "<script>alert('U bent hier op incorrecte manier terecht gekomen!');</script>"; echo "<meta http-equiv='refresh' content='0;URL=index.php' />"; exit(); } else { } } else { echo "<script>alert('U bent hier op incorrecte manier terechtgekomen!');</script>"; echo "<meta http-equiv='refresh' content='0;URL=index.php' />"; exit(); } ?> And this is the code in my SessionStart.php: <?php $session_name = 'sessie'; $session_exp_time = 10000 ; $previous_name = session_name($session_name); ini_set('session.gc_maxlifetime', $session_exp_time); ini_set('session.gc_probability', '1'); ini_set('session.gc_divisor', '1000'); ini_set('session.name', $session_name); ini_set('session.cookie_domain', ''); ini_set('session.cookie_lifetime', 0 ); session_set_cookie_params($session_exp_time, '/', ''); session_start(); if (isset($_COOKIE[$session_name])) setcookie($session_name, $_COOKIE[$session_name], 2147483647 , ''); ?> the includes are at the start of all of my pages, I only do a session_unset() at my index.php(the login page). and my 2nd page gets: $_SESSION['sessie']['email'] = $_POST['email']; $_SESSION['sessie']['password'] = $_POST['password']; from the login. I could really use some help here, thanks in advance. Okay I am a beginner and haven't coded in months. I am trying to find a tutorial or help figuring out how to build a lost password script for user log-in system I built a while ago. Can anyone help with either something that works that I can learn from, a tutorial somewhere? thanks Tim Hello all, i'm attempting to implement i18n into my project. so I read some tutorials, copied some code and eventually made the following: Code: [Select] /** * applyMultiLingual uses the gettext module from PHP to support multilingual * @param Array $settings */ private static function applyMultiLingual($settings){ /* init global config */ bindtextdomain(self::$project_name,Config::path('i18n')); bind_textdomain_codeset(self::$project_name, 'UTF-8'); textdomain(self::$project_name); if(!array_key_exists('enabled', $settings) || $settings['enabled'] == false){ //initiate default (english) putenv("LC_MESSAGES=en_EN"); setlocale(LC_MESSAGES,'en_EN'); } else{ if(Session::language() === null){ //initiate custom if($settings['default'] == 'auto'){ locale::acceptFromHttp($header); } else{ putenv("LC_MESSAGES=".$settings['default']);setlocale(LC_MESSAGES,$settings['default']); } } else{ putenv("LC_MESSAGES=".Session::language()); setlocale(LC_MESSAGES,Session::language()); } } } The code is (imo) pretty readable, so it sets the textdomain to "project1", and the current language to en_EN. if should search for the translations in DOC_ROOT/i18n/ now, it returns the text between the _(); functions, but I get no translation files in said directory, and I also have no clue how to accomplish this. so what I want to accomplish is this: enable use of function _(), which saves all translations in a folder i18n, and subfolder LOCALE_CODE (ex. DOC_ROOT/i18n/en_EN/messages.po). what am I doing wrong, and how can I fix it? thanks to any who can help, and if more info is needed, ask and you shall receive. Hi- I've got a few simple forms on my site that get relayed over to our email server when the submit button is hit. The forms, in turn, get emailed to the predetermined recipients from that mail server. It's been working great for years, but we changed our mail server recently and didn't point the php.ini config to the new server and we've missed some form submissions for a few days (I know, I know). Looking at the PHP error log, I've got about 140 "PHP Warning: mail() [<a href='function.mail'>function.mail</a>]: SMTP server response: 530 5.7.1 Client was not authenticated in " entries, which tells me we missed 140 form submissions. My question is: is there any way to retrieve these form submissions? Are they sitting someplace on my site that I can extract them from? Do they literally just disappear if they can't get to the SMTP server?
Many thanks in advance for any responses!
Well i have a session['rmanr'] a have set after a submit containing the date and unique id.
I have to be able to do multiple submits on that same form but if they submit multiple times the same rmanr have to be used...
I tried the following:
$date = date("Y-m-d"); $datestrip = str_replace("-", "", $date); $lastdetid = $dbh->lastInsertId(); if(!isset($_SESSION['rmamr'])){ $rmanr = $datestrip; $rmanr .= $lastdetid; $_SESSION['rmanr'] = $rmanr; } else { $rmanr = $_SESSION['rmanr']; } $uprmastmt = $dbh->prepare("UPDATE rma SET r_nr = '$rmanr' WHERE r_id = ?"); $uprmastmt->bindParam(1, $lastid); $uprmastmt->execute();But i keep getting a new rmanr every time i submit... Could it be that my form submit reset my SESSION? I need to come up with a better way to do this. Currently I have a script which is a form and the user enters their email address, and their password in the database is sent to the email address. Problem is the password is MD5 hashed, so it's hashed when sent to their email. I am sure there is a better way to do this. Also, I am capturing a Security Question and Answer in the initial profile form that the user fills out, so I need to incorporate this as an extra layer of security. Please let me know of the methods for doing this. Thanks in advance! I've never actually done a username password, retrieval script before so need a little help. In the profile form the user is submitting username/password/name/email etc. into a MySQL DB along with a security question and answer. Is it just a matter of creating a form which does a check against the database and sends out an email to the user with their password? The password is hashed with MD5, so how would I send out an un-hashed PW? thanks! say if I had a black page with a background or something simple and it had no content except for a link called "about us" and I wanted that link to be located at the bottom left side of the page but since it has no content its stuck up the top unless <br> or <p> is introduced. how could this be done without spamming <br /><p><br /> untill im happy with its location and if content is added it gets boosted down further with a massive gap >< hello everyone....i need your help i face session lost problem so many times and every times i just find out other logic to implement the code in different ways. but i don't get a perfect solution.Please help me to resolve this............why it was happened..... i searched google for it.........this is the common problem but i dont get any proper solution.............. recently i write a code to fetch tweets from twitter..but when returning back from .i lost my session value......... supp this is my page page.php when user click on button........i just check the form submitted like this session_start(); $_SESSION['id']=$id; //supp $id=10 if($_POST['submit']) { header("Location:tweet.php "); } i already included session_start() at the top of every page. in tweet.php i just generate a token and send user to twitter for authorization. in tweet.php i checked session started i check it with Print_r($_SESSION); in this page i used session like this session_start(); if($_SESSION['id']) { header("Location:$url") //$url will be authoritarian url generated by twitter oauth.. }else { header("Location:index.php") } after returning from twitter some times session variable are not lost.but sometimes i lost my session.this really irritates me....if logic is wrong then every time session destroyed............... i check my php.ini file configuration.. session_save.path=/tmp; //by default register global are off................. any help is appreciated................ I'm trying to rewrite the old jpmaster77 login script that I used back in the day quite extensively, but I'm having problems getting the $form->error messages to the correct page.
Login form, on the index.php:
<div> <h3>Login</h3> <form method="post" action="process.php" id="sublogin"> /* error message should be displayed here when username is empty or == username */ <p> <?php echo $form->error("user"); ?> <input class="loginside" type="text" name="user" value="username" /> ?> <br /> <input class="loginside" type="password" name="pass" value="password" /> <br /> <input type="hidden" name="sublogin" value="1"> <input type="checkbox" name="remember">Remember me <br /> <input class="sublogin" type="submit" value="login" style="border: 0; margin: 5px 0 0 1px;" /> </p> </form> Not registered yet? Sign up here! </div> process.php class Process { /* Class constructor */ function Process(){ global $session; /* User submitted login form */ if(isset($_POST['sublogin'])){ $this->procLogin(); } /** * Should not get here, which means user is viewing this page * by mistake and therefore is redirected. */ else{ header("Location: index.php"); } } function procLogin(){ global $session, $form; /* Login attempt */ $_POST = $session->cleanInput($_POST); $retval = $session->login($_POST['user'], $_POST['pass'], isset($_POST['remember'])); if($retval){ header("Location: correct.php"); } else{ $_SESSION['value_array'] = $_POST; $_SESSION['error_array'] = $form->getErrorArray(); header("Location: index.php"); } /* if instead the $_SESSION and header I enter echo $form->error("user") then the error message is displayed in process.php, and not in index.php */ } } $process = new Process; ?>But when instead the $_SESSION and the header location I enter here echo $form->error("user"); then all is fine. But the error message should not be displayed in the process.php, but rather above the login form on the index.php session.php <?php include "database.php"; include "form.php"; class Session { var $time; function Session(){ $this->time = time(); $this->startSession(); } function startSession(){ $session_name = 'sec_session_id'; // Set a custom session name $secure = true; // This stops JavaScript being able to access the session id. $httponly = true; // Forces sessions to only use cookies. if (ini_set('session.use_only_cookies', 1) === FALSE) { header("Location: ../error.php?err=Could not initiate a safe session (ini_set)"); exit(); } // Gets current cookies params. $cookieParams = session_get_cookie_params(); session_set_cookie_params($cookieParams["lifetime"], $cookieParams["path"], $cookieParams["domain"], $secure, $httponly); // Sets the session name to the one set above. session_name($session_name); session_start(); // Start the PHP session session_regenerate_id(true); // regenerated the session, delete the old one. } function login($subuser, $subpass, $subremember) { global $database, $form; /* username check */ $field = "user"; if(!$subuser || $subuser == "username") { $form->setError($field, "* Username incorrect"); } /* password check */ /* if e-mail welcome, check if user activated account */ /* Return if form errors exist */ if($form->num_errors > 0){ return false; } return true; } function cleanInput($post = array()) { foreach($post as $k => $v){ $post[$k] = trim(htmlspecialchars($v)); } return $post; } }; $session = new Session; $form = new Form; ?> form.php <?php /** * Form.php * * The Form class is meant to simplify the task of keeping * track of errors in user submitted forms and the form * field values that were entered correctly. * * Written by: Jpmaster77 a.k.a. The Grandmaster of C++ (GMC) * Last Updated: August 19, 2004 */ class Form { var $values = array(); //Holds submitted form field values var $errors = array(); //Holds submitted form error messages var $num_errors; //The number of errors in submitted form /* Class constructor */ function Form(){ /** * Get form value and error arrays, used when there * is an error with a user-submitted form. */ if(isset($_SESSION['value_array']) && isset($_SESSION['error_array'])){ $this->values = $_SESSION['value_array']; $this->errors = $_SESSION['error_array']; $this->num_errors = count($this->errors); unset($_SESSION['value_array']); unset($_SESSION['error_array']); } else{ $this->num_errors = 0; } } /** * setValue - Records the value typed into the given * form field by the user. */ function setValue($field, $value){ $this->values[$field] = $value; } /** * setError - Records new form error given the form * field name and the error message attached to it. */ function setError($field, $errmsg){ $this->errors[$field] = $errmsg; $this->num_errors = count($this->errors); } /** * value - Returns the value attached to the given * field, if none exists, the empty string is returned. */ function value($field){ if(array_key_exists($field,$this->values)){ return htmlspecialchars(stripslashes($this->values[$field])); }else{ return ""; } } /** * error - Returns the error message attached to the * given field, if none exists, the empty string is returned. */ function error($field){ if(array_key_exists($field,$this->errors)){ return "<font size=\"2\" color=\"#ff0000\">".$this->errors[$field]."</font>"; }else{ return ""; } } /* getErrorArray - Returns the array of error messages */ function getErrorArray(){ return $this->errors; } }; ?>Does anyone know why the $form->error("user") variable cannot be transfered to the index.php? Is something wrong with the session_start or something? thanks in advance guys! Edited by dde, 07 January 2015 - 03:49 PM. My form Code: [Select] <form action="process.php" method="post"> <font face= "calibri" size= "4"> <table border= "1"> <tr style= "background: #cccccc"> <td><b>Item Description:</b></td> <td><input type= "text" name= "itemDescription" size= "30" value=""/></td> </tr> <tr style= "background: #99ff00"> <td><b>Item Price:</b></td> <td><input type= "text" name= "itemPrice" size= "5" value=""/></td> </tr> </tr style= "background: #A8E5FF"> <td><b>Winning Bidders:</b></td> <td><input type="text" name= "winningBidder" size= "5" /> </td> </tr> <tr> <td><b>How many deals?:</b></td> <td><input type="text" name= "itemQty" size= "3" value= "1" /></td> </tr> </table> <br/> <input type="reset" value="Reset Form"><input type="submit" name="submit" value= "Save & Cont." " /> </form></font> My process script: Code: [Select] <?php error_reporting(E_ALL); ini_set("display_errors", 1); $host= ""; $db_name= ""; $db_user= ""; $db_password= ""; $logUser= $_POST['logUser']; $deleteBidder = $_POST['deleteBidder']; $newBidder= $_POST['newBidder']; $itemDescription= $_POST['itemDescription']; $itemPrice= $_POST['itemPrice']; $winningBidder= $_POST['winningBidder']; $itemQty= $_POST['itemQty']; ob_start(); if ($_POST['newBidder']) { $bidderId= $newBidder; mysql_connect("$host", "$db_user", "$db_password")or die("cannot connect to server"); mysql_select_db("$db_name")or die("cannot select DB"); $sql="SELECT * FROM bidders WHERE biddersId='$bidderId'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==0){ // Add $biddersId and redirect to anypage mysql_Query("INSERT INTO bidders (biddersId) VALUES ('$bidderId')"); header("Location: index.php"); exit(); } } if ($_POST['deleteBidder']) { mysql_connect("$host", "$db_user", "$db_password")or die("cannot connect to server"); mysql_select_db("$db_name")or die("cannot select DB"); mysql_query("DELETE FROM bidders WHERE biddersId='$deleteBidder'"); header("Location: index.php"); exit(); } if ($_POST['itemDescription'] AND $_POST['itemPrice'] AND $_POST['winningBidder'] AND $_POST['itemQty']) { mysql_connect("$host", "$db_user", "$db_password")or die("cannot connect to server"); mysql_select_db("$db_name")or die("cannot select DB"); $sql="SELECT * FROM transactions WHERE biddersId='$winningBidder'"; $result=mysql_query($sql); $count=mysql_num_rows($result); // If result matched, table row must be 1 row if($count==0){ echo "That Bidder Number is NOT logged in, "; echo "would you like to set this bidder as active?"; echo " Enter 1 for NO or 2 for YES"; echo "<form action= \"process.php\" method= \"POST\">"; echo "<input type =\"text\" name= \"logUser\"/>"; echo "<input type= \"submit\" value = \"Submit\"/>"; $logUser= $_POST['logUser']; exit(); } if ($logUser= 1) { header("Location: inprogress.php"); exit(); } else if ($logUser= 2){ // Add $biddersId and redirect to anypage mysql_connect("$host", "$db_user", "$db_password")or die("cannot connect to server"); mysql_select_db("$db_name")or die("cannot select DB"); mysql_Query("INSERT INTO bidders (biddersId) VALUES ('$winningBidder')"); mysql_query("INSERT INTO transactions (itemDescription, itemPrice, bidderId, itemQty , totalPrice) VALUES('$itemDescription', '$itemPrice','$winningBidder', '$itemQty', '$totalPrice')") or die(mysql_error()); $_SESSION['itemDescription']='$itemDescription'; header("Location: index.php"); exit(); } } echo "<font color= \"red\" face=\"calibri\" size=\"4\">That bidder is already logged, Please press your browsers back button and try again.</font>"; ob_end_flush(); ?> DeleteBidder and newBidder are the only variables working? |