|
PHP - Question On Sessions
I have set up a session for logins but not to sure if it is the best way to go about it. Seems to work but a little concerned with security. Can someone check it out and let me know what they think?
Login page <?php session_start(); // starting session $fingerprint = md5($_SERVER['REMOTE_ADDR'].$_SERVER['HTTP_USER_AGENT']); $_SESSION['last_active'] = time(); $_SESSION['fingerprint'] = $fingerprint; ?> <?php if( isset($_POST['submitLogin'])) { include('library/login.php'); login(); mysql_select_db('test'); $userID=$_POST["userID"]; $pswd=$_POST["pswd"]; $sql="SELECT * FROM user WHERE userID='$userID' and pswd='$pswd'"; $result=mysql_query($sql); while ($r=mysql_fetch_array($result)) { $exp_date=$r["exp_date"]; $todays_date=date("Y-m-d"); } // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $userID and $pswd, table row must be 1 row if($count==1) { $_SESSION['userID'] = $userID; if ($exp_date >= $todays_date) { // setting user session $_SESSION['logged_in'] = true; // billing is up to date echo "<meta http-equiv='refresh' content='0;url=testSession2.php'>"; } else { // setting user session $_SESSION['billing'] = true; // billing has expired echo "<meta http-equiv='refresh' content='0;url=nextSession.php'>"; } } else { // incorrect user/password echo " <div id='incorrect'>Please verify the username or password.</div> <form method='post' action='' name='login' id='login'> <div id='loginForm'> <fieldset> <span class='textbox'> <label for='username'>Username: </label> <input type='text' name='userID' size='25' class='cells' value='$userID'> <br><label for='pswd'>Password: </label> <input type='password' name='pswd' size='25'class='cells' value='$pswd'> <br><label for='pswd'> </label>Remember Me: <input type='checkbox' name='Remember' value='21'> <br><label for='blank'> </label><a href='resetPswd.php'>Forget Your Password? </a> <br><label for='blank'> </label><input type='image' value='Login' src='img/button_login.gif' width='64' height='25' onmouseover=\"javascript:this.src='img/button_login2.gif';\" onmouseout=\"javascript:this.src='img/button_login.gif';\"> <input type='hidden' name='submitLogin' value='true'> </span> </fieldset> </div> </form> "; } } else { // log in form echo " <form method='post' action='' name='login' id='login'> <div id='loginForm'> <fieldset> <span class='textbox'> <label for='username'>Username: </label> <input type='text' name='userID' size='25' class='cells'> <br><label for='pswd'>Password: </label> <input type='password' name='pswd' size='25'class='cells'> <br><label for='pswd'> </label>Remember Me: <input type='checkbox' name='Remember' value='21'> <br><label for='blank'> </label><a href='resetPswd.php'>Forget Your Password?</a> <br><label for='blank'> </label><input type='image' value='Login' src='img/button_login.gif' width='65' height='25' onmouseover=\"javascript:this.src='img/button_login2.gif';\" onmouseout=\"javascript:this.src='img/button_login.gif';\"> <input type='hidden' name='submitLogin' value='true'> </span> </fieldset> </div> </form> "; } ?> Right now I have it going to this page based of certain conditions of the users account. <?php session_start(); // If $timeout = 60 * 1; // In seconds, i.e. 30 minutes. $fingerprint = md5($_SERVER['REMOTE_ADDR'].$_SERVER['HTTP_USER_AGENT']); session_start(); if ( (isset($_SESSION['last_active']) && $_SESSION['last_active']<(time()-$timeout)) || (isset($_SESSION['fingerprint']) && $_SESSION['fingerprint']!=$fingerprint) || isset($_GET['logout']) ) { setcookie(session_name(), '', time()-3600, '/'); session_destroy(); } session_regenerate_id(); $_SESSION['last_active'] = time(); $_SESSION['fingerprint'] = $fingerprint; ?> <?php // user will go here is they are not logged in if (!isset($_SESSION['billing'])) { // User is not logged in, so send user away. //header("Location:/singles/login.php"); echo "Sorry, you are not logged in."; die(); } // user will go here if logged in else { echo "Welcome: " .$_SESSION['userID']; "<br><Br>"; } ?> Using this tutorial http://en.wikibooks.org/wiki/PHP_Programming/User_login_systems Similar TutorialsHello, On my site I offer the option an option for cookies or sessions on login. If a remember me box is selected, then a cookie will be set. My question is, how do I assign both the $_SESSION['id'] and $_COOKIE['id'] to the same variable? Thanks for the help! Hi - I'm using SESSION variables to keep track of customers who come onto the site to order stuff. For example $_SESSION['customerid'] all the incoming customers. I also use SESSION variables with a different value for the managers to look at and keep track of customer data. eg : $_SESSION['customer']['firstname'] I am expecting many customers and managers to be simultaneously using the site. QUESTION: Do I need to increment the SESSION variable in some way in order to avoid that a session gets overwritten, or will my SESSION variables keep track and keep everything separated by dint of the fact that they contain different values ? so far my testing shows that things are working correctly, but I can only test with 3 / 4 virtual users in different browser windows . I'm almost embarrassed to ask such a simple question but I just cannot get this to work. I'm trying to figure out how to use sessions that takes the information from a form on the first page and displays it on the last. I have this on page 1: <?php session_start(); ?> <form action="test2.php" method="post"> <p>Page 1</p> <p>First Name <input type="text" name="first" /></p> <p><input type="submit" value="Next page 2" /></p> And this for page 2: <?php SESSION_START(); $_SESSION['first'] = $_POST['first']; echo $_SESSION['first'] = $_POST['first']; ?> <form action="test3.php" method="post"> <p>Page 2</p> <input type="submit" value="Next page 3" /> </form> And this for page 3: <?php SESSION_START(); $_SESSION['first'] = $_POST['first']; echo $_SESSION['first'] = $_POST['first']; ?> <p>Page 3</p> <p>You're done</p> I can get it to display on page 2 but not on page 3. Can anyone tell me why? I've been at this for a long time and it should be simple but I cannot get it to work. Thanks in advance. Kind of a n00b here. on my main table (users) i named a column as "id", set it to auto-increment and as the primary key and created it like this: CREATE TABLE `users` ( `id` int(20) NOT NULL auto_increment, `full_name` varchar(200) collate latin1_general_ci NOT NULL default '', `user_name` varchar(200) collate latin1_general_ci NOT NULL default '', `user_pwd` varchar(200) collate latin1_general_ci NOT NULL default '', `user_email` varchar(200) collate latin1_general_ci NOT NULL default '', `activation_code` int(10) NOT NULL default '0', `joined` date NOT NULL default '0000-00-00', `country` varchar(100) collate latin1_general_ci NOT NULL default '', `user_activated` int(1) NOT NULL default '0', PRIMARY KEY (`id`) ) On the second table i created it like this: CREATE TABLE about_me ( about_id int NOT NULL, nick_name varchar(255), descript varchar(255), aim varchar(255), cell varchar(255), school varchar(255), music varchar(255), aspire varchar(255), City varchar(255), id int, PRIMARY KEY (about_id), FOREIGN KEY (id) REFERENCES users(id) ) I believe i imported the key correctly into my new table (about_me). Well I expected the id column to cascade down into this new table automatically which it didn't. RIght now if you log into my site and use the about me form, it posts to the new table "about_me" but it doesn't identify the user on the table with the primary key assigned to him from the first table (users). How do I use PHP sessions to identify the user by his/her id from the primary key in the table. I attached the whole site. The php for the log in is a prefab and I'm attempting to do the about me part on my own, I'm having alot of trouble with the whole sessions thing. I'm not really sure if I'm doing this correctly. so yeah any point in the right direction would be awesome! -Mike hello i am makeing a forum and to post a new thread it has to check if the user is logged in, so i log into my website and i go to the post new topic but it says im not logged in here is the new_topic.php and also the login.php new_topic.php <?php session_start(); include_once "../scripts/connect_to_mysql.php"; // Connect to the database // Check to see if the user is logged in with session variables if (!isset($_SESSION['userpass']) || $_SESSION['userpass'] == "") { echo "Please log in..."; exit(); } else { // Assume they are a member because they have a password session variable set // Check the database to be sure that their ID, password, and email session variables all match in the database $u_id = mysql_real_escape_string($_SESSION['id']); $u_name = mysql_real_escape_string($_SESSION['username']); $u_email = mysql_real_escape_string($_SESSION['useremail']); $u_pass = mysql_real_escape_string($_SESSION['userpass']); $sql = mysql_query("SELECT * FROM myMembers WHERE id='$u_id' AND username='$u_name' AND email='$u_email' AND password='$u_pass'"); $numRows = mysql_num_rows($sql); if ($numRows < 1) { echo "ERROR: You do not exist in the system."; exit(); } } //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// // Check to make sure the URL variables of "sid" and "title" are set if (!isset($_POST['forum_id']) || $_POST['forum_id'] == "" || !isset($_POST['forum_title']) || $_POST['forum_title'] == "") { echo "Important variables are missing"; exit(); } else { // Acquire the variables and proceed to show them a form for creating a new topic $forum_section_id = preg_replace('#[^0-9]#i', '', $_POST['forum_id']); $forum_section_title = preg_replace('#[^A-Za-z 0-9]#i', '', $_POST['forum_title']); } /////////////////////////////////////////////////////////////////////////////////////////////////// $sql = mysql_query("SELECT * FROM forum_sections WHERE id='$forum_section_id' AND title='$forum_section_title'"); $numRows = mysql_num_rows($sql); if ($numRows < 1) { echo "ERROR: That section deos not exist."; exit(); } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <link href="style/style.css" rel="stylesheet" type="text/css" /> <title>Create New Topic</title> <script type="text/javascript" language="javascript"> <!-- function validateMyForm ( ) { var isValid = true; if ( document.form1.post_title.value == "" ) { alert ( "Please type in a title for this topic" ); isValid = false; } else if ( document.form1.post_title.value.length < 10 ) { alert ( "Your title must be at least 10 characters long" ); isValid = false; } else if ( document.form1.post_body.value == "" ) { alert ( "Please type in your topic body." ); isValid = false; } return isValid; } //--> </script> </head> <body> <?php include_once("template_header.php"); ?> <table style="background-color: #F0F0F0; border:#069 1px solid; border-top:none;" width="900" border="0" align="center" cellpadding="12" cellspacing="0"> <tr> <td width="731" valign="top"> <div id="breadcrumbs"><a href="http://www.webintersect.com">Web Intersect Home</a> ← <a href="http://www.webintersect.com/forum">Forum Home</a> ← <a href="section.php?id=<?php echo $forum_section_id; ?>"><?php echo $forum_section_title; ?></a></div> <h2>Creating New Topic In the <em><?php echo $forum_section_title; ?></em> Forum</h2> <form action="parse_post.php" method="post" name="form1"> <input name="post_type" type="hidden" value="a" /> Topic Author:<br /><input name="topic_author" type="text" disabled="disabled" maxlength="64" style="width:96%;" value="<?php echo $u_name; ?>" /> <br /><br /> Please type in a title for your topic he <br /><input name="post_title" type="text" maxlength="64" style="width:96%;" /><br /><br /> Please type in your topic body:<br /><textarea name="post_body" rows="15" style="width:96%;"></textarea> <br /><br /><input name="" type="submit" value="Create my topic now!" onclick="javascript:return validateMyForm();"/> <input name="fsID" type="hidden" value="<?php echo $forum_section_id; ?>" /> <input name="fsTitle" type="hidden" value="<?php echo $forum_section_title; ?>" /> <input name="uid" type="hidden" value="<?php echo $_SESSION['id']; ?>" /> <input name="upass" type="hidden" value="<?php echo $_SESSION['userpass']; ?>" /> </form> </td> <td width="189" valign="top"><div style=" width:160px; height:600px; background-color: #999; color: #CCC; padding:12px;"> <br /> <br /> <br /> <h3>Ad Space or Whatever</h3> </div></td> </tr> </table> <?php include_once("template_footer.php"); ?> </body> </html> login.php <?php // Start Session to enable creating the session variables below when they log in session_start(); // Force script errors and warnings to show on page in case php.ini file is set to not display them error_reporting(E_ALL); ini_set('display_errors', '1'); //----------------------------------------------------------------------------------------------------------------------------------- // Initialize some vars $errorMsg = ''; $email = ''; $pass = ''; $remember = ''; if (isset($_POST['email'])) { $email = $_POST['email']; $pass = $_POST['pass']; if (isset($_POST['remember'])) { $remember = $_POST['remember']; } $email = stripslashes($email); $pass = stripslashes($pass); $email = strip_tags($email); $pass = strip_tags($pass); // error handling conditional checks go here if ((!$email) || (!$pass)) { $errorMsg = 'Please fill in both fields'; } else { // Error handling is complete so process the info if no errors include 'scripts/connect_to_mysql.php'; // Connect to the database $email = mysql_real_escape_string($email); // After we connect, we secure the string before adding to query //$pass = mysql_real_escape_string($pass); // After we connect, we secure the string before adding to query $pass = md5($pass); // Add MD5 Hash to the password variable they supplied after filtering it // Make the SQL query $sql = mysql_query("SELECT * FROM myMembers WHERE email='$email' AND password='$pass' AND email_activated='1'"); $login_check = mysql_num_rows($sql); // If login check number is greater than 0 (meaning they do exist and are activated) if($login_check > 0){ while($row = mysql_fetch_array($sql)){ // Pleae note: Adam removed all of the session_register() functions cuz they were deprecated and // he made the scripts to where they operate universally the same on all modern PHP versions(PHP 4.0 thru 5.3+) // Create session var for their raw id $id = $row["id"]; $_SESSION['id'] = $id; // Create the idx session var $_SESSION['idx'] = base64_encode("g4p3h9xfn8sq03hs2234$id"); // Create session var for their username $username = $row["username"]; $_SESSION['username'] = $username; mysql_query("UPDATE myMembers SET last_log_date=now() WHERE id='$id' LIMIT 1"); //die($username); } // close while // Remember Me Section if($remember == "yes"){ $encryptedID = base64_encode("g4enm2c0c4y3dn3727553$id"); setcookie("idCookie", $encryptedID, time()+60*60*24*100, "/"); // Cookie set to expire in about 30 days setcookie("passCookie", $pass, time()+60*60*24*100, "/"); // Cookie set to expire in about 30 days $_SESSION['username'] = $username; } // All good they are logged in, send them to homepage then exit script //die($_SESSION['username']); $_SESSION['username'] = $username; header("location: index.php?user=$username;"); exit(); } else { // Run this code if login_check is equal to 0 meaning they do not exist $errorMsg = "Incorrect login data, please try again"; } } // Close else after error checks } //Close if (isset ($_POST['uname'])){ ?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <link rel="icon" href="favicon.ico" type="image/x-icon" /> <link rel="shortcut icon" href="favicon.ico" type="image/x-icon" /> <link href="style/main.css" rel="stylesheet" type="text/css" /> <script src="js/jquery-1.4.2.js" type="text/javascript"></script> <title>Log In</title> <style type="text/css"> <!-- body { margin-top: 0px; } --> </style></head> <body> <table width="400" align="center" cellpadding="6" style="background-color:#FFF; border:#666 1px solid;"> <form action="login.php" method="post" enctype="multipart/form-data" name="signinform" id="signinform"> <tr> <td width="23%"><font size="+2">Log In</font></td> <td width="77%"><font color="#FF0000"><?php print "$errorMsg"; ?></font></td> </tr> <tr> <td><strong>Email:</strong></td> <td><input name="email" type="text" id="email" style="width:60%;" /></td> </tr> <tr> <td><strong>Password:</strong></td> <td><input name="pass" type="password" id="pass" maxlength="24" style="width:60%;"/></td> </tr> <tr> <td align="right"> </td> <td><input name="remember" type="checkbox" id="remember" value="yes" checked="checked" /> Remember Me</td> </tr> <tr> <td> </td> <td><input name="myButton" type="submit" id="myButton" value="Sign In" /></td> </tr> <tr> <td> </td> <td> </td> </tr> <tr> <td colspan="2">Forgot your password? <a href="forgot_pass.php">Click Here</a> <br /></td> </tr> <tr> <td colspan="2">Need an Account? <a href="register.php">Click Here</a><br /> <br /></td> </tr> </form> </table> <br /> <br /> <br /> </body> </html> I haven't used sessions much until now, so this is probably due to my ignorance. I have a page that sets the session variable, and if I print from that page, the session variable (an array) is correct. But when I move to the next page, the same session variable has old, old, wrong data. The $arrAttendeeList is an exploded list from a textarea on a form turned into an array. Example: This page, let's call it page1.php, sets the variable: Code: [Select] <?php $_SESSION['arrAttendeeList'] = $arrAttendeeList; foreach ($_SESSION['arrAttendeeList'] as $temp) { print "$temp <br />"; } exit; ?> Results: Smithers, Waylon Bouvier, Selma Brockman, Kent But the next page, page2.php, when I call the same variable: Code: [Select] <?php foreach ($_SESSION['arrAttendeeList'] as $temp) { print "<br />$temp <br>"; } ?> I get yesterday's data: Smithers, Waylon Bouvier, Selma I've tried setting the session var to null but with the same results. Do I need to kill the session var before setting it to something else? Thanks - hey i think i may have stored session variables incorrectly Code: [Select] $_SESSION['tel'] = $_GET['Lat']; $_SESSION['Lon'] = $_GET['Lon']; $_SESSION['Lat'] = $_GET['Lat']; is what i used to set the session variables with the data i then enter these into a table and they enter the correct information but two pages down the line i try to access them however i just get undefined variable when i set the variable is equal to the session. Code: [Select] $MyLon = $_SESSION['Lon']; $MyLat = $_SESSION['Lat']; the following is the errorr Quote Notice: Undefined index: Lat in Hi all, What is the best practice when using Sessions for guest users? I have this (display_items.php) script which should not be accessed directly . user will be directed to a login page, the login checked by a check_login.php file then successful authentication will direct the user to the display_items.php page. it works perfectly on windows server but not on linux. the display_items.php script can be accessed directly on the linux server. It may have something to do with sessions but i cannot pin point the issue at the moment . i have attaced the php script files. Grateful if someone could point me in the right direction
check_login.txt display_items.txt login.txt So I'm trying to understand Sessions and how to store a variable within a session. What I want to t do, is start a session, check if variable is set, if not, set the variable. So with the code below, I start the session, i check the variable, if not set, i set it. But when i refrsh the page, it has the same session id but it didn't store the session variable from the previous load. Please, what am I missing? Code: [Select] <?php session_start(); echo "Session ID: ".session_id()."<br>"; echo "<br>chktrack P ".$_session['chktrack'].""; if ($_session['chktrack'] != 1){ $_session['chktrack']=1; } echo "<br>chktrack Post: ".$_session['chktrack'].""; echo "<br><a href='index.php'>Index</a>"; ?> Thanks in advance for your help. hey on my page a list of people get listed by a category u choose if u choose a category and click ok, u are sent to the same page, and i get the category with POST if(isset ($_POST['type'])) { $gameholder = $_POST['game']; $typeholder = $_POST['type']; } this works ... the list of people is 30 members / page when u click on page 2, the post doesnt work anymore, and i get errors, logic ... now i want to get around this with making a session emediatly when the vars get out of POST if(isset ($_POST['type'])) { $gameholder = $_POST['game']; $typeholder = $_POST['type']; $_session['gameholder'] = $gameholder; $_session['typeholder'] = $typeholder; print $_session['gameholder']; } this also works now i want when people click on page 2, the needed vars will come out of the Sessions, and not out of POST so i did this if(!isset ($_POST['type'])) { $gameholder = $_session['gameholder']; $typeholder = $_session['typeholder']; } but this is not working theres nothing in $gameholder also when i move the print session out of the if, it should show when someone clicks page 2 but its not ... any suggestions on this? thanks! i have two files in php both have the same code and the file is Code: [Select] <?php session_start(); $con = mysql_connect("l","root",""); // here localhost and password will be filled accordingly if (!$con) { die('Connection failu ' . mysql_error()); } mysql_select_db("student",$con); $fetch=mysql_query("SELECT * from student1") or die(mysql_error()); $row = mysql_fetch_array($fetch) or die(mysql_error()); sleep(10); echo "Name: ".$row[0]."</br>"; echo " Age: ".$row[1]."</br>"; echo " Address: ".$row[2]; mysql_close($con); ?> Now i have another file which has the same code as above except there is no sleep function used in it . Now when i run the file which is wothout sleep it displyas results in seconds however the file with sleep function takes it time. Now the problem is if i load the file woth sleep function first then its delayed nature is reflected in another file which is without sleep() i.e now the file without sleep is taking longer time to open. please explain all this and possible solution to this problem the other file is Code: [Select] <?php session_start(); $con = mysql_connect("localhost","root","instablogs"); if (!$con) { die('Connection failu ' . mysql_error()); } mysql_select_db("student",$con); $fetch=mysql_query("SELECT * from student1") or die(mysql_error()); $row = mysql_fetch_array($fetch) or die(mysql_error()); echo "Name: ".$row[0]."</br>"; echo " Age: ".$row[1]."</br>"; echo " Address: ".$row[2]."</br>"; mysql_close($con); ?> Hello, Is there a problem in destroying a session and then starting it in the same file, for example: session_name(); session_start(); session_destroy(); And lastly, if I create a variable $_SESSION['user'] under a session called 'one' i.e. session_name("one") and then create another variable $_SESSION['user'] under a session called 'two' i.e. session_name("two"). Are these two variables the same? I have an "Email a Friend" form that captures the referring url and saves it in a session. The problem is that if someone decides not to send the form and navigates away from the page, and then decides to email another page, it saves the previous url. How can I have it so that it clears the previous url and uses the new one? Code: [Select] if(!isset($_SESSION['referrer'])){ //get the referrer if ($_SERVER['HTTP_REFERER']){ $referrer = $_SERVER['HTTP_REFERER']; } else{ $referrer = "http://www.mcse-training-classes.com"; } //save it in a session $_SESSION['referrer'] = $referrer; } Hello everyone, i'm new to php and i'm having hard time with sessions i'm trying to create a php file with a drop down menu and when you select an item from the drop down menu, you could retreve it from another page. for example: a1.php Code: [Select] <?php session_start(); if(isset($_POST['color'])) { $_SESSION['blue']='blue'; $_SESSION['red']='red'; $_SESSION['green']='green'; $_SESSION['orange']='orange'; } ?> <html> <body> <form id="shirt" method="post" action="a2.php"> <p> <select name="Size"> <option value="invalid">Select a size ...</option> <option value="blue">blue</option> <option value="red">red</option> <option value="green">green</option> <option value="orange">orange</option> </select> <br /> <input type="Submit" value="Add" name="Add" /> </p> </form> </body> </html> when the user chooses a color, it adds it to the session and then when the user clicks add, he is redirected to another page named a2.php which shows the color is added. if the user goes back to the original page and adds the same color again it shows that he added the item again: Color: ----------- Quantity: Red ----------- 2 a2.php Code: [Select] <?php session_start(); $item_id = $_GET[id]; $action = $_GET[action]; switch($action) { case "add": $_SESSION['color'][$item_id]++; break; case "remove": $_SESSION['color'][$item_id]--; if($_SESSION['color'][$item_id] == 0) unset($_SESSION['color'][$item_id]); break; case "empty": unset($_SESSION['color']); break; } ?> sorry if my question is not clear, any help is appreciated Thank You, i have an upload form and a posting form on the same page. when you upload a file it is uploaded to the server. what i am then trying to do is add the name of the file to $_SESSION['attachment'] so i can use it later. When the user posts their form i want the session to be inserted into the database but the session always comes up empty. this is what happens when they upload their file Setting the session and moving the file: session_start(); $_SESSION['attachment'] = "EXAMPLE"; move_uploaded_file($_FILES['Filedata']['tmp_name'], "../attachments/" . time() . $_FILES['Filedata']['name']); and then when they submit their form(textarea) it uploads the contents to the database and the contents of the session aswell. Why is this session always empty? Hello everyone, By default when someone comes to my site, it is the unencrypted web page (http://www.mydomain.com). I recently purchased a ssl certificate so when a user logs in, their password is encrypted (Posted to https://mydomain.com). Once the form is posted, the session is set and the header("Location: http://www.mydomain.com"); function is executed to bring them back to the unencrypted version of the site. However, now when a user tries to login, my site seems to drop the session when the location is set to the unencrypted version of the site. How do sites go about using a secure login form and running on the regular version of the site? Thanks! weee Hi Something strange is happening and I can't understand it. A user can access an availability page of accommodation and book ita room, this works fine, and goes from availability to the booking form and back quite well, carrying the room id of the accommdation and room/s selected in a session. If they close the browser down and open the availability page again all the rooms are there as before, but when they select a room and go to the booking form the session of the room id and the rooms selected are empty. If I do a session destroy and open the browser up again everything works fine again. I have tried this in Chrome and Firefox and it seems to work fine Any help would be appreciated Hey Guys, Me again! Still working on this bloody database! Okay, so I have a site that people can add a record to a database. This record is filled using a form and the form contains an image that can be uploaded. This works fine. Then there's the ability to search a record based on a boolean search which displays a table with the record data and displays a thumbnail of the photo. This also works fine. Then I have a script that (once it's working) will allow you to edit the record. This is where I'm having issues. Here's my process for the form: User searches for the record by using a boolean search Search finds the record and displays a form containing the original values in the database User changes some parts of the original record using the form Form then updates the database with the new values The problem I'm having is with the photo function. If there's no photo attached, I was getting an error saying that the photo field could not be empty. So I used the following process: User searches for the record using edit.php Form is displayed using edit_process.php edit_process.php is posted to update.php that has conditions to check if the file upload field is empty or not If the field is empty, then it requires updatenophoto.php If the field has a new image, it uses updatephoto.php When I submit the form to the update.php script, it does nothing and gives me a blank page. Here's my code for each of the parts (hit the character limit, code in comments): |
|||||||