PHP - Keeping The Session After The Redirect
I've got a weird problem which affects only Safari browsers.
Site A offers user a login page and validates the credentials by calling HTTPRequest on site B ( this call starts new session, user password is checked and session id stored in the db). If user login details are OK, site A redirects user to site B ( different domains and physical boxes). It worked well before the last Safari update (5.0.1) - when user login is being checked, server B creates session X, after the redirect, session_start() creates absolutely different session Y. All sessions are maintained by cookies only (SSL). Any ideas how to maintain the same session during the redirect? Thanks! Similar TutorialsOk so a user tries to access a part of the site that requires them to login. So they are taken to the login page. but when they login I want them transfered to the page they were going to. So i thought of something like: <a href="securepage.php" onClick="<?php echo $_SESSION['clicked_link'] = $site_root.'securepage.php'; ?>"> Click Here </a> But when I echo $_SESSION['clicked_link'] not only am i getting the url i am getting the content after. echoed it looks like: http://www.thevault.cz.cc/securepage.php">Click Here So is there a better way to do it? if not what would i need to do to remove everything after the " ? i have a login script im using if someone landed accidentally on a page i want him to be redirected and not have access Code: [Select] <?php if (isset($session->logged_in)){ } else{header("Location: ../index.php");} ?> i'm need to retrieve a session after i've collected the data and went to PayPal (...urk...) i think i'm starting off correctly... but how the hell do i get the session name on the other side? Code: [Select] $uuid = uniqid(); session_name = $uuid; session_start(); // do some stuff // go to PayPal // come back from PayPal ....um... now i'm lost! how do i get the $uuid here?? once i come back from PayPal... this is where i get lost. how do i load a UUID-based session if i can't get the $uuid? and if there's a better way, by all means let me know! someone said i could pass the $uuid through PayPal, but i'm not seeing how yet... TIA gang! WR! Hi. I am trying to create a very simple admin login page that will let only me access a number of pages. I am trying the following code for the login page: Code: [Select] <?php session_start(); // Define your username and password $username = "username"; $password = "password"; if ($_POST['txtUsername'] == $username && $_POST['txtPassword'] == $password) { $_SESSION['admin']="true"; header("location: admin.php"); } ?> ### HTML code and form for entering in username and password with action echoing it back to itself ### On the admin.php page i then try: Code: [Select] <?php if ($_SESSION['admin'] != "true") { header("location: login.php");} else { ?> ### code for the rest of the page ### I am fairly new to all this and cant understand why its remaining on the login page and not sending me to admin.php when the password and username are correct. Is this the correct way to be going about it? I envisaged simply adding the above code to the top of any page only the admin could see. Any help is much appreciated. I am working on getting members that are ready to make a payment after they have logged in and want to view their emails to make the payment first. How can I reprogram my session to stop them from entering the email section and make a payment first. This is my codes which work fine. Just need to know how to amend it to redirect them to payment. <?php //Start session session_start(); //Check whether the session variable SESS_MEMBER_ID is present or not if(!isset($_SESSION['SESS_ID']) || (trim($_SESSION['SESS_ID']) == '')) { header("location: access-denied.php"); exit(); } ?> I have four session variables, two I am valueing using $_POST elements from a previous page's form, the other two I am valueing using items retrieved from a database. Here is the code - ---------------------------------------------------- <?php session_start(); $_SESSION['UserLastName'] = strtolower(trim($_POST['txtLastName'])); $_SESSION['BadgeID'] = trim($_POST['txtBadgeID']); //get list for supervisor drop down $q1 = sprintf("select * from emps where emp_last = '".$_SESSION['UserLastName']."' and emp_badge = '".$_SESSION['BadgeID']."'"); $rs_emp_info = hitMSSQL($q1,"intra_sql","employees","xxxx","xxxx",1); $_SESSION['SSN'] = $rs_emp_info->fields("emp_ssn"); $_SESSION['CostCenter'] = $rs_emp_info->fields("emp_costcenter"); if ($_POST['rdoAction'] == 0) { header("Location: http://webapps/injury/empForm.php"); } ?> ---------------------------- When I get to the next page, empForm.php, the Last name and badge ID session vars are populated but the SSN and Cost Center session vars are not. I have tried several things including putting an exit(); after my header statement and first putting the database items into plain old $vars and then trying to populate the session vars with the value of the regular $vars, but nothing seems to work. I have a session_start() at the top of all of my scripts. Any idea why I am losing these values? (and why this box that I am typing into on this site is bouncing around so badly that I can't see what I am typing here???) Hey guys, i always get the error: Warning: Cannot modify header information - headers already sent by (output started at /home/worldw44/public_html/Newsletter/Admin/Admin.php:1) in /home/worldw44/public_html/Newsletter/Admin/Admin.php on line 6 when im tyring to run: <?php if(isset($_SESSION['adminlogin'])) { $run=yes; } else { header( 'Location: http://www.worldwidelighthouses.com/Newsletter/Admin/Log-In.php'); }?> <!DOCTYPE HTML> <html lang="en-GB"> <head> <meta charset="utf-8"> <!--Search Engine Meta Tags--> <meta name="author" content="Worldwide Lighthouses"> <meta name="keywords" content="Lighthouses,Lightships,Trinity House,Fog Signals,Fog Horns,Fresnel"> <meta name="description" content="Worldwide Lighthouses is the number 1 source of information, pictures and videos on the Subject of Lighthouses and Lightships"> <!--Stylesheets/Javascript--> <link rel="stylesheet" href="../../Page-Layout.css" media="screen and (min-width: 481px)"> <link rel="stylesheet" href="../../Mobile-Page-Layout.css" media="only screen and (max-width:480px)"> <!--Mobile Browser Support--> <meta name="viewport" content="width=320; initial-scale=1.0; maximum-scale=1.0; user-scalable=0;"> <!--IE Support--> <!--[if lt IE 9]><script src="http://html5shiv.googlecode.com/svn/trunk/html5.js"></script> <link rel="stylesheet" href="../Page-Layout.css"><![endif]--> <meta name="application-name" content="Worldwide Lighthouses"> <meta name="msapplication-starturl" content="http://worldwidelighthouses.com/"> <meta name="msapplication-tooltip" content="Worldwide Lighthouses: Your number one source of Lighthouse Information, Videos and Pictures"> <meta name="msapplication-task" content="name=Lighthouses;action-uri=http://worldwidelighthouses.com/Lighthouses.php;icon-uri=http://worldwidelighthouses.com/IE9/Lighthouses.ico"> <meta name="msapplication-task" content="name=Lightships;action-uri=http://worldwidelighthouses.com/Lightships.php;icon-uri=http://worldwidelighthouses.com/IE9/Lightships.ico"> <meta name="msapplication-task" content="name=Fog Signals;action-uri=http://worldwidelighthouses.com/Fog-Signals.php;icon-uri=http://worldwidelighthouses.com/IE9/Fog-Signals.ico"> <meta name="msapplication-task" content="name=Glossary;action-uri=http://worldwidelighthouses.com/Glossary.php;icon-uri=http://worldwidelighthouses.com/IE9/Glossary.ico"> <title>Mailing List Administration | Worldwide Lighthouses</title> </head> <body> <header> <h1 id="WWLH">Worldwide Lighthouses</h1> <form method="get" action="http://www.worldwidelighthouses.com/Search/search.php" id="Search-Box"> <input type="search" placeholder="Search Worldwide Lighthouses" name="query" id="query" size="30" value="" autocomplete="off"> <input type="submit" value="Search"> <input type="hidden" name="search" value="1"> </form> </header> <nav> <ul id="Nav"> <li class="MenuButton" id="Index"><a href="../Index.php"><p class="Nav">Home</p></a></li> <li class="MenuButton" id="Lighthouses"><a href="../Lighthouses.php"><p class="Nav">Lighthouses</p></a></li> <li class="MenuButton" id="Lightships"><a href="../Lightships.php"><p class="Nav">Lightships</p></a></li> <li class="MenuButton" id="FogSignals"><a href="../Fog-Signals.php"><p class="Nav">Fog Signals</p></a></li> <li class="MenuButton" id="Daymarks"><a href="../Daymarks.php"><p class="Nav">Daymarks</p></a></li> <li class="MenuButton" id="Buoys"><a href="../Buoys.php"><p class="Nav">Buoys</p></a></li> <li id="MenuButtonLast"><a href="../Glossary.php"><p class="Nav">Glossary</p></a></li> </ul> </nav> <article> <h1 class="Title">Contact Admin Centre</h1> <div class="Textbox"> <div id="Social"> <a href="http://twitter.com/share" class="twitter-share-button" data-count="horizontal" data-via="WWlighthouses">Tweet</a><script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script> <object id="Facebook" data="http://www.facebook.com/plugins/like.php?href=http%3A%2F%2Fworldwidelighthouses.com/&layout=button_count&show_faces=false&width=450&action=like&colorscheme=light&height=21"></object> </div> </div> </article> <footer> <ul> <li><a href="../About.php">About</a></li> <li><a href="../Contact-us.php">Contact</a></li> <li><a href="../Use-Our-Media.php">Use our media</a></li> <li><a href="../Search/search.php">Search</a></li> <li><a href="../Social-Networking.php">Social</a></li> <li><a href="#Top">Back to top</a></li> </ul> <br> <br> &#169; Worldwide Lighthouses <?php echo date("Y"); ?> </footer> </body> Cany anyone offer some suggestions as to why? Note i have no ability to change phpconfig. I am having trouble resolving an error. Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/s519970/public_html/header.php:27) in /home/s519970/public_html/admin/login.php on line 2 What I can gather is I can't use "header (Location: 'admin.php')" after i've used session_start(). I have tried to replace the header (Location: 'admin.php') with this: echo "<script>document.location.href='admin.php'</script>"; echo "<script>'Content-type: application/octet-stream'</script>"; I've been trying to read up on solutions but haven't been able to get it sorted. If anyone can offer some advice that would be greatly appreciated as im new to php. Code: [Select] <?php session_start(); if(isset($_SESSION['user'])) echo "<script>document.location.href='admin.php'</script>"; echo "<script>'Content-type: application/octet-stream'</script>"; ?> <div id="loginform"> <form action="dologin.php" method="post"> <table> <tr> <td><span>Username:</span></td> <td><input type="text" name="username" /></td> </tr> <tr> <td><span>Password:</span></td> <td><input type="password" name="password" /></td> </tr> <tr> <td colspan="2" align="right"><input type="submit" name="login" value="Login" /></td> </tr> </table> </form> </div> I have tried using require_once('yourpage.php'); before my <head></head> tags in the header document where I've specified the html information but this doesn't seem to work. I've been advised to use ob_start("ob_gzhandler"); but I am not sure how to implement this. Any advice is greatly appreciated! I am trying to create an index page which contains registration and login field the problem that i get is on successful login a warning is displayed session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at C:\xampp\htdocs\Eventz.com\index.php:116) in C:\xampp\htdocs\Eventz.com\index.php on line 235 This is the login part of my index.php this tag is inside an html table below the login form I also have a registration form and its php code above the login form Code: [Select] <?php if (isset($_REQUEST['pass'])) { $id=$_POST['id']; $pass=$_POST['pass']; $conn =mysql_connect("localhost","root",""); if (!$conn) { die('Could not connect: ' . mysql_error()); } /* checking connection....success! */ $e=mysql_select_db('test', $conn); if(!$e) { die(''.mysql_error()); } else { echo 'database selected successfully'; } if (isset($_REQUEST['id']) || (isset($_REQUEST['pass']))) { if($_REQUEST['id'] == "" || $_REQUEST['pass']=="") { echo "login fields cannot be empty"; } else { $sql=mysql_query("Select email,password from login where email='$id' AND password='$pass'"); $count=mysql_num_rows($sql); if($count==1) /* $count checks if username and password are in same row */ { session_start(); $_SESSION['id']=$id; echo "</br>Login Successful</br>"; } else { echo "</br>invalid</br>"; echo "please try to login again</br>"; } } } } ?> Any help or suggestion would be appreciated in this page http://maximaart.com/newscp/ i have this problem Code: [Select] Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/maximasy/public_html/newscp/index.php:1) in /home/maximasy/public_html/newscp/index.php on line 2 my source code is <?php session_start(); include_once("config.php"); include_once("functions.php"); $errorMessage = ''; if (isset($_POST['txtUserId']) && isset($_POST['txtPassword'])) { if ($_POST['txtUserId'] === "$user" && $_POST['txtPassword'] === "$pass") { // the user id and password match, $_SESSION['basic_is_logged_in'] = true; require("main.php"); exit;?> I'm trying to put together a script that redirects visitors based on their IP, user agent and/or referral url. Basically I want the script to scan these three factors from the visitor, if any of them turn out to match my redirect-requirement it redirects the user. I know the code is horribly coded, I'm incredibly new to the php-scene and consider myself a complete noob. As you can see I want redirected visitors to go to google.com and un-redirected to msn.com(examples). Really thankful for all the help I can get! Right now nothing works, any suggestions? <?php function redirect($page) { Header( "HTTP/1.1 301 Moved Permanently" ); header('Location: ' . $page); exit; } $referrals=array('pitchingit.org','referral2'); $badAgents = array("useragent1", "useragent2"); $deny = array("78.105.191..*","100.101.103..*"); if (in_array($_SERVER['HTTP_REFERER'], $referrals, FALSE)) { header("Location: http://www.google.com"); } else { header("Location: http://www.msn.com"); } if(in_array($_SERVER['HTTP_USER_AGENT'],$badAgents)) { redirect("http://www.google.com/"); exit(); } $add=$_SERVER['REMOTE_ADDR']; foreach ($deny as $ip) { if (preg_match("^.$add.*^",$ip)) { redirect("http://www.google.com"); } } redirect("http://www.msn.com"); ?> hi everyone. i'm wondering what the best way is to create a session variable and pass it to an iframe. i need to do something along these lines, but it doesn't seem to pass the ID. Any hints on how i should accomplish this? Code: [Select] session_start(); $_SESSION['ID']=$_GET['ID']; // id from previous page $ID=session_id(); <iframe src="iframepage.php?ID=<?php echo $ID; ?>" style="width:680px; height:200px;" noresize="noresize" frameborder="0" border="0" scrolling="Yes" allowtransparency="true" /> </iframe> I'm making a simple login system with MySQL and PHP (very simple, I'm just starting with PHP). The MySQL portion is done, but I need to ensure only people who are logged in can see certain content. To check if people are logged in, my website checks that they have the $_SESSION['user'] variable set. If it is set, then it lets them continue through the website, if not, it tells them to login. Is that enough security, or can people simply inject a session cookie into their browser to spoof that they are logged in? My idea was to generate a session key cookie when they login (just a random string of letters and numbers) and store that in the database, then on every page, check to make sure their session key is the same thing that's in the database. Is this necessary? It seems expensive. I'm updating my database with a set of data from another database. When there is an item deleted from the source db, how would I make sure it's deleted from the db copy given that I have to run the update in a batch and can't run it when the item is deleted? Would I truncate the db at the beginning of each update, then pull all the of data over? Evening! I've been iffing and ahhing over this and well im not too sure, hence the post. Code: [Select] // Redirects if there is no session id selected and echos the error on the previous page if(!isset($_GET['get']) || ($_GET['getget'])){ header("Location: #.php?error"); } So it should simply check if get is set if it isnt then see if getget is set? If not redirect and show the error. Now ive tried it and even when get/getget is set it still redirects, probably something silly. Care to share anyone? Harry. Just curious how other people feel about this. I am working on an application where a lot of info is pulled from MySQL and needed on multiple pages.
Would it make more sense to...
1. Pull all data ONCE and store it in SESSION variables to use on other pages
2. Pull the data from the database on each new page that needs it
I assume the preferred method is #1, but maybe there is some downside to using SESSION variables "too much"?
Side question that's kind of related: As far as URLs, is it preferable to have data stored in them (i.e. domain.com/somepage.php?somedata=something&otherdata=thisdata) or use SESSION variables to store that data so the URLs can stay general/clean (i.e. domain.com/somepage.php)?
Both are probably loaded questions but any possible insight would be appreciated.
Thanks!
Greg
Edited by galvin, 04 November 2014 - 10:30 AM. Like 6 years ago I had made a forum software for me and my buddies to post on. It had worked all great until my friend had posted a character that skewed my whole database, unintentionly, he knew nothing about computers. But I really haven't dabbed in PHP since 2008, I'm just now getting back into it again. I need to know how I can make data from an input to be put into an MySQL database and not screw up my code. So something along the lines that make the code safe and not exploitable. Also any third party scripts on captcha would be great! What are the different ways you can keep a User "logged in"? From what I *vaguely* recall from a year or two ago when I read a whole hoard of PHP books, you commonly use cookies and sessions. But I'm asking this more from an OOP standpoint than a PHP standpoint. Let's say I have a User record in my database, and a User comes along and attempts to log in. In OOP terms, I would think you'd call some class to help log them in, and upon successfully logging in, you would "load" the User object into memory and set the "LoggedIn" field to "True". Then as long as that field was set in their object, they could surf all over the place and do things like change their account and buy things. Is that how you would do it in OOP? TomTees In my Payment Form, I have an ExpMonth (e.g. '01') and ExpYear (e.g. '2011'). Each value is assigned to $expMonth and $expYear respectively. I then need to combine them and keep the format ('MMYYYY'). I am afraid that this code may truncate leading zeros... Code: [Select] $expDate = $expMonth . $expYear Will my code work, or do I need to do something else to ensure the Month stays ('MM') and the year stays ('YYYY')? Debbie I have a directory in public WWW. The files throughout the directory have many PHP includes amongst themselves. For example, the file "registration.php" begins with require('../parameters.php'); The directory is complex, like this:
/Public WWW directory/ How would I do that without breaking all the include paths? (I know the solution is probably a one-liner involving __DIR__ ... but I can't seem to code it so it works). Thank you!!
|