|
PHP - Manually Edit Session?
Is it possible to manually edit a SESSION (not cookie) from client side? Sort of how a user can easily edit a cookie's value.
Similar TutorialsI have a strange problem. When a guest visits my contact-user.php page, they get a message telling them the must login before viewing the page. After the guest logs in, they view the same page and it tells them they have to login again (keeps on looping). But if they manually refresh that page with the "you must be logged in" message, it recognizes the login and lets them in. How can I get this page to immediately recognize that the user is logged in and not require them to refresh the page manually? Here is my code for contact-user.php <?php session_start(); header("Cache-Control: private, max-age=10800, pre-check=10800"); header("Pragma: private"); header("Expires: " . date(DATE_RFC822,strtotime("+2 day"))); include("connection.php"); mysql_select_db("database"); if (isset($_SESSION['username'])) { ******** MY HTML PAGE CONTENT ******** } else { echo "<meta http-equiv='REFRESH' content='2;url=http://www.mysite.com/login.php'> <center><font color='#EE0000'><p>You must be logged in before negotiating. You will now be redirect to the login page.</p></font></center>"; } ?> Here is my code for login.php script: <?php include("connection.php"); mysql_select_db("database"); session_start(); if(isset($_POST['login'])){ $username = mysql_real_escape_string($_POST['username']); $password = mysql_real_escape_string($_POST['password']); $tUnixTime = time(); $sGMTMySqlString = gmdate("Y-m-d H:i:s", $tUnixTime); if (!$username || !$password) { print "Please fill out all fields."; exit; } $logres = mysql_num_rows(mysql_query("SELECT * FROM members WHERE username = '$username' and password = '$password'")); if ($logres <= 0) { print "Login failed. If you have not already, please signup. Otherwise, check your spelling and login again."; exit; } else { $_SESSION['username'] = $username; if (isset($_SESSION)) { echo'You are now logging in'; mysql_query("UPDATE members SET activity = '$sGMTMySqlString' WHERE username = '$username'"); } else { echo "You are not logged in!"; } echo'<html><head><meta http-equiv="REFRESH" content="1;url=http://www.mysite.com/members/' . $_SESSION['username'] . '/"></head><body></body></html>'; exit; } } ?> i was working on modifying a code written by a previous user. i have field called adid in the ads table which should have been a primary key and autoincremented. But since we already have lot of data across different sites we cannot modify the table structure. The problem is i want to check if the following code is adding adid manually.is there some problem with this code? Code: [Select] $get_ad_id = mysql_query("SELECT adid FROM ads ORDER BY adid DESC LIMIT 1", $con) or die("Error Getting AD ID: ".mysql_error()); while($get_ad_id_results = mysql_fetch_assoc($get_ad_id)) { $adid=$get_ad_id_results['adid']; } if($adid!="") { $adid=$adid+1; } else { $adid="1"; } if($bannertype=="120x60" || $bannertype=="468x60") { $New_URL = $_POST['URL']; $active='Y'; $insert_image_banner_query="INSERT INTO ads (adid, URL, image_path, date, userid, active, size) VALUES ('".$adid."','$New_URL', '$newname', '$Date', '$loggedinuserid','".$active."','".$bannertype."')"; mysql_query($insert_image_banner_query, $con) or die("Inserting Image Ad Failed: ".mysql_error()); $update_banner_cache="YES"; } I've got a script that's been running away happily as a cron job for the last few days, but it's suddenly decided to stop working. When I run the script manually it works perfectly, but not when I run it as a cron job. I've done some debugging and I've found that the cause of the problem appears to be an ftp_get function that I'm using. I'm guessing I need to either change a file path, or a file permission, but I'm not sure to what. Here's the info: Code: [Select] $local_dir = '../../col_protected/'; $c = ftp_connect('www.mydomain.net') or die("Can't connect"); ftp_login($c,'ftp_username','ftp_password') or die("Can't login"); ftp_get($c, $local_dir.$filename, FTP_ASCII) or die("Can't transfer"); The FTP connect and login are still working fine, it's the ftp_get that's causing the problem. The '../../col_protected/' directory is on the same level as the public_html (ie. outside the public_html) with file permissions set to 777. The cron is running at /home/username/public_html/col/proc1.php Can anyone advise please? Many thanks, Chris Server version: 5.1.53-log I have the following queries Code: [Select] SELECT user_id FROM phpbb_profile_fields_data WHERE pf_rsname = "Atroxide" LIMIT 1 SELECT user_id FROM phpbb_profile_fields_data WHERE pf_rsname = "Delia Smith" LIMIT 1 SELECT user_id FROM phpbb_profile_fields_data WHERE pf_rsname = "espinozagabe" LIMIT 1 SELECT user_id FROM phpbb_profile_fields_data WHERE pf_rsname = "Jaunty1" LIMIT 1 SELECT user_id FROM phpbb_profile_fields_data WHERE pf_rsname = "lvoos" LIMIT 1 All 5 of these queries are executed at a different time (in a foreach loop). All 5 except for the one below returned a result. Code: [Select] SELECT user_id FROM phpbb_profile_fields_data WHERE pf_rsname = "Delia Smith" LIMIT 1 I couldn't figure out why it wasn't working so I copy pasted it into PHPMyAdmin and it returned the result I was looking for. What could cause for PHPMyAdmin to work but not the exact same query in a php script to not? It didn't return an error using mysql_error() either. Pretty sure its irreverent but here is the php script. Code: [Select] foreach ($online as $username => $activity) { $query = " SELECT user_id FROM phpbb_profile_fields_data WHERE pf_rsname = \"" . $username . "\" LIMIT 1 "; $result = $db->query($query); } The table is Code: [Select] user_id mediumint(8) UNSIGNED No 0 pf_rsname varchar(255) utf8_bin Yes NULL Hi, I am trying to make some adjustments to uploadify.php which comes with the latest version of uploadify (3.0 beta), so that it works with a session variable that stores the login username and adds it to the path for uploads. Here is uploadify.php as it currently looks: Code: [Select] <?php session_name("MyLogin"); session_start(); $targetFolder = '/songs/' . $_SESSION['name']; // Relative to the root if (!empty($_FILES)) { $tempFile = $_FILES['Filedata']['tmp_name']; $targetPath = $_SERVER['DOCUMENT_ROOT'] . $targetFolder; $targetFile = rtrim($targetPath,'/') .'/'. $_FILES['Filedata']['name']; // Validate the file type $fileTypes = array('m4a','mp3','flac','ogg'); // File extensions $fileParts = pathinfo($_FILES['Filedata']['name']); if (in_array($fileParts['extension'],$fileTypes)) { move_uploaded_file($tempFile,$targetFile); echo '1'; } else { echo 'Invalid file type.'; } } echo $targetFolder; ?> I added Code: [Select] echo $targetFolder; at the bottom so that I could make sure that the string returned was correct, and it is, i.e. '/songs/nick'. For some reason though, uploads are not going to the correct folder, i.e. the username folder, but instead are going to the parent folder 'songs'. The folder for username exists, with correct permissions, and when I manually enter Code: [Select] $targetFolder = '/songs/nick';all works fine. Which strikes me as rather strange. I have limited experience of using php, but wonder how if the correct string is returned by the session variable, the upload works differently than with the manually entered string. Any help would be much appreciated. It's the last issue with a website that was due to go live 2 days ago! Thanks, Nick in this page http://maximaart.com/newscp/ i have this problem Code: [Select] Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/maximasy/public_html/newscp/index.php:1) in /home/maximasy/public_html/newscp/index.php on line 2 my source code is <?php session_start(); include_once("config.php"); include_once("functions.php"); $errorMessage = ''; if (isset($_POST['txtUserId']) && isset($_POST['txtPassword'])) { if ($_POST['txtUserId'] === "$user" && $_POST['txtPassword'] === "$pass") { // the user id and password match, $_SESSION['basic_is_logged_in'] = true; require("main.php"); exit;?> I am having trouble resolving an error. Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/s519970/public_html/header.php:27) in /home/s519970/public_html/admin/login.php on line 2 What I can gather is I can't use "header (Location: 'admin.php')" after i've used session_start(). I have tried to replace the header (Location: 'admin.php') with this: echo "<script>document.location.href='admin.php'</script>"; echo "<script>'Content-type: application/octet-stream'</script>"; I've been trying to read up on solutions but haven't been able to get it sorted. If anyone can offer some advice that would be greatly appreciated as im new to php. Code: [Select] <?php session_start(); if(isset($_SESSION['user'])) echo "<script>document.location.href='admin.php'</script>"; echo "<script>'Content-type: application/octet-stream'</script>"; ?> <div id="loginform"> <form action="dologin.php" method="post"> <table> <tr> <td><span>Username:</span></td> <td><input type="text" name="username" /></td> </tr> <tr> <td><span>Password:</span></td> <td><input type="password" name="password" /></td> </tr> <tr> <td colspan="2" align="right"><input type="submit" name="login" value="Login" /></td> </tr> </table> </form> </div> I have tried using require_once('yourpage.php'); before my <head></head> tags in the header document where I've specified the html information but this doesn't seem to work. I've been advised to use ob_start("ob_gzhandler"); but I am not sure how to implement this. Any advice is greatly appreciated! I am trying to create an index page which contains registration and login field the problem that i get is on successful login a warning is displayed session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at C:\xampp\htdocs\Eventz.com\index.php:116) in C:\xampp\htdocs\Eventz.com\index.php on line 235 This is the login part of my index.php this tag is inside an html table below the login form I also have a registration form and its php code above the login form Code: [Select] <?php if (isset($_REQUEST['pass'])) { $id=$_POST['id']; $pass=$_POST['pass']; $conn =mysql_connect("localhost","root",""); if (!$conn) { die('Could not connect: ' . mysql_error()); } /* checking connection....success! */ $e=mysql_select_db('test', $conn); if(!$e) { die(''.mysql_error()); } else { echo 'database selected successfully'; } if (isset($_REQUEST['id']) || (isset($_REQUEST['pass']))) { if($_REQUEST['id'] == "" || $_REQUEST['pass']=="") { echo "login fields cannot be empty"; } else { $sql=mysql_query("Select email,password from login where email='$id' AND password='$pass'"); $count=mysql_num_rows($sql); if($count==1) /* $count checks if username and password are in same row */ { session_start(); $_SESSION['id']=$id; echo "</br>Login Successful</br>"; } else { echo "</br>invalid</br>"; echo "please try to login again</br>"; } } } } ?> Any help or suggestion would be appreciated hi everyone. i'm wondering what the best way is to create a session variable and pass it to an iframe. i need to do something along these lines, but it doesn't seem to pass the ID. Any hints on how i should accomplish this? Code: [Select] session_start(); $_SESSION['ID']=$_GET['ID']; // id from previous page $ID=session_id(); <iframe src="iframepage.php?ID=<?php echo $ID; ?>" style="width:680px; height:200px;" noresize="noresize" frameborder="0" border="0" scrolling="Yes" allowtransparency="true" /> </iframe> I'm making a simple login system with MySQL and PHP (very simple, I'm just starting with PHP). The MySQL portion is done, but I need to ensure only people who are logged in can see certain content. To check if people are logged in, my website checks that they have the $_SESSION['user'] variable set. If it is set, then it lets them continue through the website, if not, it tells them to login. Is that enough security, or can people simply inject a session cookie into their browser to spoof that they are logged in? My idea was to generate a session key cookie when they login (just a random string of letters and numbers) and store that in the database, then on every page, check to make sure their session key is the same thing that's in the database. Is this necessary? It seems expensive. Just curious how other people feel about this. I am working on an application where a lot of info is pulled from MySQL and needed on multiple pages.
Would it make more sense to...
1. Pull all data ONCE and store it in SESSION variables to use on other pages
2. Pull the data from the database on each new page that needs it
I assume the preferred method is #1, but maybe there is some downside to using SESSION variables "too much"?
Side question that's kind of related: As far as URLs, is it preferable to have data stored in them (i.e. domain.com/somepage.php?somedata=something&otherdata=thisdata) or use SESSION variables to store that data so the URLs can stay general/clean (i.e. domain.com/somepage.php)?
Both are probably loaded questions but any possible insight would be appreciated.
Thanks!
Greg
Edited by galvin, 04 November 2014 - 10:30 AM. Evening! I've been iffing and ahhing over this and well im not too sure, hence the post. Code: [Select] // Redirects if there is no session id selected and echos the error on the previous page if(!isset($_GET['get']) || ($_GET['getget'])){ header("Location: #.php?error"); } So it should simply check if get is set if it isnt then see if getget is set? If not redirect and show the error. Now ive tried it and even when get/getget is set it still redirects, probably something silly. Care to share anyone? Harry. hello mates, I am needing help on editing a line in Flat File Database. I got it to pull the data i need out by using id but not sure on how i would go about getting it to update the FFD heres what i got so far $id2 = $_REQUEST['id']; $id = array(); $username = array(); $title = array(); $date = array(); $message = array(); $lines = file('../news/news.db'); foreach($lines as $line){ if($id != $id2) { $explode = explode("||",$line); $id = $explode[0]; $username = $explode[1]; $title = $explode[2]; $date = $explode[3]; $message = $explode[4]; } } ?> <form action="edit_news2.php?id=<?php echo $id; ?>" method="post" name="editnews"> <table width="100%"> <tr><td><input name="id" value="<?php echo "$id;" ?>" type="hidden" />UserName:</td><td> <input name="userName" value="<?php echo "$username" ?>" type="text" readonly="true" /></td></tr> <tr><td>News Title:</td><td> <input name="title" type="text" value="<?php echo "$title"; ?>" /></td></tr> <tr><td>Date/Time:</td><td> <input name="datetime" value="<?php echo "$date"; ?>" type="text" readonly="true" /></td></tr> <tr><td colspan="2">Message:</td></tr> <tr><td colspan="2"><textarea name="message" cols="50" rows="15"><?php echo "$message"; ?></textarea></td></tr> <tr><td colspan="2" align="center"><input type="submit" name="submitBtn" value="Post News" /></td></tr> </table> </form> thank you Valkeri2010 I'm using php edit function to edit an php file online. I think the portion that writing the file is below. My issue is that wherever there's a quote ("), it's automatically adding a slash (\). For example, if I had class="abc", it changes to class=\"abc\". How do I fix this? Code: [Select] <?php $file = $_GET['f']; $script = $_POST['script']; if($file&&$script) { $fp=fopen($file, "w"); fwrite($fp,$script); fclose($fp); } ?> Ok I have a file with my emails and passwords like this email:pass email:pass email:pass email:pass and so on.. Is it possible to make a script that will delete everything after the ":" and replace the ":" with a comma? Im not sure what functions or w/e I could use to make this possible? Any ideas? Thanks Hi can anyone please help me, I have to create a edit page that retrieves information from a list so that a user can change the text. The page looks fine but when I enter data in the fields and update it leaves the page as it was retrieved. I am a beginner! My code looks like this: Code: [Select] <form method = "get" action = "edit.php"> <?php //check to see if user is logged on session_start(); if (!(isset($_SESSION['login']) && $_SESSION['login'] != "")) { header ("Location:login.php"); } include('connect.php'); //connection details to database in a connect.php page $product_id = $_GET['product_id']; $query = "SELECT * FROM products WHERE product_id = '$product_id'"; $result = mysql_query($query); while($row = mysql_fetch_array($result)){ $product_id = $row['product_id']; echo "<table>"; echo "<tr>"; echo "<td><input name = 'product_id' type = 'hidden' value ='$row[product_id]'></td>"; echo "</tr>"; echo "<tr>"; echo "<td>Product Name:</td><td><input name = 'pname' type = 'text' value ='$row[product_name]'></td>"; echo "</tr>"; echo "<tr>"; echo "<td>Product Range:</td><td><input name = 'prange' type = 'text' value ='$row[product_range]'></td>"; echo "</tr>"; echo "<tr>"; echo "<td>Product Price:</td><td><input name = 'pprice' type = 'text' value ='$row[product_price]'></td>"; echo "</tr>"; echo "<tr>"; echo "<td><input type = 'submit' name = 'Submit' value = 'Update'></td>"; echo "</tr>"; echo "</table>"; } //if form was submitted if ($_SERVER['REQUEST_METHOD'] == 'POST'){ //get values from fields $productname = $_POST['pname']; $range = $_POST['prange']; $price1 = $_POST['pprice']; $price = (int)$price1; if ($productname == "" || $range == "" || $price == "" ) { $errorMessage .= "Please fill in all text boxes"; } else { $errorMessage = ""; } $query = "UPDATE products SET product_name = '$productname', product_range = '$range', product_price = '$price' WHERE product_id = '$product_id'"; $result = mysql_query($query); print "<br> $productname from range $range with a price of $price has been updated!"; } ?> Thank you in advance! Hi, Is there any way i can use a php script to edit crontab jobs. i use this command on my centos based server to add/edit cronjobs. . "crontab -e" I wants to manage my cronjobs with a php file to add/edit cronjobs. Thans for any help. ok i want admin to click on the edit button and a form shows up where you can edit your events and stuff like that but i cant get the edit button to work Code: [Select] <?php require 'scripts/connect.php'; echo " <table width='472' border='0'> <tr> <th width='43' height='21' scope='col'>Event Id</th> <th width='116' scope='col'>Event Nane</th> <th width='106' scope='col'>Event Type</th> <th width='63' scope='col'>EDIT</th> <th width='63' scope='col'>DELETE</th> </tr> </table>"; $sqlCommand = "SELECT * FROM events"; $out = mysql_query($sqlCommand); while ($row = mysql_fetch_assoc($out)){ $eventid = $row["id"]; $eventname = $row["eventname"]; $eventtype = $row["typeevent"]; $eventinfo = $row["eventinfo"]; $date = $row["date"]; $time = $row["time"]; $livetickets = $row["sale"]; $numtickets = $row["numtickets"]; $pricestudents = $row["studentsprice"]; $priceseniors = $row["seniorsprice"]; $priceadults = $row["adultsprice"]; if ($_POST['editbtn']){ echo "<form action='editevent' method='post'> <table> <tr> <td>Event Name</td> <td></td> <tr> <tr> <td></td> <td></td> <tr> <tr> <td></td> <td></td> <tr> </table> </form> "; }else echo" <table width='472' border='0'> <tr><form action='editevent.php' method='post'> <th width='59' height='21' scope='col'>$eventid</th> <th width='159' scope='col'>$eventname</th> <th width='151' scope='col'>$eventtype</th> <th width='85' scope='col'><input type='button' name='editbtn' value='Edit' /></th> <th width='85' scope='col'><input type='button' name='deletebtn' value='Delete' /></th> </form></tr> </table>"; } ?> hi all, i have a page which lists all of my registered users from the mysql database but i want the ability to edit an account, here is my list users code (just shown the appropiate code and not the rest): Code: [Select] <?php require ('../secure/connect.php'); $sql = "SELECT * FROM users ORDER BY user_level ASC"; $result=mysql_query($sql); echo '<table width="80%" border="0" cellspacing="5" cellpadding="0">'; echo ' <tr> <th><p align="left">User ID:</th> <th><p align="left">User Level:</th> <th><p align="left">Username:</th> <th><p align="left">User Title:</th> <th><p align="left">Email:</th> <th><p align="left">Actions:</th> </tr>'; while($rows=mysql_fetch_array($result)){ ?> <tr> <td><?php echo $rows['userid']; ?></td> <td><?php echo $rows['user_level']; ?></td> <td><?php echo $rows['username']; ?></td> <td><?php echo $rows['user_title']; ?></td> <td><?php echo $rows['email']; ?></td> <td><a href="edit_account.php?id=">Edit Account</a></td> </tr> <?php } ?> this lists my users nicely, as you can see i put it a edit account action at the end with a empty id= because that may be a way of doing it but im not sure what else to do or if there is a better way of doing it. any help would be great! guys in this code i get some data from myswl table and i display them in to and html table with dynamic textboxes the first part works ok but how can i update the mysqltable with tha changes? i have try to work with one table and i get an error Notice: Undefined index: name1 in D:\....... <?php session_start(); include($_SERVER['DOCUMENT_ROOT'].'/includes/connection.php'); $result = mysql_query( "SELECT * FROM serv " ); while($row = mysql_fetch_array($result, MYSQL_ASSOC)) { echo "<tr>"; echo "<td ALIGN=\"center\"><form method='POST'><input name=\"name1\" type=\"text\" value={$row['onoma-eponymo']} id=\"n1\" STYLE=\" border-color:black; border-style:none; border-width:1px; font-size:30pt; color:yellow; background-color:gray; \" size=\"25\" maxlength=\"24\" /></form></td>"; echo "<td ALIGN=\"center\"><form method='POST'><input name=\"name2\" type=\"text\" value={$row['username']} STYLE=\" border-color:black; border-style:none; border-width:1px; font-size:30pt; color:yellow; background-color:gray; \" size=\"7\" maxlength=\"5\" /></form></td>"; echo "<td ALIGN=\"center\"><form method='POST'><input name=\"name3\" type=\"text\" value={$row['password']} STYLE=\" border-color:black; border-style:none; border-width:1px; font-size:30pt; color:yellow; background-color:gray; \" size=\"7\" maxlength=\"5\" /></form></td>"; echo "<td ALIGN=\"center\"><form method='POST'><input name=\"name4\" type=\"text\" value={$row['serv_id']} STYLE=\" border-color:black; border-style:none; border-width:1px; font-size:30pt; color:yellow; background-color:gray; \" size=\"9\" maxlength=\"15\" /></form></td>"; echo "</tr>\n"; } echo "</table>"; if(isset($_POST['back'])) {header("location:admin.php");} if(isset($_POST['sub_update'])) { $text = $_POST["name1"]; mysql_query("INSERT INTO serv (password) VALUES ('$text') "); } ?> <body> <form method="post" action=""> <input type="Submit" name="sub_update" value="Ενημέρωση Αλλαγών"style="height:6em; width:16em; font-size:150%;"> <form method="post" action=""> <input type="Submit" name="back" value="Back"style="height:6em; width:16em; font-size:150%;"> </form> |
|||||||