PHP - Unique Session Variable Enough? Getting Logged Out And In On Every Project

Hello everyone,

I can get Test 2 to successfully operate the if statement using a variable variable.

But when I try the same method using a session variable (Test 1) the if statement is not executed. Please could you tell me why the if statement in Test 1 is not being executed?

Code: [Select]

<?php
# TEST 1
$_SESSION[test_variable] = "abcd";
$session_variable_name = "_SESSION[test_variable]";
if ($$session_variable_name == "abcd")
{
echo "<br>line 373, abcd<br>";
}

# TEST 2
$test_variable = "efgh";
$test_variable_name = "test_variable";
if ($$test_variable_name == "efgh")
{
echo "<br>line 379, efgh<br>";
}

?>
Many thanks,

Stu

Hello, i've got some shop script which has 2 payment modules which i'd like to use for something else, the payment modules only work if the user is logged in though, i tried to make them standalone scripts but that didn't work out too well.

So now i decided to go another way and just let everyone have the same session so everyone will be using the same username&password automatically.

the index file looks like this:
Code: [Select]
<?php
include('./inc/config.php');
include('./inc/functions.php');
include('./lang/'.$language.'.lng');
$id = addslashes($_REQUEST["id"]);
$user = addslashes($_REQUEST["username"]);
$pass = addslashes($_REQUEST["password"]);
$language = strtolower($language);
if(empty($id)) $id =1;
$file = mysql_query('SELECT * FROM navi_'.$language.' WHERE id="'.$id.'"');
if(mysql_num_rows($file)>0)
$file = mysql_fetch_array($file);
else
$file = mysql_fetch_array(mysql_query('SELECT * FROM navi_'.$language.' WHERE id="404"'));

if(!empty($user) AND !empty($pass))
{$query = mysql_query('SELECT * FROM users WHERE username="'.$user.'" AND pass="'.md6($pass).'"');
if(mysql_num_rows($query) == 1) {$_SESSION[$session_prefix."user"] = ucfirst($user); echo'<meta http-equiv="refresh" content="0; url=index.php?id=8">';}
else $error = 'Username oder Passwort ist falsch.';}

include('./designe/'.$designe.'/head.tpl');
include('./designe/'.$designe.'/navi.php');
include('./designe/'.$designe.'/middle.tpl');

if(file_exists('./pages/'.$file["file"]))
{echo'<h1>'.ucfirst($file["title"]).'</h1>';
include('./pages/'.$file["file"]);}
if(!empty($error)) echo '<font color="red">'.$error.'</font>'; 

include('./designe/'.$designe.'/foot.tpl');
?>

Now i tried alot of things including adding:
Code: [Select]
session_start();
$_SESSION["username"] = "peter";
$_SESSION["user"] = "peter";
$_SESSION["id"] = "1";
$_SESSION["pass"] = "peter";
$_SESSION["password"] = "peter";
or
Code: [Select]
$id = "1";
$user = "peter";
$username = "peter";
$pass = "peter";
$password = "peter";
also a combination of both, nothing works, but i don't understand why ? Any help is appreciated.

/Edit, i tried adding it to the paymentmodule .php aswell, but no luck.

I have a mysql table which will store users email addresses (each is unique and is the primary field) and a timestamp. 
I have added another column called `'unique_code' (varchar(64), utf8_unicode_ci)`.

What I would very much appreciate assistance with is;

a) Generating a 5 digit alphanumeric code, ie: 5ABH6 
b) Check all rows the 'unique_code' column to ensure it is unique, otherwise re-generate and check again 
c) Insert the uniquely generated 5 digit alphanumeric code into `'unique_code'` column, corresponding to the email address just entered. 
d) display the code on screen.

What code must I put and where?


**My current php is as follows:**

Code: [Select]
    require "includes/connect.php";
   
    $msg = '';
   
    if($_POST['email']){
   
    // Requested with AJAX:
    $ajax = ($_SERVER['HTTP_X_REQUESTED_WITH']  == 'XMLHttpRequest');
   
    try{
    if(!filter_input(INPUT_POST,'email',FILTER_VALIDATE_EMAIL)){
    throw new Exception('Invalid Email!');
    }
   
    $mysqli->query("INSERT INTO coming_soon_emails
    SET email='".$mysqli->real_escape_string($_POST['email'])."'");
   
    if($mysqli->affected_rows != 1){
    throw new Exception('You are already on the notification list.');
    }
   
    if($ajax){
    die('{"status":1}');
    }
   
    $msg = "Thank you!";
   
    }
    catch (Exception $e){
   
    if($ajax){
    die(json_encode(array('error'=>$e->getMessage())));
    }
   
    $msg = $e->getMessage();
    }
    }

hi all , i am working on a script which is oop driven and i m not much familiar with it, i appericiate if someone can help me to solve this problem , so basicaly current script is only setting one session variable to true if user login $_SESSION['is_successful_login']  , here is my code
<?php
include('files/db.php');
class ajaxLoginModule  {
  private $timeout         = null;
  private $target_element  = null;
  private $wait_text       = null;
  private $form_element    = null;
  private $wait_element    = null;
  private $notify_element  = null;
   
  function __construct() {
     include ('config.php'); 
 $msql  = new Db;
 $msql->connect();
 $this->is_login();
  } 
  function get_config() {
 $this->set_ajax_config();
  } 
  function set_ajax_config() {
     $this->timeout         = AJAX_TIMEOUT;
     $this->target_element  = AJAX_TARGET_ELEMENT;
     $this->wait_text       = AJAX_WAIT_TEXT;
 $this->wait_element    = AJAX_WAIT_ELEMENT;
     $this->notify_element  = AJAX_NOTIFY_ELEMENT;
     $this->form_element    = AJAX_FORM_ELEMENT;
  }
  function initLogin($arg = array()) {
 $this->get_config();
 $this->login_script();     
  }
  function initJquery() { 
 return "<script type='text/javascript' src='files/jquery-1.3.2.min.js'></script>";
  }
  function login_script() { 
 include ('files/login_script.php');
  }
  function is_login() {
      if(isset($_POST['username']))  {
     $username   = $_POST['username'];
 $password   = $_POST['password'];
 $strSQL = "SELECT * FROM ".USERS_TABLE_NAME."
    WHERE username ='$username' AND password = '$password'
   ";
        $result  = mysql_query ($strSQL); 
$row     = mysql_fetch_row($result);
   /*
//THIS IS WHAT I NEED
$_SESSION['user'] = $row['username'];
 $_SESSION['id'] = $row['id'];
*/
$exist   = count($row);
if($exist >=2) { $this->jscript_location();  } 
else { $this->notify_show();}
exit;
  }   
  }
  function notify_show() {
    echo "<script>$('.".AJAX_NOTIFY_ELEMENT."').fadeIn();</script>";
  }
  function jscript_location() {
    $this->set_session();
    echo "<script> $('#container').fadeOut();window.location.href='".SUCCESS_LOGIN_GOTO."'</script>";
  }
  function set_session() {
      session_start();
  $_SESSION['is_successful_login'] = true;

  }    
  
}  
?>  

i comment that line what i need is username and id to store in those session variables

$_SESSION['user'] = $row['username'];
 $_SESSION['id'] = $row['id']

 i tried to add code in  function set_session but did not helped, appreciate  for any help.

Thanks

Hi

I am using very simple code. Here it is

Code: [Select]
<?php
session_start();
$user = "guest";
$uid = "1";
echo $_SESSION['user']."<br />";
echo $_SESSION['uid'];
?>
it displays this error
Code: [Select]
Notice: Undefined index: user in C:\wamp\www\DealDash\index.php on line 5
Notice: Undefined index: uid in C:\wamp\www\DealDash\index.php on line 6
how can I solve this problem? Help please

I wonder whether someone can help me please.

I'm using the script below to create a page whereby users are presented with a list of image folders they have created. Clicking on any of the folders allows the user to drill down and view the individual images.

Code: [Select]
<?php session_start(); 

$_SESSION['username']=$_POST['username'];
$_SESSION['locationid']=$_POST['locationid'];
 
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<?php 
  //This variable specifies relative path to the folder, where the gallery with uploaded files is located.
  $galleryPath = 'UploadedFiles/' . $_SESSION['username'] . '/' . $_SESSION['locationid'] . '/';
  
  $absGalleryPath = realpath($galleryPath) . DIRECTORY_SEPARATOR;  
  
  $descriptions = new DOMDocument('1.0');
  $descriptions->load($absGalleryPath . 'files.xml'); 
  
  $items = array();

  for ($i = 0; $i < $descriptions->documentElement->childNodes->length; $i++) {
    $xmlFile = $descriptions->documentElement->childNodes->item($i);
    $path = $xmlFile->getAttribute('name');
    $path = explode('/', $path);
    
    $t = &$items;
    for ($j = 0; $j < count($path); $j++) {
      if (empty($t[$path[$j]])) {
        $t[$path[$j]] = array();
      }
      $t = &$t[$path[$j]];
    }
    $t['/src/'] = $xmlFile->getAttribute('source');
    $t['description'] = $xmlFile->getAttribute('description');
    $t['size'] = $xmlFile->getAttribute('size');
  }
  
  $basePath = empty($_GET['path']) ? '' : $_GET['path'];
  if ($basePath) {
    $basePath = explode('/', $basePath);
    for ($j = 0; $j < count($basePath); $j++) {
      $items = &$items[$basePath[$j]];
    }
  }
  
  $files = array();
  $dirs = array();
  
  function urlpartencode(&$item, $index) {
    $item = rawurlencode($item);
  }
  
  foreach ($items as $key => $value) {
    if (isset($value['/src/'])) {
      $value['/src/'] = explode('/', $value['/src/']);
      array_walk($value['/src/'], 'urlpartencode');
      $value['/src/'] = implode('/', $value['/src/']);
      $files[] = array(
        'name' => $key,
        'src' => $value['/src/'],
        'description' => htmlentities($value['description'], ENT_COMPAT, 'UTF-8'),
        'size' => htmlentities($value['size'], ENT_COMPAT, 'UTF-8')
      ); 
    } else {
      $dirs[] = $key;
    }
  }
  
  $basePath = empty($_GET['path']) ? '' : $_GET['path'];
  $up = dirname($basePath);
  if ($up == '.') {
    $up = '';
  }
  
  sort($files);
  sort($dirs);
?>
<head>
  <title>View Image Folders</title>
  <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
  <link href="Styles/style.css" rel="stylesheet" type="text/css" />
  <script src="Libraries/jquery/jquery-1.4.3.min.js" type="text/javascript"></script>
   <style type="text/css">
<!--
.style1 {
font-size: 14px;
margin-top: 5px;
margin-right: -50px;
}

-->
  </style>
<body style="font-family: Calibri; color:  #505050; margin-right: 160px; margin-left: -180px;">
<div align="right" class="style1"> <a href = "index.php" /> Add Images <a/> &rarr; <a href = "javascript:document.imagefolders.submit()"> View All Images </a> </div>
<form id="imagefolders" name="imagefolders" class="page" action="gallery.php" method="post" enctype="application/x-www-form-urlencoded"> 
   <div id="container">
  </div>
    <div id="center">
      <div class="aB">
        <div class="aB-B">
          <?php if ('Uploaded files' != $current['title']) :?>
          <?php endif;?>
          <div class="demo">
  <input name="username" type="hidden" id="username" value="IRHM73" />
          <input name="locationid" type="hidden" id="locationid" value="1" />
            <div class="inner">
              <div class="container">
                <div class="gallery">
                  <table class="gallery-link-table" cellpadding="0" cellspacing="0">
                    <thead>
                      <tr class="head">
                        <th class="col-name">
                          Name
                        </th>
                        <th class="col-size">
                          Size
                        </th>
                        <th class="col-description">
                          Description
                        </th>
                      </tr>
                    </thead>

                    <tbody>
                      <tr class="directory odd">
                        <td class="col-name">
                          <a href="?path=<?php echo rawurlencode($up); ?>">..</a>
                        </td>
                        <td class="col-size">
                        </td>
                        <td class="col-description">
                        </td>
                      </tr>
                      <?php $i = 1; ?>
                      <?php foreach ($dirs as $dir) : ?>
                      <tr class="directory <?php $i++; echo ($i % 2 == 0 ? 'even' : 'odd'); ?>">
                        <td><a href="?path=<?php echo rawurlencode(($basePath ? $basePath . '/' : '') . $dir); ?>"><?php echo htmlentities($dir, ENT_COMPAT, 'UTF-8'); ?></a></td>
                        <td>Folder</td>
                        <td></td>
                      </tr>
                      <?php endforeach; ?>
                      <?php foreach ($files as $file) : ?>
                      <tr class="<?php $i++; echo ($i % 2 == 0 ? 'even' : 'odd'); ?>">
                        <td><a target="_blank" href="<?php echo $galleryPath . $file['src']; ?>"><?php echo htmlentities($file['name'], ENT_COMPAT, 'UTF-8'); ?></a></td>
                        <td><?php echo htmlentities($file['size'], ENT_COMPAT, 'UTF-8'); ?></td>
                        <td><?php echo htmlentities($file['description'], ENT_COMPAT, 'UTF-8'); ?></td>
                      </tr>
                      <?php endforeach; ?>
                    </tbody>
                  </table>
                </div>
              </div>
            </div>
          </div>
        </div>
      </div>
  </div>
        </div>
      </div>
    </div>
</form>
</body>
</html>
I can create the list of folders, but when I click on any of these, instead of being able to view the images, I receive the following error:
Quote

Warning: DOMDocument::load() [domdocument.load]: I/O warning : failed to load external entity "/homepages/2/d333603417/htdocs/development/UploadedFiles/files.xml" in /homepages/2/d333603417/htdocs/development/imagefolders.php on line 16

Warning: Invalid argument supplied for foreach() in /homepages/2/d333603417/htdocs/development/imagefolders.php on line 52


Line 16 is this line Code: [Select]
$descriptions->load($absGalleryPath . 'files.xml'); and line 52 is this Code: [Select]
foreach ($items as $key => $value){
However, if I change this line Code: [Select]
$galleryPath = 'UploadedFiles/' . $_SESSION['username'] . '/' . $_SESSION['locationid'] . '/'; to
Code: [Select]
$galleryPath = 'UploadedFiles/' . 'IRHM73' . '/' . '1' . '/'; i.e. replacing the 'Session Variables' with the actual values, the page works.

I've been working on this for days now, and I just can't find the solution. I just wondered whether someoen could perhaps have a look at this and let me know where I'm going wrong.

Many thanks and regards

Need help declaring some session variable guys.

I have a login form where the member enters his
1. Pilot Callsign
2. Password

I want to declare that Pilot Callsign as the session variable on authentication.

Using that Pilot Callsign session variable, I will fetch data from the database relevant to his profile.

I already have the whole login page coded along with the restricted access pages (not coded by me).

Check this out

1. Page is coded like this and working PERFECTLY
---

Code: [Select]
<?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
  session_start();
}

$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
  $_SESSION['PrevUrl'] = $_GET['accesscheck'];
}

if (isset($_POST['pilot_callsign'])) {
  $loginUsername=$_POST['pilot_callsign'];
  $password=$_POST['password'];
  
  mysql_select_db($database_brn_system, $brn_system);
  
  $LoginRS__query=sprintf("SELECT pilot_callsign, password, staff_level, firstname FROM pilots WHERE activated = 1 AND pilot_callsign=%s AND password=%s",
  GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text")); 
   
  $LoginRS = mysql_query($LoginRS__query, $brn_system) or die(mysql_error());
  $loginFoundUser = mysql_num_rows($LoginRS);
  if ($loginFoundUser) {
    
    $loginStrGroup  = mysql_result($LoginRS,0,'staff_level');
    
if (PHP_VERSION >= 5.1) {session_regenerate_id(true);} else {session_regenerate_id();}
    //declare two session variables and assign them
    $_SESSION['MM_Username'] = $loginUsername;
    $_SESSION['MM_UserGroup'] = $loginStrGroup;      
?>
---

2. As you can see, there already is a session variable declared for Pilot Callsign
But on the next page "Restricted Access Page", when I try to call this same Session Variable, it doesn't work.

I tried doing this
<?php echo $_SESSION['MM_Username'] ?>

Moreover, I even tried to fetch data from the table like this -

SELECT * FROM pilots WHERE pilot_callsign=$_SESSION['MM_Username']

Doesn't work 

Hey guys, please tell me why the session var $_SESSION['return_url'] is not carrying from test.php to login.php

The two echos in this file work perfectly, so i know the session var is registered...
test.php
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

    <title>SWG:ANH &bull; Bringing PreCU back to life...</title>

    <link rel="shortcut icon" href="favicon.ico" />
    <link rel="stylesheet" type="text/css" media="screen" href="theme/main.css" />

<?php

session_start();
// This section will generate a var containing the current page URL. This will be used to allow the language script to redirect users back to the page they
// were on, in the language they selected. It is registered as a session variuable that will change every time the page changes.
function curPageURL() {
 $pageURL = 'http';
 if ($_SERVER["HTTPS"] == "on") {$pageURL .= "s";}
 $pageURL .= "://";
 if ($_SERVER["SERVER_PORT"] != "80") {
  $pageURL .= $_SERVER["SERVER_NAME"].":".$_SERVER["SERVER_PORT"].$_SERVER["REQUEST_URI"];
 } else {
  $pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
 }
 return $pageURL;
}
// Here we register the URL we grabbed earlier in the session var.
$return_url = curPageURL();
$_SESSION['return_url'] = $return_url;

echo $_SESSION['return_url'];
echo $return_url;
include 'lang/enus.php';
include 'menu.php';
?>

login.php
<?php
session_start();
echo $_SESSION['return_url'] ;
include 'dbconnect.php';
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$return_url = $_SESSION['return_url'];
echo $return_url;
$result = mysql_query("SELECT COUNT(*) FROM account WHERE Username='$username' and Pass='$password'") or die(mysql_error());
$result = mysql_fetch_row($result); 
$result = $result[0];


if($result == 1){
$_SESSION['username'] = $username;

header("Location:".$return_url);
}
else {
echo "Wrong Username or Password. Use the back button. If you think this message is incorrect, contact the webmaster.";
}
?>

I know its not carrying because the echo in login.php is not returning anything and the script cant execute the header function because it has nowhere to go! Ive narrowed it down to the session var not carrying.

Currently I am adding the concept of "entitlements" to my website.

In the past, my "article.php" script would simply look to the URL for which article was being requested and then load it.  However now that I am also adding the concept of "premium content" for "paid members", I need a way to control who sees what.

What I am wondering is - from a security standpoint - how much information I should load into the $_SESSION variable.

For instance, right now when a user logs in, I think I just store the "memberID" and "FirstName" and possibly "Username".

It would be more efficient when a Member logs in to also retrieve their "Membership Plan" and store that in the $_SESSION variable, so that as they browse my website, each page can simply grab $_SESSION['MembershipPlan'] and run that through a function that I need to build and then determine if the user gets to access said page.

However, maybe it would be more secure to have it so when a user lands on page XYZ, I would look at their "memberID" and query the database to get their "MembershipPlan"?

Any thoughts on each approach?

Again, my main concern is *security*, but I also suppose this plays into "performance".

 

 

Hey guys, been awhile since I have been here, but I hit a little issue in reading session data reliably every time.

What I am doing is reading the variables and values from a rarurlencoded string.
Then putting that into a session array to populate parts of a form and fill in some hidden fields.
After the form posts every now and then, about 1 in 50 or so attempts, I have one (always the same one) that just vanishes.

Anyone ever experience anything like this?

page.php
<a href="cart.php?action=add&id=38">

cart.php

session_start();
$cart = $_SESSION['cart'];

$action = $_GET['action'];

switch ($action) {
   case 'add':
if ($cart)
   $cart =$cart. ','.$_GET['id'];
   else
      $cart = $_GET['id'];
}


$_SESSION['cart'] = $cart;
echo $cart;
output:
 Insted of one time it adds the id two times.

It prints : 38,38.
can pls suggest me what's problem in the code. Thank's in advance.

I have a session variable called $_SESSION['patchurl'] in a php file , if i get in to an else statement this session variable gets set and i go to http://yyy page.

below is the snippet of the code

<?php
session_start();
?>
<?php
echo '<script type="text/javascript">' . "\n";
if(isset($_SESSION["Email"])){
echo 'window.location="http://www.xxx";';
}
else{
$_SESSION['patchurl'] = "true";
echo 'window.location="http://yyy";';
}
echo '</script>';?>

once the patchurl session variable is set i call a php file which sets an other session variable called $_SESSION["Email"]. now what happens is the $_SESSION['patchurl'] is gone and ONLY the $_SESSION["Email"] is accessible ...can i not set two session variables? why does creating a new session varible overwrites an other one even though they are called different ? am i doing something wrong ?
Edited by Ch0cu3r, 08 September 2014 - 01:05 PM.

I am trying to define a session variable where I can save it and use it as the user surfs the site.

I need the variable saved as $amano so I can use it in my select from/where statement and to echo within a table.

This is a test trying to capture and define the variable and works, but I can't get the variable $amano into the session. If I am then I don't know how to display it.


<?php>
session_start(); 
$id = $_POST['amano'];
$_SESSION['amano'] = '$amano';     
             
echo "Pageviews = ". $_SESSION['amano'];  // My effort to see what is happening.
echo "<br />";
echo "AMA # = ". $_POST['amano']; // I have it just like I want it here.
echo "<br />";
echo "Sessions AMA # = ".$_SESSION['amano']; 
?>

Question about variable variables and using session variables for them. O.K. So if I have:

$foo = 3;
$_SESSION['bar'] = "foo";

$$_SESSION['bar']  should equal the value of $foo, however I can't get it to work. Can someone tell me what I am doing wrong..... is it formatting???

Thanks,
Thomas

hi there,
i'm trying to put a message in the footer of a page which welcomes a person who is logged in with his/her name, using sessions of course; when i place this:
Code: [Select]
$username = $_SESSION['valid_user'];
in the footer before the echo:
Code: [Select]
echo "You are logged in as $username";
but the session is also needed before the footer to use the username for other things , such as -checking his credit- so if place in footer the footer shows name in browser but checking credit would not happen as the assignment is at the buttom.

IF i place the assignment above at the top of the file:

everything works for the user and checking credit ..etc...but the footer is not there...

cud not put this any clearer..sorry...hope if someone cud help...thanks