|
PHP - $_session Variable Checking Does Not Work...
Code: [Select]
<?php function Login() { session_start(); $_SESSION["loggedin"] = true; echo "You are logged in!"; header("Location: ../L_index.php"); //Aka Logged in Index. } function Logout() { $_SESSION["loggedin"] = false; session_destroy(); } function checklogin() { session_start(); if ($_SESSION["loggedin"] == true) { return true; } else { return false; } } ?> This is just a tiny bit of my code, there is security holes, but as you see, there is 3 functions: Login Logout Checklogin But when i use the Login function, everything is fine, but if i then use the checklogin, then it always returns true(it returns true after i used the logout function), why? Similar Tutorials
First let me explain my code. This is later included in project_status.php] . In project_status.php] , I have included another file project_status_app.php which contains a HTML form.
<?php
include 'inc_fn_header_and_menu.php';
function includeFile($file,$variable) {
$var = $variable;
include($file);
}
if (isset($_GET['id']) && $_GET['id']!="") {
$pid = $_GET['id'];
$_SESSION['pidForApproval'] = $_GET['id'];
$query = 'SELECT * FROM `profile` WHERE pid ='.'\''.$pid.'\'';
$result=mysqli_query($db,$queryToRetrievePP) or die("There are no records to display ... \n" . mysqli_error());
foreach ($result as $row) {
$status = $row['status'];
}
}
...........some PHP and HTML code.......
<div id="customerPurchaseApprovalForm">
<?php
echo '<p>APPROVAL FOR CUSTOMER PURCHASE</p>';
$discountApprovalStatus = "Granted";
if ($discountApprovalStatus == "Granted") {
includeFile("project_status_app.php",$highestannualvalue);
} else {
//.........
}
In project_status_app.php I am attempting to retrieve pidForApproval from the $_SESSION array.
<?php
// put your code here UPDATE `pp` SET `customer_purchase_remarks` = 'hahaha' WHERE `pp`.`id` = 207;
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
include '../../inc/fastlogin.php';
$sql = "UPDATE pp SET customer_purchase_remarks ='{$_POST['remarkstxt']}' WHERE pp.pid='{$_SESSION['pidForApproval']}'";
$result = mysqli_query ( $fastdb, $sql ) ;
if (mysqli_affected_rows($fastdb) != 1) {
$_SESSION['err_cpa_rmks'] = "<p>Error while updating WHERE id='{$_SESSION['pidForApproval']}'</p>";
//echo "<p>Error while updating WHERE id='{$_POST['pidForApproval']}'</p>".mysqli_error($fastdb);
} else {
$_SESSION['suc_cpa_rmks'] = "<p>Records was updated successfully.</p>";
//echo "Records was updated successfully.";
}
header ("location: project_status.php?id="$_SESSION['pidForApproval']);
exit();
}
?>
When I load project_status.php, project_status_app.php is supposed to display the form. Once the user fills in the form the and the submit button has been pressed, the UPDATE statement is supposed to run and then it is supposed to navigate back to project_status.php?id=FA142. But the update is failing and the when the project_status.php is loaded back, the url looks like this http://localhost/fast/project_status.php?id= . The id is empty. It is supposed to be something like this http://localhost/fast/project_status.php?id=FA142. With the id being populated at the
header ("location: project_status.php?id=".$_SESSION['pidForApproval']);
Missing some information. I've written a script where it counts the page impressions on my website. When a visitor lands on the page, it counts their impression and then sets a $_SESSION so that if they reload or return to the page it doesn't count it again. But the problem is it sometimes does. Does this mean that the $_SESSION isn't being set probably? That's what it seems to be. And if so, what would be the reason for that? Here's my basic code: Code: [Select] if(isset($_SESSION['userid'])){ $userid = $_SESSION['userid']; } else{ $userid = rand(1000, 10000000); $_SESSION['userid'] = $userid; } $date = date('Y-m-d'); $counters = mysql_query("SELECT * FROM counters WHERE userid='$userid' AND impressions='1' AND date='$date'") or die(mysql_error()); if(!mysql_num_rows($counters)){ mysql_query("INSERT INTO counters (userid, impressions, date) VALUES('$userid', '1', current_date)") or die(mysql_error()); } Hi all, here's my code: Code: [Select] <?php foreach ($_SESSION['topping'] as $value) { echo "<tr><td width='30%'>Topping</td><td width='50%'>$value</td><td width='20%'><select name='notopping'>"; foreach ($_SESSION['cupcake'] as $number) { '<option name="notoppings[]" value="'.$number.'">".$number."</option>'; } echo "</select></td></tr>"; } ?> $_SESSION['cupcake'] is a value from either 6, 12, 24 or 36. What I want to do is put them into a drop down box (second foreach) as the value and the displayed value - counting up from 1 (so 1,2,3,4,5,6 or up to 12,24 etc). Also by creating this as an array, does this mean than for each topping (say Vanilla and Chocolate) the value dynamically created can be used on the next page by using $_POST['notoppings'] to display each type (two different numbers - one for Vanilla and one for Chocolate). Does that make sense? Thanks! Jason Quote Hi guys, I have a question, I have a fairly large site wich we have resellers for, but in certain circumstances for admin purposes, we need to be able to login under the same credentials EG: I might be doing something on one machine and i need to log in on another machine to do something else but with my user name and pass At the moment when i try to to this It will log out the session already logged in when i try to log in from the other machine Is there away around this,, i suspect that when i log in from the other machine its ending the first session Any Idears Guys and Gals..... really stuck If I do a mysql query from a database on a field that either has a number or is blank, how can I write php to check that. In other words, I am getting that value back into a variable called $isaresult and doing... Code: [Select] if ($isaresult !== '') { //value exists } else { //no value yet } It's that first line of code that doesn't seem to be working. Should I be using "null" or something instead? I'm not real experienced with checking if a value exists, so let me know the proper way to do it (since I assume there are multiple ways). Thanks! How can I check a variable to see if it is NULL and if so set to 0000-00-00? I've tried: if ($var IS NULL) THEN $var='0000-00-00'; to no avail. Hi Guyz, I need to check the variable $itemDescription to see if the client has entered a '1' before the item description(example: 1 table) Reason, is the client would like to add sales tax to all NOn-Food related items of 6.25% This is for a local auction house. It needs to be simple. i,e. Don't wanna add any more form fields. Just let the user type the number 1 before all items that need to be taxed. Here's my code: Code: [Select] <?php ob_start(); ?> <link rel="stylesheet" href="style.css" type="text/css"> <style type="text/css"> </style> </head> <?PHP session_start(); ob_start(); # Config settings below # Change these to whatever you want :) ############################# $cellsPerRow = '6'; ############################# include('connect.php'); // These queries get the amount of bidders that are in the database $getAllBidders = mysql_query("SELECT `id` FROM bidders"); $totalBidders = mysql_num_rows($getAllBidders); // This section is to check if the Add New Item form has been submitted if($_POST['addNewItem']) { // Retrieve Query Strings from URL $itemDescription = $_POST['itemDescription']; $itemPrice = $_POST['itemPrice']; $winningBidder = $_POST['winningBidder']; $totalDeals = $_POST['totalDeals']; $totalPrice = ($totalDeals*$itemPrice); // Check the submitted data and make sure all is correct if(!$itemDescription) { $message = 'You must enter an Item Description.'; } else if(!$itemPrice) { $message = 'You must enter an Item Price.'; } else if(!$winningBidder) { $message = 'You must enter a Winning Bidder ID.'; } else if(!$totalDeals) { $message = 'You must enter the amount of Deals.'; } else if(!is_numeric($winningBidder)) { $message = 'The Winning Bidder ID can only be numbers.'; } else { // Check to see if the bidder ID already exists $checkBidder = mysql_query("SELECT * FROM bidders WHERE biddersId='$winningBidder' LIMIT 1"); $checkBidder = mysql_fetch_assoc($checkBidder); // If the Bidder ID does not exist, we re-direct to allow us to save the Bidder ID if(!$checkBidder) { header("Location: ?action=confirmListing&iDesc=".$itemDescription."&iPrice=".$itemPrice."&wBidder=".$winningBidder."&tDeals=".$totalDeals.""); } else { // If Bidder ID exists we just insert the transaction accordingly mysql_query("INSERT INTO transactions (`itemDescription`, `itemPrice`, `bidderId`, `itemQty`, `totalPrice`) VALUES ('$itemDescription', '$itemPrice', '$winningBidder', '$totalDeals', '$totalPrice');"); $message1 = 'The transaction has been successfully added.'; mysql_query("SELECT owed From bidders WHERE biddersId='$winningBidder'") or die(mysql_error()); if ($row['owed']==0) { mysql_query("UPDATE bidders SET owed='1' WHERE biddersId='$winningBidder'") or die(mysql_error()); } } } } // This section is to check if the Add Bidder to database form has been submitted if($_POST['confirmBidder']) { $itemDescription = $_POST['itemDescription']; $itemPrice = $_POST['itemPrice']; $winningBidder = $_POST['winningBidder']; $totalDeals = $_POST['totalDeals']; $totalPrice = ($itemPrice*$totalDeals); $addBidder = $_POST['addBidder']; $checkInput= preg_match([1]+*); if ($itemDescription== $checkInput) $itemPrice= $itemPrice * 6.25%; mysql_query("INSERT INTO transactions (`itemDescription`, `itemPrice`, `bidderId`, `itemQty`, `totalPrice`) VALUES ('$itemDescription', '$itemPrice', '$winningBidder', '$totalDeals', '$totalPrice');"); $message1 = 'The transaction has been successfully added.'; if($addBidder == 'Yes') { mysql_query("INSERT INTO bidders (biddersId) VALUES ('$winningBidder');"); $message1 .= '<br> The Bidder ID has also been added.'; mysql_query("SELECT owed From bidders WHERE biddersId='$winningBidder'") or die(mysql_error()); if ($row['owed']==0) { mysql_query("UPDATE bidders SET owed='1' WHERE biddersId='$winningBidder'") or die(mysql_error()); } } if($addBidder == 'No') { $message1 = '<br><font color= "red"> Bidder has NOT been logged.</font>'; } // $itemDescription = ''; // $itemPrice = ''; // $winningBidder = ''; // $totalDeals = ''; // $totalPrice = ''; // $addBidder = ''; } ?> <?PHP // This line of code will check the current task we are doing if($_GET['action'] == 'confirmListing') { $itemDescription = $_GET['iDesc']; $itemPrice = $_GET['iPrice']; $winningBidder = $_GET['wBidder']; $totalDeals = $_GET['tDeals']; ?> <form name="confirmBidder" method="POST" action="?"> <?PHP // This is the hidden data from the previous form // Better than using sessions and GET query ?> <input type="hidden" name="itemDescription" id="itemDescription" value="<?PHP echo $itemDescription;?>"> <input type="hidden" name="itemPrice" id="itemPrice" value="<?PHP echo $itemPrice;?>"> <input type="hidden" name="winningBidder" id="winningBidder" value="<?PHP echo $winningBidder;?>"> <input type="hidden" name="totalDeals" id="totalDeals" value="1"> <table cellpadding="0" cellspacing="1" border="0" style="background: #ffffff; margin: auto;"> <tr> <td colspan="2" class="formHeader"> Add New Auction Item </td> </tr> <tr> <td class="formField"> Add This Bidder? </td> <td class="formValue"> <select name="addBidder" id="addBidder" class="input" style="width: 195px;"> <option value="Yes">Yes</option> <option value="No">No</option></select> </td> </tr> <tr> <td colspan="2" class="formButton"> <input type="submit" name="confirmBidder" id="confirmBidder" value="Confirm Bidder Action?"> <input type="reset" name="reset" id="reset" value="Reset Form"> </td> </tr> </table> </form> <?PHP // If the action is not to confirm a listing then show add item section } else { ?> <?PHP//----- Add New Item Section -----\\?> <?PHP if($message) { echo '<div class="Error">',$message,'</div><div style="height: 10px;"></div>'; } else if($message1) { echo '<div class="Success">',$message1,'</div><div style="height: 10px;"></div>'; } ?> <form name="addNewItem" method="POST" action="?"> <table cellpadding="0" cellspacing="1" border="0" style="background: #ffffff; margin: auto;"> <tr> <td colspan="2" class="formHeader"> Add New Auction Item </td> </tr> <tr> <td class="formField"> Item Description </td> <td class="formValue"> <input type="text" name="itemDescription" class="formText" id="itemDescription" value="<?=$itemDescription;?>" style="width: 195px;"> </td> </tr> <tr> <td class="formField"> Item Price </td> <td class="formValue"> <input type="text" name="itemPrice" class="formText" id="itemPrice" value="<?=$itemPrice;?>" style="width: 195px;"> </td> </tr> <tr> <td class="formField"> Winning Bidder ID </td> <td class="formValue"> <input type="text" name="winningBidder" class="formText" id="winningBidder" style="width: 195px;"> </td> </tr> <tr> <td class="formField"> How Many Deals? </td> <td class="formValue"> <input type="text" name="totalDeals" class="formText" id="totalDeals" value="1" style="width: 195px;"> </td> </tr> <tr> <td colspan="2" class="formButton"> <input type="submit" name="addNewItem" id="addNewItem" value="Add New Auction Item?"> <input type="reset" name="reset" id="reset" value="Reset Form"> </td> </tr> </table> </form> <?PHP//----- Add New Item Section -----\\?> <?PHP } ?> All help appreciated to the fullest... Hello all! I have a page that dynamically generates checkboxes in a for() loop if $i<$product_qty, while it is generating the checkboxes the name for them is set like this $product_id_$i. In part of the next page that processes the checkboxes, I have a part that regenerates the names for those checkboxes using a for() loop again and the product_qty and then checks to see whether the checkbox is empty or not. Everything looks right in the for() loop, yet the if() that checks whether it isset or not just ignores the ones that are set. If I make a static if with the actual name of the checkbox the if() comes back as true. I've hit a brickwall, can anyone see any errors in my code? Code is below. // Get Old Order $get_order = @mysql_query("SELECT * FROM orders WHERE order_id = {$_POST['order_id']}"); $order = @mysql_fetch_assoc($get_order); // Get Old Order Items $products = $order['products']; //breaking products text down for display $prod = array(); $_products = explode('|', $products); foreach ($_products AS $p) $prod[] = explode(',', $p); if(empty($prod)) { header("Location: tracking.php"); die(); } /* // Create New Order @mysql_query("INSERT INTO orders SET customer_id = {$order['customer_id']}, order_status = {$order['order_status']}, order_date = '{$order['order_date']}', order_date_paid = '{$order['order_date_paid']}', order_shipping = '{$order['order_shipping']}', order_shipping_fee = '{$order['order_shipping_fee']}', order_insurance = '{$order['order_insurance']}', order_insurance_fee = '{$order['order_insurance_fee']}', order_insurance_total = '{$order['order_insurance_total']}', order_grand_total = '{$order['order_grand_total']}', order_date = '{$order['order_date']}', order_filled = '{$order['order_filled']}', order_ship_date = '{$order['ship_date']}'"); $get_new_order = @mysql_query("SELECT MAX(order_id) AS order_id FROM orders"); $new_order_id = @mysql_result($get_new_order, 'order_id', 0); */ // Add Items to New Order & Remove Items from Old Order $new_items = array(); foreach($prod as $p2) { for($i = 0; $i < $p2[0]; $i++) { if(!empty($_POST[$p2[3].'_'.$i])) { $new_items[$p2[3]]++; } } } if(isset($_POST['50_4'])) { echo "hi"; } TIA! Jonathan Hi All, I'm having a major mind blank, and can't find anything in the previous posts resolving what I'm after. I'm setting $searchtext = $_POST['searchtext']; I want to check $seachtext is not null. I've seen isset($searchtext) but it doesn't solve my problem. Basiclaly; I want an if statement to say if(isset($searchtext)) {......} Thoughts? I have the following if statement: Code: [Select] if ((isset($select_category) == 'All') || (!isset($select_category)) && (!isset($most_liked))) { The value for the variable gets taken from a drop down menu, which is a list of categories. The problem I am having is with the isset condition check is that the variable is always set, but it does not consider the check for equality with the 'All' condition. Which basically means no matter which category I choose from the drop down menu, it always goes to this very first if statement, and does NOT go to the other elseif statement, and I think it has to do with the isset condition check, because without it it would work, though without it I am getting a notice warning, that the variables are undefined. Any ideas how I can make it check if its equal to 'All' together with the isset condition check? What I am trying to say is no matter which category is chosen, with the isset condition check, the variable is always set, thus the if statement is true, there basically seems to be a contradiction going on. Hello everyone, I am working on a form that is similar to a shopping cart system and I am thinking of creating a button that submits the checked value and saves them to a $_SESSION variable. And also a link that links to a cart.html that takes the values of a $_SESSION variable. I am have trouble figuring what tag/attribute should I use in order to achieve that.
Right now my code attached below submits the checked values to cart.html directly. However I want my submit button to save the checked box to a $_SESSION variable and STAY on the same page. And then I will implement a <a> to link to the cart.php.
I researched a little bit about this subject and I know it's somewhat related to ajax/jquery. I just wanted to know more about it from you guys. I appreciate your attention for reading the post and Thanks!
Below is the form that I currently have:
<form name= "finalForm" method="POST" action="cart.php">
<input type="Submit" name="finalSelected"/>
<?php foreach($FinalName as $key => $item) {?>
<tr>
<td><input type="checkbox" name="fSelected[]" value="<?php echo htmlspecialchars($FinalID[$key])?>" />
<?php echo "$FinalID[$key] & $item";?>
</td>
</tr>
<?php } ;?>
Below is the code for cart.php
<?php
require ('connect_db.php');
if(isset($_POST['finalSelected']))
{
if(!empty($_POST['fSelected']))
{
$chosen = $_POST['fSelected'];
foreach ($chosen as $item)
echo "aID selected: $item </br>";
$delimit = implode(", ", $chosen);
print_r($delimit);
}
}
if(isset($delimit))
{
$cartSQL = "SELECT * from article where aID in ($delimit)";
$cartQuery = mysqli_query($dbc, $cartSQL) or die (mysqli_error($dbc));
while($row = mysqli_fetch_array($cartQuery, MYSQLI_BOTH))
{
$aTitle[] = $row[ 'name' ];
}
}
?>
<table>
<?php if(isset($delimit)) {
$c=0; foreach($aTitle as $item) {?>
<tr>
<td>
<?php echo $aTitle[$c]; $c++;?>
</td>
</tr>
<?php }}?>
</table>
I've coded an error variable thing to help with my login but it doesn't work and I am puzzled to why it does not. (>.<) error codes such as: Code: [Select] <?php /* checks to see if forms are filled in, if not, create a variable that will be used later. if forms are filled in than the variable is nothing and nothing will be echoed therefore passing onto the next if statement and repeating. */ if(!$_POST['username'] | !$_POST['pass']) { $errormessage_didnotfillinform = ('<center>You did not fill in a required field!</center>'); } else{ $errormessage_didnotfillinform = (''); } ?> Code: [Select] <html> <body> <!-- html such as the follow, goes here. --> <div align="center"><b>Log in</b> <form action="" method="post"> <table class="centered" border="0"> <tr><td>Username:</td><td> <input type="text" name="username" maxlength="40"> </td></tr> <tr><td>Password:</td><td> <input type="password" name="pass" maxlength="50"> </td></tr> <tr><td colspan="2" align="right"> <input type="submit" name="submit" value="Login"> </td></tr></table> </form></div> </body> </html> Code: [Select] <?php echo ( $errormessage_didnotfillinform ); if ( $errormessage_didnotfillinform ) == ('') { echo ( $errormessage_accountdoesnotexist ); } if ( $errormessage_accountdoesnotexist ) == ('') { echo ( $errormessage_invalidusernameorpassword ); } ?>
When I echo out my variable in the php file it works fine but when I put the variable in a table cell it doesn't echo out. Hi all, Thanks for reading. I'm hella frustrated at this script I wrote: for some reason, it will not work correctly. Basically, it works. The first 4 names in the table on the database show up when searched. But, anything past these four names in the database will not show up as a result when searched! I'm pulling my hair out here! It's really simple - take a gander: Code: [Select] if (isset($_POST['submit'])) { $search = $_POST['search']; $searchQuery = mysql_query("SELECT * FROM Accounts WHERE FullName='$search'"); if (mysql_num_rows($searchQuery) == 0) { $result = "Your search returned no results. Please try again."; } else { $results = 1; while ($getSearchResults = mysql_fetch_array($searchQuery)) { $fullName = $getSearchResults['FullName']; $result = "Name: ".$fullName.""; } } } ?> ...and the HTML form... Code: [Select] <form action="search.php" method="post"> <p>Search: <input type="text" name="search" size="35" maxlength="100" /></p> <p><input type="submit" value="Search" name="submit" /></p> <?php echo $result; ?> </form> Does anyone have any ideas? preg_replace() asks that "Delimiter must not be alphanumeric or backslash" in the pattern. So I changed $new_text = preg_replace($_POST['withthis'] ,$_POST['withthis'],$_POST['text']); to this $replacethis = $_POST['replacethis']; $new_text = preg_replace("/$replacethis/",$_POST['withthis'],$_POST['text']); It works fine, but out of curiosity, is there any way to have the POST variable as a parameter directly, and why does it not work? Just to try it, I attempted: "/$_POST['withthis']/" and $_POST["/'withthis'/"] and both do not work. str_replace is a better option I think, but I am just trying to get a better understanding of this delimiter rule. Thanks for your time! For the last few hours I have been pulling my hair out on a session not storing when I moved from local host to my vps. I have been setting sessions like: $_SESSION['mydata'] = $variable; This works no problem on my wamp installation. However to get it to work on my vps, I have to store them like this $_SESSION[mydata] = $variable; Can someone please explain to me why this is the case? Hey, i was reading some code and i find this: if(stristr($_SESSION["s"]["user"]["asdasd"]),$someString) How the double/triple [] in $_SESSION works ? PS: I tryied to google it but it was kinda hard to search :X Thanks. Hi i have made a login in system for a website iam trying to make. after you log in im trying to display the members username via the $_session created in the check_login.php. but when i Echo or print_r the $_session all is get is "welcome array" its like its not passing any information via the $_session from page to page. here is my code thanks in advance. Check_login.php session_start(); // username and password sent from form $myusername=$_POST['myusername']; $mypassword=md5($_POST["mypassword"]); // To protect MySQL injection (more detail about MySQL injection) $myusername = stripslashes($myusername); $mypassword = stripslashes($mypassword); $myusername = mysql_real_escape_string($myusername); $mypassword = mysql_real_escape_string($mypassword); $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1){ // Register $myusername, $mypassword and redirect to file "login_success.php" $_SESSION["myusername"]==$myusername; $_SESSION["mypassword"]; header("location:login_success.php"); } else { echo "Wrong Username or Password"; } ?> login_success.php <? session_start(); if($_SESSION['myusername']="$myusername"){ header("location:main_login.php"); } Echo "welcome" . $_SESSION['$myusername']; ?> thanks The $_Session has a url variable. Using a Dom how do I properly do: Code: [Select] html->load($_SESSION['variable']) I was thinking about breaking down the session to retrieve the value inside but I don't know how. PHP 5.3.3 I am trying to redirect a user (currently logged in) to a page where they are able to edit a posted comment. To keep things secure I am using a forms hidden input value to pass the {postID} to a redirect page Code: [Select] <form name="post_edit" method="post" action="post-edit-redirect.php" > <input type="hidden" name="local" id="local" value="<?php echo $row_rsPosts['postID']; ?>" /> <input type="image" src="../imgs/managepost.png" name="submit" /> </form> On the redirect page (simplified below) I am setting the {postID} in a SESSION before redirecting to the user to the page to edit their post with the new $_SESSION val for {postID} set. Code: [Select] session_start(); $id = $_REQUEST['local']; $_SESSION['postID']=$id; header("Location: edit-post.php"); This is working fine in every browser except IE (some one please just put an end to it), where when the edit-post.php page is reached the $_SESSION['postID'] is empty. If I regenerate the session ID from the redirect page as below IE then sets the SESSION ok. Code: [Select] session_start(); session_regenerate_id(); $id = $_REQUEST['local']; $_SESSION['postID']=$id; header("Location: edit-post.php"); However there should be no need to do this and would rather not if there is no need. Any help on why IE is not setting the SESSION is appreciated, and I hope I am not covering old ground here however I am unable to find a solution anywhere. - Cheers |
|||||||