PHP - Sessions

hello

i am makeing a forum and to post a new thread it has to check if the user is logged in, so i log into my website and i go to the post new topic but it says im not logged in here is the new_topic.php and also the login.php

new_topic.php
<?php
session_start();
include_once "../scripts/connect_to_mysql.php"; // Connect to the database
// Check to see if the user is logged in with session variables
if (!isset($_SESSION['userpass']) || $_SESSION['userpass'] == "") {

echo "Please log in...";

exit();
} else {

// Assume they are a member because they have a password session variable set

// Check the database to be sure that their ID, password, and email session variables all match in the database

$u_id = mysql_real_escape_string($_SESSION['id']);

$u_name = mysql_real_escape_string($_SESSION['username']);

$u_email = mysql_real_escape_string($_SESSION['useremail']);

$u_pass = mysql_real_escape_string($_SESSION['userpass']);

$sql = mysql_query("SELECT * FROM myMembers WHERE id='$u_id' AND username='$u_name' AND email='$u_email' AND password='$u_pass'");
    $numRows = mysql_num_rows($sql);
    if ($numRows < 1) {

    echo "ERROR: You do not exist in the system.";

    exit();
    }
}

////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
// Check to make sure the URL variables of "sid" and "title" are set
if (!isset($_POST['forum_id']) || $_POST['forum_id'] == "" || !isset($_POST['forum_title']) || $_POST['forum_title'] == "") {

echo "Important variables are missing";

exit();
} else {

// Acquire the variables and proceed to show them a form for creating a new topic

$forum_section_id = preg_replace('#[^0-9]#i', '', $_POST['forum_id']); 

$forum_section_title = preg_replace('#[^A-Za-z 0-9]#i', '', $_POST['forum_title']); 
}
///////////////////////////////////////////////////////////////////////////////////////////////////
$sql = mysql_query("SELECT * FROM forum_sections WHERE id='$forum_section_id' AND title='$forum_section_title'");
$numRows = mysql_num_rows($sql);
if ($numRows < 1) {

    echo "ERROR: That section deos not exist.";

    exit();
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link href="style/style.css" rel="stylesheet" type="text/css" />
<title>Create New Topic</title>
<script type="text/javascript" language="javascript"> 
<!--
function validateMyForm ( ) { 
    var isValid = true;
    if ( document.form1.post_title.value == "" ) { 

    alert ( "Please type in a title for this topic" ); 

    isValid = false;
    } else if ( document.form1.post_title.value.length < 10 ) { 
            alert ( "Your title must be at least 10 characters long" ); 
            isValid = false;
    } else if ( document.form1.post_body.value == "" ) { 
            alert ( "Please type in your topic body." ); 
            isValid = false;
    }
    return isValid;
}
//-->
</script>
</head>
<body>
<?php include_once("template_header.php"); ?>
<table style="background-color: #F0F0F0; border:#069 1px solid; border-top:none;" width="900" border="0" align="center" cellpadding="12" cellspacing="0">
  <tr>
    <td width="731" valign="top">
    <div id="breadcrumbs"><a href="http://www.webintersect.com">Web Intersect Home</a> &larr; <a href="http://www.webintersect.com/forum">Forum Home</a> &larr; <a href="section.php?id=<?php echo $forum_section_id; ?>"><?php echo $forum_section_title; ?></a></div>
    <h2>Creating New Topic In the  <em><?php echo $forum_section_title; ?></em> Forum</h2>
    
    <form action="parse_post.php" method="post" name="form1">
    <input name="post_type" type="hidden" value="a" />
    Topic Author:<br /><input name="topic_author" type="text" disabled="disabled" maxlength="64" style="width:96%;" value="<?php echo $u_name; ?>" />
    <br /><br />
    Please type in a title for your topic he <br /><input name="post_title" type="text" maxlength="64" style="width:96%;" /><br /><br />
    Please type in your topic body:<br /><textarea name="post_body" rows="15" style="width:96%;"></textarea>
    <br /><br /><input name="" type="submit" value="Create my topic now!" onclick="javascript:return validateMyForm();"/>
    <input name="fsID" type="hidden" value="<?php echo $forum_section_id; ?>" />
    <input name="fsTitle" type="hidden" value="<?php echo $forum_section_title; ?>" />
    <input name="uid" type="hidden" value="<?php echo $_SESSION['id']; ?>" />
    <input name="upass" type="hidden" value="<?php echo $_SESSION['userpass']; ?>" />
    </form>
    
    </td>
    <td width="189" valign="top"><div style=" width:160px; height:600px; background-color: #999; color: #CCC; padding:12px;"> <br />
      <br />
      <br />
      <h3>Ad Space or Whatever</h3>
    </div></td>
  </tr>
</table>
<?php include_once("template_footer.php"); ?>
</body>
</html>

login.php
<?php
// Start Session to enable creating the session variables below when they log in
session_start();
// Force script errors and warnings to show on page in case php.ini file is set to not display them
error_reporting(E_ALL);
ini_set('display_errors', '1');
//-----------------------------------------------------------------------------------------------------------------------------------
// Initialize some vars
$errorMsg = '';
$email = '';
$pass = '';
$remember = '';
if (isset($_POST['email'])) {

$email = $_POST['email'];

$pass = $_POST['pass'];

if (isset($_POST['remember'])) {

$remember = $_POST['remember'];

}

$email = stripslashes($email);

$pass = stripslashes($pass);

$email = strip_tags($email);

$pass = strip_tags($pass);

// error handling conditional checks go here

if ((!$email) || (!$pass)) { 

$errorMsg = 'Please fill in both fields';

} else { // Error handling is complete so process the info if no errors

include 'scripts/connect_to_mysql.php'; // Connect to the database

$email = mysql_real_escape_string($email); // After we connect, we secure the string before adding to query

    //$pass = mysql_real_escape_string($pass); // After we connect, we secure the string before adding to query

$pass = md5($pass); // Add MD5 Hash to the password variable they supplied after filtering it

// Make the SQL query
        $sql = mysql_query("SELECT * FROM myMembers WHERE email='$email' AND password='$pass' AND email_activated='1'"); 

$login_check = mysql_num_rows($sql);
        // If login check number is greater than 0 (meaning they do exist and are activated)

if($login_check > 0){ 
    

while($row = mysql_fetch_array($sql)){

// Pleae note: Adam removed all of the session_register() functions cuz they were deprecated and

// he made the scripts to where they operate universally the same on all modern PHP versions(PHP 4.0  thru 5.3+)

// Create session var for their raw id

$id = $row["id"];   

$_SESSION['id'] = $id;

// Create the idx session var

$_SESSION['idx'] = base64_encode("g4p3h9xfn8sq03hs2234$id");
                    // Create session var for their username

$username = $row["username"];

$_SESSION['username'] = $username;

mysql_query("UPDATE myMembers SET last_log_date=now() WHERE id='$id' LIMIT 1");
        

//die($username);
    

} // close while

    

// Remember Me Section
    

if($remember == "yes"){
                    $encryptedID = base64_encode("g4enm2c0c4y3dn3727553$id");
    

    setcookie("idCookie", $encryptedID, time()+60*60*24*100, "/"); // Cookie set to expire in about 30 days

        setcookie("passCookie", $pass, time()+60*60*24*100, "/"); // Cookie set to expire in about 30 days

$_SESSION['username'] = $username;
    

} 
    

// All good they are logged in, send them to homepage then exit script
    

//die($_SESSION['username']);

$_SESSION['username'] = $username;

header("location: index.php?user=$username;"); 
    

exit();

} else { // Run this code if login_check is equal to 0 meaning they do not exist

    $errorMsg = "Incorrect login data, please try again";

}


    } // Close else after error checks

} //Close if (isset ($_POST['uname'])){

?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="icon" href="favicon.ico" type="image/x-icon" />
<link rel="shortcut icon" href="favicon.ico" type="image/x-icon" />
<link href="style/main.css" rel="stylesheet" type="text/css" />
<script src="js/jquery-1.4.2.js" type="text/javascript"></script>
<title>Log In</title>
<style type="text/css">
<!--
body {

margin-top: 0px;
}
-->
</style></head>
<body>
<table width="400" align="center" cellpadding="6" style="background-color:#FFF; border:#666 1px solid;">
  <form action="login.php" method="post" enctype="multipart/form-data" name="signinform" id="signinform">
    <tr>
      <td width="23%"><font size="+2">Log In</font></td>
      <td width="77%"><font color="#FF0000"><?php print "$errorMsg"; ?></font></td>
    </tr>
    <tr>
      <td><strong>Email:</strong></td>
      <td><input name="email" type="text" id="email" style="width:60%;" /></td>
    </tr>
    <tr>
      <td><strong>Password:</strong></td>
      <td><input name="pass" type="password" id="pass" maxlength="24" style="width:60%;"/></td>
    </tr>
  <tr>
      <td align="right">&nbsp;</td>
      <td><input name="remember" type="checkbox" id="remember" value="yes" checked="checked" />
        Remember Me</td>
    </tr>
    <tr>
      <td>&nbsp;</td>
      <td><input name="myButton" type="submit" id="myButton" value="Sign In" /></td>
    </tr>
    <tr>
      <td>&nbsp;</td>
      <td>&nbsp;</td>
    </tr>
    <tr>
      <td colspan="2">Forgot your password? <a href="forgot_pass.php">Click Here</a>
  <br /></td>
    </tr>
    <tr>
      <td colspan="2">Need an Account? <a href="register.php">Click Here</a><br />        <br /></td>
    </tr>
  </form>
</table>
<br />
<br />
<br />
</body>
</html>

i have an upload form and a posting form on the same page.
when you upload a file it is uploaded to the server. what i am then trying to do is add the name of the file to $_SESSION['attachment'] so i can use it later. When the user posts their form i want the session to be inserted into the database but the session always comes up empty.

this is what happens when they upload their file
Setting the session and moving the file:
session_start();
$_SESSION['attachment'] = "EXAMPLE";
move_uploaded_file($_FILES['Filedata']['tmp_name'], "../attachments/" . time() . $_FILES['Filedata']['name']);

and then when they submit their form(textarea) it uploads the contents to the database and the contents of the session aswell.

Why is this session always empty?

I am new to SESSIONS and have a quick question about them.

I want to use sesssions on my site but was wondering if they would work for the follow senario.

Say a customer visits my url: http://www.mysite.com/?id=2

Now what i am doing is taking the id out of the URL using sessions and redirecting the user to  http://www.mysite.com while my session ($_SESSION['id']) holds the value 2 in it. I have this working great, i believe it just looks better.

Now if my customer decides to buy my product via paypal and is directed off my site while he/she is paying for said item on paypal when they return could i still use some of the information that i stored in my session??

I know i could use post and get to pass through paypal but unfortunately i have to use sessions for what i am trying to do.

Hey Guys,

Me again!  Still working on this bloody database!

Okay, so I have a site that people can add a record to a database.  This record is filled using a form and the form contains an image that can be uploaded.

This works fine.

Then there's the ability to search a record based on a boolean search which displays a table with the record data and displays a thumbnail of the photo.

This also works fine.

Then I have a script that (once it's working) will allow you to edit the record.

This is where I'm having issues.  Here's my process for the form:

User searches for the record by using a boolean search Search finds the record and displays a form containing the original values in the database User changes some parts of the original record using the form Form then updates the database with the new values
The problem I'm having is with the photo function.  If there's no photo attached, I was getting an error saying that the photo field could not be empty.  So I used the following process:

User searches for the record using edit.php Form is displayed using edit_process.php edit_process.php is posted to update.php that has conditions to check if the file upload field is empty or not If the field is empty, then it requires updatenophoto.php If the field has a new image, it uses updatephoto.php
When I submit the form to the update.php script, it does nothing and gives me a blank page.

Here's my code for each of the parts (hit the character limit, code in comments):

session_save_path("/home/content/q/1/w/q1w2e3r4t5y6u7/html/tmp/");
session_start();


I have this at the head of my index page. I'd like to count how many files are in temp to find out how many users are online. After going to my index page, i checked how many users were online via the script I wrote and it said 1. I refreshed the page and it said 2. It went as high as 10 with each refresh and then I stopped because something isn't right. I checked my temp folder and there are 10 temp files. How can one page visitor start so many unique sessions? Is there a way to prevent this? I'm using the session start command with dual purpose. One, if a user loads the page. Secondly, to check if $_SESSION['active'] exists so I know this is a registered user. How can i limit the amount of sessions started by an unknown user and efficiently count how many files are in the temp directory?

I there. I am making a small game, either you or the computer win depending on who's life hit 0 first I am using sessions to hold the health values, however I need a little bit of help. How do I make it actually go down after each move until one hits 0? Here is my script and thanks in advance...
Code: [Select]
<?php
session_start();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Fighting Game</title>
</head>
<body>
<form action="fighting_game.php" method="post">
<select name='move_choice' id='move_choice'>
<option value='punch'>Punch</option>
<option value='kick'>Kick</option>
</select>
<input type='submit' name='submitbtn' value='Continue' id='submitbtn'>
</form>
<div id='matchdiv'>
<?php
$_SESSION['ai_health'] = 100;
$_SESSION['player_health'] = 100;

$moves_ai = array("Computer punches you in the face!","Computer kicks you in the gut!");
$moves_player = array("You punch Computer in the face!","You kick computer in the gut!");
$move_damage = array(2,10);
$move_dam_multiplier_player = array(rand(1,5),rand(5,10));
$move_dam_multiplier_ai = array(rand(1,5),rand(5,10));
if($_POST['submitbtn']){
  $choice = $_POST['move_choice'];
    }

   if($choice == "punch"){
   $total_dam_ai=($move_damage[0]*$move_dam_multiplier_ai[0]);
   $total_dam_player=($move_damage[0]*$move_dam_multiplier_player[0]);
   
   echo"$moves_player[1]"." Causing ".$total_dam_player." damage!<br>";
       echo"Computers current health is ". ($_SESSION['ai_health']-$move_damage[0]*$move_dam_multiplier_player[0]);
   echo"<br>$moves_ai[1]"." Causing ".$total_dam_ai." damage!<br>";
       echo"Your current health is ". ($_SESSION['player_health']-$move_damage[0]*$move_dam_multiplier_ai[0]);

  
     }
 
 elseif($choice == "kick"){
   $total_dam_ai=($move_damage[1]*$move_dam_multiplier_ai[1]);
   $total_dam_player=($move_damage[1]*$move_dam_multiplier_player[1]);
   
   echo"$moves_player[1]"." Causing ".$total_dam_player." damage!<br>";
       echo"Computers current health is ". ($_SESSION['ai_health']-$move_damage[1]*$move_dam_multiplier_player[1]);
   echo"<br>$moves_ai[1]"." Causing ".$total_dam_ai." damage!<br>";
       echo"Your current health is ". $new_player_health=($_SESSION['player_health']-$move_damage[1]*$move_dam_multiplier_ai[1]);
   
 
 }
   if($_SESSION['ai_health']<=0 && $_SESSION['player_health']>=0){
   echo"<br>Computer falls to the ground! He is knocked out! You win!";
   }
   
   if($_SESSION['player_health']<=0 && $_SESSION['ai_health'] >= 0){
   echo"<br>You fall to the ground! You are knocked out! You lose!";
   }
   if($_SESSION['player_health']<=0 && $_SESSION['ai_health'] <=0){
   echo"<br>You both fall to the ground! You are both knocked out! It's a draw!";
   }

?>
</div>
</body>
</html>

Hello,
Is there a problem in destroying a session and then starting it in the same file, for example:


session_name();
session_start();

session_destroy();



And lastly, if I create a variable $_SESSION['user'] under a session called 'one' i.e. session_name("one") and then create another variable $_SESSION['user'] under a session called 'two' i.e. session_name("two").
Are these two variables the same?

Im makigna simple login system for a sight but i only want them to have to login if they want to go to the shopping cart i have t implement a session_start() on every page before the cart page so the home page products page etc etc and then on the cart page ive a simple function that checks if their logged in if not then it will direct them to the login page if they are they should just continue is this the correct way to do it ?

thanx

I am trying to create a blog and visitor log, where I should be able to log in as admin and add the item and see the visitor log.
I want a password protected administration section and I want to use sessions on the administration section.

When I for example click on add post, I want it to log in and go to page addpost.php where I can enter my text.

This is what I've done so far. I would like to know what I have done wrong and how I should do to accomplish what I have mentioned above.




<?php
session_start(); 
if(isset($_POST['btnLogin']) || isset($_POST['addpost'])){
$txtUserId = $_REQUEST['txtUserId'];

$txtPassword = $_REQUEST['txtPassword'];

if (isset($_POST['txtUserId']) && isset($_POST['txtPassword'])) {

if ($_POST['txtUserId'] === 'admin' && $_POST['txtPassword'] === 'abc123') {

//$_SESSION['basic_is_logged_in'] = true;

echo "you are logged in";

}

elseif (empty($txtUserId) || empty($txtPassword))

{
echo "fill in username and password";
}  
elseif ($_POST['txtUserId'] != 'admin'){

echo "wrong username";

}

elseif ($_POST['txtPassword'] != 'abc123'){
echo "wrong password";

}
}
}
?>
<?php
//if (!isset($_SESSION['basic_is_logged_in']) 
//   || $_SESSION['basic_is_logged_in'] !== true) 
  
?>


<html>
<head>
<title>Main User Page</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>

<form method="post" name="frmLogin" id="frmLogin" action="main.php">
<table width="400" border="1" align="center" cellpadding="2" cellspacing="2">
<tr>
<td width="150">User Id</td>
<td><input name="txtUserId" type="text" id="txtUserId"></td>
</tr>
<tr>
<td width="150">Password</td>
<td><input name="txtPassword" type="password" id="txtPassword"></td>
</tr>
<tr>
<td><input type="submit" name="btnLogin" value="Login"></td>
</tr>
<tr>
<td><input type="submit" name="addpost" value="add post" /></td>
</tr>
<tr>
<td><input type="submit" name="showstat" value="Show visitors log" /></td>
</tr>
<tr>
<td><input type="submit" name="blogg" value="To blog (logout)" /></td>
</tr>

</table>
</form>


</body>
</html>

I have an "Email a Friend" form that captures the referring url and saves it in a session.  The problem is that if someone decides not to send the form and navigates away from the page, and then decides to email another page, it saves the previous url.  How can I have it so that it clears the previous url and uses the new one?

Code: [Select]
if(!isset($_SESSION['referrer'])){
//get the referrer
if ($_SERVER['HTTP_REFERER']){
$referrer = $_SERVER['HTTP_REFERER'];
}
else{
$referrer = "http://www.mcse-training-classes.com";
}
//save it in a session
$_SESSION['referrer'] = $referrer;
}

I haven't used sessions much until now, so this is probably due to my ignorance. I have a page that sets the session variable, and if I print from that page, the session variable (an array) is correct. But when I move to the next page, the same session variable has old, old, wrong data. The $arrAttendeeList  is an exploded list from a textarea on a form turned into an array. Example:

This page, let's call it page1.php, sets the variable:

Code: [Select]
<?php
$_SESSION['arrAttendeeList'] = $arrAttendeeList;

foreach ($_SESSION['arrAttendeeList'] as $temp) {
print "$temp <br />";
}
exit;
?>

Results:

Smithers, Waylon
Bouvier, Selma
Brockman, Kent

But the next page, page2.php, when I call the same variable:

Code: [Select]
<?php
foreach ($_SESSION['arrAttendeeList'] as $temp) {
print "<br />$temp <br>";
}
?>

I get yesterday's data:

Smithers, Waylon 
Bouvier, Selma

I've tried setting the session var to null but with the same results. Do I need to kill the session var before setting it to something else?

Thanks -

Hi

Something strange is happening and I can't understand it.

A user can access an availability page of accommodation and book ita room, this works fine, and goes from availability to the booking form and back quite well, carrying the room  id of the accommdation and room/s selected in a session.

If they close the browser down and open the availability page again all the rooms are there as before, but when they select a room and go to the booking form the session of the room  id  and the rooms selected are empty.

If I do a session destroy and open the browser up again everything works fine again.

I have tried this in Chrome and Firefox and it seems to work fine

Any help would be appreciated

hey on my page a list of people get listed by a category u choose

if u choose a category and click ok, u are sent to the same page,
and i get the category with POST

      if(isset ($_POST['type']))
   {
   $gameholder = $_POST['game'];
   $typeholder = $_POST['type'];
   }

this works ...
the list of people is 30 members / page
when u click on page 2, the post doesnt work anymore, and i get errors, logic ...

now i want to get around this with making a session emediatly when the vars get out of POST

      if(isset ($_POST['type']))
   {
   $gameholder = $_POST['game'];
   $typeholder = $_POST['type'];
   $_session['gameholder'] = $gameholder;
   $_session['typeholder'] = $typeholder;
   print $_session['gameholder'];
   }

this also works
now i want when people click on page 2, the needed vars will come out of the Sessions, and not out of POST
so i did this

   if(!isset ($_POST['type']))
   {
   $gameholder = $_session['gameholder'];
   $typeholder = $_session['typeholder'];

   }
but this is not working
theres nothing in $gameholder

also when i move the print session out of the if, it should show when someone clicks page 2
but its not ...

any suggestions on this?

thanks!

Hello,
I would like to make a session which saves the input.
To make this easier to understand i will explain my whole problem.

I will have that image uploader:

HTML:
<input type="file" /......>
<input type="submit".....>

and some php behind it to upload the image.
When the file will be uploaded, there will be the text if you want to continue to next page (other php file) to edit uploaded file.

Now what i am asking you is: If the user clicks yes, i want the session to save name of uploaded image without extension and save it as variable, so i can use it on that another page and print it out.

Thank you