|
PHP - Lock The Session To A Specific Ip Address
Similar TutorialsI am having trouble figuring out the right keywords to search for this, but what would I need to research if I want a user to send an email to a specific address (i.e. support@domain.com) and to have it create a new MySQL database entry, sort of like a help desk would generate? I want to make the form so only people with a specific email address can sign up to the site. So for example their ending email address was.... @something.apple.biz.com .. but to be accepted into the site, the email HAS to end with apple.biz.com. How could you validate it so it matches something specific like this. Here is my code at the moment which just checks that their is at least one . after the @ for it to be an acceptable email. If anyone could say what else to add to do this would be great if($email != '' && $register){ $emailcheck = explode("@", $email); $sql = "SELECT email FROM member WHERE email='$email'"; $query = mysql_query($sql); $emails = mysql_num_rows($query); if($emails != 0 ){ $alert .= '<p class="alert" style="clear:both;">That email address has already been registered</p>'; $register = false; }elseif(count($emailcheck) != 2){ $alert .= '<p class="alert" style="clear:both;">Please enter a valid email address</p>'; $register = false; }elseif(count($emailcheck) == 2){ $emailchecktwo = explode(".", $emailcheck[1]); if(count($emailchecktwo) < 2){ $alert .= '<p class="alert" style="clear:both;">Please enter a valid email address</p>'; $register = false; } } } Hi there im trying to destroy a specific session i have been looking through many different ways on google but have yet to find one the reason i want to do this is because my website part of the website that is being made has to have a login to view everything and this login ontop to view restricted content, so far my logout has destroyed both sessions and i cant find an answer, all the nessecory scripts are listed below Login: <?php if(isset($_POST['code'])) { $host="***********"; // Host name $username="*************"; // Mysql username $password="************"; // Mysql password $db_name="******"; // Database name // Connect to server and select databse. mysql_connect($host, $username, $password); mysql_select_db($db_name); // username and password sent from form $myusername=$_POST['myusername']; $mypassword=$_POST['mypassword']; // To protect MySQL injection (more detail about MySQL injection) $myusername = stripslashes($myusername); $mypassword = stripslashes($mypassword); $myusername = mysql_real_escape_string($myusername); $mypassword = mysql_real_escape_string($mypassword); // encrypt password $encrypted_mypassword=md5($mypassword); $sql="SELECT * FROM members WHERE username='$myusername' and password='$encrypted_mypassword'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1){ // Register $myusername, $mypassword and redirect to file "login_success.php" session_register("myusername"); session_register("mypassword"); header("location:jncomenu.php"); } else { echo "Wrong Username or Password"; } } ?> Check session: <? session_start(); if(!session_is_registered(myusername)){ header("location:JNCOlogin.php"); } ?> Logout: <? session_start(myusername); session_destroy(myusername); header("location:index.php"); ?> The first session is the same script bar [php][session_register("username"); session_register("password"); /php] Any help will be greatly appriciated. Thank, Blink359 I am following along in a PHP, MySQL book and the way they clear session variables is by: Code: [Select] session_start(); session_unset(); session_destroy(); They clear session variables like that in that exact order. My question is that this apparently clears ALL session variables for the browser in use. Every website I have visited when you click a LOGOUT button ONLY logs you out of their specific site and DOES NOT seem to clear ALL session variables as this would log you out of any other websites that you might be logged into with that same browser. So, I went to the PHP website and found out that instead of using the session_unset () function you can clear individual session variables using the unset ($_SESSION['varname']) function. Is this a good way of clearing session variables ONLY for a PARTICULAR website and NOT clearing session variables for the WHOLE browser? If so, would I then NOT use the session_destroy () function after clearing each individual session variable specific to that ONE website using unset ($_SESSION['varname'])? Thank you in advance! I have this simple while loop which retrieves data from a mysql query and displays several links on my homepage. I would like to avoid using the php get function and add query strings to my urls I am thinking of using session variables but I need help and I'm pretty sure this can't be done. When a visitor clicks a link from the several ones displayed by the while loop, that particular variable would be set in a session. In my code, the session will always send the last var Can this be done? Code: [Select] <? session_start(); // Start Session Variables $result = mysql_query("my query"); while($slice = mysql_fetch_assoc($result)){ $url = $slice['url']; $name = $slice['name']; ?> <a href="<? echo $url; ?>"><? echo $name; ?></a> <? } $_SESSION['name'] = $name; // Store session data ?> I have a form with PHP validation and also a mysqli query checking for duplicates in the database for mailing address and email address in mysql.
It works fine but the customers are adding spaces in the mailing address for example 111 mailing address A V E, 1 1 1 ma iling address A V E etc. and my sql query doesn't see that as an address that's a duplicate.
Their alslo adding email address like my@emailaddress.com and m.y@emailaddress.com, m.y.2@emailaddress.com etc to bypass that comparision also.
Is there anyway to stop this from happening?
I'm not sure if JS or PHP is causing my browser to lock up when I access this page. I have a database of zipcodes ... approx. 70,000 of them. I have a php loop put them into a JS array. I then want JS to create a drop down with all the zip codes. On Chrome it completely doesn't work. On FF it will loop to about 64,000 and then give a warning that the script is taking too long. Reading up on google it seems that JS should be able to handle an array much bigger then mine... so what could be he problem? <script language="javascript"> function addOption(selectbox,text,value ) { var optn = document.createElement("OPTION"); optn.text = text; optn.value = value; selectbox.options.add(optn); } <?php //TESTING $con = mysql_connect("","",""); mysql_select_db("", $con); //END TESTING $data = mysql_query("SELECT postalCode FROM geo_city WHERE postalCode !='' ORDER BY postalCode ASC") or die(mysql_error()); echo 'function addOption_list(selectbox){ var zip = new Array("VOID"'; while($info = mysql_fetch_array($data)){ echo ',"'.$info['postalCode'].'"'; } echo ');'; ?> for (var i=0; i < zip.length;++i){ addOption(document.drop_list.zip_list, zip[i], zip[i]); } } </script> </head> <body onLoad="addOption_list()";> <FORM name="drop_list" action="" method="POST" > <SELECT NAME="zip_list"> <Option value="" >Zip Code list</option> </SELECT> </form> I have a folder with php includes files and one of them has the username and password of the database. Is there any way that i can lock the folder and unlock it with php. Or do it using the cpanel of my server? I use the Wholesale Suite Premium Prices plugin with WooCommerce. I have 6 specific wholesale roles out of 15 that I wish to hide two specific shipping methods from being selected for the 6 exceptions. I'm just trying this on my staging server at this time using a code snippet example that I found and modified for my specific conditions. Would the following work for this purpose?
/* Hide specific shipping methods for specific wholesale roles */
add_filter( 'woocommerce_package_rates', function( $shipping_rates ) {
// User role and shipping method ID to hide for the user role
$role_shipping_method_arr = array(
'ws_silvia_silver' => array( 'Silvia Premium Standard Shipping (Tracking Service)'),
'ws_silvia_silver_pst_exempt' => array( 'Silvia Premium Standard Shipping (Tracking Service)'),
'ws_silvia_silver_tax_exempt' => array( 'Silvia Premium Standard Shipping (Tracking Service)'),
'ws_silvia_silver' => array( 'Silvia Union Standard Shipping (Tracking Service)'),
'ws_silvia_silver_pst_exempt' => array( 'Silvia Union Standard Shipping (Tracking Service)'),
'ws_silvia_silver_tax_exempt' => array( 'Silvia Union Standard Shipping (Tracking Service)'),
'ws_silvia_gold' => array( 'Silvia Premium Standard Shipping (Tracking Service)'),
'ws_silvia_gold_pst_exempt' => array( 'Silvia Premium Standard Shipping (Tracking Service)'),
'ws_silvia_gold_tax_exempt' => array( 'Silvia Premium Standard Shipping (Tracking Service)'),
'ws_silvia_gold' => array( 'Silvia Union Standard Shipping (Tracking Service)'),
'ws_silvia_gold_pst_exempt' => array( 'Silvia Union Standard Shipping (Tracking Service)'),
'ws_silvia_gold_tax_exempt' => array( 'Silvia Union Standard Shipping (Tracking Service)'),
);
// Getting the current user role
$curr_user = wp_get_current_user();
$curr_user_data = get_userdata($current_user->ID);
// Wholesale Suite Roles
if (isset($current_user) && class_exists('WWP_Wholesale_Roles')) {
$wwp_wholesale_roles = WWP_Wholesale_Roles::getInstance();
$wwp_wholesale_role = $wwp_wholesale_roles->getUserWholesaleRole();
// Loop through the user role and shipping method pair
foreach( $role_shipping_method_arr as $role => $shipping_methods_to_hide ) {
// Check if defined role exist in current user role or not
if( in_array( $role, $current_user->roles) ) {
// Loop through all the shipping rates
foreach( $shipping_rates as $shipping_method_key => $shipping_method ) {
$shipping_id = $shipping_method->get_id();
// Unset the shipping method if found
if( in_array( $shipping_id, $shipping_methods_to_hide) ) {
unset($shipping_rates[$shipping_method_key]);
}
}
}
}
}
return $shipping_rates;
});
Any insights as to how to accomplish this would be greatly appreciated. Lyse I have a little php site that looks up data in my crm database quickly and easily on my iphone. Right now it's wide open because I'm in and out of it all day and trying to input uid/pw into a secure login page is a pain in the rear. (we're not talking about sensitive data here and I'm the only user.) So, I would like to design a screen with several large graphic buttons and be able to touch those buttons in a specific sequence that would functionally allow a secure login. Similar in concept to the android screen lock. You touch a sequence of numbered buttons and voila, the screen unlocks. It does not open a text field for data entry into two separate fields. So if my access code was 1,2,3,4 and the screen was divided into quarters with a large number on each one, I would touch the buttons in that order and it would open the main page. How would this best be accomplished? Is there a php function to essentially build a variable through successive key presses? then with a final submit it would just check that against a "secret code" and allow access. Thanks for any input. Hello All, I have a custom session.set_save_handler to handler sessions for my application. It seems to work fine. The database table is of type innodb. I see some errors in my log file of the nature, "(1205) Lock wait timeout exceeded; try restarting transaction". I have a class which contains the session handler callbacks and have made it a singleton class. session_set_save_handler( array($this, "db_open"), array($this, "db_close"), array($this, "db_read"), array($this, "db_write"), array($this, "db_destroy"), array($this, "db_gc") ); In my "db_read" method, I am doing a "SELECT FOR UPDATE" on the row with the session id. So, while performing load testing on my app. which has a lot of ajax calls, I noticed the "lock wait timeout" errors. How do I resolve this problem? Any suggestions? 1) Should I catch these errors and issue a explicit "commit" in the read or write methods? 2) Should I specify a higher timeout value for "innodb_lock_wait_timeout"? Thanks I am trying to create an index page which contains registration and login field the problem that i get is on successful login a warning is displayed session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at C:\xampp\htdocs\Eventz.com\index.php:116) in C:\xampp\htdocs\Eventz.com\index.php on line 235 This is the login part of my index.php this tag is inside an html table below the login form I also have a registration form and its php code above the login form Code: [Select] <?php if (isset($_REQUEST['pass'])) { $id=$_POST['id']; $pass=$_POST['pass']; $conn =mysql_connect("localhost","root",""); if (!$conn) { die('Could not connect: ' . mysql_error()); } /* checking connection....success! */ $e=mysql_select_db('test', $conn); if(!$e) { die(''.mysql_error()); } else { echo 'database selected successfully'; } if (isset($_REQUEST['id']) || (isset($_REQUEST['pass']))) { if($_REQUEST['id'] == "" || $_REQUEST['pass']=="") { echo "login fields cannot be empty"; } else { $sql=mysql_query("Select email,password from login where email='$id' AND password='$pass'"); $count=mysql_num_rows($sql); if($count==1) /* $count checks if username and password are in same row */ { session_start(); $_SESSION['id']=$id; echo "</br>Login Successful</br>"; } else { echo "</br>invalid</br>"; echo "please try to login again</br>"; } } } } ?> Any help or suggestion would be appreciated I am having trouble resolving an error. Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/s519970/public_html/header.php:27) in /home/s519970/public_html/admin/login.php on line 2 What I can gather is I can't use "header (Location: 'admin.php')" after i've used session_start(). I have tried to replace the header (Location: 'admin.php') with this: echo "<script>document.location.href='admin.php'</script>"; echo "<script>'Content-type: application/octet-stream'</script>"; I've been trying to read up on solutions but haven't been able to get it sorted. If anyone can offer some advice that would be greatly appreciated as im new to php. Code: [Select] <?php session_start(); if(isset($_SESSION['user'])) echo "<script>document.location.href='admin.php'</script>"; echo "<script>'Content-type: application/octet-stream'</script>"; ?> <div id="loginform"> <form action="dologin.php" method="post"> <table> <tr> <td><span>Username:</span></td> <td><input type="text" name="username" /></td> </tr> <tr> <td><span>Password:</span></td> <td><input type="password" name="password" /></td> </tr> <tr> <td colspan="2" align="right"><input type="submit" name="login" value="Login" /></td> </tr> </table> </form> </div> I have tried using require_once('yourpage.php'); before my <head></head> tags in the header document where I've specified the html information but this doesn't seem to work. I've been advised to use ob_start("ob_gzhandler"); but I am not sure how to implement this. Any advice is greatly appreciated! in this page http://maximaart.com/newscp/ i have this problem Code: [Select] Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/maximasy/public_html/newscp/index.php:1) in /home/maximasy/public_html/newscp/index.php on line 2 my source code is <?php session_start(); include_once("config.php"); include_once("functions.php"); $errorMessage = ''; if (isset($_POST['txtUserId']) && isset($_POST['txtPassword'])) { if ($_POST['txtUserId'] === "$user" && $_POST['txtPassword'] === "$pass") { // the user id and password match, $_SESSION['basic_is_logged_in'] = true; require("main.php"); exit;?> I'm making a simple login system with MySQL and PHP (very simple, I'm just starting with PHP). The MySQL portion is done, but I need to ensure only people who are logged in can see certain content. To check if people are logged in, my website checks that they have the $_SESSION['user'] variable set. If it is set, then it lets them continue through the website, if not, it tells them to login. Is that enough security, or can people simply inject a session cookie into their browser to spoof that they are logged in? My idea was to generate a session key cookie when they login (just a random string of letters and numbers) and store that in the database, then on every page, check to make sure their session key is the same thing that's in the database. Is this necessary? It seems expensive. hi everyone. i'm wondering what the best way is to create a session variable and pass it to an iframe. i need to do something along these lines, but it doesn't seem to pass the ID. Any hints on how i should accomplish this? Code: [Select] session_start(); $_SESSION['ID']=$_GET['ID']; // id from previous page $ID=session_id(); <iframe src="iframepage.php?ID=<?php echo $ID; ?>" style="width:680px; height:200px;" noresize="noresize" frameborder="0" border="0" scrolling="Yes" allowtransparency="true" /> </iframe> Evening! I've been iffing and ahhing over this and well im not too sure, hence the post. Code: [Select] // Redirects if there is no session id selected and echos the error on the previous page if(!isset($_GET['get']) || ($_GET['getget'])){ header("Location: #.php?error"); } So it should simply check if get is set if it isnt then see if getget is set? If not redirect and show the error. Now ive tried it and even when get/getget is set it still redirects, probably something silly. Care to share anyone? Harry. Just curious how other people feel about this. I am working on an application where a lot of info is pulled from MySQL and needed on multiple pages.
Would it make more sense to...
1. Pull all data ONCE and store it in SESSION variables to use on other pages
2. Pull the data from the database on each new page that needs it
I assume the preferred method is #1, but maybe there is some downside to using SESSION variables "too much"?
Side question that's kind of related: As far as URLs, is it preferable to have data stored in them (i.e. domain.com/somepage.php?somedata=something&otherdata=thisdata) or use SESSION variables to store that data so the URLs can stay general/clean (i.e. domain.com/somepage.php)?
Both are probably loaded questions but any possible insight would be appreciated.
Thanks!
Greg
Edited by galvin, 04 November 2014 - 10:30 AM. Hello, Please let me know what is the wrong with the following lines of code. I am trying to find the MAC Address of the user who is logging. When I am running the code in localhost it is working. But the same code is not working when I upload it in the server. <?php function getMac(){ exec("ipconfig /all", $output); foreach($output as $line){ if (preg_match("/(.*)Physical Address(.*)/", $line)){ $mac = $line; $mac = str_replace("Physical Address. . . . . . . . . :","",$mac); } } return $mac; } $mac = getMac(); $mac = trim($mac); echo $mac; ?> Please help. Thanks a lot in advance. Regards & Thanks. Okay, so I know how to get an IP address using $_SERVER['REMOTE_ADDR'], however, I need to get an IP a little different. How would I get the IP of the visitor on a remote site loading MY site using file_get_contents()? It just returns that remote websites server IP... :/ Thanks! |
|||||||