PHP - Sessions Deletion.

Hi,

I have an admin area to update users detials etc..

I want this area to be secure so only admins can access it, Currently anyone and everyone can access the page.

Code: [Select]
<?PHP
session_start();
/* really need to use a session variable to insure authorized to be here */

include ('db.php');
 /*
========================================
99% of the time it is better to put your query in a string. It makes debugging much easier
========================================
*/
$query = "SELECT * FROM companies";
$result = mysql_query($query ) or die("SELECT Error: ".mysql_error());
$num_rows = mysql_num_rows($result);

/*
========================================
I find it easier to locate problems if I indent code properly
and drop out of PHP if there are large sections of html
========================================
*/
?>
<br><br><br>There are <?PHP echo $num_rows; ?> removalspace users so far.<P>
<table width="819" height="114">
<tr>
<th>Company Name</th>
        <th>Contact Name</th>
        <th>Contact Number</th>
        <th>Email</th>
        <th>Address Line 1</th>
        <th>Address Line 2</th>
      <th>Location</th>
<th>Postcode</th>
<th>Basic Members</th>
<th>Upgraded Users</th>
<th>Company Logo</th>
        <th>Approved</th>
       
  </tr>
<tr>
<td colspan="6"></td>
</tr>
<?PHP
while ( $row = mysql_fetch_array($result, MYSQL_ASSOC )) {
?>
<tr>
<td><?PHP echo $row['company_name']; ?></td>
            <td><?PHP echo $row['contact_name']; ?></td>
            <td><?PHP echo $row['phone']; ?></td>
            <td><?PHP echo $row['email']; ?></td>
            <td><?PHP echo $row['street1']; ?></td>
            <td><?PHP echo $row['street2']; ?></td>
<td><?PHP echo $row['location']; ?></td>
<td><?PHP echo $row['postcode']; ?></td>
<td><?PHP echo $row['basicpackage_description']; ?></td>
<td><?PHP echo $row['premiumuser_description']; ?></td>
<?PHP
/*
========================================
I presume you want to show the thumb version here
========================================
*/
?>
<td><img src="images/thumbs/<?PHP echo $row['upload']; ?>" alt="logo"/></td>
</tr>

<tr>
<td colspan="10">
<table>
<tr>
<td>Current level = <?PHP echo $row['approved']; ?></td>
<td><a href="admin02.php?id=<?PHP echo $row['id']; ?>&level=1">Level 1 - Free</a></td>
<td><a href="admin02.php?id=<?PHP echo $row['id']; ?>&level=2">Level 2 - Basic</a></td>
<td><a href="admin02.php?id=<?PHP echo $row['id']; ?>&level=3">Level 3 - Premium</a></td>
<td><a href="admin02.php?id=<?PHP echo $row['id']; ?>&level=0">Level 0 - Do Not Display</a></td>
</tr>
</table>
</tr>
<?PHP
}
echo "</table>";
?></table>

i know it's something like:

<?php

session_start();

if(isset($_SESSION " but dont know how to finish it correctly? "

?>

When using sessions, must there be a session_start()
in each page for the browser to be considered part of the session?

Can a user browse to a page without session_start() and still have that part of the original session that he/she began with??

Hi

Something strange is happening and I can't understand it.

A user can access an availability page of accommodation and book ita room, this works fine, and goes from availability to the booking form and back quite well, carrying the room  id of the accommdation and room/s selected in a session.

If they close the browser down and open the availability page again all the rooms are there as before, but when they select a room and go to the booking form the session of the room  id  and the rooms selected are empty.

If I do a session destroy and open the browser up again everything works fine again.

I have tried this in Chrome and Firefox and it seems to work fine

Any help would be appreciated

I am trying to create a blog and visitor log, where I should be able to log in as admin and add the item and see the visitor log.
I want a password protected administration section and I want to use sessions on the administration section.

When I for example click on add post, I want it to log in and go to page addpost.php where I can enter my text.

This is what I've done so far. I would like to know what I have done wrong and how I should do to accomplish what I have mentioned above.




<?php
session_start(); 
if(isset($_POST['btnLogin']) || isset($_POST['addpost'])){
$txtUserId = $_REQUEST['txtUserId'];

$txtPassword = $_REQUEST['txtPassword'];

if (isset($_POST['txtUserId']) && isset($_POST['txtPassword'])) {

if ($_POST['txtUserId'] === 'admin' && $_POST['txtPassword'] === 'abc123') {

//$_SESSION['basic_is_logged_in'] = true;

echo "you are logged in";

}

elseif (empty($txtUserId) || empty($txtPassword))

{
echo "fill in username and password";
}  
elseif ($_POST['txtUserId'] != 'admin'){

echo "wrong username";

}

elseif ($_POST['txtPassword'] != 'abc123'){
echo "wrong password";

}
}
}
?>
<?php
//if (!isset($_SESSION['basic_is_logged_in']) 
//   || $_SESSION['basic_is_logged_in'] !== true) 
  
?>


<html>
<head>
<title>Main User Page</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>

<form method="post" name="frmLogin" id="frmLogin" action="main.php">
<table width="400" border="1" align="center" cellpadding="2" cellspacing="2">
<tr>
<td width="150">User Id</td>
<td><input name="txtUserId" type="text" id="txtUserId"></td>
</tr>
<tr>
<td width="150">Password</td>
<td><input name="txtPassword" type="password" id="txtPassword"></td>
</tr>
<tr>
<td><input type="submit" name="btnLogin" value="Login"></td>
</tr>
<tr>
<td><input type="submit" name="addpost" value="add post" /></td>
</tr>
<tr>
<td><input type="submit" name="showstat" value="Show visitors log" /></td>
</tr>
<tr>
<td><input type="submit" name="blogg" value="To blog (logout)" /></td>
</tr>

</table>
</form>


</body>
</html>

Hello,
Is there a problem in destroying a session and then starting it in the same file, for example:


session_name();
session_start();

session_destroy();



And lastly, if I create a variable $_SESSION['user'] under a session called 'one' i.e. session_name("one") and then create another variable $_SESSION['user'] under a session called 'two' i.e. session_name("two").
Are these two variables the same?

I have a simple php script that starts sessions. On every page, I include :

if(isset($_SESSION['sessionname'])){
//The rest of the page
}
else
{
die("Not logged in");

}
I always include the session start and always regenerate the session id after <?php. The code works fine withevery browser except for a certain version of Internet Explorer 8. Even though the browser does enable cookies, it doesn`t seem to allow the ones in my script. In fact, every time I change page, it ives the error message "Not logged in". I have tried it on two different compters with the exact same version of IE and the result was the same.

Thank you for your time!

I there. I am making a small game, either you or the computer win depending on who's life hit 0 first I am using sessions to hold the health values, however I need a little bit of help. How do I make it actually go down after each move until one hits 0? Here is my script and thanks in advance...
Code: [Select]
<?php
session_start();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Fighting Game</title>
</head>
<body>
<form action="fighting_game.php" method="post">
<select name='move_choice' id='move_choice'>
<option value='punch'>Punch</option>
<option value='kick'>Kick</option>
</select>
<input type='submit' name='submitbtn' value='Continue' id='submitbtn'>
</form>
<div id='matchdiv'>
<?php
$_SESSION['ai_health'] = 100;
$_SESSION['player_health'] = 100;

$moves_ai = array("Computer punches you in the face!","Computer kicks you in the gut!");
$moves_player = array("You punch Computer in the face!","You kick computer in the gut!");
$move_damage = array(2,10);
$move_dam_multiplier_player = array(rand(1,5),rand(5,10));
$move_dam_multiplier_ai = array(rand(1,5),rand(5,10));
if($_POST['submitbtn']){
  $choice = $_POST['move_choice'];
    }

   if($choice == "punch"){
   $total_dam_ai=($move_damage[0]*$move_dam_multiplier_ai[0]);
   $total_dam_player=($move_damage[0]*$move_dam_multiplier_player[0]);
   
   echo"$moves_player[1]"." Causing ".$total_dam_player." damage!<br>";
       echo"Computers current health is ". ($_SESSION['ai_health']-$move_damage[0]*$move_dam_multiplier_player[0]);
   echo"<br>$moves_ai[1]"." Causing ".$total_dam_ai." damage!<br>";
       echo"Your current health is ". ($_SESSION['player_health']-$move_damage[0]*$move_dam_multiplier_ai[0]);

  
     }
 
 elseif($choice == "kick"){
   $total_dam_ai=($move_damage[1]*$move_dam_multiplier_ai[1]);
   $total_dam_player=($move_damage[1]*$move_dam_multiplier_player[1]);
   
   echo"$moves_player[1]"." Causing ".$total_dam_player." damage!<br>";
       echo"Computers current health is ". ($_SESSION['ai_health']-$move_damage[1]*$move_dam_multiplier_player[1]);
   echo"<br>$moves_ai[1]"." Causing ".$total_dam_ai." damage!<br>";
       echo"Your current health is ". $new_player_health=($_SESSION['player_health']-$move_damage[1]*$move_dam_multiplier_ai[1]);
   
 
 }
   if($_SESSION['ai_health']<=0 && $_SESSION['player_health']>=0){
   echo"<br>Computer falls to the ground! He is knocked out! You win!";
   }
   
   if($_SESSION['player_health']<=0 && $_SESSION['ai_health'] >= 0){
   echo"<br>You fall to the ground! You are knocked out! You lose!";
   }
   if($_SESSION['player_health']<=0 && $_SESSION['ai_health'] <=0){
   echo"<br>You both fall to the ground! You are both knocked out! It's a draw!";
   }

?>
</div>
</body>
</html>

i have two files in php both have the same code and the file is
Code: [Select]
<?php
session_start();

$con = mysql_connect("l","root",""); // here localhost and password will be filled accordingly
if (!$con)
{
die('Connection failu  ' . mysql_error());
}

mysql_select_db("student",$con);

$fetch=mysql_query("SELECT * from student1") or die(mysql_error());
$row = mysql_fetch_array($fetch) or die(mysql_error());

sleep(10);

echo "Name: ".$row[0]."</br>";
echo " Age: ".$row[1]."</br>";
echo " Address: ".$row[2];
mysql_close($con);
?>
Now i have another file which has the same code as above except there is no sleep function used in it . Now when i run the file which is wothout sleep it displyas results in seconds however the file with sleep function takes it time.

Now the problem is if i load the file woth sleep function first then its delayed nature is reflected in another file which is without sleep() i.e now the file without sleep is taking longer time to open.

please explain all this and possible solution to this problem
the other file is
Code: [Select]
<?php
session_start();

$con = mysql_connect("localhost","root","instablogs");
if (!$con)
{
die('Connection failu  ' . mysql_error());
}

mysql_select_db("student",$con);

$fetch=mysql_query("SELECT * from student1") or die(mysql_error());
$row = mysql_fetch_array($fetch) or die(mysql_error());

echo "Name: ".$row[0]."</br>";
echo " Age: ".$row[1]."</br>";
echo " Address: ".$row[2]."</br>";

mysql_close($con);

?>

I have an "Email a Friend" form that captures the referring url and saves it in a session.  The problem is that if someone decides not to send the form and navigates away from the page, and then decides to email another page, it saves the previous url.  How can I have it so that it clears the previous url and uses the new one?

Code: [Select]
if(!isset($_SESSION['referrer'])){
//get the referrer
if ($_SERVER['HTTP_REFERER']){
$referrer = $_SERVER['HTTP_REFERER'];
}
else{
$referrer = "http://www.mcse-training-classes.com";
}
//save it in a session
$_SESSION['referrer'] = $referrer;
}

I haven't used sessions much until now, so this is probably due to my ignorance. I have a page that sets the session variable, and if I print from that page, the session variable (an array) is correct. But when I move to the next page, the same session variable has old, old, wrong data. The $arrAttendeeList  is an exploded list from a textarea on a form turned into an array. Example:

This page, let's call it page1.php, sets the variable:

Code: [Select]
<?php
$_SESSION['arrAttendeeList'] = $arrAttendeeList;

foreach ($_SESSION['arrAttendeeList'] as $temp) {
print "$temp <br />";
}
exit;
?>

Results:

Smithers, Waylon
Bouvier, Selma
Brockman, Kent

But the next page, page2.php, when I call the same variable:

Code: [Select]
<?php
foreach ($_SESSION['arrAttendeeList'] as $temp) {
print "<br />$temp <br>";
}
?>

I get yesterday's data:

Smithers, Waylon 
Bouvier, Selma

I've tried setting the session var to null but with the same results. Do I need to kill the session var before setting it to something else?

Thanks -

Basically I am trying to make a login with sessions but its just not working. Can someone look and see for any errors in what I wrote or snippet suggestions?
<?php
    //Start session
    session_start();
    
    //Include database connection details
    require_once('config.php');
    
    //Array to store validation errors
    $errmsg_arr = array();
    
    //Validation error flag
    $errflag = false;
    
    //Connect to mysql server
    $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
    if(!$link) {
        die('Failed to connect to server: ' . mysql_error());
    }
    
    //Select database
    $db = mysql_select_db(DB_DATABASE);
    if(!$db) {
        die("Unable to select database");
    }
    
    //Function to sanitize values received from the form. Prevents SQL injection
    function clean($str) {
        $str = @trim($str);
        if(get_magic_quotes_gpc()) {
            $str = stripslashes($str);
        }
        return mysql_real_escape_string($str);
    }
    
    //Sanitize the POST values
    $username = clean($_POST['username']);
    $password = clean($_POST['password']);
    
    //Input Validations
    if($username == '') {
        $errmsg_arr[] = 'Username missing';
        $errflag = true;
    }
    if($password == '') {
        $errmsg_arr[] = 'Password missing';
        $errflag = true;
    }
    
    //If there are input validations, redirect back to the login form
    if($errflag) {
        $_SESSION['ERRMSG_ARR'] = $errmsg_arr;
        session_write_close();
        header("location: login.php");
        exit();
    }
    
    //Create query
    $qry="SELECT * FROM users WHERE AND username='$username' AND password='$password'";
    $result=mysql_query($qry);
    
    //Check whether the query was successful or not
    if($result) {
        if(mysql_num_rows($result) == 1) {
            //Login Successful
            session_regenerate_id();
            $member = mysql_fetch_assoc($result);
            $_SESSION['SESS_MEMBER_ID'] = $member['member_id'];
            $_SESSION['SESS_USERNAME'] = $member['username'];
            $_SESSION['SESS_EMAIL'] = $member['email'];
            $_SESSION['SESS_BETAKEY'] = $member['betakey'];
            $_SESSION['SESS_PIN'] = $member['pin'];
            session_write_close();
            header("location: member-index.php");
            exit();
        }else {
            //Login failed
            $errmsg_arr[] = 'Username/Password Invalid';
            $_SESSION['ERRMSG_ARR'] = $errmsg_arr;
            session_write_close();
            header("location: login.php");
            exit();
    }
    }else {
        die("Query failed");
    }
?>

I am new to SESSIONS and have a quick question about them.

I want to use sesssions on my site but was wondering if they would work for the follow senario.

Say a customer visits my url: http://www.mysite.com/?id=2

Now what i am doing is taking the id out of the URL using sessions and redirecting the user to  http://www.mysite.com while my session ($_SESSION['id']) holds the value 2 in it. I have this working great, i believe it just looks better.

Now if my customer decides to buy my product via paypal and is directed off my site while he/she is paying for said item on paypal when they return could i still use some of the information that i stored in my session??

I know i could use post and get to pass through paypal but unfortunately i have to use sessions for what i am trying to do.

Hey Guys,

Me again!  Still working on this bloody database!

Okay, so I have a site that people can add a record to a database.  This record is filled using a form and the form contains an image that can be uploaded.

This works fine.

Then there's the ability to search a record based on a boolean search which displays a table with the record data and displays a thumbnail of the photo.

This also works fine.

Then I have a script that (once it's working) will allow you to edit the record.

This is where I'm having issues.  Here's my process for the form:

User searches for the record by using a boolean search Search finds the record and displays a form containing the original values in the database User changes some parts of the original record using the form Form then updates the database with the new values
The problem I'm having is with the photo function.  If there's no photo attached, I was getting an error saying that the photo field could not be empty.  So I used the following process:

User searches for the record using edit.php Form is displayed using edit_process.php edit_process.php is posted to update.php that has conditions to check if the file upload field is empty or not If the field is empty, then it requires updatenophoto.php If the field has a new image, it uses updatephoto.php
When I submit the form to the update.php script, it does nothing and gives me a blank page.

Here's my code for each of the parts (hit the character limit, code in comments):

hey i think i may have stored session variables incorrectly
Code: [Select]
$_SESSION['tel'] = $_GET['Lat'];
$_SESSION['Lon'] = $_GET['Lon'];
$_SESSION['Lat'] = $_GET['Lat'];
is what i used to set the session variables with the data i then enter these into a table and they enter the correct information but two pages down the line i try to access them however i just get undefined variable when i set the variable is equal to the session.
Code: [Select]
$MyLon = $_SESSION['Lon'];
$MyLat = $_SESSION['Lat'];

the following is the errorr Quote

Notice: Undefined index: Lat in