|
PHP - Using Session And Uniqid For Form
I have a form on page 1 that submits to page 2, then on to page 3, 4 and 5. On each page more data is collected, then page 5 puts it all into its respective place in the database.
I'm trying to prevent a duplicate entry from someone hitting the back button, and I've seen suggestions to do it with sessions and a uniqid. I'm not versed in sessions, so my first question is, because I'm not submitting to the same page, where do I put the session? on page 2 or page one? Right now, on page one, all I have is: Code: [Select] <?php session_start(); include("dbconnection.php"); ?> <!-- a bunch of javascript form validation, html code and the form --> <?php $unique_id = uniqid (rand (),true); $_SESSION['unique_id']=$unique_id; ?> <form name="register1" class="registration_form" method="post" action="register2test.php" target="_self" onsubmit="return myForm()"> <input type="hidden" name="unique_id" id="unique_id_form" value="<?php echo $unique_id; ?>" > <input type="submit" value="Submit" class="buttontype"/> </form> on page two, I'm assuming, it's something similar to... Code: [Select] <?php session_start(); if (isset($_POST["submit"])) { if ($_POST["unique_id_form"] == $_SESSION["unique_id"]) { $_SESSION["unique_id"] = ''; /*set variables here ? */ } else echo 'error'; } else { $_SESSION["unique_id"] = uniqid (rand (),true); ?> Similar TutorialsHi guru's, I was just playing around with formtokens by using the function uniqid(); (is this btw unique enough for a form token?) pretty soon i noticed something weird: I have this small script (for testing) <?php $token = uniqid; echo $token; //resulting in something like: 4cbba625bd06d ?> Now for some reason if i run this code no matter how often the first few characters are always 4cbba Anyone has an idea on why/ how et cetera? So 2 questions: - is this function good enough for creating a secure form token? - how/ why does it keep starting with 4cbba? Would love to here it, thank you I would like to secure my files from being downloaded using this code. Code: [Select] <?php $unique = md5( uniqid() ); // 32 hex characters ?> but i dont know how to apply it to my files. I am trying to learn how to program in PHP. For a long time i was using WAMP and my localhost. When i ran into trouble i searched the web, watched videos and eventually find a solution.
Trying to upload my scripts into a shared hosting web server i had some difficulties in basic things, like using $_SESSION superglobal variable.
What i want to do is to use a hidden field with a value inside a form, and after submitting the form, to compare the $_SESSION variable to the $_POST variable in order to check for CSRF.
<?php
//call all custom functions
require_once('Custom_Functions/functions.php');
//session must be send before HTML headers
secure_session_start();
?>
<!DOCTYPE html>
<html lang="en">
<body>
<?php
if(isset($_POST['submit']))
{
$postvalue = $_POST['input1'];
$sessionvalue = $_SESSION['hashed_token'];
echo '<br />==========================<br />';
echo '<br />AFTER PRESSING SUBMIT<br />';
echo '<br />==========================<br />';
echo 'Value of $_POST["hashed_token"] = '.$postvalue.'<br />';
echo 'Value of $_SESSION["hashed_token"] = '.$sessionvalue.'<br />';
}
$hashed_token = hash('sha256', uniqid(mt_rand(), TRUE));
$_SESSION['hashed_token'] = $hashed_token;
echo '<br />==========================<br />';
echo '<br />BEFORE PRESSING SUBMIT<br />';
echo '<br />==========================<br />';
echo '<br />Value of $_SESSION["hashed_token"] = '.$hashed_token.'<br />';
?>
<form action="" method="POST">
<input type="hidden" name="input1" value="<?php echo $hashed_token; ?>" />
<p><input type="submit" name="submit" /></p>
</form>
</body>
</html>
In this script i have 1 custom function:
a) secure_session_start()
function secure_session_start(){
//Set a custom session name
$session_name = 'TESTSESSID';
ini_set('session.use_only_cookies', 1);
ini_set('session.entropy_file', '/dev/urandom');
if (in_array('sha512', hash_algos())) {
ini_set('session.hash_function', 'sha256');
}
ini_set('session.use_trans_sid', 0);
ini_set('session.hash_bits_per_character', 5);
ini_set('session.cookie_secure', 1);
$secure = TRUE;
$httponly = TRUE;
$cookieParams = session_get_cookie_params();
session_set_cookie_params($cookieParams['lifetime'], $cookieParams['path'], $cookieParams['domain'], $secure, $httponly);
session_name($session_name);
ini_set("session.save_path", "/home/SESSIONS");
session_start();
}
The procedure goes as follows:
FIRST COMMUNICATION WITH THE SERVER:
The superglobal variable $_SESSION['hashed_token'] is assigned the random hash value, which is then passed to the hidden input field. I then echo it.
RESULT:
==========================BEFORE PRESSING SUBMIT ========================== Value of $_SESSION["hashed_token"] = 93438a1b9b72085ce9430291acebdc4cfdee9d001b91a26207aebc22e04689fc SECOND COMMUNICATION WITH THE SERVER: The user press the submit button, the script then checks if the submit button is pressed, and gets in the if statement(because is TRUE). Then i collect the $_POST and $_SESSION values and echo them. New random hash is assigned to the $_SESSION superglobal variable. RESULT: ========================== AFTER PRESSING SUBMIT ========================== Value of $_POST["hashed_token"] = 93438a1b9b72085ce9430291acebdc4cfdee9d001b91a26207aebc22e04689fc Value of $_SESSION["hashed_token"] = 8f176aeb3a09a1b30e0ea862c78625d7c11743da933d366cface3fa238388e57 ========================== BEFORE PRESSING SUBMIT ========================== Value of $_SESSION["hashed_token"] = c3442382b146f03394ad86911018247c57fa19d4a653d0bf6bb9bc7506e88ca0 For me this is very weird. The random hash is assigned to the $_SESSION variable, but when i try to call it after the submit is pressed its giving me a complete different value. If i remove the function secure_session_start() and just use session_start() it works: RESULT (using session_start() ) ========================== AFTER PRESSING SUBMIT ========================== Value of $_POST["hashed_token"] = a5eaaaa38c428af623a599e664ea9c64a2ff0674e18e9250c54e52bbc586b614 Value of $_SESSION["hashed_token"] = a5eaaaa38c428af623a599e664ea9c64a2ff0674e18e9250c54e52bbc586b614 ========================== BEFORE PRESSING SUBMIT ========================== Value of $_SESSION["hashed_token"] = e2d4acc239a747217860d71a80553abd41142dbeb8f6fafab511caff8a081fc4 Any ideas why this is happening? The problem is inside the secure_session_start() function but i cant find out why. Also, when i use the secure_session_start() function and more specifically the ini_set("session.save_path", "/home/SESSIONS"); i am forcing the session to be stored inside the /home/SESSIONS folder. But when i only use the session_start() the session i still gets stored inside that path. I checked my .htaccess and there is nothing storing the sessions in that folder. Why is that? One last thing: When using FIREBUG-->Cookies is see 2 names: the custom one (TESTSESSID) and PHPSESSID(which is the default). Shouldnt i only see the custom session name only? Thanks in advance. Record set has 2 text fields in the form which is set in a full repeat recordset browse. So, we get a long list of every record in the database. However, I want to be able to click on a single record and make another page appear. I can do this if the display is set as a table without using a text field form -- just the record variable and using a hyperlink. But, I want to use the text field. Wrapping the form only gets me the value of the last record displayed. Help would be appreciated. So, I have two forms.. One for displaying a submitted name. And one for displaying an array of submitted words. At the very top of my index.php, I have: Code: [Select] <?php session_start(); And only in my Second form, for displaying array of words, I've put a 'clear' button to clear the array, which works : Code: [Select] elseif (isset($_POST['reset'])) { $_SESSION['words'] = ''; unset($_SESSION['words']); session_destroy(); } Problem: When I've submitted a name in the First form, and then submit a word in the Second form, the name of the First form disappears! This is also happening the other way, as well as using the reset button for the Second form. Should I use Two Sessions? Is this possible? And how do I do it? Thanks. Hi, I have a feeling that this is going to be an easy miss but I've been over is a good few times and cannot see what it could be. Essentially, when I post the form in the first set of code (I've got rid of a load of unecessary html) the SESSION variables are not loaded into the second piece of code. Any ideas? Code: [Select] <?php session_start(); require ("connect.php"); $timeout = 1800; $logout_redirect_url = "login.php"; if (isset($_SESSION['start_time'])) { $elapsed_time = time() - $_SESSION['start_time']; if ($elapsed_time >= $timeout) { session_destroy(); header("Location: $logout_redirect_url"); } } $_SESSION['start_time'] = time(); ?> <div id="leftlink"> <a href="logout.php">Logout</a> </div> <table align="center" width="600px" cellpadding="0" cellspacing="0"> <tr> <td> <h2 align="center"><a href="index.php"><img src="images/logo.jpg" border="0" /></a> <br /> Emergency</h2> <hr /> </td> </tr> </table> </head> <body> <form action="post_reset.php" method="post" name"passre"> <table width="500" border="0" align="center" cellpadding="2" cellspacing="1"> <tr> <td width="230"><div align="right">E-mail Address : </div></td> <td width="40"> </td> <td width="230"><div align="left"> <input name="email" readonly="readonly" value="<?php echo ($_SESSION['email']) ; ?>" /></div></td> </tr> <tr> <td colspan="3"><div align="center"><input type="submit" name="submit" value="Submit" /></div></td> </tr> </table> </form> </body> </html> Code: [Select] <?php session_start; echo ($_SESSION['start_time']); require ("connect.php"); if (isset($_POST['submit'])){ $email = $_POST['email']; $getde = "SELECT * FROM users WHERE email = '$email'"; $getder = mysql_query($getde, $conn); $getdere = mysql_fetch_array($getder) Thanks Gareth Hi. Link to project: www.smarttreff.moo.no Login user: admin login pw: 123 When i login the login form wont disapear. If i return to the index(Hjem) page without logging out, the loginform disapear. I am ussing session for the login So the basicly, i want the loginform do disapear at once when the user has pushed login button(Logg in) (dont laught at my "cut and past" for the include meny.. i just made the design and chopped it to bits and put it into includes) Index.php Code: [Select] <?php session_start(); include("css.php"); include("header.php"); include("meny.php"); ?> <td width="596" valign="top"><table width="100%" border="0" cellpadding="15"> <tr> <td class="tabell" valign="top" align="left"> Main </td> </tr> </table></td> </tr> </table> <?php include("footer.php"); ?> meny.php Code: [Select] <table width="800" border="0"> <tr> <td width="198" valign="top"><table width="100%" border="0" cellpadding="15"> <tr> <td align="left" valign="top" class="tabell"> <a href="index.php">Hjem</a> <br /> Når og hvor <br /> For hvem <br /> Spørsmål og svar<br /> Forum <br /> <br /> <br /> Samarbeidspartnere </td> </tr> </table> <br /> <table width="100%" border="0" cellpadding="15"> <tr> <td class="tabell" valign="top" align="left"> <?php if(isset($_SESSION['username'])) echo "Velkommen, " .$_SESSION['username']. "!<a href='innlogget.php'>Medlemsnyheter</a><br><a href='logout.php'>Log ut</a>"; else { include("loginform.php"); } ?> </td> </tr> </table></td> <td width="15"> </td> if the session is true $_SESSION['frommonth'] i want it to show the selected session Code: [Select] <select name="from_month" id="from_month"> <option value="<?php echo $_SESSION['frommonth'];?>" selected="selected">mm</dd> <?for ($i=1;$i<=12;$i++):?> <option value="<?=$i?>"><?=$months[$i]?></dd> <?endfor;?> </select> how could i do this? Hi all I have a php form as follows: <form action="basket.php?action=add&id=1&qty=1" method="post" name="buy-product"> <input name="initial_1" id="initial_1" type="text" size="8" maxlength="1" /> <input name="initial_2" id="initial_2" type="text" size="8" maxlength="1" /> <input name="initial_3" id="initial_3" type="text" size="8" maxlength="1" /> <input name="send" type="submit" class="contact-form-button" id="send" value="Submit" /> Basically I need to add the three initials into a session so that they can be shown in the shopping cart next to the product. How do I add the initials to the session and how do I output them to the shopping cart? At the start of my basket.php script I have: $cart = $_SESSION['cart']; $action = $_GET['action']; $id = $_GET['id']; $qty = $_GET['qty']; $initial_1 = $_POST['initial_1']; $initial_2 = $_POST['initial_2']; $initial_3 = $_POST['initial_3']; I now need to create a table with the cart showing item, price and initials. Cheers Pete. I have a form that is very long. Sometimes the logged-in user will spend over 20 minutes on this screen and then when they hit submit, the session has already expired and they are redirected to the login screen and anything on that form is lost. Is there a way to reset the session timeout to zero everytime they either click the screen with the mouse, or type something into a form field (without submitting the form)? Not sure if this would only work with javascript or if there is php code that I would put in the beginning of the action.php that looks for whether the session has timed out and if so, add the form contents to the database first before logging them out? A php solution like that would be preferable to a javascript one. But also if the sessiopn has already expired, then the action.php script would be less secure if I put the code there because then anyone not logged in could use that page so that's probably not the solution. Best solution would be to reset the session timer whenever they click ont he screen or start typing in the form. This is a multi page registration form. I want to check the user input from form1.php with preg_match in form2.php then return the users details back into form1 with error messages(e.g $errname) so the user doesn't need to re enter the information. Neither the error messages or the session variables are shown in form1.php's form. I've echoed out the session variables found that the value makes it to form 2. But the variables are empty when it goes back to form 1. form1.php <html> <head> <title>Register</title> <style type="text/css"> td { vertical-align: top; } .errText { font-family: Arial; font-size: 10px; color: #CC0000; text-decoration: none; font-weight: normal; } </style> </head> <body> <form action="form2.php" method="post"> <table> <tr> <td><label for="name">Username:</label></td> <td><input type="text" name="name" id="name" size="20" maxlength="20" value="<?php echo $_SESSION['name'];?>"/> <?php if(isset($_POST[$errname])) echo $errname; ?></td> </tr><tr> <td><label for="password">Password:</label></td> <td><input type="password" name="password" id="password" size="20" maxlength="20" value=""/></td> </tr><tr> <td><label for="first_name">First name:</label></td> <td><input type="text" name="first_name" id="first_name" size="20" maxlength="20" value="<?php echo $_SESSION['first_name'];?>"/> <?php if(isset($_POST[$errfirst])) echo $errfirst; ?></td> </tr><tr> <td><label for="last_name">Last name:</label></td> <td><input type="text" name="last_name" id="last_name" size="20" maxlength="20" value="<?php echo $_SESSION['last_name'];?>"/> <?php if(isset($_POST[$errlast])) echo $errlast; ?> </td> </tr><tr> <td><label for="email">Email:</label></td> <td><input type="text" name="email" id="email" size="20" maxlength="50" value="<?php echo $_SESSION['email'];?>"/> <?php if(isset($_POST[$erremail])) echo $erremail; ?></td> </tr><tr> <td><label for="address">Address:</label></td> <td><input type="text" name="address" id="address" size="20" maxlength="20" value="<?php echo $_SESSION['address'];?>"/> <?php if(isset($_POST[$erraddress])) echo $erraddress; ?></td> </tr><tr> <td><label for="city">City/Town:</label></td> <td><input type="text" name="city" id="city" size="20" maxlength="20" value="<?php echo $_SESSION['city'];?>"/> <?php if(isset($_POST[$errcity])) echo $errcity; ?></td> </tr><tr> <td><label for="county">County:</label></td> <td><input type="text" name="county" id="county" size="20" maxlength="20" value="<?php echo $_SESSION['county'];?>"/> <?php if(isset($_POST[$errcounty])) echo $errcounty; ?></td> </tr><tr> <td><label for="post">Postcode:</label></td> <td><input type="text" name="post" id="post" size="20" maxlength="20" value="<?php echo $_SESSION['post'];?>"/> <?php if(isset($_POST[$errpost])) echo $errpost; ?></td> </tr><tr> <td><label for="home">Home Number:</label></td> <td><input type="text" name="home" id="home" size="20" maxlength="20" value="<?php echo $_SESSION['home'];?>"/> <?php if(isset($_POST[$errhome])) echo $errhome; ?></td> </tr><tr> <td><label for="mobile">Mobile:</label></td> <td><input type="text" name="mobile" id="mobile" size="20" maxlength="20" value="<?php echo $_SESSION['mobile'];?>"/> <?php if(isset($_POST[$errmobile])) echo $errmobile; ?></td> </tr><tr> <td> </td> <td><input type="submit" name="submit" value="Sumbit"/></td> </tr> </table> </form> </body> </html> form2.php <?php //let's start the session session_start(); //finally, let's store our posted values in the session variables $_SESSION['name'] = $_POST['name']; $_SESSION['password'] = $_POST['password']; $_SESSION['first_name'] = $_POST['first_name']; $_SESSION['last_name'] = $_POST['last_name']; $_SESSION['email'] = $_POST['email']; $_SESSION['address'] = $_POST['address']; $_SESSION['city'] = $_POST['city']; $_SESSION['county'] = $_POST['county']; $_SESSION['post'] = $_POST['post']; $_SESSION['home'] = $_POST['home']; $_SESSION['mobile'] = $_POST['mobile']; $errname = ""; $errfirst = ""; $errlast = ""; $erremail = ""; $erraddress = ""; $errcity = ""; $errcounty = ""; $errpost = ""; $errhome = ""; $errmob = ""; if( preg_match('/^[A-Z][a-zA-Z -]{3,30}+$/',$_SESSION['name']) ) { $errname = '<p class="errText">Name must be from letters, dashes, spaces and must not start with dash</p>'; } if( preg_match('/^[A-Z][a-zA-Z -]{3,30}+$/',$_SESSION['first_name']) ) { $errfirst = '<p class="errText">Name must be from letters, dashes, spaces and must not start with dash</p>'; } if( preg_match('/^[A-Z][a-zA-Z -]{3,30}+$/',$_SESSION['last_name']) ) { $errlast = '<p class="errText">Name must be from letters, dashes, spaces and must not start with dash</p>'; } if( preg_match('/^[a-zA-Z]\w+(\.\w+)*\@\w+(\.[0-9a-zA-Z]+)*\.[a-zA-Z]{2,4}$/',$_SESSION['email']) ) { $erremail = '<p class="errText">This is not a valid email address.'; } if( preg_match('/^[a-zA-Z0-9 _.,:\"\']+$/',$_SESSION['address']) ) { $erraddress = '<p class="errText">Address must be only letters, numbers or one of the following ". , : /"</p>'; } if( preg_match('/[a-zA-Z]+/',$_SESSION['city']) ) { $errcity = '<p class="errText">Your city must contain a letter.'; } if( preg_match('/[a-zA-Z]+/',$_SESSION['county']) ) { $errcounty = '<p class="errText">Your county must contain a letter.'; } if( preg_match('/(GIR 0AA)|((([A-Z-[QVX]][0-9][0-9]?)|(([A-Z-[QVX]][A-Z-[IJZ]][0-9][0-9]?)|(([A-Z-[QVX]][0-9][A-HJKSTUW])|([A-Z-[QVX]][A-Z-[IJZ]][0-9][ABEHMNPRVWXY])))) [0-9][A-Z-[CIKMOV]]{2})/',$_SESSION['post']) ) { $errpost = '<p class="errText">This is not a valid UK Postcode.'; } if( preg_match('/s*\(?0\d{4}\)?(\s*|-)\d{3}(\s*|-)(\d{3}\s*)|(\s*\(?0\d{3}\)?(\s*|-)\d{3}(\s*|-)\d{4}\s*)|(\s*)(7|8)(\d{7}|\d{3}(\-|\s{1})\d{4})\s*/',$_SESSION['home']) ) { $errhome = '<p class="errText">This is not a valid UK local phone number.'; } if( preg_match('/^(\+44\s?7\d{3}|\(?07\d{3}\)?)\s?\d{3}\s?\d{3}$/',$_SESSION['mobile']) ) { $errmob = '<p class="errText">This is not a valid UK mobile phone number.'; } else{ $errname = ($_POST[$errname]); $errfirst = ($_POST[$errfirst]); $errlast = ($_POST[$errlast]); $erremail = ($_POST[$erremail]); $erraddress = ($_POST[$erraddress]); $errcity = ($_POST[$errcity]); $errcounty = ($_POST[$errcounty]); $errpost = ($_POST[$errpost]); $errhome = ($_POST[$errhome]); $errmob = ($_POST[$errmob]); header("Location: form1.php"); exit; } ?> Any help appreciated. I think I should buy a professional book, instead of my beginner one. I am pretty new to php and trying to teach myself. I can't get the values from this form to write to my flat file called orders.txt: browse_index.php <?php include("includes/menu_members.php") ?> <div id="content"> <h1>SHOPPING CART</h1> <a href="browse_index.php">CLICK HERE TO CONTINUE SHOPPING</a> <?php echo ' <table border="0"> <tr> <td><form id="f2" method="post"name="f2"><input type="submit" action="order_summary.php" name="submit2" value="submit order"></td> '; if(isset($_POST['submit'])) { $itemname = $_POST['h1']; //echo $_SESSION['itemname'][$itemname]; unset($_SESSION['itemqty'][$itemname]); unset($_SESSION['itemprice'][$itemname]); unset($_SESSION['itemname'][$itemname]); } echo "<br/><br/>"; echo "<table border='8' bgcolor='#efefef'>"; echo "<tr><th>Name</th><th>Quantity</th><th>Price</th><th>Subtotal</th></tr>"; foreach($_SESSION['itemname'] as $key=>$value) { echo '<tr><td><b>'.$_SESSION['itemname'][$key].'</b></td> <td>'.$_SESSION['itemqty'][$key].'</td> <td>$'.$_SESSION['itemprice'][$key].'</td> <td name="subtotal">$'.($_SESSION['itemqty'][$key] * $_SESSION['itemprice'][$key]).'</td> <td><form id="f1" method="post" name="f1"><input type="submit" name="submit" value = "delete"><input type="hidden" name="h1" value='.$key.'></td></tr>' ; } ?> order_summary.php: <?php session_start (); $date = date ("H:i jS F"); $outputstring = $date."/t" .$_POST['h1']. ":" .$_SESSION['itemqty'][$key]. ":" .$_SESSION['subtotal'][$key]. ":" ."\n"; $fp = fopen("orders.txt","a"); fwrite($fp, $outputstring); fclose($fp); ?> Can someone direct me where I am going wrong??? Hi everyone, as the title stated, I would like to know how I could submit a form in one page(cart) and unset a session variable on other page.
Right now my form is setting a variable within the page back to 0, however I would like the form to unset the session variable from other page as well.
The issue with my code is that every time I attempt to clear out all items, my code can empty out the cart. But whenever I close and reopen the cart, the same content will show up again. So I need to unset the session variable.
Please let me know what should I do in order to solve the problem and I greatly appreciate your help.
My code is currently looking like this:
cart.php
if(!empty($_GET['aID']))
{
$aID = $_GET['aID'];
echo $aID;
if(isset($_POST['removeAll']))
{
$aID = "0";
}
$cartSQL = "SELECT * from article where aID in ($aID)";
echo "cart sql :$cartSQL";
$cartQuery = mysqli_query($dbc, $cartSQL) or die (mysqli_error($dbc));
while($row = mysqli_fetch_array($cartQuery, MYSQLI_BOTH))
{
$aTitle[] = $row[ 'name' ];
}
}
<form action = "" method = "POST">
<td style = "width = 200px"><input type="submit" value="Empty cart" name="removeAll"></td>
</form>
And this is the session variable from other page where I would like it to be unset upon submitting the form.
if(!empty($cartSubmit))
$_SESSION["cartSubmit"] = $cartSubmit;
else
$cart = $_SESSION["cartSubmit"];
<a href="javascript:popup('cart.php?aID=<?php if(empty($cartSubmit)) echo "$cart"; else echo "$cartSubmit";?>')">Cart</a>
I am a little experienced with PHP sessions, but not totally as I haven't got my head completely around its logic yet, as your about to see. I wonder wondering how I can go about adding a session entity from a HTML form input? I'm guessing it will be something like: $_POST['name'] => $_SESSION['delivery']['name']; Then, to echo the session entity, you would simply do something like: echo $_SESSION['delivery']['name']; ? Hello all, I'm new to PHP and new to this forum (although I have benefitted from your help already -cheers!). However, this time I cannot find the answer I need/recognise/understand.. I have a form and want to conduct tests on each field returning an error message as a session variable if the test fails. The test will be different for some of the fields, and the error message is specific to each field. If there is an error in any one of the fields I want to be redirected to a failure page where all of the error messages are displayed, otherwise I am sent on to another page. I have already written and tested a function to sanitise the incoming form data, so that's not a problem - it's just how to loop through and test. I can guess that there are many ways to do this but I need to understand why one option is better than another, and follow the syntax used (it's all part of my steep learning curve) The approach I have thought to use is to create an array holding the field name, the test and the message, then loop through using foreach, applying the array values into the test and creating the error message....but it's not working for me. The other method is to declare a variable $Stop='No' and if the loop identifies an error, part of the output is to change this to 'yes' and through that redirect to the error page. I'd really welcome your advice and tuition....cheers.. my code so far is... Code: [Select] $Stop='No'; $StaffPassCheck=sanitisealphanum($_POST['PasswordCheck']); $Errors[0]['value']= sanitisealphanum($_POST['FirstName']); $Errors[0]['message']='Please re-enter your name'; $Errors[0]['test']=($StaffFname=""); $Errors[1]['value']= sanitisealphanum($_POST['Surname']); $Errors[1]['message']='Please re-enter your surname'; $Errors[1]['test']=($StaffSname=""); $Errors[2]['value']= sanitisealphanum($_POST['Post']); $Errors[2]['message']='You must select an option'; $Errors[2]['test']=($StaffPost="Select Value"); $Errors[3]['value']= sanitisealphanum($_POST['Username']); $Errors[3]['message']='You must select an option'; $Errors[3]['test']=($StaffUser=""); $Errors[4]['value']= sanitisealphanum($_POST['Password']); $Errors[4]['message']='Please re-enter your password'; $Errors[4]['test']=($StaffPass=""); $Errors[5]['value']= sanitisealphanum($_POST['PasswordCheck']); $Errors[5]['message']='Sorry, your passwords do not match'; $Errors[5]['test']=($StaffPass===$StaffPassCheck); foreach ($Errors as $key => $Value){ if ( $Errors['test']=true ){ $Stop='Yes'; return $_SESSION[$key]=$Value['message']; } } if ($Stop='Yes'){ header('Location.test.php'); die(); }else{ header('Location.indexp.php'); } I am having trouble resolving an error. Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/s519970/public_html/header.php:27) in /home/s519970/public_html/admin/login.php on line 2 What I can gather is I can't use "header (Location: 'admin.php')" after i've used session_start(). I have tried to replace the header (Location: 'admin.php') with this: echo "<script>document.location.href='admin.php'</script>"; echo "<script>'Content-type: application/octet-stream'</script>"; I've been trying to read up on solutions but haven't been able to get it sorted. If anyone can offer some advice that would be greatly appreciated as im new to php. Code: [Select] <?php session_start(); if(isset($_SESSION['user'])) echo "<script>document.location.href='admin.php'</script>"; echo "<script>'Content-type: application/octet-stream'</script>"; ?> <div id="loginform"> <form action="dologin.php" method="post"> <table> <tr> <td><span>Username:</span></td> <td><input type="text" name="username" /></td> </tr> <tr> <td><span>Password:</span></td> <td><input type="password" name="password" /></td> </tr> <tr> <td colspan="2" align="right"><input type="submit" name="login" value="Login" /></td> </tr> </table> </form> </div> I have tried using require_once('yourpage.php'); before my <head></head> tags in the header document where I've specified the html information but this doesn't seem to work. I've been advised to use ob_start("ob_gzhandler"); but I am not sure how to implement this. Any advice is greatly appreciated! I am trying to create an index page which contains registration and login field the problem that i get is on successful login a warning is displayed session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at C:\xampp\htdocs\Eventz.com\index.php:116) in C:\xampp\htdocs\Eventz.com\index.php on line 235 This is the login part of my index.php this tag is inside an html table below the login form I also have a registration form and its php code above the login form Code: [Select] <?php if (isset($_REQUEST['pass'])) { $id=$_POST['id']; $pass=$_POST['pass']; $conn =mysql_connect("localhost","root",""); if (!$conn) { die('Could not connect: ' . mysql_error()); } /* checking connection....success! */ $e=mysql_select_db('test', $conn); if(!$e) { die(''.mysql_error()); } else { echo 'database selected successfully'; } if (isset($_REQUEST['id']) || (isset($_REQUEST['pass']))) { if($_REQUEST['id'] == "" || $_REQUEST['pass']=="") { echo "login fields cannot be empty"; } else { $sql=mysql_query("Select email,password from login where email='$id' AND password='$pass'"); $count=mysql_num_rows($sql); if($count==1) /* $count checks if username and password are in same row */ { session_start(); $_SESSION['id']=$id; echo "</br>Login Successful</br>"; } else { echo "</br>invalid</br>"; echo "please try to login again</br>"; } } } } ?> Any help or suggestion would be appreciated in this page http://maximaart.com/newscp/ i have this problem Code: [Select] Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/maximasy/public_html/newscp/index.php:1) in /home/maximasy/public_html/newscp/index.php on line 2 my source code is <?php session_start(); include_once("config.php"); include_once("functions.php"); $errorMessage = ''; if (isset($_POST['txtUserId']) && isset($_POST['txtPassword'])) { if ($_POST['txtUserId'] === "$user" && $_POST['txtPassword'] === "$pass") { // the user id and password match, $_SESSION['basic_is_logged_in'] = true; require("main.php"); exit;?> hi everyone. i'm wondering what the best way is to create a session variable and pass it to an iframe. i need to do something along these lines, but it doesn't seem to pass the ID. Any hints on how i should accomplish this? Code: [Select] session_start(); $_SESSION['ID']=$_GET['ID']; // id from previous page $ID=session_id(); <iframe src="iframepage.php?ID=<?php echo $ID; ?>" style="width:680px; height:200px;" noresize="noresize" frameborder="0" border="0" scrolling="Yes" allowtransparency="true" /> </iframe> I'm making a simple login system with MySQL and PHP (very simple, I'm just starting with PHP). The MySQL portion is done, but I need to ensure only people who are logged in can see certain content. To check if people are logged in, my website checks that they have the $_SESSION['user'] variable set. If it is set, then it lets them continue through the website, if not, it tells them to login. Is that enough security, or can people simply inject a session cookie into their browser to spoof that they are logged in? My idea was to generate a session key cookie when they login (just a random string of letters and numbers) and store that in the database, then on every page, check to make sure their session key is the same thing that's in the database. Is this necessary? It seems expensive. |
|||||||