PHP - Php With Mysql Session Id
i need to create search in database like this select everything from database but it cant be included rows where session id is equal to id of user
code Code: [Select] $datum = "$godina-$mjesec-$dan"; $event_select = mysql_query("SELECT * FROM events WHERE event_date='$datum'"); //izlistat evente while ($events = mysql_fetch_array($event_select)) { $id_user = $events['id_user']; $user_select= mysql_query("SELECT * FROM users WHERE id='$id_user' "); $user = mysql_fetch_array($user_select); ... creating table i tried to put something like AND id!=$_SESSION[id] but it didnt work so i need create table for every row where id_user is not equal to session id now it works and i get table for every row do i need if loop or? Similar TutorialsJust curious how other people feel about this. I am working on an application where a lot of info is pulled from MySQL and needed on multiple pages.
Would it make more sense to...
1. Pull all data ONCE and store it in SESSION variables to use on other pages
2. Pull the data from the database on each new page that needs it
I assume the preferred method is #1, but maybe there is some downside to using SESSION variables "too much"?
Side question that's kind of related: As far as URLs, is it preferable to have data stored in them (i.e. domain.com/somepage.php?somedata=something&otherdata=thisdata) or use SESSION variables to store that data so the URLs can stay general/clean (i.e. domain.com/somepage.php)?
Both are probably loaded questions but any possible insight would be appreciated.
Thanks!
Greg
Edited by galvin, 04 November 2014 - 10:30 AM. Hi All! I've written up a script for my website. It\ is basically a virtual job quest. My queries are all correct it just isn't registering the variable for the session. It is $-SESSION[theid']. I want to be bale to use it in my table but I get an error. How do I write this in my SQL query for it to work. The page (when no errors), doesn't show my data. Here is my ocde: Code: [Select] <?php session_start(); include("config536.php"); ?> <html> <head> <link rel="stylesheet" type="text/css" href="style.css" /> </head> <?php if(!isset($_SESSION['username'])) { echo "<ubar><a href=login.php>Login</a> or <a href=register.php>Register</a></ubar><content><center><font size=6>Error!</font><br><br>You are not Logged In! Please <a href=login.php>Login</a> or <a href=register.php>Register</a> to Continue!</center></content><content><center><font size=6>Messages</font><br><br></center></content>"; } if(isset($_SESSION['username'])) { echo "<nav>$shownavbar</nav><ubar><img src=/images/layout/player.gif><a href=status.php>$showusername</a>.......................<img src=/images/layout/coin.gif> $scredits</ubar><content><center><font size=6>Basic Quests</font><br><br>"; $startjob = $_POST['submit']; $jobq = "SELECT * FROM jobs WHERE username='$showusername'"; $job = mysql_query($jobq); $jobnr = mysql_num_rows($job); if($jobnr == "0") { ?> <form action="<?php echo "$PHP_SELF"; ?>" method="POST"> <input type="submit" name="submit" value="Start Job"></form> <?php } if(isset($startjob)) { $initemidq = "SELECT * FROM items ORDER BY RAND() LIMIT 1"; $initemid = mysql_query($initemidq); while($ir = mysql_fetch_array($initemid)) { $ids = $ir['itemid']; } mysql_query("INSERT INTO jobs (username, item, time, completed) VALUES ('$showusername', '$ids', 'None', 'No')"); $wegq = "SELECT * FROM items WHERE itemid='$ids'"; $weg = mysql_query($wegq); while($wg = mysql_fetch_array($weg)) { $im = $wg['image']; $nm = $wg['name']; $id = $wg['itemid']; } $_SESSION['theid'] = $id; echo "<font color=green>Success! You have started this Job!</font><br><br>Please bring me this item: <b>$nm</b><br><br><img src=/images/items/$im><br><br><br>"; echo $_SESSION['theid']; } if($jobnr == "1") { $finish = $_POST['finish']; $okgq = "SELECT * FROM items WHERE itemid='$yes'"; $ok = mysql_query($okgq); while($ya = mysql_fetch_array($ok)) { $okname = $ya['name']; $okid = $ya['itemid']; $okimage = $ya['image']; } echo "Where is my <b>$okname</b>?<br><br><img src=/images/items/$okimage><br><br><br>"; echo $_SESSION['theid']; ?> <form action="<?php echo "$PHP_SELF"; ?>" method="POST"> <input type="submit" name="finish" value="I have the Item"></form> <?php } } if(isset($finish)) { $cinq = "SELECT * FROM uitems WHERE theitemid='$_SESSION[theid]'"; $cin = mysql_query($cinq); $connr = mysql_num_rows($cin); if($connr != "0") { echo "<font color=green>Success! You have the item.</font>"; } else { echo "<font color=red>Error! You do not have my item!</font>"; } } ?> . I basically just want to know how I can set this session as a variable. Also..I have a user login on every page and I want to be able to destroy JUST THE "theid" session and NOT the username session. How would I do that too? thanks for the help in advance! Hey guys, I'm working a project that requires sessions be stored within the database, as the project I'm working on is on a shared host. But I'm having a problem with getting the data of a session in the database, the other fields like session_id, session_updated, session_created are working fine. I think I've got a bug in my code, but I just can't detect it (frustrating). Database connection class db extends mysqli { private $host; private $user; private $pass; private $db; function __construct( $host='localhost', $user='user', $pass='pass', $db='website' ) { $this -> host = $host; $this -> user = $user; $this -> pass = $pass; $this -> db = $db; parent::connect( $host, $user, $pass, $db ); if( mysqli_connect_error( ) ) { die( 'Connection error ('.mysqli_connect_errno( ).'): '.mysqli_connect_error( ) ); } } function __destruct( ) { $this -> close( ); } } Session handler class sessionHandler { private $database; private $dirName; private $sessTable; private $fieldArray; function sessionHandler() { // save directory name of current script $this -> database = new db; $this -> dirName = dirname(__file__); $this -> sessTable = 'sessions'; } function open( $save_path, $session_name ) { return TRUE; } function close() { //close the session. if ( !empty( $this -> fieldarray ) ) { // perform garbage collection $result = $this->gc( ini_get ( 'session.gc_maxlifetime' ) ); return $result; } return TRUE; } function read( $session_id ) { $sql = " SELECT * FROM sessions WHERE session_id=( '$session_id' ) LIMIT 1 "; $result = $this -> database -> query( $sql ); if( $result -> num_rows > 0 ) { $data = $result -> fetch_array( MYSQLI_ASSOC ); $this -> fieldArray = $data; $result -> close(); return $data; } return ""; } function write( $session_id, $session_data ) { //write session data to the database. if ( !empty( $this -> fieldArray ) ) { if ( $this -> fieldArray['session_id'] != $session_id ) { // user is starting a new session with previous data $this -> fieldArray = array(); } } $this -> fieldArray['session_id'] = $session_id; $this -> fieldArray['session_data'] = $session_data; $this -> fieldArray['session_updated'] = time(); $this -> fieldArray['session_created'] = time(); $session_id = $this -> database -> escape_string( $session_id ); $session_data = $this -> database -> escape_string( $session_data ); $session_updated = time(); $session_created = time(); $sql = " INSERT INTO sessions ( session_id, session_data, session_updated, session_created ) VALUES ( '$session_id', '$session_data', '$session_updated', '$session_created' ) "; if( $this -> database -> query( $sql ) !== TRUE ) { return FALSE; } return TRUE; } function destroy( $session_id ) { $sql = " DELETE FROM sessions WHERE session_id=('$session_id') "; if( $this -> database -> query( $sql ) !== TRUE ) { return FALSE; } return TRUE; } function gc( $max_lifetime ) { return TRUE; } function __destruct() { //ensure session data is written out before classes are destroyed //(see http://bugs.php.net/bug.php?id=33772 for details) @session_write_close(); } } The call $session_class = new sessionHandler; session_set_save_handler( array( &$session_class, 'open' ), array( &$session_class, 'close' ), array( &$session_class, 'read' ), array( &$session_class, 'write' ), array( &$session_class, 'destroy' ), array( &$session_class, 'gc' ) ); if( !session_start() ) { exit(); } Any help at all would be appreciated. Kind Regards Mike so i work on wowroster.net making upgrades to roster i have created a user lib for the sit and im now adding sessions but im getten some odd issues.... this is one of the inserts and sent to mysql_query example Code: [Select] UPDATE `roster_sessions` SET `session_user_id` = '0', `session_last_visit` = '1331544818', `session_browser` = '', `session_ip` = '127.0.0.1', `session_time` = '1331545718', `session_page` = 'p=guild-main&a=g:1' WHERE `session_id` = '6m7js82r848kk2s90sjfmuj325' YET.. this is what i get in my database sql dump from my admin Code: [Select] INSERT INTO `roster_sessions` (`sess_id`, `session_id`, `session_user_id`, `session_last_visit`, `session_start`, `session_time`, `session_ip`, `session_browser`, `session_forwarded_for`, `session_page`, `session_viewonline`, `session_autologin`, `session_admin`) VALUES ('5764d5713a7f24c82b30d271460bf68c', '6m7js82r848kk2s90sjfmuj325', '3', 0, 1331544818, 1331545718, '127.0.0.1', '', '', 'addons-main-images-shadow', 0, 0, 0); any clue at all... Here is my code... Code: [Select] <?php mysql_connect("localhost", "user", "pass")or die("cannot connect"); mysql_select_db("database")or die("cannot select DB"); $myemail = mysql_real_escape_string($_POST['myemail']); $mypassword = mysql_real_escape_string($_POST['mypassword']); $mypassword = md5($mypassword); $myemail = stripslashes($myemail); $mypassword = stripslashes($mypassword); $sql="SELECT * FROM users WHERE email='$myemail' and password='$mypassword'"; $result=mysql_query($sql); $count=mysql_num_rows($result); if($count==1){ session_start(); $_SESSION["myemail"]= "$myemail"; header("location:home.php"); } else { header("location:fail.php"); } ?> What can I do to this code so that it will also store first name from the database inside a session? Can someone please explain to me why I cant seem to get my mysql update line to work. I have been trying for a while an still nothing. I am new in php and need some help getting this to work. Please be gentle. a good explaination in newbie talk would be appreciated. The session variable I echoed out does work so I know I am reading the variable in from the other page. thanks <?php session_start(); /* Server side scripting with php CISS 225 Lab # Final Project */ //This section will create variables collected from information sent //by the post method on the createUserProcess. /* $_SESSION['city'] = $_POST['city']; $_SESSION['state'] = $_POST['state']; $_SESSION['zipCode'] = $_POST['zipCode']; $_SESSION['profession'] = $_POST['profession']; $_SESSION['activities'] = $_POST['activities']; $_SESSION['hobbies'] = $_POST['hobbies']; */ $city = $_POST['city']; $state = $_POST['state']; $zipCode = $_POST['zipCode']; $profession = $_POST['profession']; $activities = $_POST['activities']; $hobbies = $_POST['hobbies']; $db = mysql_connect("localhost", "root", ""); mysql_select_db("accountprofile",$db); echo $_SESSION['Email']; //$query = "UPDATE accountprofile SET city = '$city', state = '$state', zipcode = '$zipCode', profession = '$profession', " . " //activities = '$activities', hobbies = '$hobbies' WHERE lastName = 'Hildebrand'"; $query = "UPDATE accountprofile SET city = '$city', state = '$state', zipcode = '$zipCode', profession = '$profession', activities = '$activities', hobbies = '$hobbies' WHERE userName = " .$_SESSION['Email'].""; mysql_query($query,$db); if (mysql_error()) { echo "$query<br />"; echo mysql_error(); } echo "THANK YOU!<br />"; echo "Your profile has been completed!<br />"; ?> I need some help with this. A user fills out a form, one of the fields is a zip code field. I need to retrieve that value from MySQL store as a session var and set that value as a variable to use with a weather display API. The ID is being stored from the form page. Here is what I have so far, after the values are submitted into the DB. <?php session_start(); $con = mysql_connect("localhost","peter","abc123"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("my_db", $con); $result = mysql_query("SELECT * FROM Profile WHERE id='{$_SESSION['id']}"); while ($row = mysql_fetch_assoc($result)) { $_SESSION['id'] = $row['id']; $_SESSION['zip'] = $row['zip']; } mysql_close($con); ?> and then for the weather API, I need to set the stored variable to something $zip = 'stored zip code value'; Hey guys, Currently Im using: $row = mysql_fetch_array($result) or die(mysql_error()); echo $row['user_family']. " - ". $row['user_registered']; $row['user_family'] = $fam; $_SESSION['family'] = $fam; to take data from a mysql table & set it as SESSION family. However, I cant seem to get this to set. The information IS being taken from mysql because its being echo'd earlier up in the code, but its just not passing to the session. Any ideas? I want to use session to do a query and will I be able to do this? I have a session that was gathered from login and now i was to use this session to do a query If Yes, How? Hello all, I have a membership website which is using sessions... and ive been asked to add some promotion points system. So that each user is able to see how many promotion points they have... Now, I'm a beginner in mysql and php, but feel I'm learning fairly quickly. What I need help with, is to be able to display the amount of promotion points for the logged in user. I created a new field in my "essenti1_Users" table for the promotion code. database is called "essenti1_membership" table is "essenti1_Users" feild is "promo" I think im going to have to manually add the points to each user manually through phpMyAdmin Navicat unfortunatly. Unless anyone has any other ideas just for adding the points to each user account? ziggynerja is online now Add to ziggynerja's Reputation Report Post Edit/Delete Message Hola, I'm trying to create a web form to insert info into my database using session variables. I'm at my wits end at this point. The reset button does its job but when you click submit it doesn't do anything. I'm using the template from the lynda.com essential php web form tutorials. Any help would be appreciated Here is the client-side header code I'm working with, <?php header("Expires: Thu, 17 May 2001 10:17:17 GMT"); // Date in the past header ("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); // always modified header ("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1 header ("Pragma: no-cache"); // HTTP/1.0 session_start(); if (!isset($_SESSION['SESSION'])) require ( "include/session_init.php"); $arVal = array(); require_once("include/session_funcs1.php"); // make sure the seesion vars are initialized... reset ($arVal); while (list ($key, $val) = each ($arVal)) { if (!isset($_SESSION[$key])) $_SESSION[$key] = ""; } if ($_SESSION["eventgenre_sel"] == "") $_SESSION["eventgenre_sel"] = 0; // if the bFlg is true then some validation problems in the data. // namely a blank field or a submission without the feedback page. // just present a general error... $flg = ""; $error = ""; if (isset($HTTP_GET_VARS["flg"])) $flg = $HTTP_GET_VARS["flg"]; switch ($flg) { case "red": $error = "<br><font class=\"txt12_red\">Please fill out all the required fields.<br>Please Try Again.<BR></font>"; break; case "blue": $error = "<br><font class=\"txt12_red\">Your Session has Expired.<br>Please Try Again.</font><BR>"; break; case "pink": $error = "<br><font class=\"txt12_red\"><BR>The Special Code you entered is not valid.<br>Please Try Again or Leave that field blank.</font><BR>"; break; case "white": $error = "<br><font class=\"txt12_red\"><BR>The fields are too long for our Database.<br>Please correct your data via this form.</font><BR>"; break; default: $error = ""; } ?> <?php echo $_SERVER['SCRIPT_NAME']."<BR>"; ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <link rel="stylesheet" type="text/css" href="detect800.css"/> <link rel="stylesheet" type="text/css" href="detect1024.css"/> <script type="text/javascript" src="jquery.js"></script> <script type="text/javascript" src="detect.js"></script> <link href="http://ajax.googleapis.com/ajax/libs/jqueryui/1.7.2/themes/base/ui.all.css" rel="stylesheet" type="text/css" /> <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js" type="text/javascript"></script> <script src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.0/jquery-ui.min.js" type="text/javascript"></script> <script src="jquery.ui.datetimepicker.js" type="text/javascript"></script> <script type="text/javascript"> $(function() { $('#eventdate').datetimepicker(); }); </script> <script src="imageflow.js" type="text/javascript"></script> <script src="highslide-full.js" type="text/javascript"></script> <script src="autosuggest.js" type="text/javascript"></script> <script type="text/javascript"> hs.graphicsDir = 'graphics/'; </script> <script language="javascript"> function SubmitForm() { var form = document.forms[0]; var bRequired = true; if((form.eventname.value.length < 1) || (form.eventvenue.value.length < 1) || (form.eventdate.value.length < 1) || (form.eventgenre.value.length < 1) || (form.eventprice.value.length < 1) || (form.eventpromoter.value.length < 1) || (form.eventflyer.value.length < 1)) { alert("Please fill out all the required fields."); bRequired = false; } if (!bRequired) return false; form.eventgenre_sel.value = form.state.selectedIndex; form.submit(); } function ResetForm() { var form = document.forms[0]; form.eventname.value = ""; form.eventvenue.value = ""; form.eventdate.value = ""; form.eventgenre.value = ""; form.eventprice.value = ""; form.eventpromoter.value = ""; form.eventflyer.value = ""; form.eventgenre_sel.value = ""; } </script> </head> This is the client side form code <form action="scripts/register.php" method="post" name="userevent" id="userevent"> <input name="eventgenre_sel" type="hidden" id="eventgenre_sel" value="<?php echo $_SESSION['eventgenre_sel'] ?>" /> <?php echo $error; ?> <fieldset> <label for="eventname" accesskey="n" ><span>Event Name</span> <input type="text" name="eventname" id="eventname" value="<?php echo $_SESSION['eventname_sel'] ?>" size="32" maxlength="30" /></label> <div id="autosuggest"><ul><li></li></ul></div> <label for="eventvenue" accesskey="v" ><span>Event Venue</span> <input type="text" name="eventvenue" id="eventvenue" size="32" value="<?php echo $_SESSION['eventvenue'] ?>" maxlength="30" /></label> <script type="text/javascript"> var venues = new Array("Republik", "HiFi Club", "Bamboo Tiki Room", "Tantra", "Jubilee Auditorium", "Ironwood Stage & Grill", "Broken City", "Soda", "Amsterdam Rhino", "Olympic Plaza", "Stampede Casino", "Habitat Living Sound", "Cantos Music Foundation", "Flames Central", "Prince's Island Park", "Beat Niq Jazz & Social Club", "Giuseppe's Italian Market", "BLVD", "Fourth on 4th", "Opus on 8th", "Local 510", "Local 522", "Raw Bar", "Jupiter Restaurant & Bar", "Vern's", "Lord Nelson's", "Kings Head Pub", "Blind Beggar Pub", "Viscous Circle", "Milk Tiger Lounge", "Pengrowth Saddledome", "Tubby Dog", "Marquee Room", "Distillery Public House", "Cafe Koi", "Mikey's Juke Joint & Eatery", "Palomino", "Atlantic Trap & Gill", "Drake Inn", "Radiopark Music Room", "Rusty Cage South", "Big Al's Good Times Bar", "Rose & Crown", "Tudor Rose Pub", "Elbow River Casino & Lounge", "Rusty Cage Central", "Rusty Cage South", "Rusty Cage North", "Olive Grove", "Shamrock Hotel", "Woody's Taphouse Southland", "Woody's Taphouse Country Hills", "Murrieta's West Coast Bar & Grill", "Stageline Saloon", "Pig & Pint", "Ranchman's", "Red Pepper Pub", "Stavro's Steak House & Lounge Ranchlands", "Stageline Saloon", "Whiskey"); new AutoSuggest(document.getElementById("eventvenue"),venues); </script> <label for="eventdate" accesskey="d" ><span>Event Date</span> <input type="text" name="eventdate" id="eventdate" value="<?php echo $_SESSION['eventdate'] ?>" size="32" maxlength="30" /></label> <label for="eventgenre" accesskey="g" ><span>Event Genre</span> <select name="eventgenre" id="eventgenre"> <option value="none">--select one--</option> <option value="HipHop">Hip-Hop</option> <option value="Funk">Funk</option> <option value="Soul">Soul</option> <option value="Metal">Metal</option> <option value="Punk">Punk</option> <option value="Blues">Blues</option> <option value="Jazz">Jazz</option> <option value="Trance">Trance</option> <option value="Breaks">Breaks</option> <option value="Electro">Electro</option> <option value="House">House</option> <option value="DNB">Drum'N'Bass</option> <option value="Dubstep">Dubstep</option> <option value="Lounge">Lounge</option> <option value="Top40">Top 40</option> </select> </label> <label for="eventprice" accesskey="p" ><span id="eventprice">Event Price</span> <input type="text" name="eventprice" id="eventprice" value="<?php echo $_SESSION['eventprice'] ?>" size="6" maxlength="4"/></label> <label for="eventpromoter" accesskey="c" ><span id="eventpromoter">Event Promoter</span> <input type="text" name="eventpromoter" id="eventpromoter" value="<?php echo $_SESSION['eventpromoter'] ?>" size="25" maxlength="23"/></label> <label for="eventflyer" accesskey="f" ><span id="eventflyer">Event Flyer (jpg or png MAX 300kb)</span> <input type="file" name="eventflyer" id="eventflyer" value="<?php echo $_SESSION['eventflyer'] ?>" size="25" maxlength="23"/></label> <input type="button" name="Reset" value="Reset" onclick="ResetForm();"> <input type="button" name="Submit" value="Submit" onsubmit="return validateForm(this);" onclick="SubmitForm(); return false; " > </fieldset> </form> <script language="javascript"> // set the selection box values... var form = document.forms[0]; form.eventgenre.selectedIndex = parseInt("<?php echo $_SESSION['eventgenre_sel'] ?>"); </script> And this is the server-side code. <?php $debug = FALSE; /************************************************************ Adjust the headers... ************************************************************/ header("Expires: Thu, 17 May 2001 10:17:17 GMT"); // Date in the past header ("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); // always modified header ("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1 header ("Pragma: no-cache"); // HTTP/1.0 /***************************************************************************** Check the session details. we will store all the post variables in session variables this will make it easier to work with the verification routines *****************************************************************************/ session_start(); if (!isset($_SESSION['SESSION'])) require_once( "include/session_init.php" ); $arVal = array(); require_once("include/session_funcs1.php"); reset ($_POST); while (list ($key, $val) = each ($_POST)) { if ($val == "") $val = "NULL"; $arVals[$key] = (get_magic_quotes_gpc()) ? $val : addslashes($val); if ($val == "NULL") $_SESSION[$key] = NULL; else $_SESSION[$key] = $val; if ($debug) echo $key . " : " . $arVals[$key] . "<br>"; } /********************************************************************************************** Make sure session variables have been set and then check for required fields otherwise return to the registration form to fix the errors. **********************************************************************************************/ // check to see if these variables have been set... if ((!isset($_SESSION["eventname"])) || (!isset($_SESSION["eventvenue"])) || (!isset($_SESSION["eventdate"])) || (!isset($_SESSION["eventgenre"])) || (!isset($_SESSION["eventprice"])) || (!isset($_SESSION["eventpromoter"])) || (!isset($_SESSION["eventflyer"]))) { resendToForm("?flg=red"); } // form variables must have something in them... if ($_SESSION['eventname'] == "" || $_SESSION['eventvenue'] == "" || $_SESSION['eventdate'] == "" || $_SESSION['eventgenre'] == "" || $_SESSION['eventprice'] == "" || $_SESSION['eventpromoter'] == "" || $_SESSION['eventflyer'] == "") { resendToForm("?flg=red"); } // make sure fields are within the proper range... if (strlen($_SESSION['eventname']) > 35 || strlen($_SESSION['eventvenue']) > 35 || strlen($_SESSION['eventdate']) > 35 || strlen($_SESSION['eventgenre']) > 35 || strlen($_SESSION['eventprice']) > 35 || strlen($_SESSION['eventpromoter']) > 35 || strlen($_SESSION['eventflyer']) > 35 ) { resendToForm("?flg=white"); } /********************************************************************************************** Insert into the database... **********************************************************************************************/ $query = "INSERT INTO td_events (seventname, seventvenue, seventdate, seventgenre, seventprice, seventpromoter, seventflyer) " ."VALUES (".$arVals['eventname'].", ".$arVals['eventvenue'].", ".$arVals['eventdate'].", ".$arVals['eventgenre'] .", ".$arVals['eventprice'].", ".$arVals['eventpromoter'].", ".$arVals['eventflyer'].")"; //echo $query; $result = mysql_query($query) or die("Invalid query: " . mysql_error() . "<br><br>". $query); $insertid = mysql_insert_id(); /*** This following function will update session variables and resend to the form so the user can fix errors ***/ function resendToForm($flags) { reset ($_POST); // store variables in session... while (list ($key, $val) = each ($_POST)) { $_SESSION[$key] = $val; } // go back to the form... //echo $flags; header("Location: ./user_registration.php".$flags); exit; } ?> <p>SUCCESS!<br> The event was entered in the database!<br> You probably want to redirect to a thank you page or send an email to the user for confirmation.<br> <br> <br> Here are the variables...<br> <?php reset ($arVals); while (list ($key, $val) = each ($arVals)) { echo $key . " : " . $arVals[$key] . "<br>"; } echo "<br><br>The SQL Statment was:<br>"; echo $query."<br><br><br><br>"; ?> </p> <p> </p> <p> </p> <p> </p> <p> </p> <p> </p> <p> </p> <p> </p> <?php /********************************************************************************************** CREATES THUMBNAIL **********************************************************************************************/ //define a maxim size for the uploaded images define ("MAX_SIZE","1024"); // define the width and height for the thumbnail // note that theese dimmensions are considered the maximum dimmension and are not fixed, // because we have to keep the image ratio intact or it will be deformed define ("WIDTH","500"); define ("HEIGHT","650"); // this is the function that will create the thumbnail image from the uploaded image // the resize will be done considering the width and height defined, but without deforming the image function make_thumb($img_name,$filename,$new_w,$new_h) { //get image extension. $ext=getExtension($img_name); //creates the new image using the appropriate function from gd library if(!strcmp("jpg",$ext) || !strcmp("jpeg",$ext) || !strcmp("JPG",$ext)) $src_img=imagecreatefromjpeg($img_name); if(!strcmp("png",$ext) || !strcmp("PNG",$ext)) $src_img=imagecreatefrompng($img_name); //gets the dimmensions of the image $old_x=imageSX($src_img); $old_y=imageSY($src_img); // next we will calculate the new dimmensions for the thumbnail image // the next steps will be taken: // 1. calculate the ratio by dividing the old dimmensions with the new ones // 2. if the ratio for the width is higher, the width will remain the one define in WIDTH variable // and the height will be calculated so the image ratio will not change // 3. otherwise we will use the height ratio for the image // as a result, only one of the dimmensions will be from the fixed ones $ratio1=$old_x/$new_w; $ratio2=$old_y/$new_h; if($ratio1>$ratio2) { $thumb_w=$new_w; $thumb_h=$old_y/$ratio1; } else { $thumb_h=$new_h; $thumb_w=$old_x/$ratio2; } // we create a new image with the new dimmensions $dst_img=ImageCreateTrueColor($thumb_w,$thumb_h); // resize the big image to the new created one imagecopyresampled($dst_img,$src_img,0,0,0,0,$thumb_w,$thumb_h,$old_x,$old_y); // output the created image to the file. Now we will have the thumbnail into the file named by $filename if(!strcmp("png",$ext)) imagepng($dst_img,$filename); else imagejpeg($dst_img,$filename); //destroys source and destination images. imagedestroy($dst_img); imagedestroy($src_img); } // This function reads the extension of the file. // It is used to determine if the file is an image by checking the extension. function getExtension($str) { $i = strrpos($str,"."); if (!$i) { return ""; } $l = strlen($str) - $i; $ext = substr($str,$i+1,$l); return $ext; } // This variable is used as a flag. The value is initialized with 0 (meaning no error found) // and it will be changed to 1 if an error occurs. If the error occurs the file will not be uploaded. $errors=0; // checks if the form has been submitted if(isset($_POST['Submit'])) { //reads the name of the file the user submitted for uploading $image=$_FILES['eventflyer']['name']; // if it is not empty if ($image) { // get the original name of the file from the clients machine $filename = stripslashes($_FILES['eventflyer']['name']); // get the extension of the file in a lower case format $extension = getExtension($filename); $extension = strtolower($extension); // if it is not a known extension, we will suppose it is an error, print an error message // and will not upload the file, otherwise we continue if (($extension != "jpg") && ($extension != "jpeg") && ($extension != "JPG") && ($extension != "PNG") && ($extension != "png")) { echo '<h1>Unknown extension!</h1>'; $errors=1; } else { // get the size of the image in bytes // $_FILES[\'image\'][\'tmp_name\'] is the temporary filename of the file in which // the uploaded file was stored on the server $size=getimagesize($_FILES['eventflyer']['tmp_name']); $sizekb=filesize($_FILES['eventflyer']['tmp_name']); //compare the size with the maxim size we defined and print error if bigger if ($sizekb > MAX_SIZE*500) { echo '<h1>You have exceeded the size limit!</h1>'; $errors=1; } //we will give an unique name, for example the time in unix time format $image_name=$filename; //the new name will be containing the full path where will be stored (images folder) $newname="flyers/".$image_name; $copied = copy($_FILES['eventflyer']['tmp_name'], $newname); //we verify if the image has been uploaded, and print error instead if (!$copied) { echo '<h1>Copy unsuccessfull!</h1>'; $errors=1; } else { // the new thumbnail image will be placed in images/thumbs/ folder $thumb_name='flyers/thumb_'.$image_name; // call the function that will create the thumbnail. The function will get as parameters // the image name, the thumbnail name and the width and height desired for the thumbnail $thumb=make_thumb($newname,$thumb_name,WIDTH,HEIGHT); }} }} //If no errors registred, print the success message and show the thumbnail image created if(isset($_POST['Submit']) && !$errors) { echo "<h1>Thumbnail created Successfully!</h1>"; echo '<img src="'.$thumb_name.'">'; } ?> This topic has been moved to Miscellaneous. http://www.phpfreaks.com/forums/index.php?topic=343257.0 I have a site with a members area that uses sessions. I migrated my DB from MySQL 4 to 5. Now my login page does not work. Please help. Member Login Page: Code: [Select] <?php session_name ('name'); ini_set ('session.use_cookies', 0); session_start(); ?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title></title> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <link href="css/style.css" rel="stylesheet" type="text/css" /> <script type="text/javascript" src="js/swfobject/swfobject.js"></script> <script type="text/javascript"> var flashvars = {}; flashvars.xml = "config.xml"; flashvars.font = "font.swf"; var attributes = {}; attributes.wmode = "transparent"; attributes.id = "slider"; swfobject.embedSWF("cu3er.swf", "cu3er-container", "960", "400", "9", "expressInstall.swf", flashvars, attributes); </script> <link href="css/menu.css" rel="stylesheet" type="text/css" /> <style type="text/css"> #apDiv1 { position:absolute; left:592px; top:75px; width:552px; height:53px; z-index:1; } a:visited { color: #5D4580; } a:hover { color: #FFF; } a:active { color: #5D4580; } </style> </head> <body> <div class="main"> <div class="blok_header"> <div class="header"> <div class="rss"><strong>P</strong></div> <div class="clr"></div> <div class="logo"><a href="index.html"><img src="images/logo.jpg" width="211" height="88" border="0" alt="" class="one" /></a></div> <div class="menu"> <ul id="css3menu"> <li class="topfirst"><a href="index.html" title="Home">Home</a></li> <li><a href="#" title=""><span>Omega Psi Phi</span></a> <ul> <li><a href="founders.html" title="Fraternity Founders">Fraternity Founders</a></li> <li><a href="omegahistory.html" title="Fraternity History">Fraternity History</a></li> <li><a href="programs.html" title="Mandated Programs">Mandated Programs</a></li> <li><a href="links.html" title="Links">Links</a></li> </ul> </li> <li><a href="#" title="Phi Gamma Chapter"><span>Phi Gamma Chapter</span></a> <ul> <li><a href="history.html" title="Phi Gamma History">Phi Gamma History</a></li> <li><a href="lineage.html" title="Phi Gamma Lineage">Phi Gamma Lineage</a></li> <li><a href="dedication.html" title="Dedication">Dedication</a></li> <li><a href="calendar.html" title="Calendar">Calendar</a></li> <li><a href="photogallery.html" title="Photo Gallery">Photo Gallery</a></li> <li><a href="members/login.php" title="Member Login">Member Login</a></li> <li><a href="roster.html" title="Chapter Roster">Chapter Roster</a></li> </ul> </li> <li><a href="members/login.php" title="Member Login">Member Login</a></li> <li class="toplast"><a href="contact.html" title="Contact Info.">Contact Info.</a></li> </ul> </div> </div> <div class="clr"></div> <div class="body"> <div class="body_bg"> <h2>Member's Only </h2> <?php if ($_SESSION['membername'] != null) { // print "<META HTTP-EQUIV='Refresh' content='0;URL=updatemember.php'>"; echo "You are already logged in. Please wait to be redirected to the members page, or <a href=\"members.php\">click here</a> if you are not automatically redirected. User name for the session is ".$_SESSION['username'].", the member name is ".$_SESSION['membername']; print "<META HTTP-EQUIV='Refresh' content='5;URL=members.php'>"; //header("Location: members.php"); //exit; } else { ?> <form name="admin" method="post" action="userlogon.php"> <table width="891" border="0" cellspacing="5" cellpadding="5"> <tr> <td height="80" colspan="2" align="left"><p>Please enter you username and password. Don't remember your password, <u><strong><a href="password.php">click here</a></strong></u><strong><a href="password.php"></a></strong>.</td> <td width="360" rowspan="5" align="center" valign="middle"><img src="images/login_image.jpg" width="239" height="314" /></td> </tr> <tr> <td width="257" height="38" align="right"><p><strong>Username:</strong></td> <td width="224" align="left"><input type="text" name="username"></td> </tr> <tr> <td height="38" align="right"><p><strong>Password:</strong></td> <td align="left"><input type="password" name="password"></td> </tr> <tr> <td height="34"> </td> <td align="left"><input type="submit" class="yellowbutton" name="submit" value="Sign In"></td> </tr> <tr> <td colspan="2"><p>To register for a username and password with Phi Gamma, please <u><strong><a href="register.php">click here</a></strong></u><strong><a href="password.php"></a></strong>.</td> </tr> </table> </form> <?php } ?> <p> </p> <div class="clr"></div> </div> <div class="clr"></div> </div> </div> <div class="footer"> <div class="footer_resize"> <p class="center"> <a href="index.html">Home</a> | <a href="contact.html">Contact</a> </p> <div class="clr"></div> </div> <div class="clr"></div> </div> </body> </html> After the credentials are entered the user is returned back to the login page and NOT the member's page. This is the userlogon.php page: Code: [Select] <?php $link = mysql_connect('localhost:/tmp/mysql5.sock', 'dbuser', 'dbpw'); if (!$link) { die('Could not connect: ' . mysql_error()); } //mysql_close($link); if (!mysql_select_db('db_name', $link)) { echo 'Could not select database'; exit; } $username = $HTTP_POST_VARS["username"]; $password = $HTTP_POST_VARS["password"]; $member_id = ''; $role = ''; $firstname = ''; // Formulate Query // This is the best way to perform a SQL query // For more examples, see mysql_real_escape_string() $query = sprintf("SELECT users.member_id, users.username, users.password, users.role, FROM users join members on users.member_id = members.member_id WHERE users.username ='%s' AND users.password='%s'", mysql_real_escape_string($username), mysql_real_escape_string($password)); // Perform Query $result = mysql_query($query); // Check result // This shows the actual query sent to MySQL, and the error. Useful for debugging. if (!$result) { $message = 'Invalid query: ' . mysql_error() . "\n"; $message .= 'Whole query: ' . $query; die($message); } // Use result // Attempting to print $result won't allow access to information in the resource // One of the mysql result functions must be used // See also mysql_result(), mysql_fetch_array(), mysql_fetch_row(), etc. while ($row = mysql_fetch_assoc($result)) { $member_id = $row['member_id']; $username = $row['username']; $role = $row['role']; } if ($member_id != ''){ session_start(); $_SESSION['membername'] = $username; $_SESSION['username'] = $username; $_SESSION['memberid'] = $member_id; $_SESSION['role'] = $role; print "<META HTTP-EQUIV='Refresh' content='0;URL=members.php'>"; } else { print "<META HTTP-EQUIV='Refresh' content='0;URL=memberlogin.php'>"; } // Free the resources associated with the result set // This is done automatically at the end of the script mysql_free_result($result); ?> It worked fine before the migration??? Anyone know where the problem is? I am trying to create an index page which contains registration and login field the problem that i get is on successful login a warning is displayed session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at C:\xampp\htdocs\Eventz.com\index.php:116) in C:\xampp\htdocs\Eventz.com\index.php on line 235 This is the login part of my index.php this tag is inside an html table below the login form I also have a registration form and its php code above the login form Code: [Select] <?php if (isset($_REQUEST['pass'])) { $id=$_POST['id']; $pass=$_POST['pass']; $conn =mysql_connect("localhost","root",""); if (!$conn) { die('Could not connect: ' . mysql_error()); } /* checking connection....success! */ $e=mysql_select_db('test', $conn); if(!$e) { die(''.mysql_error()); } else { echo 'database selected successfully'; } if (isset($_REQUEST['id']) || (isset($_REQUEST['pass']))) { if($_REQUEST['id'] == "" || $_REQUEST['pass']=="") { echo "login fields cannot be empty"; } else { $sql=mysql_query("Select email,password from login where email='$id' AND password='$pass'"); $count=mysql_num_rows($sql); if($count==1) /* $count checks if username and password are in same row */ { session_start(); $_SESSION['id']=$id; echo "</br>Login Successful</br>"; } else { echo "</br>invalid</br>"; echo "please try to login again</br>"; } } } } ?> Any help or suggestion would be appreciated in this page http://maximaart.com/newscp/ i have this problem Code: [Select] Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/maximasy/public_html/newscp/index.php:1) in /home/maximasy/public_html/newscp/index.php on line 2 my source code is <?php session_start(); include_once("config.php"); include_once("functions.php"); $errorMessage = ''; if (isset($_POST['txtUserId']) && isset($_POST['txtPassword'])) { if ($_POST['txtUserId'] === "$user" && $_POST['txtPassword'] === "$pass") { // the user id and password match, $_SESSION['basic_is_logged_in'] = true; require("main.php"); exit;?> I am having trouble resolving an error. Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/s519970/public_html/header.php:27) in /home/s519970/public_html/admin/login.php on line 2 What I can gather is I can't use "header (Location: 'admin.php')" after i've used session_start(). I have tried to replace the header (Location: 'admin.php') with this: echo "<script>document.location.href='admin.php'</script>"; echo "<script>'Content-type: application/octet-stream'</script>"; I've been trying to read up on solutions but haven't been able to get it sorted. If anyone can offer some advice that would be greatly appreciated as im new to php. Code: [Select] <?php session_start(); if(isset($_SESSION['user'])) echo "<script>document.location.href='admin.php'</script>"; echo "<script>'Content-type: application/octet-stream'</script>"; ?> <div id="loginform"> <form action="dologin.php" method="post"> <table> <tr> <td><span>Username:</span></td> <td><input type="text" name="username" /></td> </tr> <tr> <td><span>Password:</span></td> <td><input type="password" name="password" /></td> </tr> <tr> <td colspan="2" align="right"><input type="submit" name="login" value="Login" /></td> </tr> </table> </form> </div> I have tried using require_once('yourpage.php'); before my <head></head> tags in the header document where I've specified the html information but this doesn't seem to work. I've been advised to use ob_start("ob_gzhandler"); but I am not sure how to implement this. Any advice is greatly appreciated! I'm making a simple login system with MySQL and PHP (very simple, I'm just starting with PHP). The MySQL portion is done, but I need to ensure only people who are logged in can see certain content. To check if people are logged in, my website checks that they have the $_SESSION['user'] variable set. If it is set, then it lets them continue through the website, if not, it tells them to login. Is that enough security, or can people simply inject a session cookie into their browser to spoof that they are logged in? My idea was to generate a session key cookie when they login (just a random string of letters and numbers) and store that in the database, then on every page, check to make sure their session key is the same thing that's in the database. Is this necessary? It seems expensive. hi everyone. i'm wondering what the best way is to create a session variable and pass it to an iframe. i need to do something along these lines, but it doesn't seem to pass the ID. Any hints on how i should accomplish this? Code: [Select] session_start(); $_SESSION['ID']=$_GET['ID']; // id from previous page $ID=session_id(); <iframe src="iframepage.php?ID=<?php echo $ID; ?>" style="width:680px; height:200px;" noresize="noresize" frameborder="0" border="0" scrolling="Yes" allowtransparency="true" /> </iframe> I'm restarting this under a new subject b/c I learned some things after I initially posted and the subject heading is no longer accurate. What would cause this behavior - when I populate session vars from a MYSQL query, they stick, if I populate them from an MSSQL query, they drop. It doesn't matter if I get to the next page using a header redirect or a form submit. I have two session vars I'm loading from a MYSQL query and they remain, the two loaded from MSSQL disappear. I have confirmed that all four session vars are loading ok initially and I can echo them out to the page, but when the application moves to next page via redirect or form submit, the two vars loaded from MSSQL are empty. Any ideas? Evening! I've been iffing and ahhing over this and well im not too sure, hence the post. Code: [Select] // Redirects if there is no session id selected and echos the error on the previous page if(!isset($_GET['get']) || ($_GET['getget'])){ header("Location: #.php?error"); } So it should simply check if get is set if it isnt then see if getget is set? If not redirect and show the error. Now ive tried it and even when get/getget is set it still redirects, probably something silly. Care to share anyone? Harry. |