|
PHP - If Session Active, Else...
Hello guys, before I start I'm a relativity new user of PHP so this really could be something extremely simple, I just can't seem to find it, Basically on my website i have php login script, when you're logged on every page you visit checks a file called auth.php, This will tell create a session called, "$SESSION" Inventive i know... That will tell the browser if the user is logged in or not, so it can decide whether or not to create a Login button, or a Log out button, Here's the code i have so far.
if ( $SESSION == '' ) { echo "<a href='logout.php" ."Log out"; } else { echo "<a href='login-form.php" ."Log in"; } Now, I believe i'm on the right lines? But i'm not fully sure how to basically in English say, If that session is working or exists, Then do this, if not, do this. I mention again, I'm very new to PHP so any help would be very appreciated! Similar TutorialsEvening! I've been iffing and ahhing over this and well im not too sure, hence the post. Code: [Select] // Redirects if there is no session id selected and echos the error on the previous page if(!isset($_GET['get']) || ($_GET['getget'])){ header("Location: #.php?error"); } So it should simply check if get is set if it isnt then see if getget is set? If not redirect and show the error. Now ive tried it and even when get/getget is set it still redirects, probably something silly. Care to share anyone? Harry. Trying to make it so people need a active session in order to access the page after the log in page and if they dont then it redirects them back to the log in page. My session works fine. I tested and made sure. it saves the user_id lets me display the page but how do I keep someone from simply going to the webpage with out loging in? Just a simple if statment checking if lastactive is empty or not? is that secure? Code: [Select] <?php include_once("connect.php"); if(isset($_SESSION['user_id'])) { // Login OK, update last active $sql = "UPDATE users SET lastactive=NOW() WHERE id='".mysql_real_escape_string($_SESSION['user_id'])."'"; mysql_query($sql); }else{ header("Location: index.php"); exit(); } ?> in this page http://maximaart.com/newscp/ i have this problem Code: [Select] Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/maximasy/public_html/newscp/index.php:1) in /home/maximasy/public_html/newscp/index.php on line 2 my source code is <?php session_start(); include_once("config.php"); include_once("functions.php"); $errorMessage = ''; if (isset($_POST['txtUserId']) && isset($_POST['txtPassword'])) { if ($_POST['txtUserId'] === "$user" && $_POST['txtPassword'] === "$pass") { // the user id and password match, $_SESSION['basic_is_logged_in'] = true; require("main.php"); exit;?> I am having trouble resolving an error. Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/s519970/public_html/header.php:27) in /home/s519970/public_html/admin/login.php on line 2 What I can gather is I can't use "header (Location: 'admin.php')" after i've used session_start(). I have tried to replace the header (Location: 'admin.php') with this: echo "<script>document.location.href='admin.php'</script>"; echo "<script>'Content-type: application/octet-stream'</script>"; I've been trying to read up on solutions but haven't been able to get it sorted. If anyone can offer some advice that would be greatly appreciated as im new to php. Code: [Select] <?php session_start(); if(isset($_SESSION['user'])) echo "<script>document.location.href='admin.php'</script>"; echo "<script>'Content-type: application/octet-stream'</script>"; ?> <div id="loginform"> <form action="dologin.php" method="post"> <table> <tr> <td><span>Username:</span></td> <td><input type="text" name="username" /></td> </tr> <tr> <td><span>Password:</span></td> <td><input type="password" name="password" /></td> </tr> <tr> <td colspan="2" align="right"><input type="submit" name="login" value="Login" /></td> </tr> </table> </form> </div> I have tried using require_once('yourpage.php'); before my <head></head> tags in the header document where I've specified the html information but this doesn't seem to work. I've been advised to use ob_start("ob_gzhandler"); but I am not sure how to implement this. Any advice is greatly appreciated! I am trying to create an index page which contains registration and login field the problem that i get is on successful login a warning is displayed session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at C:\xampp\htdocs\Eventz.com\index.php:116) in C:\xampp\htdocs\Eventz.com\index.php on line 235 This is the login part of my index.php this tag is inside an html table below the login form I also have a registration form and its php code above the login form Code: [Select] <?php if (isset($_REQUEST['pass'])) { $id=$_POST['id']; $pass=$_POST['pass']; $conn =mysql_connect("localhost","root",""); if (!$conn) { die('Could not connect: ' . mysql_error()); } /* checking connection....success! */ $e=mysql_select_db('test', $conn); if(!$e) { die(''.mysql_error()); } else { echo 'database selected successfully'; } if (isset($_REQUEST['id']) || (isset($_REQUEST['pass']))) { if($_REQUEST['id'] == "" || $_REQUEST['pass']=="") { echo "login fields cannot be empty"; } else { $sql=mysql_query("Select email,password from login where email='$id' AND password='$pass'"); $count=mysql_num_rows($sql); if($count==1) /* $count checks if username and password are in same row */ { session_start(); $_SESSION['id']=$id; echo "</br>Login Successful</br>"; } else { echo "</br>invalid</br>"; echo "please try to login again</br>"; } } } } ?> Any help or suggestion would be appreciated I'm making a simple login system with MySQL and PHP (very simple, I'm just starting with PHP). The MySQL portion is done, but I need to ensure only people who are logged in can see certain content. To check if people are logged in, my website checks that they have the $_SESSION['user'] variable set. If it is set, then it lets them continue through the website, if not, it tells them to login. Is that enough security, or can people simply inject a session cookie into their browser to spoof that they are logged in? My idea was to generate a session key cookie when they login (just a random string of letters and numbers) and store that in the database, then on every page, check to make sure their session key is the same thing that's in the database. Is this necessary? It seems expensive. hi everyone. i'm wondering what the best way is to create a session variable and pass it to an iframe. i need to do something along these lines, but it doesn't seem to pass the ID. Any hints on how i should accomplish this? Code: [Select] session_start(); $_SESSION['ID']=$_GET['ID']; // id from previous page $ID=session_id(); <iframe src="iframepage.php?ID=<?php echo $ID; ?>" style="width:680px; height:200px;" noresize="noresize" frameborder="0" border="0" scrolling="Yes" allowtransparency="true" /> </iframe> Just curious how other people feel about this. I am working on an application where a lot of info is pulled from MySQL and needed on multiple pages.
Would it make more sense to...
1. Pull all data ONCE and store it in SESSION variables to use on other pages
2. Pull the data from the database on each new page that needs it
I assume the preferred method is #1, but maybe there is some downside to using SESSION variables "too much"?
Side question that's kind of related: As far as URLs, is it preferable to have data stored in them (i.e. domain.com/somepage.php?somedata=something&otherdata=thisdata) or use SESSION variables to store that data so the URLs can stay general/clean (i.e. domain.com/somepage.php)?
Both are probably loaded questions but any possible insight would be appreciated.
Thanks!
Greg
Edited by galvin, 04 November 2014 - 10:30 AM. hello navigation - how can i get the id of an active tab i have a top nav which is pulling its tabs from a database how can i get the id of the active tab then pass it in a global to side navigation this is the top nav code Code: [Select] <?PHP require_once("../includes/initialize.php"); global $topNavs; global $pageName; ?> <div id="navWrapper"> <?PHP $topNav = navL1::find_all(); ?> <div id="ddtabs3" class="solidblockmenu"> <ul> <?PHP foreach($topNav as $topNavs): ?> <li><a <?PHP echo ($pageName == $topNavs->title ? 'class="selected"' : '')?> href="<?PHP echo $topNavs->title; ?>.php" id="<?PHP echo $topNavs->title; ?>"><?PHP echo $topNavs->title; echo $topNavs->id;?></a></li> <?PHP endforeach; ?> </ul> </div><!-- #ddtabs3--> </div><!-- #navWrapper--> this prints the id of 5 which is the last tab in my database. if i have tab 1 active how can i get my loop to get that id ? thanks rick I have a database with Users as a table. It has the normal stuff, id, username, password, and I have anther in it called lastactive. It is DATETIME, and I am wondering how I would make a sql query select the users in the database 'users' and see who has been active in the past 15 mins. What I am asking is how I could do this, and would it be better to use a different structure other then DATETIME. I added <?php $_menu = ''?> <?php foreach ($this->getStoreCategories() as $_category): ?> <?php $_menu .= $this->drawItem($_category) ?> <?php endforeach ?> <?php if ($_menu): ?> <div class="nav-container"> <ul id="nav"> <li class="level0 first nav-home"><a href="<?php echo $this->getUrl() ?>"><span><?php echo $this->__('Home') ?></span></a></li> <?php echo $_menu; ?> <li class="level0 nav-1 parent"><a href="<?php echo $this->getUrl('contacts')?>"><span><?php echo $this->__('Contact') ?></span></a></li> <?php echo $this->getLayout()->createBlock('cms/block')->setBlockId('menu')->toHtml() ?> </ul> </div> <?php endif; ?> to top.phtml and it works as expected, I now have CMS links in my nav but how can I make them have active state like the category links do?? here is the site: http://pro-tools-training.com/new-magento/index.php/video-1.html Morning(at least for me anyway) All, I am currently integrating a facebook/style chat system into my webpage. I am going to build the active user list myself but need a little guidance on how to list my users which are online and how to detect when the have gone. When my users login i store only their userid in a session like many login systems. When they login i could simply add their name to a active_users table, but how would i detect whether they are still alive? Any help would be great. Thanks Sam Hi... I am pretty new to ldap and active directory I am creating a site and want to use Active Directory users as the login to the site. This would be the best way to allow everyone to the site and keep the users and passwords up to date. How do you use PHP to talk with Active Directory to do this login? I have read things about LDAP. Do you have to have that? If so, how do you get that to work? and how to configure ldap and where to configure ldap is it server or in my local system. Please give me an idea how to configure n how to integrate active directory Sorry if i posted this in the wrong place but i dident see anthing about Active Directory or Security Questions
But has anyone used Active Directory as their User Database? Has anyone even tryed braking Active Directory with injection attacks?
Notes that i have found so far:
Php Sends to CMD first so encode userdata in base64 as a transport layer
$rand is a random number to prevent users from useing Success: as a ligitimate user
You will need to clean up the many many spaces that powershell sends back as it is a concole
Special Charicters dont need to be escaped
I am using
Win 2008 RC2
Apache
PHP (of course)
Powershell
Active Directory
PHP Script
$psScriptPath = 'C:/Apache/PSScripts/' //Path outside Website Root
$rand = mt_rand(mt_getrandmax(),mt_getrandmax());
//UTF-8 Standard only
$username = utf8_decode($_POST["username"]);
$password = utf8_decode($_POST["password"]);
$base64_username = base64_encode($username); //Transport Layer Base64
$base64_password = base64_encode($password); //Transport Layer Base64
//The danger happens here as it is sent to powershell.
$query = shell_exec('powershell.exe -ExecutionPolicy ByPass -command "' . $psScriptPath . '" < NUL -rand "' . $rand . '" < NUL -base64_username "' . $base64_username . '" < NUL -base64_password "' . $base64_password . '" < NUL');// Execute the PowerShell script, passing the parameters
Powershell Script
#*=============================================================================
#* Script Name: adpwchange2014.ps1
#* Created: 2014-10-07
#* Author:
#* Purpose: This is a simple script that queries AD users.
#* Reference Website: http://theboywonder.co.uk/2012/07/29/executing-powershell-using-php-and-iis/
#*
#*=============================================================================
#*=============================================================================
#* PARAMETER DECLARATION
#*=============================================================================
param(
[string]$base64_username,
[string]$base64_password,
[string]$rand
)
#*=============================================================================
#* IMPORT LIBRARIES
#*=============================================================================
if ((Get-Module | where {$_.Name -match "ActiveDirectory"}) -eq $null){
#Loading module
Write-Host "Loading module AcitveDirectory..."
Import-Module ActiveDirectory
}else{
write-output "Error: Please install ActiveDirectory Module"
EXIT
NUL
Stop-Process -processname powershell*
}
#*=============================================================================
#* PARAMETERS
#*=============================================================================
$username = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($base64_username))
$password = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($base64_password))
#*=============================================================================
#* INITIALISE VARIABLES
#*=============================================================================
# Increase buffer width/height to avoid PowerShell from wrapping the text before
# sending it back to PHP (this results in weird spaces).
$pshost = Get-Host
$pswindow = $pshost.ui.rawui
$newsize = $pswindow.buffersize
$newsize.height = 1000
$newsize.width = 300
$pswindow.buffersize = $newsize
#*=============================================================================
#* EXCEPTION HANDLER
#*=============================================================================
#*=============================================================================
#* FUNCTION LISTINGS
#*=============================================================================
Function Test-ADAuthentication {
Param($Auth_User, $Auth_Pass)
Write-Output "Running Function Test-ADAuthenication"
$domain = $env:USERDOMAIN
Add-Type -AssemblyName System.DirectoryServices.AccountManagement
$ct = [System.DirectoryServices.AccountManagement.ContextType]::Domain
$pc = New-Object System.DirectoryServices.AccountManagement.PrincipalContext($ct, $domain)
$pc.ValidateCredentials($Auth_User, $Auth_Pass).ToString()
}
#*=============================================================================
#* SCRIPT BODY
#*=============================================================================
Write-Output $PSVersionTable
Write-Output " "
$authentication = Test-ADAuthentication "$username" "$password"
if ($authentication -eq $TRUE) {
Write-Output "Success:$rand Authentication"
}elseif ($authentication -eq $FALSE) {
Write-Output "Failed:$rand Authentication"
}else {
Write-Output "Error: EOS"
EXIT
NUL
Stop-Process -processname powershell*
}
#*=============================================================================
#* SCRIPT Exit
#*=============================================================================
Write-Output "End Of Script"
EXIT
NUL
Stop-Process -processname powershell*
Hi All, How would I go about programming a HTML button that cannot be clicked on for two seconds after it loads? As part of a game I wish to stop people simply re-clicking the button and I think a delay of about two seconds would stop abuse of this (if they click it every two seconds then that's fine). I have read the manual for sleep() but it doesn't do exactly what I want - I want the rest of the page to load (and display), and the button to be grayed out for the two seconds, and then the button to be active. James Gah, can anyone help. We've written a web app, it was all tested and doing what it should and at the eleventh hour I've hit a snag. We use TCDPF to create printed reports from a MySQL database. It does what it should when accessed over the 'net however I've just been informed that their firewall won't allow Activ X content through and they won't (as opposed to can't) create an exception to trust our site. So, I need a workaround. Option 1) Host a complete copy on their internal network (exceptionally undesirable as it becomes unmanageable). Option 2) Split the printing components out and host that on a web server on their internal network. Option 3) Find another way of producing PDF output from a MySQL web app that can traverse a strict firewall. My preference is for option 2, but I'd like some opinions/thoughts on the best way to proceed before I code myself into a corner once more Thus far I've tried using an include to a different server but it is spitting it's dummy at the moment. Does anyone have any opinions on the *easiest* way to work around the problem? Thanks, Rob I retrieve certain messages from the database that has bbtags inside them. Something similar to this forum: Quote from: admin Contact me at [] test@hotmail.com Quote When i display them in a webpage I need the tags to work accordingly. I do not know how to write a function or do somethin to display them by making the quotes active .. I've been browsing the foams for a while now but haven't posted until now. Anyway, I have a table containing a list of items, I want a column to have either a red or a green icon depending on the state I set manually. My question is, how would I best set this up? I'd like to be able to have a simple checkbox admin page that when saved the other page reflects the state either 0 (inactive) or 1 (active), what would be the best way of storing these values and then reading them again? By this I mean a text file, MySQL, etc. I have some knowledge of PHP and MySQL, though not a massive amount. I would like to know how to make my links show that it's active. For example if I click on a link that says overview then that link has to be highlighted. This is the code that I have: Code: [Select] <?php if (isset($this->_params['submenus']) && is_array($this->_params['submenus'])){ foreach ($this->_params['submenus'] as $submenu){ ?> <li class="active"><a href="<?php echo $this->get_uri("/{$submenu['controller']}/{$submenu['action']}") ?>" onclick="javascript:return setSubMenu(<?php echo $submenu['id'] ?>);"><?php echo strtoupper($submenu['name'])?></a></li> <?php } } ?> Unfortunately with this code all the links are selected as active. hi, i looking for a design report like crystal report or active reports but for php the objective is creat a report using mysql data and save the template and load that report in a pdf file for print or save any one know something like that? i already use classes like class.ezpdf.php but i spend many hours creating complex reports, all is created using a text editor.. thanks for your help |
|||||||