|
PHP - Store Last Session
Hi, I want to maintain users who log in a webpage and each time they leave, I want to record the current time, so this sounds silly but do I just set in my db table in a field that tracks a user's last log in with DEFAULT: CURRENT_TIMESTAMP?
db structu user_id lastActivity lastSession (stores TIMESTAMP of last time user logged in) Any help much appreciated Similar TutorialsCurrently I am adding the concept of "entitlements" to my website. In the past, my "article.php" script would simply look to the URL for which article was being requested and then load it. However now that I am also adding the concept of "premium content" for "paid members", I need a way to control who sees what. What I am wondering is - from a security standpoint - how much information I should load into the $_SESSION variable. For instance, right now when a user logs in, I think I just store the "memberID" and "FirstName" and possibly "Username". It would be more efficient when a Member logs in to also retrieve their "Membership Plan" and store that in the $_SESSION variable, so that as they browse my website, each page can simply grab $_SESSION['MembershipPlan'] and run that through a function that I need to build and then determine if the user gets to access said page. However, maybe it would be more secure to have it so when a user lands on page XYZ, I would look at their "memberID" and query the database to get their "MembershipPlan"? Any thoughts on each approach? Again, my main concern is *security*, but I also suppose this plays into "performance".
Anyone could help or giude how to secure this script by storing session into database?
login.php
<?php
//Start session
session_start();
//Include database connection details
require_once('config.php');
//Get ip
function get_client_ip() {
$ipaddress = '';
if ($_SERVER['HTTP_CLIENT_IP'])
$ipaddress = $_SERVER['HTTP_CLIENT_IP'];
else if($_SERVER['HTTP_X_FORWARDED_FOR'])
$ipaddress = $_SERVER['HTTP_X_FORWARDED_FOR'];
else if($_SERVER['HTTP_X_FORWARDED'])
$ipaddress = $_SERVER['HTTP_X_FORWARDED'];
else if($_SERVER['HTTP_FORWARDED_FOR'])
$ipaddress = $_SERVER['HTTP_FORWARDED_FOR'];
else if($_SERVER['HTTP_FORWARDED'])
$ipaddress = $_SERVER['HTTP_FORWARDED'];
else if($_SERVER['REMOTE_ADDR'])
$ipaddress = $_SERVER['REMOTE_ADDR'];
else
$ipaddress = 'UNKNOWN';
return $ipaddress;
}
//Array to store validation errors
$errmsg_arr = array();
//Validation error flag
$errflag = false;
//Function to sanitize values received from the form. Prevents SQL injection
function clean($str) {
$str = @trim($str);
if(get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
return mysql_real_escape_string($str);
}
//Sanitize the POST values
$login = clean($_POST['login']);
$password = clean($_POST['password']);
$ip = get_client_ip();
//Input Validations
if($login == '') {
$errmsg_arr[] = 'Login ID missing';
$errflag = true;
}
if($password == '') {
$errmsg_arr[] = 'Password missing';
$errflag = true;
}
/* if($login != '' || $password != '') {
if($login !='admin' && $ip !=''.$log_ip.''){
$errmsg_arr[] = 'Your IP <b>'.$ip.'</b> is not recognized...';
$errflag = true;
}
}
*/
//If there are input validations, redirect back to the login form
if($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
//header("location: index.php");
echo ('<meta http-equiv="refresh" content="0;url=index.php">');
exit();
}
//Create query
$qry="SELECT * FROM members WHERE login='$login' AND passwd='".$_POST['password']."'";
$result=mysql_query($qry);
//Check whether the query was successful or not
if($result) {
if(mysql_num_rows($result) == 1) {
//Login Successful
session_regenerate_id();
$member = mysql_fetch_assoc($result);
$_SESSION['SESS_MEMBER_ID'] = $member['member_id'];
$_SESSION['SESS_LOGIN_NAME'] = $member['login'];
$_SESSION['SESS_PASS'] = $member['passwd'];
session_write_close();
//header("location: member-index.php");
echo ('<meta http-equiv="refresh" content="0;url=member-index.php">');
exit();
}else {
//Login failed
//header("location: login-failed.php");
echo ('<meta http-equiv="refresh" content="0;url=login-failed.php">');
exit();
}
}else {
die("Query failed");
}
?>
auth.php (included on top of all php pages
<?php
//Start session
session_start();
//Check whether the session variable SESS_MEMBER_ID is present or not
if(!isset($_SESSION['SESS_MEMBER_ID']) || (trim($_SESSION['SESS_MEMBER_ID']) == '')) {
//header("location: access-denied.php");
echo ('<meta http-equiv="refresh" content="0;url=access-denied.php">');
exit();
}
?>
Hello I have included a simple login system into my website. When a user logs in, a session is started and he stays connected throughout the whole website until logging out again. The user logs in via his e-mailaddress and a password, which are stored in a mysql database. Now I want to add a page on which a user that is logged in, can see and edit his own information (password, cellphone number, e-mail, etc.). Or easier: instead of showing "Welcome!" showing "Welcome, John!". I thought about storing the e-mailaddress into the session, and then trying to access it to select the correct record (to edit afterwards). But so far, I haven't booked any success. I have to say that this is the first time I'm working with sessions as well, so this is very new to me. Thank you in advance for any help! I have a class "Login" that handles login, registration, checking if someone's logged in and authorization stuff. I would prefer to be able to instantiate this just once per session and then reuse that. however, I don't know if there's drawbacks to storing this object in the session. For example, will this lead to too much memory usage of the session object? Is it slow to keep retrieving an object from session? Would it be faster and better on the server to just re-instantiate and then destroy the object every page request? Unfortunately I have no code for this yet cuz I don;t even know if its possible... I am programming an application that is used by a couple of stores, which could end up being a lot of stores. Anyways, the basis is that the stores would, though a separate application (and therefore separate database) create a username and password, I now want to use this username and password to do the following 1. Allow them to login to my application using the same username and password 2. I want the store the username in a session to pull tables based on the username from my database For instance, a user has the login store123, after loggin in it now pulls the information from the tables store123_items, store123_prices, store123_settings, etc. Now my database will have quite a lot of store###_tables I am, sadly, a noobie to PHP and I do recall seeing an article (somewhere on the net, and I stupidly forgot to bookmark it, knowing I would need it eventually) on how to access multiple databases easily. Now because they are both under my account I can use the same username and password for both, its accessing the MySQL username/password database and storing the info I know I am lacking on how to do it. Any ideas? What's the best way to store shopping cart information? I want things to stay in the cart for up to 2 weeks after they're added, without the need for somebody to log-in to their account to store them. Should I store the information in a database some how and then set a cookie referencing the cart_id in the db? Hello all, I have an error handler that I need to append messages to (First name not right, Last name not right, etc) I'm using a session array to handle all error messages titled GORB. How come this code won't work? $_SESSION['GORB']['message'][] = "First name wrong"; $_SESSION['GORB']['message'][] = "Last name wrong"; How can I get it to work? I already have the handler output written and functioning fine, I just need to get it to loop over an array of errors instead of just one. I am trying to create an index page which contains registration and login field the problem that i get is on successful login a warning is displayed session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at C:\xampp\htdocs\Eventz.com\index.php:116) in C:\xampp\htdocs\Eventz.com\index.php on line 235 This is the login part of my index.php this tag is inside an html table below the login form I also have a registration form and its php code above the login form Code: [Select] <?php if (isset($_REQUEST['pass'])) { $id=$_POST['id']; $pass=$_POST['pass']; $conn =mysql_connect("localhost","root",""); if (!$conn) { die('Could not connect: ' . mysql_error()); } /* checking connection....success! */ $e=mysql_select_db('test', $conn); if(!$e) { die(''.mysql_error()); } else { echo 'database selected successfully'; } if (isset($_REQUEST['id']) || (isset($_REQUEST['pass']))) { if($_REQUEST['id'] == "" || $_REQUEST['pass']=="") { echo "login fields cannot be empty"; } else { $sql=mysql_query("Select email,password from login where email='$id' AND password='$pass'"); $count=mysql_num_rows($sql); if($count==1) /* $count checks if username and password are in same row */ { session_start(); $_SESSION['id']=$id; echo "</br>Login Successful</br>"; } else { echo "</br>invalid</br>"; echo "please try to login again</br>"; } } } } ?> Any help or suggestion would be appreciated in this page http://maximaart.com/newscp/ i have this problem Code: [Select] Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/maximasy/public_html/newscp/index.php:1) in /home/maximasy/public_html/newscp/index.php on line 2 my source code is <?php session_start(); include_once("config.php"); include_once("functions.php"); $errorMessage = ''; if (isset($_POST['txtUserId']) && isset($_POST['txtPassword'])) { if ($_POST['txtUserId'] === "$user" && $_POST['txtPassword'] === "$pass") { // the user id and password match, $_SESSION['basic_is_logged_in'] = true; require("main.php"); exit;?> I am having trouble resolving an error. Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/s519970/public_html/header.php:27) in /home/s519970/public_html/admin/login.php on line 2 What I can gather is I can't use "header (Location: 'admin.php')" after i've used session_start(). I have tried to replace the header (Location: 'admin.php') with this: echo "<script>document.location.href='admin.php'</script>"; echo "<script>'Content-type: application/octet-stream'</script>"; I've been trying to read up on solutions but haven't been able to get it sorted. If anyone can offer some advice that would be greatly appreciated as im new to php. Code: [Select] <?php session_start(); if(isset($_SESSION['user'])) echo "<script>document.location.href='admin.php'</script>"; echo "<script>'Content-type: application/octet-stream'</script>"; ?> <div id="loginform"> <form action="dologin.php" method="post"> <table> <tr> <td><span>Username:</span></td> <td><input type="text" name="username" /></td> </tr> <tr> <td><span>Password:</span></td> <td><input type="password" name="password" /></td> </tr> <tr> <td colspan="2" align="right"><input type="submit" name="login" value="Login" /></td> </tr> </table> </form> </div> I have tried using require_once('yourpage.php'); before my <head></head> tags in the header document where I've specified the html information but this doesn't seem to work. I've been advised to use ob_start("ob_gzhandler"); but I am not sure how to implement this. Any advice is greatly appreciated! I'm making a simple login system with MySQL and PHP (very simple, I'm just starting with PHP). The MySQL portion is done, but I need to ensure only people who are logged in can see certain content. To check if people are logged in, my website checks that they have the $_SESSION['user'] variable set. If it is set, then it lets them continue through the website, if not, it tells them to login. Is that enough security, or can people simply inject a session cookie into their browser to spoof that they are logged in? My idea was to generate a session key cookie when they login (just a random string of letters and numbers) and store that in the database, then on every page, check to make sure their session key is the same thing that's in the database. Is this necessary? It seems expensive. hi everyone. i'm wondering what the best way is to create a session variable and pass it to an iframe. i need to do something along these lines, but it doesn't seem to pass the ID. Any hints on how i should accomplish this? Code: [Select] session_start(); $_SESSION['ID']=$_GET['ID']; // id from previous page $ID=session_id(); <iframe src="iframepage.php?ID=<?php echo $ID; ?>" style="width:680px; height:200px;" noresize="noresize" frameborder="0" border="0" scrolling="Yes" allowtransparency="true" /> </iframe> Hello, I have a variable called $Price, We are getting it through Mysql Database using While loop. We getting the data from database in ordered by ID. Now then i have requirement to store that data into Low to High form ... Like we are receiving $price lke unordered form .. 50 14 35 25 00 145 52 Here i just want to store it in Low to high form like 00, 14,25,35 ... and so on .. Please suggest me the appropriate code. While($myrow=mysql_fetch_array($result, MYSQL_ASSOC)) { some codes return value $price. // want to store in array } $array($price) // here want to store in Low to high with key value. Just curious how other people feel about this. I am working on an application where a lot of info is pulled from MySQL and needed on multiple pages.
Would it make more sense to...
1. Pull all data ONCE and store it in SESSION variables to use on other pages
2. Pull the data from the database on each new page that needs it
I assume the preferred method is #1, but maybe there is some downside to using SESSION variables "too much"?
Side question that's kind of related: As far as URLs, is it preferable to have data stored in them (i.e. domain.com/somepage.php?somedata=something&otherdata=thisdata) or use SESSION variables to store that data so the URLs can stay general/clean (i.e. domain.com/somepage.php)?
Both are probably loaded questions but any possible insight would be appreciated.
Thanks!
Greg
Edited by galvin, 04 November 2014 - 10:30 AM. Evening! I've been iffing and ahhing over this and well im not too sure, hence the post. Code: [Select] // Redirects if there is no session id selected and echos the error on the previous page if(!isset($_GET['get']) || ($_GET['getget'])){ header("Location: #.php?error"); } So it should simply check if get is set if it isnt then see if getget is set? If not redirect and show the error. Now ive tried it and even when get/getget is set it still redirects, probably something silly. Care to share anyone? Harry. how do i get a drop down value and store it in a another table as of now i am getting the value from one table showing it on drop down now once that is selected i need to insert it into another table. <html> <?php mysql_connect('localhost','root','') or die('Could not connect to mysql ' . mysql_error()); mysql_select_db("dbtest") or die(mysql_error()); if(isset($_POST['submit'])) { //$name=$_POST['val']; $id = $_POST['select']; $id=$row['name']; ?> <input type="text" name="name2" value="<?php echo $row['name'] ?>"><br /> <?php $query = "INSERT INTO sub (`sub`) values('" . $id . "')"; $result = mysql_query($query); if($query) { echo "query executed"; } } ?> <form id="name" action="<?php $_POST['SERVER_SELF'] ?>" method="POST" > <input type="text" name="name1"><br /> <select name="select" id="select"> <?php $query = "SELECT name,id FROM main"; $result = mysql_query($query); if($query) { while($row = mysql_fetch_array($result)) { $options .= '<option value="' . $row['name'] . '">' . $row['name'] . '</option>'; // $out .= "<option value=\" . $row['name'] . \" >' . $row['name'] . '</option>"; } } echo $options; ?> </select> <input type="submit" name="submit1"> </form> </html> Thanks the above seem to work. Hi,
I am building a website that will contain listings, there will be a categories page which will bring the user to the subcategories for that category then the user can see all listings linked to that subcategory. At the minute I am just linking each page using basic href tags to go to the page name.php and all my pages end up being homepage.com/clickedlink.php.
How do I change my URL's so that if i click on a certain category the url changes to page name.php?category=chosen category?
Thanks
Well, I am storing some of images on my server, but I have to type in the name myself which gets a bit boring and I may overwrite an old image by accident, so, I was thinking of having mysql auto increment the image names. But will this be suitable for images, or should it be text. Hi, I am writing a advertisement system, where i have two fields Ad_Start_date Ad_End_Date i was always confused, in doing this things regarding date whether to use datetime or timestamp in mysql Thanks, It seems that in the following script I am not able to make $page contain some values as it always acts as it contains 0. The script will give you more idea about what I wanna do with it. Code: [Select] <?php include('dbinfo.inc'); session_start(); $connect= mysql_connect($host,$dbuser,$password) or die("connect to database fails"); mysql_select_db($dbname, $connect); //This will set the number of messages we want to display on each page $rows_per_page = 5; function show_msg() { echo "<tr align='center'> <td>$row[message]</td> </tr> <tr><td><strong>Sent By: $_SESSION[username] ON Date: $row[date]</strong></td></tr> <tr><td></td></tr>"; } //This will set the necessay variables required to set the page layout function page_vars() { $sql = "select * from msgs"; $result = mysql_query($sql, $connect); $numrows = mysql_num_rows($result); $total_pages = ceil($numrows/$rows_per_page); //Check whether page is given or not if(isset($_GET["page"])) { $page = $_GET["page"]; } else { $page = 1; } if($page < 1): { $page = 1; } elseif($page > $total_pages): { $page = $total_pages; } endif; } if($_SESSION[loggedin] == TRUE && $_SESSION[actype] == lecturer) { echo "<form action='postmsg.php' method='POST'>"; echo "<table width='80%' border='1'><tr align='center'><td><strong>To send a new message type it in the below box and press SUBMIT</strong> </td></tr>"; echo "<tr align='center'> <td><textarea name='msgarea' cols='40' row='5'></textarea></td> </tr> <tr align='center'> <td><input type='submit' value='Send Message' /></td> </tr> </table>"; $limit .= 'LIMIT '.($page - 1)*$rows_per_page.', '.$rows_per_page; echo $limit; $sql = "select * from 'msgs' $limit"; $result = mysql_query($sql); echo "<table width='80%' border='1'>"; $row = mysql_fetch_assoc($result); while($row) { show_msg(); } } else { page_vars(); $limit .= 'LIMIT '.($page - 1)*$rows_per_page.', '.$rows_per_page; $sql = "select * from msgs $limit"; $result = mysql_query($sql,$connect); echo "<table width='80%' border='1'>"; while($row = mysql_fetch_assoc($result)) { show_msg(); } echo "<tr align='center'> <td> <a href='$_SERVER[php_self]?page=1'>First Page</a> <a href='$_SERVER[php_self]?page=($page - 1)'>$page</a> <a href='$_SERVER[php_self]?page=$page'>$page</a> <a href='$_SERVER[php_self]?page=($page + 1)'>$page</a> <a href='$_SERVER[php_self]?page=($total_pages)'>>>>Last Page</a> </td> </tr>"; echo "</table>"; } ?> now when i echo $limit it always shows "-5, 5" , that's not what i want from this script. Instead I want limit to store "0, 1" with the same concept not direct because it will change according to what $_GET[page] holds. Hope I will get the solution here.... |
|||||||