PHP - Maintianing Session Across Subdomains

I have 2 subdomains - one for the main site app and one for administration app. Both of these need to work with the same directory - one to upload images and one to read them.

So far I have it like this - the main domain is mounted to www_root. In www_root I created a folder for the admin application. The images folder is also directly in www_root.

The problem is, I can't upload files through http.

So how else can I access a directory that is above the root directory of the current app ?
Or should I rather move the images dir to the admin directory ?

Am currently trying to develop a SaaS, where each user gets their own subdomain with their application. Am wondering, though, with installation and subsequent updates: What is the best way to initiate an installation? The project is currently in a git repository. Is it better to simply pull the master branch per installation; or is zipping up the master branch, copying it to the new subdomain, then running the installation a better (secure?) method? What is the best way to initiate an update of code? If using the git repo, hat would deal with updated code, but not updated MySQL tables. Should the user be allowed to choose to update (so much like W$, a popup shows up that says there's an update; user can choose to update or ignore); or should all updates be forced (such as at a certain time)? I haven't seen much online with my searches, but I may be blind at this point. Any thoughts/comments appreciated!  

I am trying to create an index page which contains registration and login field
the problem that i get is on successful login a warning is displayed
session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at C:\xampp\htdocs\Eventz.com\index.php:116) in C:\xampp\htdocs\Eventz.com\index.php on line 235

This is the login part of my index.php
this tag is inside an html table below the login form
I also have a registration form and its php code above the login form


Code: [Select]
<?php
if (isset($_REQUEST['pass']))
{
    $id=$_POST['id'];
    $pass=$_POST['pass'];

    $conn =mysql_connect("localhost","root","");
    if (!$conn)
    {
   die('Could not connect: ' . mysql_error());
    }
/*
checking connection....success!
*/
    $e=mysql_select_db('test', $conn);
    if(!$e)
    {
   die(''.mysql_error());
    }
    else
    {
   echo 'database selected successfully';
    }

    if (isset($_REQUEST['id'])  || (isset($_REQUEST['pass'])))
    {
        if($_REQUEST['id'] == "" || $_REQUEST['pass']=="")
        {
       echo "login fields cannot be empty";
        }
        else
        {
            $sql=mysql_query("Select email,password from login where email='$id' AND password='$pass'");
            $count=mysql_num_rows($sql);
            if($count==1) 

    /* $count checks if username and password are in same row */
            {   
                session_start();
                $_SESSION['id']=$id;
                echo "</br>Login Successful</br>";
            }
            else
            {
           echo "</br>invalid</br>";
           echo "please try to login again</br>";

            }
        
        }   
    }
}
?>


Any help or suggestion would be appreciated

I am having trouble resolving an error.

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/s519970/public_html/header.php:27) in /home/s519970/public_html/admin/login.php on line 2

 What I can gather is I can't use "header (Location: 'admin.php')" after i've used session_start(). I have tried to replace the header (Location: 'admin.php') with this:

                echo "<script>document.location.href='admin.php'</script>";
      echo "<script>'Content-type: application/octet-stream'</script>";

I've been trying to read up on solutions but haven't been able to get it sorted. If anyone can offer some advice that would be greatly appreciated as im new to php.

Code: [Select]
<?php
  session_start();
  if(isset($_SESSION['user']))

                echo "<script>document.location.href='admin.php'</script>";
echo "<script>'Content-type: application/octet-stream'</script>";
?>

<div id="loginform">

<form action="dologin.php" method="post">
<table>
<tr>
<td><span>Username:</span></td>
<td><input type="text" name="username" /></td>
</tr>
<tr>
<td><span>Password:</span></td>
<td><input type="password" name="password" /></td>
</tr>
<tr>
<td colspan="2" align="right"><input type="submit" name="login" value="Login" /></td>
</tr>
</table>
</form>

</div>
I have tried using require_once('yourpage.php'); before my <head></head> tags in the header document where I've specified the html information but this doesn't seem to work. I've been advised to use ob_start("ob_gzhandler"); but I am not sure how to implement this.

Any advice is greatly appreciated!

in this page
 http://maximaart.com/newscp/
i have this problem
Code: [Select]
Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/maximasy/public_html/newscp/index.php:1) in /home/maximasy/public_html/newscp/index.php on line 2

my source code is

<?php
session_start();
include_once("config.php"); 
include_once("functions.php");
$errorMessage = '';
if (isset($_POST['txtUserId']) && isset($_POST['txtPassword'])) {
if ($_POST['txtUserId'] === "$user" && $_POST['txtPassword'] === "$pass") {
// the user id and password match,
$_SESSION['basic_is_logged_in'] = true;
require("main.php");
exit;?>

I'm making a simple login system with MySQL and PHP (very simple, I'm just starting with PHP). The MySQL portion is done, but I need to ensure only people who are logged in can see certain content.

To check if people are logged in, my website checks that they have the $_SESSION['user'] variable set. If it is set, then it lets them continue through the website, if not, it tells them to login. Is that enough security, or can people simply inject a session cookie into their browser to spoof that they are logged in?

My idea was to generate a session key cookie when they login (just a random string of letters and numbers) and store that in the database, then on every page, check to make sure their session key is the same thing that's in the database. Is this necessary? It seems expensive.

hi everyone.

i'm wondering what the best way is to create a session variable and pass it to an iframe.
i need to do something along these lines, but it doesn't seem to pass the ID. Any hints on how i should accomplish this?

Code: [Select]
session_start();
  $_SESSION['ID']=$_GET['ID']; // id from previous page
$ID=session_id();

 <iframe src="iframepage.php?ID=<?php echo $ID; ?>" style="width:680px; height:200px;" noresize="noresize" frameborder="0" border="0" scrolling="Yes" allowtransparency="true" /> </iframe>

Just curious how other people feel about this.  I am working on an application where a lot of info is pulled from MySQL and needed on multiple pages.     Would it make more sense to...   1.  Pull all data ONCE and store it in SESSION variables to use on other pages    2.  Pull the data from the database on each new page that needs it   I assume the preferred method is #1, but maybe there is some downside to using SESSION variables "too much"?   Side question that's kind of related:  As far as URLs, is it preferable to have data stored in them (i.e. domain.com/somepage.php?somedata=something&otherdata=thisdata) or use SESSION variables to store that data so the URLs can stay general/clean (i.e. domain.com/somepage.php)?   Both are probably loaded questions but any possible insight would be appreciated.   Thanks! Greg
Edited by galvin, 04 November 2014 - 10:30 AM.

Evening!

I've been iffing and ahhing over this and well im not too sure, hence the post.

Code: [Select]
// Redirects if there is no session id selected and echos the error on the previous page
if(!isset($_GET['get']) || ($_GET['getget'])){
header("Location: #.php?error");
}
So it should simply check if get is set if it isnt then see if getget is set?

If not redirect and show the error.

Now ive tried it and even when get/getget is set it still redirects, probably something silly. Care to share anyone?

Harry.

I am trying to get sessions to work right
Here are my settings:
session.gc_maxlifetime = 60
session.gc_probability = 1
session.gc_divisor = 1
session.cookie_lifetime = 0  (when browser closes)

So say I have two php files:
php1.php

session_start();
$_SESSION['var1'] = 'var1';


php2.php

session_start();
echo $_SESSION['var1']. '<br>';


So if I go to php1 it will set the variable and then I can go to php2 and it will echo the variable.  This works.  But if I don't do anything and then go back to php2 after 60 seconds the variable should no longer exist.  This part is not working.  What do I need to change to get it to work?

I am having trouble calling the  session var "email" from the landing page. Here is the code that I am using. I am not even sure the session "email" is starting or registering.

Code: [Select]
$referer = $_SERVER['HTTP_REFERER'];

$email = $_POST['email'];

$sql="SELECT * FROM users WHERE email='$email' ";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $email, table row count must be 1 row

if($count==1){
// Session Register email
session_start();
  $_SESSION['email'] = $email;

header("location:".$referer2." ");
exit();
 }

How to add more data into $_SESSION? I have following code:
Code: [Select]
if(isset($_GET['poredi']) && $_GET['poredi'] == "upo"){
$idp = intval($_POST['idp']);
$sql = "SELECT * FROM product
WHERE product_id={$idp}";
$query=mysql_query($sql);
if(mysql_num_rows($query)!=0){
$row=mysql_fetch_array($query);
$_SESSION['poredi'] = $row['product_id'];

}
}

On click it need to store more product_id, and after that i have to be able to do query with data (find all data with product_id)?

I am building an app (PHP and MySQL)and I had been using a lot of GET calls to get info from URLs, but the more I thought about it, the more I didn't like the possibility of people being able to mess with the URLs.  So I am in the process of changing everything to use SESSION variables to store data across pages, rather than GET.   The way I see it, SESSION variables are completely behind the scenes so they seem to be the better option.  Am I right, or is GET better than SESSION for some reason?

Code: [Select]
<?php

session_start();
if(!session_is_registered(myusername)){
header("location:./default.php");
}

?>

My session works fine but I am just wondering how I can echo the current sessions username?

Thanks

Hi,
I have a PHP page that includes this JS:

Code: [Select]
<script type="text/javascript">
AC_FL_RunContent( 'codebase','http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=9,0,28,0','width','465','height','80','class','FlashBorder','src','img/skype_banner_eng','quality','high','pluginspage','http://www.adobe.com/shockwave/download/download.cgi?P1_Prod_Version=ShockwaveFlash','movie','img/skype_banner_eng' ); //end AC code
                            </script>
skype_banner_eng is a flash movie in English. I need to get this movie to change to a different languagdepending on the language variable loaded. I have done this with jpg images by doing this:

Code: [Select]
header_<?php echo ($_SESSION['session_idioma']);?>.jpg
but whenI try to do the same within the JS it doesn't work....any ideas ?

Thanks