|
PHP - Advanced Cookies && Sessions && Mysql For User And Profile Management
Hello users:
I am exploring the delightful world of PHP for web applications. I am in the stage where I need to use SESSIONS and COOKIES and MYSQL for a user/membership/profile structure. I understand most of the grammar behind PHP and am excited to apply this in application. I am searching for recommendations and comments about using: 1. COOKIES 2. SESSIONS 3. MYSQL/SQL Almost every website has an authentication mechanism, profile, and use information. My website required this similar structure, but I have been having some problems completing all of the technical steps for production. If anyone has code samples or places where I can review code on this topic, that would be wonderful. I am specifically searching for more advanced topics in these area for general robustness. Please kindly send me a message or respond to this post. Regards, Diamond Edited by Diamond, 30 December 2014 - 04:27 PM. Similar TutorialsHi All, I am currently struggling with the my user info function which is supposed to display an image on my profile page along with the following parts of information taken from my database. The error is a mysql error stating that the $info = mysql_fetch_assoc($result); is not a valid arguement. Code: [Select] function fetch_user_info($uid) { $uid=(int)$uid; $sql = "SELECT `user_id AS `id` `user_username` AS `username`, `user_firstname` AS `firstname`, `user_lastname` AS `lastname`, `user_email` AS `email`, `user_location` AS `location`, `user_about` AS `about`, `user_gender` AS `gender` FROM `users` WHERE `user_id` = {$uid}"; $result = mysql_query($sql); $info = mysql_fetch_assoc($result); $info['avatar'] = "core/user_avatars/{$info['id']}.jpg"; return $info; } I have looked through the code a few times, but I can tell what is wrong. I have included below the profile page code in case it may be an issue there. Code: [Select] <?php include('core/init.inc.php'); $userinfo = fetch_user_info($_GET['uid']); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title><?php echo $userinfo ['username']; ?>'s Profile</title> </head> <body> <div> <?php if($userinfo == false) { echo 'Sorry, the user does not exist.'; } else { ?> <h1><?php echo $userinfo ['firstname']; ?> <?php echo $userinfo ['lastname']; ?></h1> <img src="<?php echo $userinfo['avatar'];?>" alt="avatar"/> <p>Username: <?php echo $userinfo ['username']; ?></p> <p>First Name: <?php echo $userinfo ['firstname']; ?></p> <p>Last Name: <?php echo $userinfo ['lastname']; ?></p> <p>Gender: <?php echo ($userinfo ['gender'] == 1) ? 'Male' : 'Female'; ?></p> <p>Email: <?php echo $userinfo ['email']; ?></p> <p>Location: <?php echo $userinfo ['location']; ?></p> <p>About: <?php echo $userinfo ['about']; ?></p> </div> <?php } ?> </body> </html> Thanks Jamie Hi guys, I am trying to put together a little system that allows users to log onto my website and access there own personal page. I am creating each page myself and uploading content specific to them which cannot be viewed by anyone else. I have got the system to work up as far as: 1/ The user logs in 2/ Once logged in they are re-directed to their own page using 'theirusername.php' Thats all good and working how I need it too. The problem I have is this. If I log onto the website using USER A details - I get taken to USER A's page like I should but - If I then go to my browser and type in USERBdetails.php I can then access USER B's page. This cannot happen!! I need for USER A not to be able to access USER B profile - there is obviously no point in the login otherwise! If you are not logged in you obviously cannot access any secure page. That much is working! Please find below the code I am using: LOGIN <?php session_start(); function dbconnect() { $link = mysql_connect("localhost", "username", "password") or die ("Error: ".mysql_error()); } ?> <?php if(isset($_SESSION['loggedin'])) { header("Location:" . strtolower($username) . ".php"); if(isset($_POST['submit'])) { $username = mysql_real_escape_string($_POST['username']); $password = mysql_real_escape_string($_POST['password']); $mysql = mysql_query("SELECT * FROM clients WHERE username = '{$username}' AND password = '{$password}'"); if(mysql_num_rows($mysql) < 1) { die("Password or Username incorrect! Please <a href='login.php'>click here</a> to try again"); } $_SESSION['loggedin'] = "YES"; $_SESSION['username'] = $username; $_SESSION['name'] header("Location:" . strtolower($username) . ".php"); } ?> HEADER ON EACH PHP PAGE <?php session_start(); if(!isset($_SESSION['loggedin'])) { die(Access to this page is restricted without a valid username and password); ?> --------------------------------------------------- Am I right in thinking it is something to do with the "loggedin" part? The system I have here is adapted from a normal login system I have been using for years. The original just checks the details and then does a 'session start'. This one obviously has to re-direct to a user specific page. To do this I used the <<header("Location:" . strtolower($username) . ".php");>> line to redirect to a page such as "usera.php" or "userb.php" Any help would be greatly appreciated! Ta I was wondering if there's any common method for user management. I'm not talking about basic stuff like DB management stuff I'm talking about registering new users with captcha, validating email addresses, password resets, etc. I can work all this stuff out by hand but it seems rather large and very repetitious so I was wondering if there's guides out there to develop this or a common script? Okay, well for a site i want to make a user managment system. but i have no idea how to. ive already got the part where you type the user that you want to manage. Code: [Select] <?php /* Copyright (C) 2009 Murad <Murawd> Josh L. <Josho192837> This program is free softwa you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ // Must rewrite ?> <fieldset> <legend> Manage User </legend> <table border='0' style="height:100%;width:570px;border:solid 1px #BBB"> <tr class="navtitle" style="height:25px"> <th style="width:auto">Manage A User</th> </tr> <tr> <td align="center" class="tdbox"> Search for the profile name you wish to manage. </td> </tr> <tr> <td align="center"> <form method="post" action=''> <input type="text" name="name" /> <input type="submit" name="search" value="Search" /> </form> </td> </tr> <tr style="height:25px"> <td class="tdbox"> <span style="float:left"> <a href="?cype=admin">Back To Administration Control Panel</a> </span> </td> </tr> </table> </fieldset> But thats just to find the user you want to edit, i want to make it so i can edit there name, how much money and such they have. instead of going into the db. so if you could help or if you need more info just ask. i dont really no much to put up here. I am working on an application and part of the requirements is to restrict the number of users that can log in based on a license. So on install, I will provide a license that allows for 10 user accounts to be created.
If the client requires 50, a different license will be provided that allows 50.
Regards Hi Guys, have you got an idea how I can create a user management system with login and pw, please? I tried the below, but when I click on the "ADD NEW USER" button nothing happens <div> <fieldset> <legend>USER DETAILS</legend> <table> <tr> <td align="right"><a title='NAME' href='user_edit.php?id=1'>NAME</a></td> <td> <input class="norm" type="text" name="name" id="name" /></div> </td> <td align="right"><a title='SURNAME' href='user_edit.php?id=2'>SURNAME</a></td> <td> <input class="norm" type="text" name="surname" id="surname" /></div> </td> </tr> <tr> <td align="right"><a title='E-MAIL ADDRESS' href='user_edit.php?id=3'>E-MAIL ADDRESS</a></td> <td colspan="4"> <input class="norm" type="text" size="57" name="e-mail" id="e-mail" /></div> </td> </tr> <tr> <td align="right"><a title='LOGIN' href='user_edit.php?id=4'>LOGIN</a></td> <td> <input type="text" name="login" id="login" /></div> </td> <td align="right"><a title='PASSWORD' href='user_edit.php?id=5'>PASSWORD</a></td> <td> <input class="norm" type="text" name="password" id="password" /></div> </td> </tr> </table> </fieldset> </div> <br /> <div> <fieldset> <input type='submit' name='delete' value='DELETE USER' onclick='confirm("ARE YOU SURE?");'/> <input type='submit' name='add' value='ADD NEW USER'/> </fieldset> </div> cheers, ozzo Hi guys, I want a PHP Cookie & Session to apply to both the domain and all its subdomains, except one specific subdomain which I never want the same cookies/sessions to apply to. I have the apply too all sorted, just not the exception. Any help is much appreciated. I am having a hard time getting sessions and cookies to work as I would expect. I am using codelobster editor/debugger and wampserver. My problem is that when I try to delete a cookie it shows that the cookie is still there and active. <?PHP session_start(); date_default_timezone_set('Asia/Qatar'); // I try to delete the previous cookie which was set setcookie('my_session',"",time()-3600); // here I have a function that sets a cookie log_session("username","password"); session_destroy(); ?> When I check the local variables in the debugger they are still there and not deleted and have the same value. Is my logic wrong or is it my system? I'm creating a login. When a user logs in, they can choose for the website to remember them. If they do, then the login function creates cookies. The function checks the database for the information and then stores it into an array and creates the cookies. HOWEVER when a user doesn't choose for the website to remember them, then I assume I will be using session variables. However, I am not sure how to go about it. Usually, I would create a cookie for the username and the password. Would it be safe to create session variables for the username and password to last for the session and then use these? I'm just confused how to deal with just a session.. I have attached a very simple remember me script. Could someone please have a look at it and tell me if I'm doing it correctly, or what the correct implementation would be to allow users to not use and use the remember me function? I'm trying to learn the proper workaround to enable Sessions when visitors have their cookies disabled.
When I create a PHP session page with ini_set("session.use_trans_sid", 1) and then disable my browser cookies and view browser source code, I see what I expect: a hidden input appended like this: It seems to work (sessions without cookies!). However, I don't see the long URL query strings that I used to see when I experimented with this 10 years ago, and I don't see the long PHPSESSID value appended to all the page links, and I don't see dozens of session variables appended as hidden form inputs. Rather, I just see the one PHPSESSID hidden input described above. Is this because all the session variables are stored on the server itself, and all the server needs is that one single long PHPSESSID value? Or, am I doing it wrong? :-) Edited April 4, 2019 by StevenOliver Hello , my website uses sessions to check for users if they are logged in, get data and such stuff.. But i want to add cookies in order to make users stay logged in for more time.. I do have a remember me checkbox and a function that tells me if a user is loggedin by checking if session or cookie is set and then it returns a true flag... the problem is that i dont know how to get if he is logged via session or cookies Thanks. I'm brushing up on Cookies and Sessions. My book says that in order to access the same Session data, you must have Code: [Select] session_start(); on each page that uses the Session data AND the user must have accepted the Session Cookie?! So what do you do if a user has Cookies Turned Off or Declines a Session Cookie?? (I find it hard to believe that Sessions are that "delicate"?!) TomTees Hi, I want to end a session when a registered user is asked to login again but enters the incorrect credentials. I'm destroying the session and taking the user back to the login page, but for some reason when s/he clicks "back" on the browser s/he is able to get back into her/his account. Any ideas? I am looking for a Script 1- which has a new user registeration and lhe can log to the site after "ADMIN APROVAL" 2- Multiple levles ie, user had multiple levles under which he can register on registration page ( Paid,Trial or Free) and after aproval of their registration by admin they r redirected to thier respective area ie free page, paid page or Trial page Thnks to all Seniour for Earilier help I'm very new to PHP and have been working on my site idea for the past couple of weeks and have been working on the basic sign up, logging in, activation and log out. The log out works fine, but when I sign in with a second username, the first user name's information comes up instead. Here's the log out script: <?php session_start(); session_unset(); session_destroy(); setrawcookie('user'); ?> I tried a bunch of other stuff but nothing seems to work. Closing the window and stuff works fine but obviously, that's not the safest method. Hello, On my site I offer the option an option for cookies or sessions on login. If a remember me box is selected, then a cookie will be set. My question is, how do I assign both the $_SESSION['id'] and $_COOKIE['id'] to the same variable? Thanks for the help! I need advice on how to handle a php issue. I will try to simply my problem as best as I can. Index.php is used to upload multiple pictures engine.php is called each time for each picture. So if someone uploads 3 pictures engine.php is called 3 times and uploads each picture separately. What I want to be able to do is to track bulk uploads. For example, if someone uploads 10 pictures at once there would be a unique code in my database that I could query and see the results of the 10 pictures that where uploaded. Kinda like a batch. The problem is that I can't seem to create a unique code that it's used to to track batches. I have used cookies in my index.php and set it to a random variable. When my engine.php starts uploading images via POST method, it calls the cookie that was stores in index.php only to see that the value doesn't get passed. I check index.php by using echo $_COOKIE['...']; and a value does get into the cookie, but engine.php can't seem to access the cookie. (I used setcookie) Here's part of the code for the cookies (engine.php): $getmu = $_COOKIE['multiupload']; $insert_image = "INSERT INTO images (owner, dateadded, mimetype, originalfilename, filename, thumbname, filesize, description, originalip, originalwidth, originalheight, lastaccessed, tracker, mutracker) VALUES ($displayID, NOW(), '".preparedata($contenttype)."', '".preparedata($filename)."', '".preparedata($newfilename)."', '".preparedata($ranthumb)."' , '".preparedata($filesize)."', '".preparedata($imgdesc)."', '".preparedata($userip)."', '".$originalwidth."', '".$originalheight."', NOW(), '".preparedata($tracker)."', '".$getmu."')"; if I set $getmu to just any string, it seems to get inserted into the db, so it's not a syntax issue. When I use cookies, nothing gets inputed. I also tried using sessions, but since engine.php is called for each picture upload, the session changes for every picture. Any ideas or advice? I'm kinda stuck on this. The cookies should work, but they don't :/ I am using the scripts (at the end) on a shared debian server at my web host's remote facility. Hello all, i require some assistance in a bit of PHP/MySql code. I have a website setup with register/login scripts already wrote, i also have a basic members page for now, that has there user ID assigned to it for example members.php?id=$id, which is there ID from the database. I have a members list which shows all members with links to there profiles, now i when i mouse over the link, it will says members.php?id=1 and so on, which is correct but when clicking on any of the members to go to there profile it is my own details that is shown on there profile instead of theres. members.php <?php session_start(); mysql_connect("localhost","root") or die(mysql_error()); mysql_select_db("hireacoder") or die(mysql_error()); $user = $SESSION['username']; $sql = mysql_query("SELECT * FROM users WHERE username='$user'"); $row = mysql_fetch_assoc($sql); echo $row['username']; echo'<br>'; echo $row['fname']; echo'<br>'; echo $row['lname']; echo'<a href="users.php">Users</a>'; ?> users.php <?php session_start(); mysql_connect("localhost","root") or die(mysql_error()); mysql_select_db("hireacoder") or die(mysql_error()); echo "<table border='0'> <tr> <th>UserName</th> </tr>"; $sql = mysql_query("SELECT * FROM users ORDER BY ID"); while($row = mysql_fetch_assoc($sql)) { $id = $row['id']; $username = $row['username']; echo" <tr> <td> <a href='members.php?id=$id'>".$username."</a> </td> </tr>"; } echo "</table>"; ?> Now i know what the problem is, the query is getting the details from the DB with the username = the session user which is me and that is why my details show up on all profiles, but i dont know any other way to do it, any help with be very apprciated thanks you. |
|||||||