|
PHP - Where To Locate Session Cookie For General Site And Administrator Sub-directory Site
I have several "sites" located in my html directory, and each has a "general" access point and an "administrator" access point:
/var/www/html/site1/index.php /var/www/html/site1/administrator/index.php /var/www/html/site2/index.php /var/www/html/site2/administrator/index.php /var/www/html/site3/index.php /var/www/html/site3/administrator/index.phpAll sites are similar except that data will be specific to site1, site2, or site3, etc. Users who log onto /var/www/html/siteX/index.php are totally unrelated to those who logon to /var/www/html/siteX/administrator/index.php, will have different logon credentials, are stored in different DB tables, and each should have their own session. If a user logs off of either the general or administrator site, it should not effect the other site even if they were previously logged on to both on the same PC (and of course not effect other sites). When a user logs off, I would like to destroy their previous cookie and associated session. Users for either will only use https. I am using Apache to rewrite https://www.mysite.com/ to https://mysite.com/. While I named the administrator site "administrator" above, the administrator user has the ability to change the directory name. I am thinking I need to use session_set_cookie_params to specify where I wish the session cookie to be stored since /var/www/html/siteX/administrator/index.php is a sub-directory to /var/www/html/siteX/index.php, but am not really sure. Sorry for the cryptic post, but I am not very well versed in this subject. How would you recommend setting up cookies/sessions for this scenario? Thank you Similar TutorialsI have set up a site for a local orchestra. I have a simple mysql db from which 'News' items are pulled using php. I have set up the following pages: 1. view_news.php 2. insert_news_item.php 3. delete_news_item.php 4. edit_news_item.php All pages are working fine. Now, rather than continually having to do news updates for the orchestra myself, I want to give a person on the orchestra committee access to the above pages so that he/she can do news updates for the orchestra, as required. What is the best way of proceeding from here? I thought about creating a password protected directory and putting pages 2, 3 and 4 above into that directory and then giving the committee member the protected directory password. Is that the way to go? What is the conventional way of doing this sort of thing? Two things to note: I'm new to php and the job is non-paying. I've set up the site as the willing parent of kids in the orchestra. Any advice will be much appreciated. Hi Guys, Before i re-jig code i was wondering if this is possible, i have 2 ecommerce sites located on my server like: /www/site1.com /www/site2.com Instead of going into the admin panel of each site and uploading products individually i was going to re-jig the admin code in site1.com to upload products to both site1 and site2. i know "../" goes up 1 directory but is it possible to not only go up a directory but move them into another sites folders altogether? kind of like: site1.com/admin/upload.php can move files into: site2.com/images/uploads/ thanks guys Graham hop that makes sense! cheers guys Graham Not sure if I'm trying to achieve something totally crazy here, or if this is something pretty standard. Didn't have much luck with searching as I'm not fully down with all the terms. (A) I have one site providing an RSS feed. (B) I have one site I want to search, once for each of the items in the feed A. (C) I want the results of the search in (B) to be displayed on page (C). So for example, the feed on (A) says; apples bananas oranges cheese I want site (B) to search for each of those terms (by passing the item in the feed (A) to the ?search= part of the URL of that page) and then show the results from THAT search on page C. Bit of a complex one, let me know if you need me to clarify. Thanks for any help! Hi, My first post here is a cry for help I have a Windows 2003 server running IIS6/PHP5, the server hosts multiple web sites. The problem is include files that are for site A are showing on site B (each site having its own includes as part of the site files in its own site folder), though not every time, its very random, sometimes the correct includes show, sometimes ones from another site on the same server. This only occurs where the include files for both sites have the same name, such as 'inc-header.php' for example. I can only assume PHP is caching includes and because they have the same name is showing the wrong one on other sites sometimes, if I rename them to something unique then the problem goes away, but its not a practical solution to rename all include files to unique names so I find myself looking for a 'real' fix. I have a feeling its to do with the include_path in the php.ini, but right now its disabled with a semi-colon, and I don't want to set one as I have no global includes, all includes are site specific. Any help would be very much appreciated! Phil now i use this code to show where the visitors came from to my site. <?php $referer=$_SERVER['HTTP_REFERER']; echo $referer; ?> now, i want to show the 5 latest vistors referer's site url on my site ? I'm currently running a classified ads site and planning to display my own content from database combined with and external site rss. So here is what i got right now after the db query for the jobs ads (procedural php),
while ($row = mysqli_fetch_array($results, MYSQLI_ASSOC)){
echo '<div class="media margin-none">
<a class="pull-left bg-inverse innerAll text-center" href="#"><img src="'.$foto.'" share_alt="" width="100" height="100"></a>
<div class="media-body innerAll">
<h4 class="media-heading innerT">
<a href="' . $row['title'] .'-da' . $row['id_ad'] . '" class="text-inverse">'. $remuneracion .' ' . substr(ucfirst(strtolower($row['title'])), 0, 53) . '</a> <small class="pull-right label label-default"><i class="fa fa-fw fa-calendar-o"></i> ' . $row['date_created'] . '</small></h4>
<p>' . substr(ucfirst(strtolower($row['description'])), 0, 80) . ' ...</p>';
echo '</div>
</div>
<div class="col-separator-h"></div>';
}
echo pagination($statement,$per_page,$page, $url_filtros, $filtros);
?>
it is the while loop that i use to display ads from my database, what could be the best way to display (in this same loop?) other site's rss feed so i can show my content combined with the external rss?
Thanks
Transferring data from sub-domain.site.com Reading sub-domain.site.com What is this all about? I'm going to put all .. images into a separate sub-domain eg: images.site.com. This would create a folder inside my public_HTML called "images" Now when sites have that Transferring data, and Reading... is this .. something relating to what I want. Facebook also does it, and they get their images for the site from a sub domain, how is it all done? I'm not sure if its entirely PHP, but I hope someone can help. Thanks I am trying to create an index page which contains registration and login field the problem that i get is on successful login a warning is displayed session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at C:\xampp\htdocs\Eventz.com\index.php:116) in C:\xampp\htdocs\Eventz.com\index.php on line 235 This is the login part of my index.php this tag is inside an html table below the login form I also have a registration form and its php code above the login form Code: [Select] <?php if (isset($_REQUEST['pass'])) { $id=$_POST['id']; $pass=$_POST['pass']; $conn =mysql_connect("localhost","root",""); if (!$conn) { die('Could not connect: ' . mysql_error()); } /* checking connection....success! */ $e=mysql_select_db('test', $conn); if(!$e) { die(''.mysql_error()); } else { echo 'database selected successfully'; } if (isset($_REQUEST['id']) || (isset($_REQUEST['pass']))) { if($_REQUEST['id'] == "" || $_REQUEST['pass']=="") { echo "login fields cannot be empty"; } else { $sql=mysql_query("Select email,password from login where email='$id' AND password='$pass'"); $count=mysql_num_rows($sql); if($count==1) /* $count checks if username and password are in same row */ { session_start(); $_SESSION['id']=$id; echo "</br>Login Successful</br>"; } else { echo "</br>invalid</br>"; echo "please try to login again</br>"; } } } } ?> Any help or suggestion would be appreciated Hi I made a new design for my website and I made some changes. I want to use layout for my second site.
I'll like to know if my site is easier to browse through now and if you like the design better?. I test my site on internet explorer, chrome, and firefox. It is best to use site on better browsers like firefox and chrome to get a better experience of site. Thanks.
http://adjade.com
I'm trying to learn how to code the proper way. There's a few things im worried about,but overall im worried about clogging up the server. so what should i keep in mind while coding, to avoid this? I'm thinking, keep insert and update to a minimum? as in, when possible, use session to keep track of data until i absolutly have to add that data to a database? is that a correct thought? what about once the data is in the database, how much trouble is it to ask for the selected data inside a database? should i be worried about overdoing request of data from databases? on the other hand, should i be worried about having too many sessions travelling around with a user. why? Im just asking to get a better feel for how to do things the proper way, i would hate to have a website built, only to find out that what i built is only a bat, that would bash the hell out of a server i wanted to put it on. This topic has been moved to mod_rewrite. http://www.phpfreaks.com/forums/index.php?topic=318858.0 How do I only redirect the page when index.php is present? Hi All, I have a secure website which always checks the cookies is not expired and the session id is set. When someone doesn't browse for the period of the cookie it will expire however the session id stays valid until he logout. A lot of people don't logout so the pages will still be accessable for them or others who use their pc. Is there a way to destroy the session id when the cookies expires? Marco How can i make echo "<b>Site:</b> ".$req_user_info['site']."<br>"; linkable The site raw fron the db contains an site url. Regards hey guys im using a session cookie to store a user_id, only if user has clicked to remember me on the login form...that way when autenticating it checks id in db and if matching a user it logs in automatically.
now the problem i want to just remove user_id from a session cookie. if i use the code below to delete the user_id session then it will remove all session cookies.
is there a way just to remove 1 session cookie? thank you
// create session cookie
session_start();
session_set_cookie_params('3600', 'C:\Users\Ricky\Desktop\www\BiSi\private\tmp\session', 'http://127.0.0.1/', true, true);
ini_set('session.gc_probability', 1);
session['user_id'] = 1;
//delete session cookies
setcookie (session_name(), null, time() - 3600);
session_regenerate_id(true);
any help/advise would be greatful...cheers guys
Hi, I am just recently getting this error message:Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /home/XXX/chordsandguitar.com/index.php:46) in /home/jchords/chordsandguitar.com/index.php on line 48 this is no doubt related to the fact that my site has been hacked along with 1000's of others that are on dreamhost. I don't know if it's related to php file permissions some of my files may have had had their permission set for read-write when they should not have been. They have all been changed to the more restrictive 755 or 644. So here is how I am using the session_start to store some variables: Code: [Select] session_start(); if (!isset($_SESSION["count"])) { $_SESSION["count"]=0; } else $_SESSION["count"]++; if ($_SESSION["count"] == 0) { $scale_menu = 'C'; $variation_menu = 'maj'; $code_id = '1'; } else { //allows retreiving the value of the drop-downs after the Select button has been pushed // has to be skipped on the first access or overwrites starting vars. to null if (isset($_GET['s_menu'])) $scale_menu = $_GET['s_menu']; else $scale_menu = $_GET['scale_menu']; } So any ideas why I am getting this error? Thanks, Jacques I don't know why but I'm failing hard at GoogleFu today. I can't find a tutorial on how to store a session id in a cookie and then call it on the server. session_id says it replaces the cookie it makes if you set the id via session_id, even if it's the same id...but I'm not sure if that really matters. Can anyone help point me in the right direction to a good tutorial/give me some insight on this subject? I want to store the session id in a cookie to keep a user logged in for 2 weeks or so (unless they log out of course). I did find some tutorials on how to re-route the session handlers for open/close/read/write session functions which allow me to store the session in a database. Is this what I want? Sorry for the newbie question, Thanks, Justin The default PHP Session name on my webspace server is PHPSESSID. Does that mean that the session cookie will be called PHPSESSID? The reason i ask is that in a couple of places i can't use PHP to update the information in the session cookie (because PHP is parsed before the webpage loads) and so i need to use Javascript to update a cookie which i would prefer to be the session cookie used by PHP. I guess i'm asking what the name of the cookie is, how i would refer to it in Javascript (if that is even possible) so that i can update it and whether this would cause any issues with the info already stored in the session cookie by PHP. Cheers NM Hi, I'd like to know the security of assuming session variables and using them for secure membership systems. Could a malicious user not create a session, then change the session username to another user and effectively login as that user? As I see it, no. Because session data is stored on the server and only a session id is stored on the client by way of a cookie. But what if we used cookies? What is the solution to this? Because I know I could easily change ANY variables within a cookie. I guess storing cookie data via db would help. But what is the best practice solution? I see a lot of code which simply checks for a cookie with the variable 'logged_in' to true. It then manages the user by username or userid which are stored within the cookie but which can be changed with ease by a malicious user. Hi to everyone, I'm new to the forum and I'm posting here because I ended up in a logical problem for my next script development.
I need to get some data of external websites (with vbulletin board), perfectly legal.
Using file_get_contents i can print the page content on my server and then use jquery's powerful selectors to get my data.
The problem is that these data are shown only to logged in users so i would need this script (maybe using cURL?) to either login to the external website and then persists the connection or maybe if the user who is executing my script is already logged in that website then use his login? (most likely impossible I think..)
This is my code so far (found on some sites and merged into this)
$data = array('vb_login_username' => 'Scanu', 'vb_login_password' => 'grgfgrgrfbtgbt');
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "http://www.vbulletin.org/forum/login.php?do=login");
curl_setopt($ch, CURLOPT_AUTOREFERER, true);
curl_setopt($ch, CURLOPT_COOKIESESSION, true);
curl_setopt($ch, CURLOPT_FAILONERROR, false);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, false);
curl_setopt($ch, CURLOPT_FRESH_CONNECT, true);
curl_setopt($ch, CURLOPT_HEADER, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
$result = curl_exec($ch);
curl_close($ch);
$pattern = "#Set-Cookie: (.*?; path=.*?;.*?)\n#";
preg_match_all($pattern, $result, $matches);
array_shift($matches);
$cookie = implode("\n", $matches[0]);
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "http://www.vbulletin.org/forum/");
curl_setopt($ch, CURLOPT_COOKIE, $cookie);
curl_setopt($ch, CURLOPT_AUTOREFERER, true);
curl_setopt($ch, CURLOPT_COOKIESESSION, true);
curl_setopt($ch, CURLOPT_FAILONERROR, false);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, false);
curl_setopt($ch, CURLOPT_FRESH_CONNECT, true);
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_POST, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30);
$result = curl_exec($ch);
curl_close($ch);
echo $result;
?>
It just shows the same page for unregistered users. Any help or advice is appreciated, i'm very new to this type of script.. |
|||||||