PHP - How To Store Session In Database Help Please
Anyone could help or giude how to secure this script by storing session into database?
login.php
<?php //Start session session_start(); //Include database connection details require_once('config.php'); //Get ip function get_client_ip() { $ipaddress = ''; if ($_SERVER['HTTP_CLIENT_IP']) $ipaddress = $_SERVER['HTTP_CLIENT_IP']; else if($_SERVER['HTTP_X_FORWARDED_FOR']) $ipaddress = $_SERVER['HTTP_X_FORWARDED_FOR']; else if($_SERVER['HTTP_X_FORWARDED']) $ipaddress = $_SERVER['HTTP_X_FORWARDED']; else if($_SERVER['HTTP_FORWARDED_FOR']) $ipaddress = $_SERVER['HTTP_FORWARDED_FOR']; else if($_SERVER['HTTP_FORWARDED']) $ipaddress = $_SERVER['HTTP_FORWARDED']; else if($_SERVER['REMOTE_ADDR']) $ipaddress = $_SERVER['REMOTE_ADDR']; else $ipaddress = 'UNKNOWN'; return $ipaddress; } //Array to store validation errors $errmsg_arr = array(); //Validation error flag $errflag = false; //Function to sanitize values received from the form. Prevents SQL injection function clean($str) { $str = @trim($str); if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return mysql_real_escape_string($str); } //Sanitize the POST values $login = clean($_POST['login']); $password = clean($_POST['password']); $ip = get_client_ip(); //Input Validations if($login == '') { $errmsg_arr[] = 'Login ID missing'; $errflag = true; } if($password == '') { $errmsg_arr[] = 'Password missing'; $errflag = true; } /* if($login != '' || $password != '') { if($login !='admin' && $ip !=''.$log_ip.''){ $errmsg_arr[] = 'Your IP <b>'.$ip.'</b> is not recognized...'; $errflag = true; } } */ //If there are input validations, redirect back to the login form if($errflag) { $_SESSION['ERRMSG_ARR'] = $errmsg_arr; session_write_close(); //header("location: index.php"); echo ('<meta http-equiv="refresh" content="0;url=index.php">'); exit(); } //Create query $qry="SELECT * FROM members WHERE login='$login' AND passwd='".$_POST['password']."'"; $result=mysql_query($qry); //Check whether the query was successful or not if($result) { if(mysql_num_rows($result) == 1) { //Login Successful session_regenerate_id(); $member = mysql_fetch_assoc($result); $_SESSION['SESS_MEMBER_ID'] = $member['member_id']; $_SESSION['SESS_LOGIN_NAME'] = $member['login']; $_SESSION['SESS_PASS'] = $member['passwd']; session_write_close(); //header("location: member-index.php"); echo ('<meta http-equiv="refresh" content="0;url=member-index.php">'); exit(); }else { //Login failed //header("location: login-failed.php"); echo ('<meta http-equiv="refresh" content="0;url=login-failed.php">'); exit(); } }else { die("Query failed"); } ?>auth.php (included on top of all php pages <?php //Start session session_start(); //Check whether the session variable SESS_MEMBER_ID is present or not if(!isset($_SESSION['SESS_MEMBER_ID']) || (trim($_SESSION['SESS_MEMBER_ID']) == '')) { //header("location: access-denied.php"); echo ('<meta http-equiv="refresh" content="0;url=access-denied.php">'); exit(); } ?> Similar TutorialsUnfortunately I have no code for this yet cuz I don;t even know if its possible... I am programming an application that is used by a couple of stores, which could end up being a lot of stores. Anyways, the basis is that the stores would, though a separate application (and therefore separate database) create a username and password, I now want to use this username and password to do the following 1. Allow them to login to my application using the same username and password 2. I want the store the username in a session to pull tables based on the username from my database For instance, a user has the login store123, after loggin in it now pulls the information from the tables store123_items, store123_prices, store123_settings, etc. Now my database will have quite a lot of store###_tables I am, sadly, a noobie to PHP and I do recall seeing an article (somewhere on the net, and I stupidly forgot to bookmark it, knowing I would need it eventually) on how to access multiple databases easily. Now because they are both under my account I can use the same username and password for both, its accessing the MySQL username/password database and storing the info I know I am lacking on how to do it. Any ideas? Hi, I want to maintain users who log in a webpage and each time they leave, I want to record the current time, so this sounds silly but do I just set in my db table in a field that tracks a user's last log in with DEFAULT: CURRENT_TIMESTAMP? db structu user_id lastActivity lastSession (stores TIMESTAMP of last time user logged in) Any help much appreciated Currently I am adding the concept of "entitlements" to my website. In the past, my "article.php" script would simply look to the URL for which article was being requested and then load it. However now that I am also adding the concept of "premium content" for "paid members", I need a way to control who sees what. What I am wondering is - from a security standpoint - how much information I should load into the $_SESSION variable. For instance, right now when a user logs in, I think I just store the "memberID" and "FirstName" and possibly "Username". It would be more efficient when a Member logs in to also retrieve their "Membership Plan" and store that in the $_SESSION variable, so that as they browse my website, each page can simply grab $_SESSION['MembershipPlan'] and run that through a function that I need to build and then determine if the user gets to access said page. However, maybe it would be more secure to have it so when a user lands on page XYZ, I would look at their "memberID" and query the database to get their "MembershipPlan"? Any thoughts on each approach? Again, my main concern is *security*, but I also suppose this plays into "performance".
Hello I have included a simple login system into my website. When a user logs in, a session is started and he stays connected throughout the whole website until logging out again. The user logs in via his e-mailaddress and a password, which are stored in a mysql database. Now I want to add a page on which a user that is logged in, can see and edit his own information (password, cellphone number, e-mail, etc.). Or easier: instead of showing "Welcome!" showing "Welcome, John!". I thought about storing the e-mailaddress into the session, and then trying to access it to select the correct record (to edit afterwards). But so far, I haven't booked any success. I have to say that this is the first time I'm working with sessions as well, so this is very new to me. Thank you in advance for any help! I have a class "Login" that handles login, registration, checking if someone's logged in and authorization stuff. I would prefer to be able to instantiate this just once per session and then reuse that. however, I don't know if there's drawbacks to storing this object in the session. For example, will this lead to too much memory usage of the session object? Is it slow to keep retrieving an object from session? Would it be faster and better on the server to just re-instantiate and then destroy the object every page request? What's the best way to store shopping cart information? I want things to stay in the cart for up to 2 weeks after they're added, without the need for somebody to log-in to their account to store them. Should I store the information in a database some how and then set a cookie referencing the cart_id in the db? What is the better way, in terms of best practice and also speed of storing PHP objects in a database? Is it: Serialize Code: [Select] $SQL = "INSERT INTO my_table (my_object) VALUES ('" . seralize($php_object). "')"; OR JSON Code: [Select] $SQL = "INSERT INTO my_table (my_object) VALUES ('" . json_encode($php_object). "')"; Any idea which is faster serialize() / unserialize() or json_ecode() / json_decode()? I've been doing some research and I was wondering what the best way is to store IP addresses in a MySQL database, and what would be the field type and length? I've seen that you can use the inet_aton() function but supposedly this doesn't support IPv4. So is there a workaround using these functions? Alternatively, if I was to just store the IP address as it is, what type of field and length would I be looking at? I've read somewhere that 45 is the max? Hey guys!, Any help is greatly appreciated! what i want to do is store a link to a pdf file which will open the file when clicked. just now when clicked will only open the file name but not with the extension .pdf? Thanks! Is there a recommended BEST PRACTICE for storing (and retrieving) telephone numbers from a database table? Is it best to store (in the USA) the area code separate from the rest of the number? Remove parenthesis and/or dashes? Or is there no reason to concern myself with performance or hacking issues regarding the storage of phone numbers as 323-555-1212 or (323)555-1212 inside my table? Hi! So I'm fairly new to PHP, and am currently making a website from scratch including as much PHP functionality as I can for learning purposes. As I have just finished making a blog function, I started to wonder. Is it normal to store every part of a website in a the database? The blog part of the website I just created has of course all the differet blog entries stored in a table in the db, but is it also normal practice to store about, contact etc. in tables too? Or should categories like these be created using brand new .php documents? I am in the progress of making a page controller and thought I should clearify things first, before I go any further. This question may seem stupid, but I don't know alot about what the normal practices of doing things like these in php are. Anyways, hope someone can help me out! Hi, I'm trying to store the first+lastname from my mysql user datababase into arrays like this: // Fill up array with names $a[]="Anna"; $a[]="Brittany"; $a[]="Cinderella"; $a[]="Diana"; $a[]="Eva"; $a[]="Fiona"; $a[]="Gunda"; $a[]="Hege"; $a[]="Inga"; $a[]="Johanna"; $a[]="Kitty"; $a[]="Linda"; $a[]="Nina"; $a[]="Ophelia"; $a[]="Petunia"; $a[]="Amanda"; $a[]="Raquel"; $a[]="Cindy"; $a[]="Doris"; $a[]="Eve"; $a[]="Evita"; $a[]="Sunniva"; $a[]="Tove"; $a[]="Unni"; $a[]="Violet"; Hi, I'm building a webshop and im stuck at the checkout. I'm using this Shopping Cart class http://www.webforcecart.com/manual.html The cart is stored as an object in $_SESSION[cart]. This method Code: [Select] print_r($cart->get_contents());would get this as output: Array ( => Array ( [id] => 7 [qty] => 1 [price] => 11.00 [info] => Test [subtotal] => 11 ) [1] => Array ( [id] => 6 [qty] => 2 [price] => 19.00 [info] => White 0 [subtotal] => 38 ) ) In the table Order I would like to store order-id customer-id total products total quantity total price date In the table Orderrow I would like to sto order-id, product-id, product-name, quantity, price, subtotal I know i can get the order-id with the function mysql_insert_id() but how can i store each product in the array with their info in the table Orderrow? Or is there a better way to do this? please advice me, thank you. Hi Guys, I have been contacted by a client who wants me to develop an application which performs the following functionality: Lets say the domain name is xyz.com . We provide an email of our domain to the person who signup on our website for our services. Lets say the email that is given to the customer is email@xyz.com The client wants to built PHP application in which if an email is sent to email@xyz.com it gets downloaded and is stored in the MySql Database. After the download there is going to be a set of algorithms which will decided whether to forward this email to the client or not on his email address. I have no idea how to accomplish this functionality. Any suggestions would be appreciated. Thanks Sadan Masroor. Hi, I have this form which will create a checkbox list using data from my database and also determin if a checkbox had been checked before and check if it had. <form style="text-align:center" name="PrefRestaurant" id="PrefRestaurant" action="preferances_check.php" method="post"><table align="center"> <?php checkbox(id, name, restaurants, id); ?></table> <input type="submit" name="Prefer" id="Prefer" value="Επιλογή"/></form> function checkbox($intIdField, $strNameField, $strTableName, $strOrderField, $strMethod="asc") { $strQuery = "select $intIdField, $strNameField from $strTableName order by $strOrderField $strMethod"; $rsrcResult = mysql_query($strQuery); while ($arrayRow = mysql_fetch_assoc($rsrcResult)) { $testqry = "SELECT * FROM user_restaurant WHERE user_id = $_SESSION[UserId] AND restaurant_id = $arrayRow[id]"; $rsltestqry = mysql_query($testqry); $numrows = mysql_num_rows($rsltestqry); if ($numrows == 1) { echo "<tr align=\"left\"><td><input type=\"checkbox\" name=\"restaurant[]\" value=\"$arrayRow[id]\" checked/>$arrayRow[name]</td></tr>"; } else{ echo "<tr align=\"left\"><td><input type=\"checkbox\" name=\"restaurant[]\" value=\"$arrayRow[id]\" />$arrayRow[name]</td></tr>"; } } } Now the part which I can't get to work is when I'm trying to store the new values in my database. When I click the submit button I clear my database of any row that is related to the currently loggedin user and I want to store his new preferences (checked cheboxes). I've read that only the cheked checkboxes' values are POSTed so I did this (preferances_check.php) foreach($_POST['restaurant'] as $value) { $query="INSERT INTO user_restaurant VALUES ('$_SESSION[UserId]','$value')"; } But it is not working, nothing gets written in my table Could someone please enlighten me on this? Thnks! Hello people, I have created an application in Code Charge where my site users can login and play games online.The game code is run via flash and html. The Game has 5 stages and from a page in my application called transfertogame.php , i transfer them to the game page. Now i want to be able to track each players progress via database so that when they log back in and they get to the transfertogame.php page, it can check the page they were on before and immediately take them to the page without starting from page 1. Any help will be appreciated as i am very poor with php scripting This is the session ID i guess is being used from my application page //Initialize Method @4-537EA73F function Initialize() { if(!$this->Visible) return; $this->ds->Parameters["sesUserID"] = CCGetSession("UserID"); } //End Initialize Method //Validate Method @4-7E1FC38C function Validate() { $Validation = true; $Where = ""; $this->CCSEventResult = CCGetEvent($this->CCSEvents, "OnValidate"); return (($this->Errors->Count() == 0) && $Validation); } //End Validate Method Hey, i need help storing an image in my database via the URL(image location) at the moment my php code is storing the image in a folder on the directory called upload. here is the code: <?php // Where the file is going to be placed $target_path = "upload /"; /* Add the original filename to our target path. Result is "uploads/filename.extension" */ $target_path = $target_path . basename( $_FILES['uploadedfile']['name']); $target_path = "upload/"; $target_path = $target_path . basename( $_FILES['uploadedfile']['name']); if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) { echo "The file ". basename $_FILES['uploadedfile']['name']). " has been uploaded"; } else{ echo "There was an error uploading the file, please try again!"; } ?> Click <a href="products.php">HERE</a> to go back to form if someone could help me i'd be very grateful Hi, my goal is to be able to create a web based interface for someone who has no programming skills or interest to be able to maintain a list of usernames and passwords for protecting a page of links on a website. so, I've created a page that can write to a database, and I can see that it is working, I can read entries, etc. now, I need to know how to make a script that will check against that database for valid UN/PW combinations. what is the best method for this? James I am building a project that requires I store query strings in a table (stage_reqs) which are called to determine permissions. These strings will look something like this: Code: [Select] select salesman from jobs where salesman is not NULL and job_id='".$this->job_id."' limit 1 The variable value needs to be determined from within the function it is being accessed in. Can I use eval to do this? Thanks, Chris Say I have two functions that convert from Dollar to Cents and Cents to Dollar. function convertToDollar($value) { $amount = $value / 100; return $amount; } function convertToCents($value) { $amount = $value * 100; return $amount; } Currently I convert all the Dollar amounts to cents and store the cents in the mysql database column. When I showcase those amounts on a page, I simply convert the Cents back to Dollar. Am I doing this correctly or is there a better way to store product pricing in mysql table? |