|
PHP - Problem With Ending A Session
Hello, I have the $_session code working, but after I destroy the session and I am asked to log in again, my browser doesn't ask me for my password and just logs me in. I don't understand because I have destroyed my session and I have deleted the data in $_SESSION and I have deleted the info in the cookie so it shouldn't log me in automatically. I thought it was something in my browser, but I erased my history and I never saved any password. Here's my code: This is the welcome page
<?php
require_once 'login.php';
$connection = new mysqli($db_hostname, $db_username, $db_password, $db_database);
if ($connection->connect_error) die($connection->connect_error);
if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW']))
{
$un_temp = mysql_entities_fix_string($connection, $_SERVER['PHP_AUTH_USER']);
$pw_temp = mysql_entities_fix_string($connection, $_SERVER['PHP_AUTH_PW']);
$query = "SELECT * FROM users WHERE username='$un_temp'";
$result = $connection->query($query);
if (!$result) die($connection->error);
elseif ($result->num_rows)
{
$row = $result->fetch_array(MYSQLI_NUM);
$result->close();
$salt1 = "qm&h*";
$salt2 = "pg!@";
$token = hash('ripemd128', "$salt1$pw_temp$salt2");
if ($token == $row[3])
{
session_start();
$_SESSION['username'] = $un_temp;
$_SESSION['password'] = $pw_temp;
$_SESSION['forename'] = $row[0];
$_SESSION['surname'] = $row[1];
echo "$row[0] $row[1] : Hi $row[0], you are now logged in as '$row[2]'";
die("<p><a href=continue.php>Click here to continue</a></p>");
}
else die("Invalid username/password combination");
}
else die("Invalid username/password combination");
}
else
{
header('WWW-Authenticate: Basic realm="Restricted Section"');
header('HTTP/1.0 401 Unauthorized');
die("Please enter your username and password");
}
$connection->close();
function mysql_entities_fix_string($connection, $string)
{
return htmlentities(mysql_fix_string($connection, $string));
}
function mysql_fix_string($connection, $string)
{
if (get_magic_quotes_gpc()) $string = stripslashes($string);
return $connection->real_escape_string($string);
}
?>
and this is the other page:
<?php
session_start();
if(isset($_SESSION['username']))
{
$username = $_SESSION['username'];
$password = $_SESSION['password'];
$forename = $_SESSION['forename'];
$surname = $_SESSION['surname'];
destroy_session_and_data();
echo "Welcome back $forename. <br>
Your full name is $forename $surname.<br>
Your username is '$username'
and your password is '$password'.";
}
else echo "Please <a href='authenticate2.php'>Click here</a> to log in.";
function destroy_session_and_data()
{
$_SESSION = array();
setcookie(session_name(), '', time() - 2592000,'/');
session_destroy();
}
?>
When I type the website in i first get prompt to enter my password, when I am authenticated the webpage says: You are now logged in click here to continue. When I do I am directed to another page which confirms that I am still logged in. Then I press refresh and the webpage asks me to "Click here to log in". I do, but it doesn't ask me for my password again. Why? My personal info should be destroyed. Thank you for responding. It's greatly appreciated
Similar TutorialsHi Everyone, I wonder if somebody could help me. I have been at this for hours and am really struggling. I have a timer which I have set up for a quiz. The quiz opens in a javascript shadow box. When the quiz is opened a session variable for the timer is set up to keep track of the time. What I need is for this session variable to end when the shadow box is closed. I have a onClose hook to peform actions when the shadow box is closed which is in javascript. Obviously I cannot end the session variable in the javascript function due to js being client side and php being server side. Has anyone any suggestions how I can resolve this issue. I need to end this session variable as if the user exits the quiz and then selects another quiz to do the timer uses the current time session rather than assigning the new time value for that particular quiz. Thanks in advance. Edd Hey guys. I am trying to strip everything between a key phrase and ending tag but for some reason it is not working. I always get blank data. I've tried many different ways but no luck.
basically I have a script that connect to imap and store emails into MySQL as service tickets. works great but I am trying to strip everything except for user reply because currently if a user reply to an email it re-inserts the entire email into MySQL. I added a key phrase at the top of all outgoing emails .
1. structure looks like this.
--Reply below this line to respond--
------------------------------------------------------------------------------------------------
Email body message...
2. When replying to the message it becomes
New Message reply......
--Reply below this line to respond--
old message body.
3. so I would only like to insert the new reply message only.
This is what I got so far.
$message=strip_tags($message, "<br><div><p><u><hr></section>");
$message=preg_replace("</p>", "br /", $message); $message=preg_replace('#--REPLY above this line to respond--(.*?)</section>)#s', ' ', $message); $message=clean("<br/><hr><u>Received On $rep_date / $from_email</u><br><br/>$message"); it inserts the "Received On date and From but $message is blank. If i remove $message=preg_replace('#--REPLY above this line to respond--(.*?)</section>)#s', ' ', $message); it inserts the entire email Any suggestion on what i am doing wrong? thank you all very much. This topic has been moved to PHP Regex. http://www.phpfreaks.com/forums/index.php?topic=320039.0 I'm having trouble with a role in a wordpress site that I made I think the script was that I installed another version, so I some adjustments in it, among those changes have modified this function Quote if (@$_GET['src'] && !@$PHPTHUMB_CONFIG['allow_local_http_src'] && eregi('^http://'.@$_SERVER['HTTP_HOST'].'(.+)', @$_GET['src'], $matches)) { $phpThumb->ErrorImage('It is MUCH better to specify the "src" parameter as "'.$matches[1].'" instead of "'.$matches[0].'".'."\n\n".'If you really must do it this way, enable "allow_local_http_src" in phpThumb.config.php'); } for this: Quote (@$_GET['src'] && !@$PHPTHUMB_CONFIG['allow_local_http_src'] && preg_match('^http://'.@$_SERVER['HTTP_HOST'].'(.+)', @$_GET['src'], $matches)) { $phpThumb->ErrorImage('It is MUCH better to specify the "src" parameter as "'.$matches[1].'" instead of "'.$matches[0].'".'."\n\n".'If you really must do it this way, enable "allow_local_http_src" in phpThumb.config.php'); } It was supposed to make some images appear as thumbnails on the home page my site, but they do not appear and I got the following error: Quote Warning: preg_match() [function.preg-match]: No ending delimiter '^' found in /home/pontocom/public_html/wp-content/themes/Comfy/scripts/phpThumb/phpThumb.php on line 160 Is there some way that I can take to fix this error? Hi New to php code, been trown in at the deep end. Keep getting error message Warning: preg_replace(): No ending delimiter it is to do with these 3 lines only $is_sera = preg_replace("'","\"", $is_sera); $is_sera = preg_replace("%","", $is_sera); $is_sera = preg_replace("\?","", $is_sera); can any one tell me what the ending delimiter error means/is thanks in advance Hi, I am trying to figure out how to stop my script from offering a discount when the date that is listed passes by. It seems to always 'reset' itself even after the 15th of the month...I want it to stop after April 15...This is what I had, can anyone assist? Thank you in advance for your help! Jennifer Code: [Select] } if(date("n") < 15) { $before = $cost*.05; $before = round($before,2); $cost = $cost-$before; } Part of my page is taken from external webpages by preg_match. Since It is a partial section, it contains incomplete tags such as <div>, <span>, etc. Thus, they mix up with my entire page and my </div>, </span> are used for the incomplete tags in the borrowed section. How I can end such tags? or separate this section from the main codes (I mean having an isolated section)? Please help me with this code. It keep appear in my website. "Warning: preg_match() [function.preg-match]: No ending delimiter '.' found in /home/kengsite/public_html/wp-content/plugins/statpress/statpress.php on line 1184" And this is how the line look like. if (!preg_match(".ico$", $urlRequested)) { return ''; } Hello happy codes, I have an image as such; http://storage.canoe.ca/v1/dynamic_resize/?src=http://www.torontosun.com/specialsections/2011/03/10/248x186_mb.jpg&size=40x30 getimagesize doesn't work with this image. Any ideas or links? I have looked through this site and can't find anyone having this problem. Am I missing something? Thank you, V. Hi All, I am trying to create a PHP code that will run a form, however i keep getting the error message Warning: preg_match() [function.preg-match]: No ending delimiter '^' found in D:\xampp\htdocs\HFCC\Scripts\mailprocess.php on line 55 Invalid email address entered. Go Back and try again attached is the complete copy of the code i am using, i have an email text box and label with the id 'email' also my method is POST and my action is Scripts/mailprocess.php. Please let me know if you need any additional details. Any help will be much appreciated. Thanks This is my first post here. G'day everyone. I'm having trouble with getting a session recognized from one page to another. I did a search and used the advice but I'm still having trouble. I have a page called checklogin.php that processes the information submitted for a member to login, and redirect it to login_success.php if the login was successful. The problem I have is when I test the session in the second page it tells me there is no session. Here's my code (I omitted the db connection code): Code: [Select] <?php // username and password sent from form $myusername=$_POST['user']; $mypassword=$_POST['pass']; ?> <? // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1){ // Register $myusername, $mypassword and redirect to file "login_success.php" $_SESSION['myusername']=$myusername; $_SESSION['mypassword']=$mypassword; header("location:login_success.php"); } else { echo "Wrong Username or Password"; } ?> after I am redirected to login_success.php: Code: [Select] <?php session_start(); $_SESSION['myusername']; if (isset($_SESSION['myusername'])) { $loggedin = TRUE; return $loggedin; echo "logged in."; } else echo "not logged in"; ?> It echoes "not logged in". I've struggled with this for days and I don't know what's wrong. Thanks in advance. Hi guys. Im making a script that stores different contents in sessions. And everything seems to be working fine. I previously had some problems with it, but managed to fix them. Now somehow a new problem have accrued for me. I did not do anything to it since it last worked. So i am a little confused. It keeps telling me that the session does not have any content. I think that the problem is within these two files he http://pastebin.com/T6sfzjWn and http://pastebin.com/BUAuFp6t It keeps giving me the error on line 24 from the second file. Can someone please help me and say what i am doing wrong? I'm writing a shopping cart type of application for booking something. The cart will holds items as arrays in the session. The problem i'm i'm having is i can store 5 items in my cart and then once i try to store any more, it just won't. I'm not getting any php errors. I'm using the codeigniter framework, so it may be a codeigniter session storage problem. Hopefully you guys can look at it and can see if you spot any bad logic that i'm overlooking. Code: [Select] <?php //generates random unique 32 character string $booking_hash = random_string('unique'); //set items foreach night foreach($room['date_rate'] as $date => $rate) { //produces random sha1 16 char length string $sha1 = random_string('sha1', 16); $session['items'][$sha1] = array( 'code' => $room['code'], 'id' => $room_id, 'title' => $room['title'], 'date' => date("n/j/Y",strtotime($date)), 'price' => $rate, 'tax_one' => money_format('%i',$room['tax_one'] * $rate), 'tax_two' => money_format('%i',$room['tax_two'] * $rate), 'sales_tax' => 0, 'guests' => $num_guests, 'booking' => $booking_hash, 'deposit' => $deposit, ); } $existing_items = $this->session->userdata('items'); if(!empty($existing_items)) { $session['items'] = $existing_items + $session['items']; } $this->session->set_userdata($session); ?> I just read some codeigniter session documentation. It says the cookie it's using can hold 4KB of data. I have no idea how much text 4KB can hold... I have this error, and I cann't find soluiton: Code: [Select] Notice: Undefined index: ime in C:\wamp\www\web\login_public.php on line 26 Notice: Undefined index: ime in C:\wamp\www\web\login_public.php on line 27 This is the code: Code: [Select] <?php require_once("public/includes/session.php"); ?> <?php require_once("public/includes/connection.php"); ?> <?php if(!$_POST['submit']){ header('refresh:0; url=index.php');} else { $korisnik = $_POST['korisnicko_ime']; $lozinka = $_POST['lozinka']; $lozinka_db = sha1($lozinka); if ($korisnik && $lozinka){ $query = mysql_query("SELECT * FROM korisnik WHERE korisnicko_ime = '$korisnik' "); $numrow = mysql_num_rows($query); if($numrow != 0){ while ($row = mysql_fetch_assoc($query)){ $korisnik_db = $row['korisnicko_ime']; $db_lozinka = $row['lozinka']; $ime = $row['ime']; } if ($korisnik == $korisnik_db && $lozinka_db == $db_lozinka){ echo "Uspesno ste ulogovani"; $_SESSION['ime'] == $ime; echo $_SESSION['ime']; } else { echo "Lozinka je netacna"; } } else {die("Korisnik ne postoji");} } } ?> What seems to be the problem Hi Guys, I am developer and relatively new to php although I have written a few scripts. I have a site which runs on linux/unix platform. I am facing a weird problem: - I have a php script (e.g. site.com/test/test.php) which takes a input from url, and creates a session and opens a wordpress php in another folder (e.g. site.com/wp/index.php) - I wrote a small php code in that wp/index.php which checks if session exists or not. if yes, then no problem, if not then die and show a message. Now the problem is when I run the script, it opens the wp/index.php and the page opens. Good. But when I click on any link in that page e.g about or so, then I get message which I wrote that session not found and so on... I don't know why this is happening. So if you guys can help me with this it would be great. Alternatively, I thought if I protect the wp folder (using protect folder thru cpanel) and write a php script outside which call the php inside the wp folder with a hardcoded uname & pw, then i can run the php inside without anyone knowing what the actual uname or pw is. This way if a user directly tries to access it , he wont be able to do so as uname & password box will appear. But I dunno how to call a php inside protected folder. I tried to redirect but the uname & pw box appeared. I would be grateful if anyone can help me. Thanks a lot, Cheers, GR I'm using xampp and am trying to create a login session...these are the my php files login.php Code: [Select] <form action='login1.php' method='post'> Email: <input type='text' name='id'></br> Pass : <input type='password' name='pass'></br> <input type='submit' name='login' value='login'> login1.php Code: [Select] <?php $id=$_POST['id']; $pass=$_POST['pass']; $conn=mysql_connect("localhost","root",""); if (!$conn) { die('Could not connect: ' . mysql_error()); } $e=mysql_select_db('test', $conn); if(!$e) { die(''.mysql_error()); } else { echo 'database selected successfully'; } $sql=mysql_query("Select email,password from login where email='$id' AND password='$pass'"); $count=mysql_num_rows($sql); if($count==1) { session_start(); echo "</br>Login Successful</br>"; echo "Please wait 5 seconds "; /* redirct to the specified page */ header("refresh:5;url=empty.php"); } else { echo "please try to login again</br>"; echo "you will be redirected to the login page in 5 seconds"; /* redirct to the specified page */ header("refresh:5;url=login.php"); } mysql_close(); ?> empty.php Code: [Select] <?php session_start(); $logi=$_SESSION['id']; echo 'welcome '.$logi; ?> empty.php is supposed to display the email id from login.php I checked it about an hour ago and it was working fine but now it gives me an error Undefined index: id in C:\xampp\htdocs\littleprogress\empty.php on line 4 I didn't change anything after checking it. only cleared the history and cookies of my firefox browser what could be the problem Hi, I"m trying to make an external link to a web page. Them problem is that when my user clicks on the link they are taken to the destination web page, but they see an error "Your session has expired". At that point, they must either refresh the browser or exit out and click again in order to see the page. My question is, how can I go around this problem in my code? If at all possible, I like to be able to add something to the URL so that this does not happen. Any help or guidance is appreciated. Hello Everyone! I have 2 problems with sessions that I'd like some assistance with. 1. The session often ends after clicking any link after logging in. (sometimes it remains alive, and in those cases it stays alive until browser is closed.) 2. The function that should start a session if a cookie is found (and correct) is not working, so if the browser is closed and re-opened the session won't start the session. I'll include the code that I think is relevant. The odd part is that these problems occur in every browser, I have tried multiple tutorials (so different scripts) to creating a login form but somehow the same result appears every time. function login($username, $password, $remember = false) { $sql = mysql_query("SELECT * FROM users WHERE password = '" . md5($password) . "' AND username = '" . $username . "' LIMIT 1"); // If there are no matches then the username and password do not match if($sql === false) { return false; } else { while($u = mysql_fetch_array($sql)) { // Check if user wants account to be saved in cookie if($remember == true) { // Generate new auth key for each log in (so old auth key can not be used multiple times in case // of cookie hijacking) $cookie_auth= rand_string(10) . $username; $auth_key = session_encrypt($cookie_auth); $auth_query = mysql_query("UPDATE users SET auth_key = '" . $auth_key . "' WHERE username = '" . $username . "'"); setcookie("auth_key", $auth_key, time() + 60 * 60 * 24 * 7, "/", "mycorrectwebsite.com", false, true); } // Assign variables to session session_regenerate_id(true); $session_id = $u[id]; $session_username = $username; $session_level = $u[user_level]; $_SESSION['user_id'] = $session_id; $_SESSION['user_level'] = $session_level; $_SESSION['user_name'] = $session_username; $_SESSION['user_lastactive'] = time(); return true; } } } function initiate() { $logged_in = false; if(isset($_SESSION['user_name'])) { $logged_in = true; } // Check that cookie is set if(isset($_COOKIE['auth_key'])) { $auth_key = $_COOKIE['auth_key']; if($logged_in === false) { // Select user from database where auth key matches (auth keys are unique) $auth_key_query = mysql_query("SELECT username, password FROM users WHERE auth_key = '" . $auth_key . "' LIMIT 1"); if($auth_key_query === false) { // If auth key does not belong to a user delete the cookie setcookie("auth_key", "", time() - 3600); } else { while($u = mysql_fetch_array($auth_key_query)) { // Go ahead and log in login($u['username'], $u['password'], true); } } } else { setcookie("auth_key", "", time() - 3600); } } } And then in the header I start every page with: <?php session_start(); include("connect.php"); include("functions.php"); include("actions.php"); initiate(); ?> Hi. I have to check if a session is started or not, and then, check for the rank of the user. For that i use two functions like is_administrator,etc. Well, but this isnt working. I cant get any clear way to know if a session have been already started or not. Code: [Select] function is_administrator() { session_start(); if (isset($_SESSION['usr']) and empty($_SESSION['usr'])) { $l = conect(); $user = $_SESSION['usr']; $cons = "SELECT * FROM `users` WHERE usr='" . $user . '\';'; $res = mysql_query ($cons,$l); $ob = mysql_fetch_array($res); if ($ob['tipo'] == 'A') { return true; } } return false; } What i want to do is to check if a sesion exist, if not, return false. If the sesion exist, check for the user rank and return true/false. Hi, I my first problem is hashing passwords to md5. My second problem is defining session on value from db. There is my code but not working. Code: [Select] mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); $username=$_POST['username']; $password=$_POST['password']; $hash = md5($password); $username = stripslashes($username); $password = stripslashes($password); $username = mysql_real_escape_string($username); $password = mysql_real_escape_string($password); $sql="SELECT * FROM $tbl_name WHERE where username = '$username' and password = '$hash'"; $result=mysql_query($sql); $count=mysql_num_rows($result); if($count==1){ $sql2="SELECT access FROM $tbl_name WHERE username='$username' and password='$password'"; $access=mysql_query("$sql2"); session_register("username"); session_register("password"); session_register("access"); $_SESSION["access"]=$access; header("location:success.php"); } else { echo "Invalid Username or Password";Thanks for any answers. |
|||||||