|
Sessions in PHP
Topics
The first page is used to submit data to second page (and also show errors if there are any with the data submitted). The second page should be retrieving the posted data and assigning that data to session should it need to refresh back to the first page to show errors. The session data is used to repopulate the form. Right now I'm typing test into the review_name variable and when the page redirects back to the form to display the error messages, that field is not populated with "test". Code: [Select] $product_id=$_GET['product']; session_start(); $error=$_SESSION['error']; $content.='<div class="product_information_text review_form"> <div class="review_header">Write a Review for '.$product_name.'</div> <form action="./review_process.php?product='.$product_id.'&p=php" method="POST"> <p class="form_item"><label>Name:</label> <input type="text" name="review_name" size="30"'; if(isset($_SESSION['review_name'])){$content.=' value="'.$_SESSION['review_name'].'"';} $content.=' />'; if($error[0]=="1"){$content.=' <span class="red">This field is required.</span>';} $content.=' </p> <p class="form_item"><label>E-Mail:</label> <input type="text" name="review_email" size="30"'; if(isset($_SESSION['review_email'])){$content.=' value="'.$_SESSION['review_email'].'"';} $content.=' />'; if($error[2]=="1"){$content.=' <span class="red">This field is required.</span>';} $content.=' </p> <p class="form_item"><label>Location:</label> <input type="text" name="review_location" size="30"'; if(isset($_SESSION['review_location'])){$content.=' value="'.$_SESSION['review_location'].'"';} $content.=' />'; if($error[3]=="1"){$content.=' <span class="red">This field is required.</span>';} $content.=' </p> <p class="form_item"><label>Describe Yourself:</label> <input type="text" name="review_describe" size="30"'; if(isset($_SESSION['review_describe'])){$content.=' value="'.$_SESSION['review_describe'].'"';} $content.=' />'; if($error[4]=="1"){$content.=' <span class="red">This field is required.</span>';} $content.=' </p> <p class="form_item"><label>Review Title:</label> <input type="text" name="review_title" size="30"'; if(isset($_SESSION['review_title'])){$content.=' value="'.$_SESSION['review_title'].'"';} $content.=' />'; if($error[1]=="1"){$content.=' <span class="red">This field is required.</span>';} $content.=' </p> <p class="form_item"><label>Best Use of Product:</label> <input type="text" name="review_best_use" size="30"'; if(isset($_SESSION['review_best_use'])){$content.=' value="'.$_SESSION['review_best_use'].'"';} $content.=' />'; if($error[5]=="1"){$content.=' <span class="red">This field is required.</span>';} $content.=' </p> <p class="form_item"><label>Product Pros:</label> <input type="text" name="review_pros" size="30"'; if(isset($_SESSION['review_pros'])){$content.=' value="'.$_SESSION['review_pros'].'"';} $content.=' />'; if($error[6]=="1"){$content.=' <span class="red">This field is required.</span>';} $content.=' </p> <p class="form_item"><label>Product Cons:</label> <input type="text" name="review_cons" size="30"'; if(isset($_SESSION['review_cons'])){$content.=' value="'.$_SESSION['review_cons'].'"';} $content.=' />'; if($error[7]=="1"){$content.=' <span class="red">This field is required.</span>';} $content.=' </p> <p class="form_item"><label>Product Rating:</label><br /> <div class="rating_radio"><input type="radio" name="review_product_rating" value="1"'; if(isset($_SESSION['review_product_rating']) && $_SESSION['review_product_rating']=="1"){$content.='checked';} $content.=' /> <br />1</div> <div class="rating_radio"><input type="radio" name="review_product_rating" value="2"'; if(isset($_SESSION['review_product_rating']) && $_SESSION['review_product_rating']=="2"){$content.='checked';} $content.=' /> <br />2</div> <div class="rating_radio"><input type="radio" name="review_product_rating" value="3"'; if(isset($_SESSION['review_product_rating']) && $_SESSION['review_product_rating']=="3" || !isset($_SESSION['review_product_rating'])){$content.='checked';} $content.=' /> <br />3</div> <div class="rating_radio"><input type="radio" name="review_product_rating" value="4"'; if(isset($_SESSION['review_product_rating']) && $_SESSION['review_product_rating']=="4"){$content.='checked';} $content.=' /> <br />4</div> <div class="rating_radio"><input type="radio" name="review_product_rating" value="5"'; if(isset($_SESSION['review_product_rating']) && $_SESSION['review_product_rating']=="5"){$content.='checked';} $content.=' /> <br />5</div> <div class="worst">(Worst)</div><div class="best">(Best)</div> </p> <p> </p> <p class="form_item"><label>Comments on Product:'; if($error[7]=="1"){$content.=' <span class="red">This field is required.</span>';} $content.=' </label><br /> <textarea name="review_text" rows="10" cols="60">'; if(isset($_SESSION['review_text'])){$content.=$_SESSION['review_text'];} $content.='</textarea> </p> <p><input type="submit" value="Submit" name="Submit" /></p> </form> </div> '; session_unset(); session_destroy(); Code: [Select] session_start(); $product_id=$_GET['product']; $review_name=$_POST['review_name']; $_SESSION['review_name']==$review_name; $review_name = stripslashes($review_name); $review_name = mysql_real_escape_string($review_name); if($review_name==""){ $error0=1; } else{ $error0=0; } $review_title=$_POST['review_title']; $_SESSION['review_title']==$review_title; $review_title = stripslashes($review_title); $review_title = mysql_real_escape_string($review_title); if($review_title==""){ $error1=1; } else{ $error1=0; } $review_email=$_POST['review_email']; $_SESSION['review_email']==$review_email; $review_email = stripslashes($review_email); $review_email = mysql_real_escape_string($review_email); if($review_email==""){ $error2=1; } else{ $error2=0; } $review_location=$_POST['review_location']; $_SESSION['review_location']==$review_location; $review_location = stripslashes($review_location); $review_location = mysql_real_escape_string($review_location); if($review_location==""){ $error3=1; } else{ $error3=0; } $review_describe=$_POST['review_describe']; $_SESSION['review_describe']==$review_describe; $review_describe = stripslashes($review_describe); $review_describe = mysql_real_escape_string($review_describe); if($review_describe==""){ $error4=1; } else{ $error4=0; } $review_best_use=$_POST['review_best_use']; $_SESSION['review_best_use']==$review_best_use; $review_best_use = stripslashes($review_best_use); $review_best_use = mysql_real_escape_string($review_best_use); if($review_best_use==""){ $error5=1; } else{ $error5=0; } $review_pros=$_POST['review_pros']; $_SESSION['review_pros']==$review_pros; $review_pros = stripslashes($review_pros); $review_pros = mysql_real_escape_string($review_pros); if($review_pros==""){ $error6=1; } else{ $error6=0; } $review_cons=$_POST['review_cons']; $_SESSION['review_cons']==$review_cons; $review_cons = stripslashes($review_cons); $review_cons = mysql_real_escape_string($review_cons); if($review_cons==""){ $error7=1; } else{ $error7=0; } $review_product_rating=$_POST['review_product_rating']; $_SESSION['review_product_rating']=$review_product_rating; $review_product_rating = stripslashes($review_product_rating); $review_product_rating = mysql_real_escape_string($review_product_rating); $review_text=$_POST['review_text']; $_SESSION['review_text']==$review_text; $review_text = stripslashes($review_text); $review_text = mysql_real_escape_string($review_text); if($review_text==""){ $error8=1; } else{ $error8=0; } $review_show="n"; date_default_timezone_set('US/Eastern'); $review_date = date("F j, Y, g:i a T"); $error="".$error0."".$error1."".$error2."".$error3."".$error4."".$error5."".$error6."".$error7."".$error8.""; if($_GET['p']=="php"){ if($error!=="000000000"){ $_SESSION['error']=$error; //header("Location: ./store.php?product=".$product_id."&write=review"); echo $_SESSION['review_name']; } else{ $sql="INSERT INTO $tbl_name3 (product_id, review_show, review_title, review_email, review_name, review_location, review_date, review_describe, review_best_use, review_pros, review_cons, review_product_rating, review_text) VALUES ('$product_id', '$review_show', '$review_title', '$review_email', '$review_name', '$review_location', '$review_date', '$review_describe', '$review_best_use', '$review_pros', '$review_cons', '$review_product_rating', '$review_text')"; mysql_query($sql); header("Location: ./store.php?product=".$product_id."&reviews=thankyou"); } } On this second page echo $_SESSION['review_name']; returns nothing, when changed to $_SESSION['review_product_rating']; it returns the rating I selected in the form. I'm probably missing something obvious here. Hi, I"m trying to make an external link to a web page. Them problem is that when my user clicks on the link they are taken to the destination web page, but they see an error "Your session has expired". At that point, they must either refresh the browser or exit out and click again in order to see the page. My question is, how can I go around this problem in my code? If at all possible, I like to be able to add something to the URL so that this does not happen. Any help or guidance is appreciated. I have the following session timeout code which should redirect users of a website to a page (session_expired.php) which prints out a message telling the user that his session has expired. I include this code at the top of every page in the website, that requires user authentication. Code: [Select] <?php //address error handling ini_set ('display_errors', 1); error_reporting (E_ALL & ~E_NOTICE); if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > 1800)) { // last request was more than 30 minates ago session_destroy(); // destroy session data in storage session_unset(); // unset $_SESSION variable for the runtime header("location: session_expired.php"); } $_SESSION['LAST_ACTIVITY'] = time(); // update last activity time stamp ?> The session_expired.php page which I will include below, has a login link, which takes the user to a login page (access_denied.php) Code: [Select] <?php //address error handling ini_set ('display_errors', 1); error_reporting (E_ALL & ~E_NOTICE); //Set the page title before the header file $title = 'Session Expired'; require ('header.php'); //need the header ?> <div id="content" class=""> <div id="left_content" class=""> </div> <!--closes left content--> <div id="right_content" class=""> <div id= "right_content_inner_border"> <h5 style ="position:relative;left:660px;top:1px;"> <a style="text-decoration:none" href="access_denied.php">[Login]</a> </h5> <h3 style ="position:relative;left:110px;top:100px; font-color:blue;"> You Session Expired Due to Inactivity! </h3> </div> <!--closes right content inner border--> </div> <!--closes right content--> </div> <!--closes content--> <?php require ('footer.php'); //need the footer ?> Now here lies the problem. When i set the session timeout to say 60 seconds to test the code, everything seems to work perfectly. The authenticated page gets redirected to session_expired.php after 1 minute and when the user clicks on the login link, he is taken back to the login page(access_denied.php). However, when I replace the time with 1800 seconds, the page notice that when I leave the page idle for JUST about 5 minutes, it gets redirected NOT even to the expected session_expired.php page but strangely, directly to the login page(access_denied.php). What could be going wrong here? Any hint is appreciated. I am working on getting members that are ready to make a payment after they have logged in and want to view their emails to make the payment first. How can I reprogram my session to stop them from entering the email section and make a payment first. This is my codes which work fine. Just need to know how to amend it to redirect them to payment. <?php //Start session session_start(); //Check whether the session variable SESS_MEMBER_ID is present or not if(!isset($_SESSION['SESS_ID']) || (trim($_SESSION['SESS_ID']) == '')) { header("location: access-denied.php"); exit(); } ?> I'm using Session variables for the first time on a site I'm developing. I had it working fine while I was doing some admin and testing in subfolders. But the problem is I'm losing the session variables when I load the page from www.example.com, but it works from www.example.com/index.php. I would be happy to post some code if needed. Hi I am using very simple code. Here it is Code: [Select] <?php session_start(); $user = "guest"; $uid = "1"; echo $_SESSION['user']."<br />"; echo $_SESSION['uid']; ?> it displays this error Code: [Select] Notice: Undefined index: user in C:\wamp\www\DealDash\index.php on line 5 Notice: Undefined index: uid in C:\wamp\www\DealDash\index.php on line 6 how can I solve this problem? Help please Suppose I have two versions of the same website; one American and one Canadian. This site has members with profiles etc. The way my site is written, I think that if someone were to login to their account on, say, the American site, then a session variable would indicate that a user is logged in on the client machine. Now if they visit the "profile" page, for example, or some other members-only page ON THE CANADIAN SITE, and start manipulating data etc., then this would affect the databases for the Canadian site, and everything would get screwed up (actually, I think mysql would just start spitting out errors, but that's not good either). Does anyone have some simple way to deal this this kind of thing? I don't really know exactly how session variables work. Say I have two domains, somepage.com and somepage.ca on the same server/DNS. If a page on somepage.com sets a session variable called $_SESSION['somevar'], and a page on somepage.ca also sets a variable called $_SESSION['somevar'], are the two variables somehow distinct because they are on different domains? Like, if somepage.com sets the variable, then somepage.ca check if the variable is set, what will happen? What if I wanted to set up the two pages in subfolders, like somepage.com/us and somepage.com/ca, how would I deal with distinguish session variables for the two sites? Is one approach (i.e. distinct domains vs subfolders) better than the other? Thanks, We are trying to capture customer details & redirecting the customer to payment gateway page and, after succesful transaction from payment gateway we are facing a problem for different browsers. Ideally after successful transaction the page should redirect to order confirmation page but it is redirecting to our cart page.In IE7 it is working fine but in mozilla firefox it is redireting to cart page.On analyzing we found that session is not persisting in firefox. Please help we have stuck here Suggest something if you have faced similar issue with different browsers. Can someone help me I have been working on this problem for some time. I have coded my page to welcome, firstname. At first in my insert I had used the id I have not switched it to the username as id was including everyone of my test names in the welcome. It looks like the sessions are continuing as I am able to go to the private section of the pages. However I am not sure what I have to do to produce the welcome, firstname to go to all the pages and let me know it is allowing the one member to access the private sessions. Also when I use the login form it does not recognize the users. It is like the connection to the database dies i guess. here is my codes. <?php session_start(); ini_set ("display_errors", "1"); error_reporting(E_ALL); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Welcome</title> <style type="text/css"> .background {color: #B56AFF; } </style> </head> <body> <p> <?php /* Program: login.php * Desc: Displays the new member welcome page. Greets * member by name and gives a choice to enter * restricted section or go back to main page. */ if (isset($_SESSION['username'])) { // Set the users session ID include("Connections/connect_to_mysql.php"); //Formulate Query //This is the best way to perform an SQL query $query = mysql_query ("SELECT * FROM `Members` WHERE username={$_SESSION['username']}"); $result = mysql_query($query); $numrows = mysql_num_rows($query); //Check result //This shows the actual query sent to MySQL and the error. Useful for debugging. if(!$result){ $message = 'Invalid query:' . mysql_error() . "\n"; $message .= 'Whole query:' . $query; die($message); } //Use result //Attempting to print $result won't allow access to information in the resource //One of the mysql result functions must be used //See also mysql_result(), mysql_fetch_array(), mysql_fetch_row(), etc. if($numrows!=0){ while($row = mysql_fetch_assoc($query)); $dbusername = $row['username']; $dbpassword = $row['password']; //check to see if they match! if($username==$dbusername&&md5($password)==$dbpassword){ echo "Welcome, ".$_SESSION['firstname']. "!<br><a href='logout_test.php'>Logout</a>"; } } } ?> </p> <p> </p> <p>Your new Member accounts lets you enter the members only section of our web site. You'll find special discounts, a profile of matches, live advise from experts, and much more.</p> <p>Your new Member ID and password were emailed to you. Store them carefully for future use.</p> <div style="text-align: center"> <p style="margin-top: .5in; font-weight: bold"> Glad you could join us!</p> <form action="profile.php" method="post"> <input type="submit" value="Enter the Members Only Section"> </form> <form action="index.php" method="post"> <input type="submit" value="Go to Main Page"> </form> </div> </body> </html> <?php session_start(); ini_set ("display_errors", "1"); error_reporting(E_ALL); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Welcome</title> <style type="text/css"> .background {color: #B56AFF; } </style> </head> <body> <p> <?php /* Program: login.php * Desc: Displays the new member welcome page. Greets * member by name and gives a choice to enter * restricted section or go back to main page. */ if (isset($_SESSION['username'])) { // Set the users session ID include("Connections/connect_to_mysql.php"); //Formulate Query //This is the best way to perform an SQL query $query = mysql_query ("SELECT * FROM `Members` WHERE username={$_SESSION['username']}"); $result = mysql_query($query); $numrows = mysql_num_rows($query); //Check result //This shows the actual query sent to MySQL and the error. Useful for debugging. if(!$result){ $message = 'Invalid query:' . mysql_error() . "\n"; $message .= 'Whole query:' . $query; die($message); } //Use result //Attempting to print $result won't allow access to information in the resource //One of the mysql result functions must be used //See also mysql_result(), mysql_fetch_array(), mysql_fetch_row(), etc. if($numrows!=0){ while($row = mysql_fetch_assoc($query)); $dbusername = $row['username']; $dbpassword = $row['password']; //check to see if they match! if($username==$dbusername&&md5($password)==$dbpassword){ echo "Welcome, ".$_SESSION['firstname']. "!<br><a href='logout_test.php'>Logout</a>"; } } } ?> To my understanding, a session is created and then stored on the server with its assigned value and a unique id. So, if that is correct I should be able to somehow locate a particular session on the server based on it's assigned value. Well, I was hoping to use this concept to keep multiple people from logging in under the same account at the same time. I figured that I could check this in my login script by declaring the customer's id as the session value when they login. Then, I could check for a session variable equal to the cusotmer's id when they try to login. My (untested) code is below. Am I going about this right, and how would I check to see if a user's session is currently set on the server? Code: [Select] <?php // initiate session and redirect logged in users session_start(); if(isset($_SESSION['customer_id'])) { header('location:my_videos.php'); } // if login button was pressed if(array_key_exists('login', $_POST)) { // initalize error array and check that user supplied a username and password $error = array(); $username = trim($_POST['username']); $password = trim($_POST['password']); if(empty($username)) { $error['username'] = 'Please enter your username.'; } if(empty($password)) { $error['password'] = 'Please enter your password.'; } // if username and password supplied then proceed if(!$error) { // connect to the database require_once('includes/connect.php'); // filter data for query $username = mysql_real_escape_string($username); $password = md5(mysql_real_escape_string($password)); $queryUser = mysql_query("SELECT customer_id, customer_username, customer_password FROM customer WHERE customer_username = '$username' AND customer_password = '$password'", $connect) or die(mysql_error()); $dataUser = mysql_fetch_assoc($queryUser); $rowsUser = mysql_num_rows($queryUser); $customerId = $dataUser['customer_id']; // determine if the user is a valid customer if($rowsUser == 1) { // see how many IP addresses the customer has used to login with in the past 24 hours $queryIP = mysql_query("SELECT COUNT(DISTINCT log_ip) AS ip FROM log WHERE log_customer_id = $customerId AND log_timestamp IN((DATE_SUB(NOW(), INTERVAL 1 DAY)), NOW())") or die(mysql_error()); $dataIP = mysql_fetch_assoc($queryIP); if($dataIP['ip'] > 3) { $error['ip'] = 'This customer account has reached the maximum number of IP addresses allowed. If you feel this is a system error please send us an email via the Contact Us form.'; exit; } else { // see if the customer is already logged in $queryLogged = mysql_query("SELECT customer_id, customer_logged_in FROM customer WHERE customer_logged_in = 1 AND customer_id = '$customer_id'", $connect) or die(mysql_error()); $dataLogged = mysql_fetch_assoc($queryLogged); $rowsLogged = mysql_num_rows($queryLogged); if($rowsLogged == 1) { // if database shows the customer is already logged in // if there is also a session variable set that matches their customer id on the server if($_SESSION['customer_id'] == $customerId) { // i need to somehow find this session value on the server first // this means the user is trying to login from two different locations header('location:bad_login.php'); exit; // if no session variable for customer id is set on the server } else { // this means user lost connection without logging out // set a customer id session variable $_SESSION['customer_id'] = $customerId; // log customer activity $ip = $_SERVER["REMOTE_ADDR"]; $queryLog = mysql_query("INSERT INTO log (log_timestamp, log_ip, log_customer_id) VALUES (NOW(), '$ip', '$customerId')", $connect)or die(mysql_error()); // send user to appropriate page (if a previous page session variable exists send them there) if(isset($_SESSION['previous_page'])) { header('location:video_info.php'); // if not send them to the my_videos.php page } else { header('location:my_videos.php'); } } } // if database shows the customer is not logged in else { $_SESSION['customer_id'] = $customerId; $queryLogin = mysql_query("UPDATE customer SET customer_logged_in = 1 WHERE customer_id = '$customerId'", $connect) or die(mysql_error()); $ip = $_SERVER["REMOTE_ADDR"]; $queryLog = mysql_query("INSERT INTO log (log_timestamp, log_ip, log_member_id) VALUES (NOW(), '$ip', '$customerId')", $connect)or die(mysql_error()); if(isset($_SESSION['previous_page'])) { header('location:video_info.php'); } else { header('location:my_videos.php'); } } } // if there was no match found in the database } else { $error['login'] = "Incorrect username and/or password. If you do not have an account with us, please create one"; } } } ?> I have a site with a members area that uses sessions. I migrated my DB from MySQL 4 to 5. Now my login page does not work. Please help. Member Login Page: Code: [Select] <?php session_name ('name'); ini_set ('session.use_cookies', 0); session_start(); ?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title></title> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <link href="css/style.css" rel="stylesheet" type="text/css" /> <script type="text/javascript" src="js/swfobject/swfobject.js"></script> <script type="text/javascript"> var flashvars = {}; flashvars.xml = "config.xml"; flashvars.font = "font.swf"; var attributes = {}; attributes.wmode = "transparent"; attributes.id = "slider"; swfobject.embedSWF("cu3er.swf", "cu3er-container", "960", "400", "9", "expressInstall.swf", flashvars, attributes); </script> <link href="css/menu.css" rel="stylesheet" type="text/css" /> <style type="text/css"> #apDiv1 { position:absolute; left:592px; top:75px; width:552px; height:53px; z-index:1; } a:visited { color: #5D4580; } a:hover { color: #FFF; } a:active { color: #5D4580; } </style> </head> <body> <div class="main"> <div class="blok_header"> <div class="header"> <div class="rss"><strong>P</strong></div> <div class="clr"></div> <div class="logo"><a href="index.html"><img src="images/logo.jpg" width="211" height="88" border="0" alt="" class="one" /></a></div> <div class="menu"> <ul id="css3menu"> <li class="topfirst"><a href="index.html" title="Home">Home</a></li> <li><a href="#" title=""><span>Omega Psi Phi</span></a> <ul> <li><a href="founders.html" title="Fraternity Founders">Fraternity Founders</a></li> <li><a href="omegahistory.html" title="Fraternity History">Fraternity History</a></li> <li><a href="programs.html" title="Mandated Programs">Mandated Programs</a></li> <li><a href="links.html" title="Links">Links</a></li> </ul> </li> <li><a href="#" title="Phi Gamma Chapter"><span>Phi Gamma Chapter</span></a> <ul> <li><a href="history.html" title="Phi Gamma History">Phi Gamma History</a></li> <li><a href="lineage.html" title="Phi Gamma Lineage">Phi Gamma Lineage</a></li> <li><a href="dedication.html" title="Dedication">Dedication</a></li> <li><a href="calendar.html" title="Calendar">Calendar</a></li> <li><a href="photogallery.html" title="Photo Gallery">Photo Gallery</a></li> <li><a href="members/login.php" title="Member Login">Member Login</a></li> <li><a href="roster.html" title="Chapter Roster">Chapter Roster</a></li> </ul> </li> <li><a href="members/login.php" title="Member Login">Member Login</a></li> <li class="toplast"><a href="contact.html" title="Contact Info.">Contact Info.</a></li> </ul> </div> </div> <div class="clr"></div> <div class="body"> <div class="body_bg"> <h2>Member's Only </h2> <?php if ($_SESSION['membername'] != null) { // print "<META HTTP-EQUIV='Refresh' content='0;URL=updatemember.php'>"; echo "You are already logged in. Please wait to be redirected to the members page, or <a href=\"members.php\">click here</a> if you are not automatically redirected. User name for the session is ".$_SESSION['username'].", the member name is ".$_SESSION['membername']; print "<META HTTP-EQUIV='Refresh' content='5;URL=members.php'>"; //header("Location: members.php"); //exit; } else { ?> <form name="admin" method="post" action="userlogon.php"> <table width="891" border="0" cellspacing="5" cellpadding="5"> <tr> <td height="80" colspan="2" align="left"><p>Please enter you username and password. Don't remember your password, <u><strong><a href="password.php">click here</a></strong></u><strong><a href="password.php"></a></strong>.</td> <td width="360" rowspan="5" align="center" valign="middle"><img src="images/login_image.jpg" width="239" height="314" /></td> </tr> <tr> <td width="257" height="38" align="right"><p><strong>Username:</strong></td> <td width="224" align="left"><input type="text" name="username"></td> </tr> <tr> <td height="38" align="right"><p><strong>Password:</strong></td> <td align="left"><input type="password" name="password"></td> </tr> <tr> <td height="34"> </td> <td align="left"><input type="submit" class="yellowbutton" name="submit" value="Sign In"></td> </tr> <tr> <td colspan="2"><p>To register for a username and password with Phi Gamma, please <u><strong><a href="register.php">click here</a></strong></u><strong><a href="password.php"></a></strong>.</td> </tr> </table> </form> <?php } ?> <p> </p> <div class="clr"></div> </div> <div class="clr"></div> </div> </div> <div class="footer"> <div class="footer_resize"> <p class="center"> <a href="index.html">Home</a> | <a href="contact.html">Contact</a> </p> <div class="clr"></div> </div> <div class="clr"></div> </div> </body> </html> After the credentials are entered the user is returned back to the login page and NOT the member's page. This is the userlogon.php page: Code: [Select] <?php $link = mysql_connect('localhost:/tmp/mysql5.sock', 'dbuser', 'dbpw'); if (!$link) { die('Could not connect: ' . mysql_error()); } //mysql_close($link); if (!mysql_select_db('db_name', $link)) { echo 'Could not select database'; exit; } $username = $HTTP_POST_VARS["username"]; $password = $HTTP_POST_VARS["password"]; $member_id = ''; $role = ''; $firstname = ''; // Formulate Query // This is the best way to perform a SQL query // For more examples, see mysql_real_escape_string() $query = sprintf("SELECT users.member_id, users.username, users.password, users.role, FROM users join members on users.member_id = members.member_id WHERE users.username ='%s' AND users.password='%s'", mysql_real_escape_string($username), mysql_real_escape_string($password)); // Perform Query $result = mysql_query($query); // Check result // This shows the actual query sent to MySQL, and the error. Useful for debugging. if (!$result) { $message = 'Invalid query: ' . mysql_error() . "\n"; $message .= 'Whole query: ' . $query; die($message); } // Use result // Attempting to print $result won't allow access to information in the resource // One of the mysql result functions must be used // See also mysql_result(), mysql_fetch_array(), mysql_fetch_row(), etc. while ($row = mysql_fetch_assoc($result)) { $member_id = $row['member_id']; $username = $row['username']; $role = $row['role']; } if ($member_id != ''){ session_start(); $_SESSION['membername'] = $username; $_SESSION['username'] = $username; $_SESSION['memberid'] = $member_id; $_SESSION['role'] = $role; print "<META HTTP-EQUIV='Refresh' content='0;URL=members.php'>"; } else { print "<META HTTP-EQUIV='Refresh' content='0;URL=memberlogin.php'>"; } // Free the resources associated with the result set // This is done automatically at the end of the script mysql_free_result($result); ?> It worked fine before the migration??? Anyone know where the problem is? Hi, I my first problem is hashing passwords to md5. My second problem is defining session on value from db. There is my code but not working. Code: [Select] mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); $username=$_POST['username']; $password=$_POST['password']; $hash = md5($password); $username = stripslashes($username); $password = stripslashes($password); $username = mysql_real_escape_string($username); $password = mysql_real_escape_string($password); $sql="SELECT * FROM $tbl_name WHERE where username = '$username' and password = '$hash'"; $result=mysql_query($sql); $count=mysql_num_rows($result); if($count==1){ $sql2="SELECT access FROM $tbl_name WHERE username='$username' and password='$password'"; $access=mysql_query("$sql2"); session_register("username"); session_register("password"); session_register("access"); $_SESSION["access"]=$access; header("location:success.php"); } else { echo "Invalid Username or Password";Thanks for any answers. This should be really simple, but I just can't figure out why it isn't working. It's my first time using sessions, so I'm probably doing something silly. It's just a login to an admin page. It's for a photo gallery, that's why the database is called "photo". This is the login page: Code: [Select] <?php session_start(); if(isset($_POST['user']) && isset($_POST['password'])){ $user = $_POST['user']; $password = sha1($_POST['password']); $photo = new mysqli('localhost', 'user', 'password', 'photo'); $login = $photo->query("select user, sha1(password) from settings where user = '$user' and sha1(password) = '$password'"); if($login->num_rows > 0){ $_SESSION['login'] = 1; ?> <META HTTP-EQUIV="Refresh" Content="0; URL=admin.php"> <?php } else { $badlogin = 1; } } ?> <html> <head> <style> body {margin-top: 50px;} td {text-align: right;} input {width: 200px;} </style> </head> <body><center> <?php if(isset($badlogin)){ ?> <span style="color: red;">Oops! Wrong login.</span><br><br> <?php } ?> <table> <form action="admin.php" method="post"> <tr><td>User:</td><td><input type="text" name="user" /></td></tr> <tr><td>Password:</td><td><input type="password" name="password" /></td></tr> <tr><td></td><td><input type="submit" value="Login" /></td></tr> </form> </table> </center></body> </html> And this is the admin page: Code: [Select] <?php session_start(); if($_SESSION['login'] != 1){ ?> <META HTTP-EQUIV="Refresh" Content="0; URL=login.php"> <?php } else { ?> <html> <head> </head> <body> Admin stuff here. </body> </html> <?php } ?> Hi. I have to check if a session is started or not, and then, check for the rank of the user. For that i use two functions like is_administrator,etc. Well, but this isnt working. I cant get any clear way to know if a session have been already started or not. Code: [Select] function is_administrator() { session_start(); if (isset($_SESSION['usr']) and empty($_SESSION['usr'])) { $l = conect(); $user = $_SESSION['usr']; $cons = "SELECT * FROM `users` WHERE usr='" . $user . '\';'; $res = mysql_query ($cons,$l); $ob = mysql_fetch_array($res); if ($ob['tipo'] == 'A') { return true; } } return false; } What i want to do is to check if a sesion exist, if not, return false. If the sesion exist, check for the user rank and return true/false. I am attempting to us glob to display contents of a users folder using a session variable. Example: I have a session variable called department Code: [Select] $row_fullname['department']; In department I have the name of the department the user belongs to such as: office, plant, maintenance, and groundskeeping I created a folder called docs inside of docs there are 4 subfolders called office, plant, maintenance, and groundskeeping I found this code which will display the contents of the folder: Code: [Select] <?php $files = glob( './docs/office/*.*' ); foreach ( $files as $file ) { echo '<a href="./docs/office/' . basename( $file ) . '"target="_blank">' . basename( $file ) . '</a><br />'; } ?> The above code works fine, but I would like it to only display the contents of a departments folder only if the user is part on that department. Here is an example that I know is completely wrong but it may help explain what I am trying to do. Code: [Select] <?php ]<?php $files = glob( './docs/echo $row_fullname['department'];/*.*' ); foreach ( $files as $file ) { echo '<a href="./docs/echo $row_fullname['department'];/' . basename( $file ) . '"target="_blank">' . basename( $file ) . '</a><br />'; } ?>Thanks for your time Need help declaring some session variable guys. I have a login form where the member enters his 1. Pilot Callsign 2. Password I want to declare that Pilot Callsign as the session variable on authentication. Using that Pilot Callsign session variable, I will fetch data from the database relevant to his profile. I already have the whole login page coded along with the restricted access pages (not coded by me). Check this out 1. Page is coded like this and working PERFECTLY --- Code: [Select] <?php // *** Validate request to login to this site. if (!isset($_SESSION)) { session_start(); } $loginFormAction = $_SERVER['PHP_SELF']; if (isset($_GET['accesscheck'])) { $_SESSION['PrevUrl'] = $_GET['accesscheck']; } if (isset($_POST['pilot_callsign'])) { $loginUsername=$_POST['pilot_callsign']; $password=$_POST['password']; mysql_select_db($database_brn_system, $brn_system); $LoginRS__query=sprintf("SELECT pilot_callsign, password, staff_level, firstname FROM pilots WHERE activated = 1 AND pilot_callsign=%s AND password=%s", GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text")); $LoginRS = mysql_query($LoginRS__query, $brn_system) or die(mysql_error()); $loginFoundUser = mysql_num_rows($LoginRS); if ($loginFoundUser) { $loginStrGroup = mysql_result($LoginRS,0,'staff_level'); if (PHP_VERSION >= 5.1) {session_regenerate_id(true);} else {session_regenerate_id();} //declare two session variables and assign them $_SESSION['MM_Username'] = $loginUsername; $_SESSION['MM_UserGroup'] = $loginStrGroup; ?> --- 2. As you can see, there already is a session variable declared for Pilot Callsign But on the next page "Restricted Access Page", when I try to call this same Session Variable, it doesn't work. I tried doing this <?php echo $_SESSION['MM_Username'] ?> Moreover, I even tried to fetch data from the table like this - SELECT * FROM pilots WHERE pilot_callsign=$_SESSION['MM_Username'] Doesn't work Basically I'm trying to set up a shopping cart using PHP & MySql (oh really!?) and I've gotten to the point where I need to insert the bought products into a database. Currently, at the checkout, there is a session which stores data for all of the products which have been added into the cart. From here I am just trying to create an order id code that is only relevant to this session. So in the database it would end up looking something like this: order_id = 001, product_id = 2, order_quantity = 3 order_id = 001, product_id = 4, order_quantity = 2 order_id = 001, product_id = 1, order_quantity = 5 order_id = 002, product_id = 2, order_quantity = 3 order_id = 002, product_id = 4, order_quantity = 2 order_id = 002, product_id = 1, order_quantity = 5 So I would be able to pull these results later by selecting the order relevant to the order_id. At least I think this is the easiest option for me. Every product which is put into the cart has a $_SESSION name of 'product_x', 'x' being the id associated with that product Any help? Hello guys. I'm in need of help. I want to know who to make a full working session. When a player logs in, the session starts. There will be a new button "My Page", he can go there at any time. When he logs off, that button disappears ( Session over ). I'm so bad at explaining stuff. Hope y'all really understood me. This piece of code is used to log the user in: Code: [Select] <?php session_start(); include("config.php"); if(isset($_SESSION["Username"])) { $user = $_SESSION["Username"]; $pass = md5($_SESSION["Password"]); } else { $user = $_POST["User"]; $pass = md5($_POST["Password"]); $_SESSION['Username'] = $user; $_SESSION['Password'] = $pass; $escuser = mysql_real_escape_string($user); $escpass = mysql_real_escape_string($pass); } $result = mysql_query("SELECT * FROM playerinfo WHERE user = '$escuser'"); $num_rows = mysql_num_rows($result); if($num_rows == 0) { echo('That username does not exist...'); echo '<a href="http://yu-ki-ko.com/fsns/""> Go back!</a>'; unset($_SESSION['Username']); unset($_SESSION['Password']); die; } $row = mysql_fetch_row($result); if($row[1] !== $escpass) { echo('Wrong Password!...'); echo '<a href="http://yu-ki-ko.com/fsns/""> Go Back!</a>'; unset($_SESSION['Username']); unset($_SESSION['Password']); die; } ?> Not sure if its working properly or not. I'm stuck at that part. I've recently had a problem with my admin site where PHP sessions, which are stored in a MySQL database, are duplicating and causing the page to return to the login screen. Usually the site works fine in Firefox, but stops working in IE and Safari. This problem suddenly appeared over night with no change to the files. Due to the amount of code, I'm reluctant to post it all, but does anyone have a suggestion on why this could be happening and how to solve it? Hi, I am facing problems in destroying the session variables in my logout file .I have used session_id() in my php files for ex $sid = session_id().Now when I click on logout I naviagte to my index file but the session variable $sid still remain.I have chkd it.I have kept session_start() function in a file and I am including that file in every php by require_once function.The file is palced in Includes folder..is it causing the problem?? please help me out Also can I use session_start() more than once in a single php file? My logout file is : <?php session_start(); session_destroy(); header("location:index.php"); exit(); ?> I am so glad someone told me about putting in the error_reporting ALL because I was not sure why my id for members was not picking up on the next pages. Can someone let me know how I can fix this I thought it automatically picks it up and sets it to private pages for each member. Notice: Undefined index: id in /home/ebermy5/public_html/login.php on line 25 <?php session_id(); session_start(); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Welcome</title> </head> <body> <?php /* Program: New_member.php * Desc: Displays the new member welcome page. Greets * member by name and gives a choice to enter * restricted section or go back to main page. */ error_reporting(E_ALL); ini_set("display_errors", 1); $firstname = ''; include('Connections/connect_to_mysql.php'); $result = mysql_query("SELECT firstname FROM `Members` WHERE id='{$_SESSION['id']}'"); $row = mysql_fetch_array($result); if ($firstname == ''){ //condition, is name equal to lower case firstname notice we use == and not = echo "Welcome, $firstname"; } else { //so incase the condition is not as expected echo "Sorry you are not $firstname"; } ?> <p>Your new Member accounts lets you enter the members only section of our web site. You'll find special discounts, a profile of matches, live advise from experts, and much more.</p> <p>Your new Member ID and password were emailed to you. Store them carefully for future use.</p> <div style="text-align: center"> <p style="margin-top: .5in; font-weight: bold"> Glad you could join us!</p> <form action="profile.php" method="post"> <input type="submit" value="Enter the Members Only Section"> </form> <form action="index.php" method="post"> <input type="submit" value="Go to eBermylove Main Page"> </form> </div> </body> </html> Sorry for my noob question, I've learned about sessions a bit and tried to make a simple "game", basically a user has to enter one of the colors of the rainbow and after they name all 7, they win. Sounds simple enough, but I'm clearly making an obvious mistake and I've googled and read and experimented, but obviously something is alluding me. Here is the pastebin: http://pastebin.com/XmN4YLp8 I suppose what I want to know is...how do I store the values from the form (that is, $_POST['color']) and save that information to something like an array, because whatever I'm doing now is resetting the counter ($_SESSION['left']) and if a user guesses "red" for instance, it temporarily goes from 7 to 6, but then bumps up to 7? Hi, I am having trouble with my cURL call because when I run the exec method I loose my current login state in the session. I have tried the two options below, but they have yet to succeed. If there is anything else you want me to tell you that will help you understand my issue, please let me know. $sessionfile = fopen("sessionfile.txt", "w"); fputs($sessionfile, session_encode( ) ); fclose($sessionfile); $c->setopt(CURLOPT_COOKIEFILE, $sessionfile); $c->setopt(CURLOPT_COOKIEJAR, $sessionfile); $sessName = session_name(); $_COOKIE[$sessName] = session_id(); $_COOKIE['aud_logged_in'] = Session::isLoggedIn(); session_write_close(); $c->setopt(CURLOPT_COOKIE, $sessName."=".$_COOKIE[$sessName].";"); I have my script protected against all types of sql injection, XSS injection, cookies and bots. But now i want to know whats the best way of preventing session hijacking? I know nothing can be 100% secured but i want to know how to prevent it And u know it: prevention is better than cure! Hi Guys New to php so stick with me. I'm trying to create a simple login script that will grant a user access to content that is only viewable by those people who are logged in. I'm ok doing the login part and authenticating the password etc. But once the user gets directed to the content page how can I ensure that only a registered user who is logged in sees that page? (probably missing something very obvious here). I've tried reading around but not found much on this specific question. Should I set the user's username and password (which is encrypted) as session variables and authenticate them as the first stage of each page they visit? Or is there a better way of doing this? Don't worry, not looking for you to write the code just a description of the best way of doing it would be great! Thanks, Drongo I have a website uploaded onto Host Gator hosting and the sessions are carried over to the other pages ok. When using the same website in XAMPP it does not carry over the session to the next page and need to login again. If i log in it puts the following after the URL - ?sid=3b71942d410d84c45f9f4433561c325a The when i go to another link it loses the sid and i'll need to manualy past it into the next URL to get it working unless i log in again on the new page. This is only happening with XAMPP but working fine in the Host Gator hosting environment. Please help! My login is integrated with the phpbb3 login. This is the code at the beginning of every page - Code: [Select] <?php ob_start(); define('IN_PHPBB', true); $phpbb_root_path = './phpbb3/'; $phpEx = substr(strrchr(__FILE__, '.'), 1); include($phpbb_root_path . 'common.' . $phpEx); // Start session management $user->session_begin(); $auth->acl($user->data); $user->setup(); ?> is there anyway to prevent a sessions from expiring to soon. I believe they are 20 minute sessions, correct. Even if they are not 20 min. is there a way to prevent it from happening? hi i want to include session so that attendance.php can't be acess directly.. Hello, I'm trying to test a simple login system without a db, just for testing purposes. I have created a php file that checks if the username and pass are valid and register a session. Code: [Select] <?php session_start(); define("ADMINUSER", "user"); define("ADMINPASSWORD", "pass"); $user = $_POST['user']; $pass = $_POST['pass']; if (($user==ADMINUSER) && ($pass==ADMINPASSWORD)) { $_SESSION['logged_in'] = true; header("Location: main.php"); } else { header("Location: auth.php?flag=wrong"); } ?> and include this in other files to check if the user is logged in: Code: [Select] <? session_start(); if ($_SESSION['logged_in'] != true) { header("Location: auth.php?flag=not"); exit; } ?> But this doesn't seem to work, as I closed the window, clear my cookies and shutdown my PC and when I try to open it again and it doesn't redirect me to the login page(auth.php). What am I doing wrong ? Any help is appreciated. Hi: How do I set a password-protected page to time out after 20 minutes or so? I thought it was doing it on the below page, but it is not working. A tutorial I found online. Login.php Code: [Select] <form name="form1" method="post" action="myLogin.php"> <input name="myUserName" type="text" size="40" id="myUserName"> <br /><br /> <input name="myPassword" type="password" size="40" id="myPassword"> </div> <input type="submit" name="Submit" value="Login"> </form> myLogin.php Code: [Select] <?php ob_start(); // Connect to server and select database. //mysql_connect("$host", "$username", "$password")or die("cannot connect"); //mysql_select_db("$db_name")or die("cannot select DB"); // Define $myUserName and $myPassword $myUserName=$_POST['myUserName']; $myPassword=$_POST['myPassword']; // To protect MySQL injection (more detail about MySQL injection) $myUserName = stripslashes($myUserName); $myPassword = stripslashes($myPassword); $myUserName = mysql_real_escape_string($myUserName); $myPassword = mysql_real_escape_string($myPassword); $sql="SELECT * FROM myAdmins WHERE myUserName='$myUserName' and myPassword='$myPassword'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $myUserName and $myPassword, table row must be 1 row if($count==1){ // Register $myUserName, $myPassword and redirect to file "a_Home.php" session_register("myUserName"); session_register("myPassword"); header("location:a_Home.php"); } else { echo " <html> ... </html> "; } ob_end_flush(); ?> myCheckLogin.php (added to each page to see if the person logged-in via Login.php): Code: [Select] <? session_start(); if(!session_is_registered(myUserName)){ header("location:Login.php"); } ?> Any help would be great. Thanks. Ok guys heres the deal. I have been struggling on this for about two weeks and am giving up. Because I'm giving up, I would like to throw this up to you guys to help me out. I am trying to build a login I tried learning sessions but they make no sense to me whatsoever on how the information passes from one to another. So i created my own sessions database, where im uploading the data i need to pass page to page to my db, and repulling it on the next page. In order to do this i needed to create a cookie so I can refrence that data on the next page, main.php. When I run main.php i get an the echo of. "THIS COOKIE AINT FUCKING WORKING". which to me means one of two things. One is either im not creating the cookie right, or two, im not accessing it correctly. But to widdle that down I created the testpoint on if cookie is created and it seems to work fine, cuase im not getting the die(). Im not an advance php programmer by any means, just been self learning for a few months, so bear with me and please break it down as much as possible. I feel that if i can just get a userid created on one page, put it into a cookie, send it, and retreive it when on the next page, i can do the rest from there. If you can see why that is happening then let me know. Thanks in advance. NEVERBEGOSU ---------------------------------- index.php ------------- Code: [Select] <?php include ('srvdbcon.php'); include ('functions/sitebuild.php'); include ('functions/functions.php'); setcookie('user', 'mike'); login(); headcontent(); headermain(); leftcontent(); ?> <div id="content"> <div class="post"> <h1 class="title"><a href="#">Welcome to </a></h1><p class="byline">21 April 2011 by <a href="#"></a></p> <div class="entry"> <p><strong></strong> is a free, 100% Starcraft 2 Replay Center. Our goal is to provide the ability to UPLOAD replays with detailed data, as well as to DOWNLOAD those replays. Our Replay Search function is one of a kind, designed by hand to help you find replays that you are looking for.</p> <p class="links"><a href="#" class="more">About Us</a></p> </div> </div> <div class="post"> <h2 class="title"><a href="#">Latest News</a></h2> <p class="byline">Working hard to get the site up and running. <a href="#"></a></p> <div class="entry"> <h3>Looking for late May Release:</h3> <blockquote> <p>Im working really hard guys. Forgive me for the pushback.</p> </blockquote> <h3>In Production:</h3> <ul> <li>Working on a new template for the site.</li> <li>Continuing developing the search function for replays.</li> <li>In the middle of moving in RL so working hard when I can.</li> <li>Working hard on the member login/registration pages.</li> <li>Started working on the forums</li> </ul> <h3>Finished:</h3> <ul> <li>Got the Upload Page working.</li> <li>Completed the Download style for the site.</li> <li>Finished a few other smaller aspects.</li> </ul> <p class="links"><a href="#" class="more">Read More</a></p> </div> </div> <div class="post"> <h2 class="title"><a href="#">LOOKING FOR HELP </a></h2> <p class="byline"><small>Posted on 22 Aprl 2011 by <a href="#">SCG.Admin</a></small></p> <div class="entry"> <p> is looking for a few people, if willig, to help design the site. The following positions are needed. </p> <ul> <li>Graphics Designer</li> <li>PHP/MYSQL Programmer</li> </ul> <p>If anyone is intrested please contact me at .</p> <p class="links"><a href="#" class="more">Read More</a></p> </div> </div> </div> <?php rightcontent1(); echo "<center><h2>Login</h2></center> "; echo "<form name='log' method='POST' action='" . $PHP_SELF . "'>"; echo "Username:"; echo "<p><input type='text' name='username'>"; echo "<p>Password:"; echo "<p><input type='password' name='password'>"; echo "<p><input type='submit' id='log' name='log' value='Login'>"; echo "<br>"; echo "<h2> Not a Member </h2>"; echo "<p><a href='register.php'>Register</a></p>"; echo "</center>"; rightcontent2(); footerdiv(); ?> ------------------------------------------------------------------------------------------- main.php --------- Code: [Select] <?php include ('srvdbcon.php'); include ('functions/sitebuild.php'); if(!isset($_COOKIE['userid'])); { die ('CANT GET THE FUKCING COOKIE TO WORK'); } headcontent(); headermain(); leftcontent(); ?> <div id="content"> <div class="post"> <h1 class="title"><a href="#">Welcome to </a></h1><p class="byline">21 April 2011 by <a href="#">SCG.Admin</a></p> <div class="entry"> <p><strong></strong> is a free, 100% Starcraft 2 Replay Center. Our goal is to provide the ability to UPLOAD replays with detailed data, as well as to DOWNLOAD those replays. Our Replay Search function is one of a kind, designed by hand to help you find replays that you are looking for.</p> <p class="links"><a href="#" class="more">About Us</a></p> </div> </div> <div class="post"> <h2 class="title"><a href="#">Latest News</a></h2> <p class="byline">Working hard to get the site up and running. <a href="#">SCG.Admin</a></p> <div class="entry"> <h3>Looking for late May Release:</h3> <blockquote> <p>Im working really hard guys. Forgive me for the pushback.</p> </blockquote> <h3>In Production:</h3> <ul> <li>Working on a new template for the site.</li> <li>Continuing developing the search function for replays.</li> <li>In the middle of moving in RL so working hard when I can.</li> <li>Working hard on the member login/registration pages.</li> <li>Started working on the forums</li> </ul> <h3>Finished:</h3> <ul> <li>Got the Upload Page working.</li> <li>Completed the Download style for the site.</li> <li>Finished a few other smaller aspects.</li> </ul> <p class="links"><a href="#" class="more">Read More</a></p> </div> </div> <div class="post"> <h2 class="title"><a href="#">LOOKING FOR HELP </a></h2> <p class="byline"><small>Posted on 22 Aprl 2011 by <a href="#">SCG.Admin</a></small></p> <div class="entry"> <p>SCG.O is looking for a few people, if willig, to help design the site. The following positions are needed. </p> <ul> <li>Graphics Designer</li> <li>PHP/MYSQL Programmer</li> </ul> <p>If anyone is intrested please contact me at </p> <p class="links"><a href="#" class="more">Read More</a></p> </div> </div> </div> <?php rightcontent1(); rightcontent2(); footerdiv(); ?> ---------------- functions.php Code: [Select] <?php function verifylogin() { } function login() { $Login=$_POST['log']; if ($Login) { $username=$_POST['username']; $password=($_POST['password']); $verlogin="SELECT * FROM user WHERE user='$username' AND password='$password'"; $verloginq=mysql_query($verlogin); if(mysql_num_rows($verloginq)!='0') { setcookie('userid' , 'mike'); if (setcookie) { $ip = getenv("REMOTE_ADDR"); $time=time(); $loginquery="INSERT INTO login (id,user,date,ip) VALUES ('','$username','$time','$ip')"; $loginqueryr=mysql_query($loginquery); if ($loginqueryr) { header("location:testmain.php"); } else { die('There was a problem sending info to database: LOGIN.'); } } else { die ('Cookie wont set for some damn reason.');} } else {die ('username/password error');} } else { } } function logout() { } function logcook() { } function logsess() { } ?> MOD EDIT: [code] . . . [/code] BBCode tags added. Hi A part of my site allows users to send messages to other users. When a member is logged on, they see a panel on the left with a link to the messages page. If there is a message they have not seen, it looks like messages(1). As this panel is on every page, the message(1) is displayed on every page. My question is a general one which i've always wondered about - I determine whether all messages have been read or not from the database. Should I go once to the database when user logs on, and save this value to a session, or should i go to the database each time the member goes to a new page.... The reason I ask is because I am saving a lot of data in the session already so where do I draw the line between saving stuff to a session and just repeatedly going to the database.. Hello everyone, I'm sitting here in a position where I can't work on my site or test any code, but my mind is racing about what I can do to solve a particular problem that I have. I won't get into the problem because it would take more time to type than I have right now, but I have an idea for a simple solution, just not sure if it will work or not. So, here's my question: Is it possible to have multiple session variables during a session? Such as: $email=$_SESSION['email']; $user=$_SESSION['userid']; If this is possible, my problem is solved (I think)... otherwise, I have to keep thinking about it. Thanks for any help! Hi all... once again I am trying to re-educate my self into PHP after a long gap. I do not have a problem as such just a question... here is part of my script that doesnot work; <? $sql= "INSERT INTO member ( username, ) VALUES ( \"$_SESSION['nm_username']\", \"$_SESSION['nm_email']\" )"; ?> The above errors because there are single quotation marks in the session variables. When I remove them the script works and the values of the variables seem to be correct! My question is - do I NEED the quotation marks in the variable and if so how should I write the query? Regards After installing SquirrelMail I am facing the following error on initial start up. SquirrelMail 1.4.x is not compatible with PHP's session.auto_start setting. Please disable it at least for the location where SquirrelMail is installed. Now my problem is not how to turn session.auto_start off (php.ini) as I really don't want to. Does any one know how I can go about turning it off for the squirrelmail directory only?? Many Thanks In Firefox and Google Crome my code works correct, but in IE it doesnt. The problem is that before or after loading a page in IE, $_SESSION is unsetted. If i set $_SESSION['online'] = 1, then after reloading the page then print_r($_SESSION) outputs nothing. Hi all, I have the following code to check whether the client has javascript enabled in their browser: page.php: Code: [Select] <?php session_start(); if(isset($_SESSION['gocheck'])) {$gocheck = $_SESSION['gocheck'];} else {$gocheck = 'no';} //echo $gocheck; if($gocheck=='no'){header ("Location: ./gocheck.php"); exit;} //----Execution only reaches this line if gocheck.php has been run and Javascript is enabled.-------- unset($_SESSION['gocheck']); //rest of page ?> gocheck.php: Code: [Select] <?php session_start(); $_SESSION['gocheck'] = 'yes'; echo" <!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\"> <html xmlns=\"http://www.w3.org/1999/xhtml\" xml:lang=\"en\" lang=\"en\"> <head> <script type=\"text/javascript\" language=\"JavaScript\"> window.location.replace('page.php'); </script> </head> <body> This website requires Javascript to be enabled in your browser. <br /> Please enable Javascript and try again. </body> </html> "; ?> So what should happen is the user is always redirected from page.php to gocheck.php, which sets the session variable $gocheck to 'yes' and directs back to page.php via Javascript. Because $gocheck is then equal to 'yes', page.php shouldn't direct back again tio gocheck.php. This worked fine on my PC (using WAMP), but when I upload the files to the webhost, it seems to get stuck in an infinite redirect loop between page.php and gocheck.php. Also, if I echo $gocheck in page.php, it returns 'no', so it seems as if for some reason the session variable $gocheck is not being set properly by gocheck.php. Could somebody please shed some light on this? Is there an error in my code? Is there something I need to change in php.ini on the webhost's server? Thanks! P.S. WAMP on my PC uses PHP v.5.3.0, but the webhost uses PHP v.5.2.12 - don't think this can be the problem though. I'm trying to create a simple session on a form page that determines if you've signed in. If you haven't, it kicks you to the login page. But for some reason, what I have isn't doing that. When I open the page, it loads, but only prints the url on a blank page, instead of actually going to the url. Code: [Select] <html> <title>form</title> <link rel="stylesheet" type="text/css" href="style.css"> <body> <?php session_start(); if(isset($_SESSION['id']) && is_numeric($_SESSION['id'])) { if (isset($_POST['submitted'])) { $errors = array(); if (empty($_POST['scientific_name'])) { $errors[] = 'you forgot to enter the scientific name'; } else { $sn = trim($_POST['scientific_name']); } if (empty($_POST['common_name_english'])) { $errors[] = 'you forgot to enter the common name'; } else { $cne = trim($_POST['common_name_english']); } $description4 = trim($_POST['common_names_spanish']); $description5 = trim($_POST['common_names_french']); $description6 = etc. etc. if (empty($errors)) { require_once ('3_z_mysq1_c0nn3ct.php'); $query = "INSERT INTO plantae (scientific_name, common_name_english, etc.) VALUES ('$sn', '$cne', '$description4', '$description5', '$description6', '$description7', etc.)"; $result = @mysql_query ($query); if ($result) { if(isset($_POST['scientific_name'])) { $plant_id=mysql_insert_id(); } exit(); } else { echo 'system error. No plant added'; echo '<p>' . mysql_error() . '<br><br>query:' . $query . '</p>'; exit(); } mysql_close(); } else { echo 'error. the following error occured <br>'; foreach ($errors as $msg) { echo " - $msg<br>\n"; } } // end of if } // end of main submit conditional echo '<form action="insertaplant1.php" method="post"><fieldset><legend><b>Enter your new plant here</b></legend> form fields here. </form>'; } else { $url = 'http://'.$_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF']); if((substr($url, -1) == '/') OR (substr($url, -1) == '\\') ) { $url = substr($url, 0, -1); } $url .= '/login.php'; echo $url; exit(); } ?> Hello, Here's my system. Once a user is successfully logged in, a new instance of a User class is created. The constructor of this class grabs the details of the logged-in user from a database and stores them inside properties in the User class. The problem is, obviously I'd want to access these properties from any page I require them to be able to display user data, so I looked into storing the User object in a Session. When I tried implementing this, I ran into a bunch of errors and I couldn't figure it out. Here's an example: After a user has logged in, I had the following code: Code: [Select] $_SESSION['user'] = new User($this->username); I was under the impression that this assigns a user object to a session. But it's not working as I receive this error: Quote Notice: Undefined index: user in ../v2/admin/index.php on line 18 Then on the page I want to display the name of the current user logged-in, I had this code: Code: [Select] $_SESSION['user']->get_Name(); But then I get this error: Quote Fatal error: Call to a member function get_IP() on a non-object in ../v2/admin/index.php on line 18 Can tell me what I have to do, to make this work? Thanks. Hi guys i've spent 3 whole days trying to get this to work but it dosent. My issue is very similar almost the same as: http://www.phpfreaks.com/forums/index.php?topic=296100.15 but with the code i have. Basically i have custom member pages. member1.php member2.php the design and content will be custom to each member, they also have their own login page. Each member should be able to access their page and simply view their secure area. They should not be able to log into another users area if they dont have the username or password for it. Now the problem is, i have this entire script setup and it works, however i fear there is something wrong with the sessions which allows other members to access other members pages with their own passwords and usernames because they share the same database. So the script executes thinking its a valid user and lets them in. Here is my login checker once the user is validated they are sent to their own folder header("Location: ../{$loginusername}/index.php"); and are able to view the page. Code: [Select] <?php require_once('../config.php'); // Connect to the server and select the database. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db")or die("Unable to select database"); // The username and password sent from login.php $loginusername=$_POST['username']; $loginpassword=$_POST['password']; //The following bit of coding protects from MySQL injection attacks $loginusername = stripslashes($loginusername); $loginpassword = stripslashes($loginpassword); $loginusername = mysql_real_escape_string($loginusername); $loginpassword = mysql_real_escape_string($loginpassword); $sql="SELECT * FROM $tbl WHERE username='$loginusername' and password='$loginpassword'"; $result=mysql_query($sql); // Count how many results were pulled from the table $count=mysql_num_rows($result); // If the result equals 1, continue if($count==1){ session_start(); $_SESSION["loginusername"] = $loginusername; $_SESSION['user1'] = $username; // store session data //echo "User: = ". $_SESSION['loginusername']; //retrieve data header("Location: ../{$loginusername}/index.php"); } // If not successful, inform the user of error else { echo "Wrong Username or Password"; } ?> Now here is the secure page sample: Code: [Select] <?php session_start(); if (!$_SESSION['user1']){ header("Location: login.php"); }else{ print "its working!"; } ?> <html> <body> Login Successful for </body> </html> For each login page i have given each user it's own session.. this works, however if user1 logs in and simply changes the url to user2 and enters his user2 password he is granted access giving him new sessions which means he has access to everything. Im pretty sure im missing something really small any help would be appreciated. I am building an app (PHP and MySQL)and I had been using a lot of GET calls to get info from URLs, but the more I thought about it, the more I didn't like the possibility of people being able to mess with the URLs. So I am in the process of changing everything to use SESSION variables to store data across pages, rather than GET. The way I see it, SESSION variables are completely behind the scenes so they seem to be the better option. Am I right, or is GET better than SESSION for some reason? Hi. I'm brand new to this forum, so sorry if I do something wrong... I'm someone who has thought myself to code in php to add dynamic objects to my basic static websites. I have had no formal education. This is not my first project however. I'm having problems with session variables working fine up to a point when I call a new file and then all my session variables are lost. I have tried everything, but cannot keep them alive when I get into this or any other new file. I display a form, get user data submitted, then display a next form and after the user submits this next form all the session variables are lost. Anyone have any idea what is killing my session variables? Thanks in advance. Alright, So i want to pass a session from www.mysite.com to mobile.mysite.com And i'm doing so by calling this on the top of every page on each site: <?php session_set_cookie_params(360000, "/",".mysite.com"); session_start(); print_r($_SESSION); ?> yet, the session data that is set on one subdomain is NOT printed on the other subdomain. I've even tried destroying the sessions several times to start over. But it won't work. What could be up? Thanks It is my understanding that <?php session_start (); ?> must go on the very first line otherwise "it won't work." But mine still isn't working, and I'm not sure why. These errors were returned EVEN AFTER I deleted everything in index.php except <? session_start (); ?>.... Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /home/xxx/public_html/xxx/xxx/index.php:1) in /home/xxx/public_html/xxx/xxx/index.php on line 1 Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/xxx/public_html/xxx/xxx/index.php:1) in /home/xxx/public_html/xxx/xxx/index.php on line 1 Record set has 2 text fields in the form which is set in a full repeat recordset browse. So, we get a long list of every record in the database. However, I want to be able to click on a single record and make another page appear. I can do this if the display is set as a table without using a text field form -- just the record variable and using a hyperlink. But, I want to use the text field. Wrapping the form only gets me the value of the last record displayed. Help would be appreciated. Hello everyone, I am trying to use only cookies so that session fixation is not possible. Unfortunately I can still log in when I disable cookies in Internet Explorer. Am I doing something wrong? Or do I misunderstand the concept? This is my code: Code: [Select] <?php class Session{ private $username; public function createSession($username){ $this->username = $username; ini_set("session.use_only_cookies", 1); session_start(); $_SESSION['username'] = $this->username; return $this->username; } } ?> hi everyone. i'm wondering what the best way is to create a session variable and pass it to an iframe. i need to do something along these lines, but it doesn't seem to pass the ID. Any hints on how i should accomplish this? Code: [Select] session_start(); $_SESSION['ID']=$_GET['ID']; // id from previous page $ID=session_id(); <iframe src="iframepage.php?ID=<?php echo $ID; ?>" style="width:680px; height:200px;" noresize="noresize" frameborder="0" border="0" scrolling="Yes" allowtransparency="true" /> </iframe> I'm trying to implement sessions into my website. At the moment index.php contains a login form that posts to AccountManagement.php. AccountManagement.php then checks the database to see if they have entered a correct username/password combination. This all works fine, however I would like the site to remember that a user has logged in, and not tell them that they have entered an invalid password every time they come to this page by any means other than index.php's login form (e.g. a back button on a page that follows from AccountManagement). I have tried for days to get this to work using a for loop that checks if the session is started, but I can't seem to get the placement/syntax correct. Any help would be greatly appreciated. AccountManagement.php: Code: [Select] <?php include ("Includes/database.php"); include ("Includes/htmlheader.php"); dbconnect ("localhost", "xxxxx", "xxxxx", "xxxxx"); $query=sprintf("SELECT wowUsername, Password, UserID FROM Users WHERE (((wowUsername)=\"%s\") AND ((Password)=\"%s\"));", $_POST['Username'], $_POST['Password']); $result=mysql_query($query); if (!$result) { $message = 'Invalid query: ' . mysql_error() . "\n"; $message .= 'Whole query: ' . $query; die($message);} if (mysql_num_rows($result) !=1) { $errormessage= "Incorrect Username or Password, please try again."; include ("Includes/error.php"); } else { $row=mysql_fetch_assoc($result); $CustomerID = $row['UserID']; $query2=sprintf("SELECT CustomerID, FName FROM Customers WHERE CustomerID=$CustomerID"); $result2=mysql_query($query2); $row2=mysql_fetch_assoc($result2); $_SESSION['UserID']=$CustomerID; ?> <form action="index.php" id="home" name="home" style="width: 8em"></form> <h1> Account Management </h1> <p><h3 align="center">Welcome <?php echo $row2['FName'];?>, use the buttons below to manage your subscriptions.<h3><br /> <h2> <form action="Subscription.php" id="subs" name="subs"> <p> <input class="button5" name="Setup" type="submit" value="New Subscription" align="center" /></p> </form></h2> <form action="AccountUpdate.php" id="remove" name="remove" style="width: 8em"> <p> <input class="button5" name="NewDetails" type="submit" value="Update Details" /> </p></form> </p> <p> <form action="AccountCancel.php" id="remove" name="remove" style="width: 8em"> <input name="Logout3" type="submit" class="button5" value="Cancel Account" align="right" /> </form> </p> <p> <br /> <form action="index.php" id="remove" name="remove" style="width: 8em"> <input class="button5" name="Logout" type="submit" value="Log Out" /> </p> </p> <?php } ?> </div> </body> </html> </form> htmlheader.php: Code: [Select] <?php error_reporting(E_ERROR | E_WARNING | E_PARSE ); if(!isset($_SESSION)) { session_start(); $_SESSION['UserID']=0; } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head><link rel="stylesheet" type="text/css" href="CSS/Styles.css"/> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Account Management</title> </head> <body> </form> <div id="content"> warning: I'm a self taught advanced newbie. I'm working on a multipage PHP app that has need to pass values between pages, usually very small text strings or small integers. I've designed it primarily using _SESSION variables to pass these bits of data. Some of them are written to SQL, but most of them are temporary in nature. Is using _SESSION variables in this capacity considered reasonable? Is there something else or a different way to go about this? (Page A writes a value into $_SESSION['myvalue'], and then page B grabs that data and does something with it.) I was wondering if its possible to add new elements to anarray i have called "$_SESSION['error']" like this: Code: [Select] <?php $_SESSION["errors"][] = "string"; ?> Because i have a whole bunch of if statements that check my registration form and currently, if an error is found, i add a new element to that array like this: Code: [Select] <?php $_SESSION["errors"]["var"] = "string"; ?> Then i echo the form again with this: Code: [Select] <?php Foreach ($_SESSION["error"] as $object => $value) { echo $value; } ?> which basically just echos error messages...but the thing is is that i have a LOT of fields and its getting tiring having to give each error a unique name. So is it possible to add new elements to this array like that? Do the array elements automatically get id's? |