php-general Digest 15 Aug 2011 18:43:38 -0000 Issue 7444
Topics (messages 314521 through 314528):
Re: chained select with ajax
314521 by: Chris Stinemetz
Re: Login with Remember me Feature
314522 by: Tamara Temple
314523 by: Tim Streater
314524 by: Richard Riley
314525 by: Geoff Shang
Re: form validation
314526 by: Ford, Mike
314527 by: Daniel P. Brown
Keeping session info in $_SESSION or in database?
314528 by: LAMP
Administrivia:
To subscribe to the digest, e-mail:
php-general-digest-subscr...@lists.php.net
To unsubscribe from the digest, e-mail:
php-general-digest-unsubscr...@lists.php.net
To post to the list, e-mail:
php-gene...@lists.php.net
----------------------------------------------------------------------
--- Begin Message ---
I was able to figure it out. Discovered the very useful tool firebug!
Thanks,
Chris
--- End Message ---
--- Begin Message ---
On Aug 14, 2011, at 8:23 AM, Alekto Antarctica wrote:
Hi guys!
I have now tried to take some of your hints into consideration, by
encrypting the password with md5 adding a salt.
As some of you pointed out, this code is the work of a newbie, that is
totally correct, so please bear with me ;)
I have tried to implement a cookie to remember the login for 48
hours, but
it still logs the user out after the default 24min for a session
like this:
* //We compare the submited password and the real one,
and we
check if the user exists*
* if($dn['password']==$password and
mysql_num_rows($req)>0)*
* {*
* *
* //If the password is ok, we set the
$loginok var to
true*
* $loginok = true;*
* //If the password is good, we dont show the
form*
* $form = false;*
* *
* }*
* if ($loginok = true)*
* {*
* if ($remember=="on")
*
* setcookie("username",
$username, time()+7200*24);*
* elseif ($remember=="")
*
* //We save the user name in the session username
and the
user Id in the session userid*
* $_SESSION('username')=
$username; *
* $_SESSION['userid'] =
$dn['id'];*
*
$_SESSION['usr_level'] =
$dn['usr_level'];*
*
*
*.*
*.*
*.*
*.*
*.*
*.*
*}*
Another problem I am now facing, is to check whether to user is
logged in,
and if it is the user should be redirected from the index-page(with
the
login-form) to its user area based on the user level(newbie,
advanced or
admin).
For now I have written a function, in the config.php.
*function loggedin()*
*{*
* if (isset($_SESSIONS['username']) || isset($_COOKIE['username']))*
* {*
* $loggedin = true;*
* return $loggedin;*
* }*
*}*
I have both tried to include the config.php into the index-
page(login-form)
and into the connexions.php script (where cookie is implemented).
Along with
this code:
*<?php*
*
*
*if (loggedin==true)*
*{*
* if($usr_level == admin)*
* {*
* ?>*
*<div class="message">You have successfuly been logged in. You can now
access the admin area.<br />*
*<?php header("Location: index_admin.php"); ?></div>*
*<?php*
* }*
* if($usr_level == newbie)*
* {*
* ?>*
*<div class="message">You have successfuly been logged in. You can now
access to the newbie area.<br />*
*<?php header("Location: index_newbe.php"); ?></div>*
*<?php*
* }*
* if($usr_level == advanced)*
* {*
* ?>*
*<div class="message">You have successfuly been logged in. You can now
access the advanced area.<br />*
*<?php header("Location: index_advanced.php"); ?></div>*
*<?php*
* }*
* *
*}*
*
*
*?> *
*
*
This does not redirect an alredy logged in user to its user area...
I know this is messy, but if some of you can spot some improvements
that
hopfully can fix my cookie and redirect problem, please let me know.
Tanks a lot!
You can't issue headers after you've sent output to the client.
headers must be sent before any other output.
If you have messages to be output based on the current script, you
have to pass them to the redirected script for them to be output to
the client. You can do this by passing them on the query string or in
a session variable; there are likely other ways of doing this as well.
Note that you don't have to pass the actual text of the message if you
use message codes instead, which would also aid in being able to
translate the output if so desired.
In the code above, since the message seems tied to the particular area
the user has access to and that is tied to a particular script, you
could just put the message with each particular script.
--- End Message ---
--- Begin Message ---
On 14 Aug 2011 at 14:23, Alekto Antarctica <alekto.antarct...@gmail.com> wrote:
> *function loggedin()*
> *{*
> * if (isset($_SESSIONS['username']) || isset($_COOKIE['username']))*
> * {*
> * $loggedin = true;*
> * return $loggedin;*
> * }*
> *}*
Why not just return true;
And what happens if your "if" doesn't evaluate to true? What do you return then?
> *<?php*
> *
> *
> *if (loggedin==true)*
> *{*
Should this be:
if ($loggedin==true) ...
--
Cheers -- Tim
--- End Message ---
--- Begin Message ---
Tim Streater <t...@clothears.org.uk> writes:
> On 14 Aug 2011 at 14:23, Alekto Antarctica <alekto.antarct...@gmail.com>
> wrote:
>
>> *function loggedin()*
>> *{*
>> * if (isset($_SESSIONS['username']) || isset($_COOKIE['username']))*
>> * {*
>> * $loggedin = true;*
>> * return $loggedin;*
>> * }*
>> *}*
>
> Why not just return true;
>
> And what happens if your "if" doesn't evaluate to true? What do you return
> then?
>
>
>> *<?php*
>> *
>> *
>> *if (loggedin==true)*
>> *{*
>
> Should this be:
>
> if ($loggedin==true) ...
>
> --
> Cheers -- Tim
Are you aware that your posts have some very strange and unique line
endings?
--- End Message ---
--- Begin Message ---
On Sun, 14 Aug 2011, Alekto Antarctica wrote:
I have tried to implement a cookie to remember the login for 48 hours, but
it still logs the user out after the default 24min for a session like this:
* //We compare the submited password and the real one, and we
check if the user exists*
* if($dn['password']==$password and mysql_num_rows($req)>0)*
You don't show us anything before this, so we have to assume it's all
good up to here.
* {*
* *
* //If the password is ok, we set the $loginok var to
true*
* $loginok = true;*
* //If the password is good, we dont show the form*
* $form = false;*
* *
* }*
Maybe I'm just like this, but I always comment my closing braces. I've
been in situations where I'm missing one or I need to review code I wrote
months ago and understand its logic, and I find this practice useful.
Yes, in this case the opening is a few lines up, but you could have a code
block that runs for hundreds of lines, and it's good to remember what
started it.
* if ($loginok = true)*
* {*
First, off, as someone else mentioned, this should presumably be:
if ($loginok == true)
This one mistake will mean that $loginok will always be true.
Second, since if statements are always looking for true conditions, you
can simply type:
if ($loginok)
Finally, since $loginok is assigned the true value in the previous block,
then, unless it is also possibly assigned elsewhere, you can just put the
below code in the same code block as the above code, rather than closing
and starting a new one with this if statement.
* if ($remember=="on")
*
* setcookie("username",
$username, time()+7200*24);*
This is not very intuitive. You're saying to add 2 hours times 24, which
is a bit strange if you're trying to understand the code. I'dve found
3600*48 much more intuitive. A comment mightn't go astray here either.
* elseif ($remember=="")
Are these the only two values that $remember can have? May as well just
use else here without testing for another condition (either the user is
remembering or they're not).
*
* //We save the user name in the session username and the
user Id in the session userid*
I think we might have an left brace missing here, unless it's gotten lost
in translation.
Also, I notice you're storing username and userid here, but above only
stored username in the cookie.
* $_SESSION('username')=$username; *
This line should read:
$_SESSION['username']=$username;
I see the next line has it right. I'm surprised that your code didn't
generate an error for this one, and since it didn't, this may indicate
that this code is never reached (possibly due to the elseif test above).
* $_SESSION['userid'] =
$dn['id'];*
* $_SESSION['usr_level'] =
$dn['usr_level'];*
I see a mixing of styles here. While it's all perfectly good syntax, you
may want to find a style you like and stick to it. I personally find
$foo = $bar;
much more readable than
$foo=$bar;
or
$foo =
$bar;
but each to their own.
Another problem I am now facing, is to check whether to user is logged in,
and if it is the user should be redirected from the index-page(with the
login-form) to its user area based on the user level(newbie, advanced or
admin).
For now I have written a function, in the config.php.
*function loggedin()*
*{*
* if (isset($_SESSIONS['username']) || isset($_COOKIE['username']))*
* {*
* $loggedin = true;*
* return $loggedin;*
* }*
*}*
As someone else pointed out, you could simply return true instead of
assigning to a variable. They also pointed out that you don't return
false if the person is not logged in. You could rewrite the above
function like so:
function loggedin()
{
if (isset($_SESSIONS['username']) || isset($_COOKIE['username']))
return true;
else
return false;
}
However, this doesn't actually check the values of these items, it simply
checks to see if they have been set.
I have both tried to include the config.php into the index-page(login-form)
and into the connexions.php script (where cookie is implemented). Along with
this code:
*<?php*
*
*
*if (loggedin==true)*
You need to call a function with parentheses, even if it takes no
arguments, like so:
if (loggedin() == true)
or simply
if (loggedin())
*{*
* if($usr_level == admin)*
* {*
* ?>*
*<div class="message">You have successfuly been logged in. You can now
access the admin area.<br />*
*<?php header("Location: index_admin.php"); ?></div>*
*<?php*
* }*
* if($usr_level == newbie)*
* {*
* ?>*
*<div class="message">You have successfuly been logged in. You can now
access to the newbie area.<br />*
*<?php header("Location: index_newbe.php"); ?></div>*
*<?php*
* }*
* if($usr_level == advanced)*
* {*
* ?>*
*<div class="message">You have successfuly been logged in. You can now
access the advanced area.<br />*
*<?php header("Location: index_advanced.php"); ?></div>*
*<?php*
* }*
* *
*}*
*
*
*?> *
There's a lot to say about this.
First and foremost, as mentioned by someone else, you can't send location
headers once output has begun. Moreover, there's no guarantee that the
user's browser will display any messages contained in the page body, even
if therre are any.
This is easy to get around, however, by using a page refresh. This is
demonstrated below.
Second, I'm assuming you've set up the various access levels as defined
constants. If you haven't, the above code isn't going to work. I'm going
to assume you have, but you've not shown us this. You've also not shown
us how $usr_level gets its value.
Third, you don't seem to have set up your HTML page. I'm guessing that
you've not actually done this and you need to.
Finaly, my belief is that if you need to cut and paste code, you're doing
it wrong. Instead of having all these separate tests and HTML blocks, we
could do this much more simply with a switch statement and a couple of
variables.
Note: I see you've used "newbe" in your newbie page redirect, instead of
"newbie". I'm going to assume this was deliberate. If not, you can get
rid of $page_suffix entirely and just use $access_name instead.
Given all the above, here's how I'd rewrite this code:
switch ($usr_level)
{
case admin:
$access_name = "admin";
$page_suffix = "admin";
break;
case newbie:
$access_name = "newbie";
$page_suffix = "newbe";
break;
case advanced:
$access_name = "advanced";
$page_suffix = "advanced";
break;
} // end switch on $usr_level
?>
<html>
<head>
<title>Redirecting...</title>
<meta http-equiv="REFRESH" content="10;url=http://<?php echo
$_SERVER["HTTP_HOST"] . "/index_$page_suffix.html"?>">
</head>
<body>
<div class="message">You have successfully been logged in. You can now
access the <?php echo $access_name ?> area.<br /></div>
</body>
</html>
<?php
} // end if logged in
?>
The above also assumes your index_* files are in the webroot, you can edit
the refresh line if this is wrong.
HTH,
Geoff.
--- End Message ---
--- Begin Message ---
> -----Original Message-----
> From: paras...@gmail.com [mailto:paras...@gmail.com] On Behalf Of
> Daniel P. Brown
> Sent: 12 August 2011 16:53
>
> On Fri, Aug 12, 2011 at 11:42, Chris Stinemetz
> <chrisstinem...@gmail.com> wrote:
> > I have a select menu created by a foreach loop. I am trying to
> > validate that there was a selection made before it is submitted to
> the
> > database. But I am not doing something correctly.
>
> Try using a combination of isset, empty, and is_null() instead:
>
> <?php
>
> if (!isset($_POST['market']) || empty($_POST['market']) ||
> is_null($_POST['market'])) {
> // Wasn't set
> }
>
> ?>
The last part of that test is redundant, since if $_POST['market'] is
NULL isset($_POST['market'] will be FALSE.
Cheers!
Mike
--
Mike Ford,
Electronic Information Developer, Libraries and Learning Innovation,
Portland PD507, City Campus, Leeds Metropolitan University,
Portland Way, LEEDS, LS1 3HE, United Kingdom
E: m.f...@leedsmet.ac.uk T: +44 113 812 4730
To view the terms under which this email is distributed, please go to
http://disclaimer.leedsmet.ac.uk/email.htm
--- End Message ---
--- Begin Message ---
On Sun, Aug 14, 2011 at 18:19, Ford, Mike <m.f...@leedsmet.ac.uk> wrote:
>
> The last part of that test is redundant, since if $_POST['market'] is
> NULL isset($_POST['market'] will be FALSE.
Good catch. Didn't even notice I typed that. Not that it
would've done any damage, but a good reminder why code here is not
meant to be blindly copied-and-pasted.
--
</Daniel P. Brown>
Dedicated Servers, Cloud and Cloud Hybrid Solutions, VPS, Hosting
(866-) 725-4321
http://www.parasane.net/
--- End Message ---
--- Begin Message ---
Hi all,
This is THE question that bothers me for a while... I always was
keeping session info, like user ID, organization ID, selected book
ID... within $_SESSION array. Main reason is to access and maintain it
faster than keeping them inside session table. And, also, one less
mysql connection.
Though, in last project the $_SESSION grow up to around 30, even 50
elements of the array. And several people mentioned it's better to
keep so big session data in mysql than in $_SESSION.
My question is pros and cons $_SESSION vs. mysql session. And, if the
amount of data is only reason, when is better to keep all data in
$_SESSION and when to store them in mysql?
Thanks for any help,
LAMP
--- End Message ---
