[PHP] saving sessions
Hello, im new to the whole storing sessions thing and I really dont know how to ask this question, but here it goes. So on my site when someone logs in the login.php file checks for a the username and password in the table i created, then if it finds a match it will store a $_SESSION [] variable. To be exact the code is as follows: if ($count=='1'){session_start();$_SESSION['user']=$user; // $user is the $_POST['user'] from the login formheader('location: login_success.php');}Now what i would like to know is how do i make my website save new changes the user made while in their account? thanks!
[PHP] Sending a message
Ok so I have tried to create a sort of messaging system on my website and I have run into some problems storing who the message is from, ill try to take you through step by step what I am trying to do.step #1 (messages.php): --This is where the member will view the recent messages that have been posteddiv id='messages' ?php include 'connect.php'; session_start(); $_SESSION['user']=$user; //store sql queries $sql="SELECT * FROM entries"; $result=mysql_query($sql, $con); $count=mysql_num_rows($result); if ($count1){ echo 'There are no messages yet!'; } while ($row=mysql_fetch_array($result)){ echo 'From: ' .$row['from']; echo 'br/'; echo 'Subject: ' .$row['subject']; echo 'br/'; echo 'Message: ' .$row['body']; echo 'hr/'; } ? /divStep #2 (create_message.php):-- This is where the user creates a new messageh2 Create new message/h2 table border='0' width='100%' cellpadding='3px' style='text-align: top;' form method='post' action='' tr width='100%' height='30%' style='margin-top: 0px;' td Subject /td td input type='text' name='subject' maxlength='30'/td /tr tr width='100%' height='30%' td Body /td tdtextarea name='body' style='height: 200px; width: 400px;'/textarea/td /tr tr td colspan='2' align='center'input type='submit' name='new_message' value='Send!'/ /td /tr /form /tableStep #3 (insert_message.php)-- this is where my problem is (trying to insert $_SESSION['user'] into table ['from'])?phpinclude 'connect.php';session_start();$user=$_SESSION['user'];if ($_POST['new_message']){ include 'connect.php'; session_start(); $_SESSION['user']=$user; $body=$_POST['body']; $subject=$_POST['subject']; $date=' '; $sql="INSERT INTO `entries` ( `id` , `from` , `subject` , `body` , `date` ) VALUES ( NULL , '$user', '$subject', '$body', '$date' )"; if (mysql_query($sql,$con)){ echo 'Inserted!'; echo $user; } else echo 'Not Inserted'; }?Hope i dont piss anyone off with such a long message, I just really need help on this.Thanks!
Re: [PHP] Sending a message
Well my problem is when i click submit, the $_SESSION['user'] ('from' part of the table in my db) is blank, so im guessing the $_SESSION variable didnt pass through. On Aug 04, 2011, at 10:11 PM, Negin Nickparsa nickpa...@gmail.com wrote:in previous pages you must have a login page and in login page you must
store the username and then in next steps you have username in
$_SESSION['user']
now if it is not your problem then what is the problem?
Re: [PHP] Sending a message
This is the login.php which checks the form on the login page.?phpsession_start();include('connect.php');$user=$_POST['user'];$pass=$_POST['pass'];$sql="SELECT * FROM members WHERE username='$_POST[user]' and password='$_POST[pass]'";$result=mysql_query($sql, $con);$count=mysql_num_rows($result);if ($count==1){ session_start(); $_SESSION['user'] = $user;}else{ echo 'Wrong Username or Password'; }?On Aug 04, 2011, at 10:23 PM, Negin Nickparsa nickpa...@gmail.com wrote:you must check setting your session with this one:
if(isset($_SESSION['user']))
{
// Identifying the user
$user = $_SESSION['user'];
// Information for the user.
}
tell me what you have done in login page?
Re: [PHP] Sending a message
Woot! Got it! There was a page in between that stored $_SESSION['user']=$user rather than other way around! Thank you! and yea I will secure it!On Aug 04, 2011, at 10:37 PM, David Holmes dholmes1...@gmail.com wrote:Your code is full of security errors .. You should use mysql escape string(google it ) to protect your database from beiÿng hacked
David Holmes
twitter @mrstanfan
owner of the exclusive StanFan.com
Whats Your StanFan?
-Original Message-
From: wil prim wilp...@me.com
Date: Sat, 06 Aug 2011 04:49:32
To: PHP MAILINGLISTphp-general@lists.php.net; Philly Holbrookpholbro...@gmail.com
Subject: [PHP] Sending a message
Ok so I have tried to create a sort of messaging system on my website and I have run into some problems storing who the message is from, ill try to take you through step by step what I am trying to do.
step #1 (messages.php): --This is where the member will view the recent messages that have been posted
div id='messages'
?php
include 'connect.php';
session_start();
$_SESSION['user']=$user;
//store sql queries
$sql="SELECT * FROM entries";
$result=mysql_query($sql, $con);
$count=mysql_num_rows($result);
if ($count1){
echo 'There are no messages yet!';
}
while ($row=mysql_fetch_array($result)){
echo 'From: ' .$row['from'];
echo 'br/';
echo 'Subject: ' .$row['subject'];
echo 'br/';
echo 'Message: ' .$row['body'];
echo 'hr/';
}
?
/div
Step #2 (create_message.php):-- This is where the user creates a new message
h2 Create new message/h2
table border='0' width='100%' cellpadding='3px' style='text-align: top;'
form method='post' action=''
tr width='100%' height='30%' style='margin-top: 0px;'
td Subject /td
td input type='text' name='subject' maxlength='30'/td
/tr
tr width='100%' height='30%'
td Body /td
tdtextarea name='body' style='height: 200px; width: 400px;'/textarea/td
/tr
tr
td colspan='2' align='center'input type='submit' name='new_message' value='Send!'/ /td
/tr
/form
/table
Step #3 (insert_message.php)-- this is where my problem is (trying to insert $_SESSION['user'] into table ['from'])
?php
include 'connect.php';
session_start();
$user=$_SESSION['user'];
if ($_POST['new_message']){
include 'connect.php';
session_start();
$_SESSION['user']=$user;
$body=$_POST['body'];
$subject=$_POST['subject'];
$date=' ';
$sql="INSERT INTO `entries` (
`id` ,
`from` ,
`subject` ,
`body` ,
`date`
)
VALUES (
NULL , '$user', '$subject', '$body', '$date'
)";
if (mysql_query($sql,$con)){
echo 'Inserted!';
echo $user;
}
else
echo 'Not Inserted';
}
?
Hope i dont piss anyone off with such a long message, I just really need help on this.
Thanks!
Re: [PHP] Sending a message
I think Ill just use the better secured one, thanks!On Aug 04, 2011, at 10:41 PM, Negin Nickparsa nickpa...@gmail.com wrote:or if you want to do this risky and none secure thing try this:$query="select * frommemberswhere user='"$_POST['user']."'and pass=password('$pas')";
well first you must check errors in mysql
then storing in session
also it is better to use:
$user=mysql_real_escape_string($_POST['user']);
then write the query
Re: [PHP] Sending a message
lol wow ok thanks, Im very new to coding, started html about 2 months ago, so ty for letting me know the security of the language! is there any place where i can read (other than the php manual), about a tutorial on security?On Aug 04, 2011, at 10:49 PM, Negin Nickparsa nickpa...@gmail.com wrote:it is better to use this one:http://www.php.net/mysql_real_escape_stringif you don't use this by inputting just a qoute or this input '--' a hacker can easily hack your syntaxin another steps your site will send a message like:error in mysql on this line lob lob .. in this part he will find your server that it is my sql:Dhe/she will try anither syntaxes and by errors he/she finds your table namesand ...:Dyou know how bad:D then obey the security rules
[PHP] Form Already Filled Out
Hello, S i created a simple login system, and I am using sessions Everything seems to work fine, however; when I upload my files to my server and type my domain name my index.php page comes up and the form is automatically filled out with a username and password. How do i make it empty when I initially enter the site, and yes I did create a logout.php file that destroys a session. Please help, it is hard to explain this when I cant show it in person. Thanks in advance!Here is the login.php code, i didn't md5() the password yet: ?phpif ($_SESSION['user']){ header("Location: error.php"); exit();}include('connect.php');if ($_POST['login']){ $user=$_POST['user'];$pass=$_POST['pass'];$sql="SELECT * FROM members WHERE username='$_POST[user]' and password='$_POST[pass]'";$result=mysql_query($sql, $con);$count=mysql_num_rows($result);if ($count==1){ $_SESSION['user'] = $user; header('location: home.php');}else echo "p style='color:red'Wrong Username or Password/p";}?html head title/title link href="" rel="stylesheet" type="text/css" / /head body div id="main" div id="menu" ul li a href=""Home/a /li li a href=""Topix/a /li li a href=""Mission/a /li /ul /div div id='content' form method='post' action='' Username: br/ input type='text' name='user' maxlength='30'/br/ Password: br/ input type="password" name='pass' maxlength='30'/br/ input type="submit" value="Log In!" name="login"/ /form a href="" Register? /a /div /body/html
[PHP] Membership site
Hello, I am just starting out with PHP and I have just created a database named Members with a table named Persons. There are 5 fields (id,firstname, lastname, username, password) . The form I created is a sign up form and the values entered into the form are inserted into the table Persons, now my question is how do I create a secure log in system with this new database? Thanks in advance! :) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
