Re: [PHP-DB] Problem Using Sessions. .. .
Shawn Singh wrote:
that was very helpful...Thank you. One question I have is that I want
to ensure that my admin page cannot get accessed unless a variable
that was registered upon a successful login has been passed into the
session...what can I do to ensure this?
There are several ways to do this. The simplest way is to authenticate
once and store a authentication flag in the session. You can set this
authentication flag to true if the log-in was sucesfull.
On the administration page, you an just access the flag to see if the
user is permitted (i.e. logged on). You can do this using the $_SESSION
super global, something like this:
(pseudo php code)
login.php
...
if ( authentication sucessfull ) /* username/password matched*/
{
$_SESSION['auth'] = true;
// redirect to admin page
}
else
{
Display login page with error.
}
...
admin.php
...
if ( $_SESSION['auth'] )
{
Show administration page.
}
else
{
Display login page with error.
}
...
-
NB: Make sure you use Header() redirects BEFORE your scripts prints
anything. Otherwise you'll keep getting the warning/error Warning:
Cannot modify header information ...
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Problem Using Sessions. .
From the PHP help page on session_register() If your script uses session_register(), it will not work in environments where the PHP directive register_globals is disabled. I'm assuming since you compiled and installed PHP 5.0.4 that your register_globals is disabled. I wouldn't recommend enabling it to fix this problem. Instead use $_SESSION super global to register session data. So instead of: session_register(username); try this: $_SESSION['username'] = $username; /* TO SET */ $username = $_SESSION['username']; /* TO GET */ Hope this helps, Aman Shawn Singh wrote: Hey All, I'm fairly new to PHP Programming. I have compiled and installed postgres version 8.0.1, and with that compiled postgres support into my postgres (I'm using PHP version 5.0.4), and I've compiled support for PHP into Apache (version 2.0.53) and all is working (in that I can embed PHP into my HTML documents and get the expected results). Recently I started working on a website in which I would like there to be an administration page where the person who is logged in can add and delete records. I figured that the best way to do this would be to establish a session, (at the login page) then if the user login is successful, I would then register the username and password and redirect the user to the admin page. I chose not to use cookies, b/c everyone may not have cookies enabled on their browser and I didn't want that to be a hurdle that a user would have to jump over. I've written the code but when I try to login to the site I get this message: Warning: Cannot modify header information - headers already sent by (output started at /export/home/www/htdocs/login.php:13) in /export/home/www/htdocs/login.php on line 25 Warning: Unknown: Your script possibly relies on a session side-effect which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data, unless register_globals is enabled. You can disable this functionality and this warning by setting session.bug_compat_42 or session.bug_compat_warn to off, respectively. in Unknown on line 0 Information I've seen on the web for these types of messages would indicate that I don't have a /tmp directory, but such is not the case. Other messages have indicated that my session variables are not getting written to /tmp, but that is not true either, as I have seen them in there...as I see entries such as: sess_ec2249332b8b29863f161461cf8c1409 So, I'm guessing that there aren't problems with my /tmp filesystem. Please excuse the lack of style as I have mainly been trying to hack out something, but plan to clean it up later. My source code for the login page is as follows: snip -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Problem Using Sessions
The browser has already sent headers on line 13 of your code- line 25 must be
the session_start - it has to come first and be at the very top of your code
Shawn Singh [EMAIL PROTECTED] 05/04/05 03:13PM
Hey All,
I'm fairly new to PHP Programming. I have compiled and installed
postgres version 8.0.1, and with that compiled postgres support into
my postgres (I'm using PHP version 5.0.4), and I've compiled support
for PHP into Apache (version 2.0.53) and all is working (in that I can
embed PHP into my HTML documents and get the expected results).
Recently I started working on a website in which I would like there to
be an administration page where the person who is logged in can add
and delete records. I figured that the best way to do this would be to
establish a session, (at the login page) then if the user login is
successful, I would then register the username and password and
redirect the user to the admin page. I chose not to use cookies, b/c
everyone may not have cookies enabled on their browser and I didn't
want that to be a hurdle that a user would have to jump over.
I've written the code but when I try to login to the site I get this message:
Warning: Cannot modify header information - headers already sent by
(output started at /export/home/www/htdocs/login.php:13) in
/export/home/www/htdocs/login.php on line 25
Warning: Unknown: Your script possibly relies on a session side-effect
which existed until PHP 4.2.3. Please be advised that the session
extension does not consider global variables as a source of data,
unless register_globals is enabled. You can disable this functionality
and this warning by setting session.bug_compat_42 or
session.bug_compat_warn to off, respectively. in Unknown on line 0
Information I've seen on the web for these types of messages would
indicate that I don't have a /tmp directory, but such is not the case.
Other messages have indicated that my session variables are not
getting written to /tmp, but that is not true either, as I have seen
them in there...as I see entries such as:
sess_ec2249332b8b29863f161461cf8c1409
So, I'm guessing that there aren't problems with my /tmp filesystem.
Please excuse the lack of style as I have mainly been trying to hack
out something, but plan to clean it up later.
My source code for the login page is as follows:
?php
session_start();
echo html
titleJoshua Generation Login Page/title
body bgcolor='#9C9C9C'
form action='login.php' method='POST'
table border='1'
trtdEnter Username:/tdtdinput type='text'
name='username'/td/tr
trtdEnter Password:/tdtdinput type='text'
name='password'/td/tr
input type='hidden' name='login' value='1'
input type='submit'value='Login'
/table
/form;
if ( $_POST )
{
$username = $_POST['username'];
$password = $_POST['password'];
if ( $username == test $password == test )
{
global $username, $password;
session_register(username);
session_register(password);
echo h1Authorized Entry/h1;
header(Location: http://joshua1and8.homelinux.org/admin.php;);
}
else
{ echo $username;
echo br;
echo $password;
echo br;
echo h1Login FAILED/h1;
}
}
echo /body
/html;
?
My source code for the admin page is as follows:
?php
session_start();
global $username, $password;
session_register(username);
session_register(password);
?
html
head
titleJoshua Generation Admin Page/title
/head
body bgcolor='#9C9C9C'
?php
/*
* Radesh N. Singh
* Admin Page
*/
if (isset($username))
{
echo h1Joshua Generation Admin's Corner/h1
form action=\admin.php\ method=\POST\
table border=\1\
trtdName/td
tdCell Phone/td
tdWork Phone/td
tdHome Phone/td
tdEmail Address/td
/tr
trtdinput type=\text\ name=\name\//td
tdinput type=\text\ name=\cphone\//td
tdinput type=\text\ name=\wphone\//td
tdinput type=\text\ name=\hphone\//td
tdinput type=\text\ name=\emailaddr\//td
/tr
trinput type=\hidden\ name=\proc\ value=\add\
input type=\submit\ value=\Add Member Records\
input type=\hidden\ name=\proc\ value=\del\
input type=\submit\ value=\Delete Member Records\
/tr
/table
/form;
if ($_POST)
{
$conn_string = dbname=joshua_generation user=admin password=admin;
$conn_hndl = pg_connect($conn_string);
switch ($_POST['proc'])
{
case 'add':
$name = $_POST['name'];
$cphone = $_POST['cphone'];
$wphone = $_POST['wphone'];
$hphone = $_POST['hphone'];
$emailaddr = $_POST['emailaddr'];
/*
To add a member a name is all that is needed.
Based on the name that is entered, the next nameid
will be generated by the dbms, and the insert will
be done into:
NAMES, PNUMBERS,
RE: [PHP-DB] Problem Using Sessions
Why dont'n you use soma classes from www.phpclasses.com about User
Management!!
There are great classes in this site!!
-Original Message-
From: Shawn Singh [mailto:[EMAIL PROTECTED]
Sent: MiƩrcoles, 04 de Mayo de 2005 03:14 p.m.
To: php-db@lists.php.net
Subject: [PHP-DB] Problem Using Sessions
Hey All,
I'm fairly new to PHP Programming. I have compiled and installed
postgres version 8.0.1, and with that compiled postgres support into
my postgres (I'm using PHP version 5.0.4), and I've compiled support
for PHP into Apache (version 2.0.53) and all is working (in that I can
embed PHP into my HTML documents and get the expected results).
Recently I started working on a website in which I would like there to
be an administration page where the person who is logged in can add
and delete records. I figured that the best way to do this would be to
establish a session, (at the login page) then if the user login is
successful, I would then register the username and password and
redirect the user to the admin page. I chose not to use cookies, b/c
everyone may not have cookies enabled on their browser and I didn't
want that to be a hurdle that a user would have to jump over.
I've written the code but when I try to login to the site I get this
message:
Warning: Cannot modify header information - headers already sent by
(output started at /export/home/www/htdocs/login.php:13) in
/export/home/www/htdocs/login.php on line 25
Warning: Unknown: Your script possibly relies on a session side-effect
which existed until PHP 4.2.3. Please be advised that the session
extension does not consider global variables as a source of data,
unless register_globals is enabled. You can disable this functionality
and this warning by setting session.bug_compat_42 or
session.bug_compat_warn to off, respectively. in Unknown on line 0
Information I've seen on the web for these types of messages would
indicate that I don't have a /tmp directory, but such is not the case.
Other messages have indicated that my session variables are not
getting written to /tmp, but that is not true either, as I have seen
them in there...as I see entries such as:
sess_ec2249332b8b29863f161461cf8c1409
So, I'm guessing that there aren't problems with my /tmp filesystem.
Please excuse the lack of style as I have mainly been trying to hack
out something, but plan to clean it up later.
My source code for the login page is as follows:
?php
session_start();
echo html
titleJoshua Generation Login Page/title
body bgcolor='#9C9C9C'
form action='login.php' method='POST'
table border='1'
trtdEnter Username:/tdtdinput type='text'
name='username'/td/tr
trtdEnter Password:/tdtdinput type='text'
name='password'/td/tr
input type='hidden' name='login' value='1'
input type='submit'value='Login'
/table
/form;
if ( $_POST )
{
$username = $_POST['username'];
$password = $_POST['password'];
if ( $username == test $password == test )
{
global $username, $password;
session_register(username);
session_register(password);
echo h1Authorized Entry/h1;
header(Location: http://joshua1and8.homelinux.org/admin.php;);
}
else
{ echo $username;
echo br;
echo $password;
echo br;
echo h1Login FAILED/h1;
}
}
echo /body
/html;
?
My source code for the admin page is as follows:
?php
session_start();
global $username, $password;
session_register(username);
session_register(password);
?
html
head
titleJoshua Generation Admin Page/title
/head
body bgcolor='#9C9C9C'
?php
/*
* Radesh N. Singh
* Admin Page
*/
if (isset($username))
{
echo h1Joshua Generation Admin's Corner/h1
form action=\admin.php\ method=\POST\
table border=\1\
trtdName/td
tdCell Phone/td
tdWork Phone/td
tdHome Phone/td
tdEmail Address/td
/tr
trtdinput type=\text\ name=\name\//td
tdinput type=\text\ name=\cphone\//td
tdinput type=\text\ name=\wphone\//td
tdinput type=\text\ name=\hphone\//td
tdinput type=\text\ name=\emailaddr\//td
/tr
trinput type=\hidden\ name=\proc\ value=\add\
input type=\submit\ value=\Add Member Records\
input type=\hidden\ name=\proc\ value=\del\
input type=\submit\ value=\Delete Member Records\
/tr
/table
/form;
if ($_POST)
{
$conn_string = dbname=joshua_generation user=admin password=admin;
$conn_hndl = pg_connect($conn_string);
switch ($_POST['proc'])
{
case 'add':
$name = $_POST['name'];
$cphone = $_POST['cphone'];
$wphone = $_POST['wphone'];
$hphone = $_POST['hphone'];
$emailaddr = $_POST['emailaddr'];
/*
To add a member a name is all that is needed.
Based on the name that is entered, the next nameid
Re: [PHP-DB] Problem Using Sessions. .
that was very helpful...Thank you. One question I have is that I want to ensure that my admin page cannot get accessed unless a variable that was registered upon a successful login has been passed into the session...what can I do to ensure this? Thank you, Shawn On 5/4/05, Patel, Aman [EMAIL PROTECTED] wrote: From the PHP help page on session_register() If your script uses session_register(), it will not work in environments where the PHP directive register_globals is disabled. I'm assuming since you compiled and installed PHP 5.0.4 that your register_globals is disabled. I wouldn't recommend enabling it to fix this problem. Instead use $_SESSION super global to register session data. So instead of: session_register(username); try this: $_SESSION['username'] = $username; /* TO SET */ $username = $_SESSION['username']; /* TO GET */ Hope this helps, Aman Shawn Singh wrote: Hey All, I'm fairly new to PHP Programming. I have compiled and installed postgres version 8.0.1, and with that compiled postgres support into my postgres (I'm using PHP version 5.0.4), and I've compiled support for PHP into Apache (version 2.0.53) and all is working (in that I can embed PHP into my HTML documents and get the expected results). Recently I started working on a website in which I would like there to be an administration page where the person who is logged in can add and delete records. I figured that the best way to do this would be to establish a session, (at the login page) then if the user login is successful, I would then register the username and password and redirect the user to the admin page. I chose not to use cookies, b/c everyone may not have cookies enabled on their browser and I didn't want that to be a hurdle that a user would have to jump over. I've written the code but when I try to login to the site I get this message: Warning: Cannot modify header information - headers already sent by (output started at /export/home/www/htdocs/login.php:13) in /export/home/www/htdocs/login.php on line 25 Warning: Unknown: Your script possibly relies on a session side-effect which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data, unless register_globals is enabled. You can disable this functionality and this warning by setting session.bug_compat_42 or session.bug_compat_warn to off, respectively. in Unknown on line 0 Information I've seen on the web for these types of messages would indicate that I don't have a /tmp directory, but such is not the case. Other messages have indicated that my session variables are not getting written to /tmp, but that is not true either, as I have seen them in there...as I see entries such as: sess_ec2249332b8b29863f161461cf8c1409 So, I'm guessing that there aren't problems with my /tmp filesystem. Please excuse the lack of style as I have mainly been trying to hack out something, but plan to clean it up later. My source code for the login page is as follows: snip -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
