[PHP-DB] Re: Sessions help needed !!!
At 22:19 17/02/2006, you wrote: From: "Chris Payne" <[EMAIL PROTECTED]> To: Date: Fri, 17 Feb 2006 17:18:57 -0500 Message-ID: <[EMAIL PROTECTED]> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="=_NextPart_000_000F_01C633E6.3C6626A0" Subject: Sessions help needed !!! Hi there everyone, OK this script worked perfectly on my own apache webserver and I had to move it to the main live server, but for some reason it's not passing session values in the same way and i'm positive it's something damn obvious. On my server I can use: echo $credits_system; echo $credits_left; echo $foldername; Does it work if you ask for $_SESSION["credits_system"] etc ? The reason I ask is from the code above, you're using globally scoped variables, which would require you to be using either an old version of PHP on your test server, or have to manually enabled register_globals. Register globals is of course a major security risk in that it pollutes your variable namespace with whatever the user feels like sending to your server in $_GET, $_POST, $_COOKIE etc etc. So your code can be easily manipulated into undefined behaviours unless you declare and initialise every variable it uses. To display the information to make sure it is being passed, but it returns blank on their server (Same versions of everything except I didn't install it so it may have something turned off in the config - which i don't have I think you need to look at phpinfo() for that server. Check register_globals, it will be 'off'. Turn it 'off' on your test server so it mirrors the live environment and see if your code still works (it probably won't). The other check to make with the hosting company - I've only seen this once or twice on cheap hosting : See if they're using multiple servers. The session handler by default uses files, which are local to an individual server. If you visit the 'page' again, you may well be being server from another web server in a cluster. Of course that server knows nothing about the local session files on the server you initially got sent the page from, cause they're on another machines' filesystem, thus replicating your problem. The answer in that case is to register your own session handler (such as a DB) which resides on a known server. control over, sigh). The thing is, the last one - $foldername I MUST have access to as the database uses this as a reference for searches and without I don't understand what you mean by that, can you expand some more ? It's not clear how the database uses 'foldername' - is it concatenated as part of a query ? this working I can't pull the data I need ($foldername is an ID and also refers to physical folders/directories on the apache webserver for video If as noted above your host clusters servers, then you're SOL and will have to manage a central file repository or call across servers with fopen() etc to get at the [distributed] data in the "$foldername" path. Cheers - Neil -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: Re: [PHP-DB] Re: sessions
> -Original Message- > From: John Holmes [mailto:[EMAIL PROTECTED] > You are wrong. :) > > Having register_globals OFF helps to prevent poorly written programs from being vulnerable to > users setting variables in the URL/header/cookie data. You can still write horribly insecure > programs with register_globals OFF. You can easily write very secure programs that function > with register_globals ON or OFF, too. http://us2.php.net/manual/en/security.globals.php Exactly. It's merely there so that beginning developers don't blindly stumble forward making bad decisions - give them a sense that there's this thing called input checking and initialization. That said, it's a shame that there are still commercial programs that rely on it - solely because it defaults to off since 4.2 and many people may not have the access to change it*. One would want to avoid as much technical support as necessary, in such instances :) Personally I prefer explicitly pulling data into my scripts, so I like it being OFF regardless of defaults, but others may have other opinions. * I know it can be changed in .htaccess, I just don't know what options the server needs to be running under for this - AllowOverride ALL certainly - but I would hope something more lax would allow it. Still, it seems being able to change that would give the user the ability to change the max_memory/max_execution_time of php scripts - which I can't imagine any reselling host wanting a shell/etc. account doing. Cheers, - Martin Norland, Database / Web Developer, International Outreach x3257 The opinion(s) contained within this email do not necessarily represent those of St. Jude Children's Research Hospital. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: Re: [PHP-DB] Re: sessions
> From: Joseph Crawford <[EMAIL PROTECTED]> > > correct me if i am wrong but i have been told it is bad and insecure > to use register_global=on You are wrong. :) Having register_globals OFF helps to prevent poorly written programs from being vulnerable to users setting variables in the URL/header/cookie data. You can still write horribly insecure programs with register_globals OFF. You can easily write very secure programs that function with register_globals ON or OFF, too. ---John Holmes... UCCASS - PHP Survey System http://www.bigredspark.com/survey.html -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Re: sessions
correct me if i am wrong but i have been told it is bad and insecure to use register_global=on i have seen many comercial scripts that rely on this and it just makes me laugh On Sat, 11 Dec 2004 16:48:05 +0800, Shen Kong <[EMAIL PROTECTED]> wrote: > Hi, if your register_global = on you can do it like you do, if > register_global = off, use it like this: > > session_start(); > session_register("session_username"); //or $_SESSION["session_username"] > = null; > session_register("session_level"); // or $_SESSION["session_level"] = null; > > $_SESSION['session_username'] = "$username"; > $_SESSION['session_level'] = "$account_level"; > > echo $_SESSION['session_username']; > > Warren Mason åé: > > > > I am attempting to get information from a mysql database and then use > > this in a session. Is there a trick to using sessions? For example, can > > something like below be placed anywhere in a script? (I have the > > session_start(); at the very top of my page.) > > > > > > > > session_register( "session_username" ); > > session_register( "session_level" ); > > > > $session_username = "$username"; > > $session_level = "$account_level"; > > > > > > The resulting session is > > > > session_username|N;session_level|i:0; > > > > $username is set to warren and $account_level is set to 255. > > > > Any help would be greatly appreciated as I have gone through about 5 > > books and searched the net and can't find an answer as to why this isn't > > working. > > > > > > - > > This message is intended for the addressee named and may contain > > confidential information. If you are not the intended recipient, please > > delete it and notify the sender. Views expressed in this message are > > those of the individual sender and are not necessarily the views of the > > Mid Western Area Health Service. > > - > > <<<>>> > > -- > -- ShenKong (shenkong(at)php.net) > -- http://www.openphp.cn > > > > -- > PHP Database Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- Joseph Crawford Jr. Codebowl Solutions [EMAIL PROTECTED] For a GMail account contact me OFF-LIST -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Re: sessions
Hi, if your register_global = on you can do it like you do, if register_global = off, use it like this: session_start(); session_register("session_username"); //or $_SESSION["session_username"] = null; session_register("session_level"); // or $_SESSION["session_level"] = null; $_SESSION['session_username'] = "$username"; $_SESSION['session_level'] = "$account_level"; echo $_SESSION['session_username']; Warren Mason åé: I am attempting to get information from a mysql database and then use this in a session. Is there a trick to using sessions? For example, can something like below be placed anywhere in a script? (I have the session_start(); at the very top of my page.) session_register( "session_username" ); session_register( "session_level" ); $session_username = "$username"; $session_level = "$account_level"; The resulting session is session_username|N;session_level|i:0; $username is set to warren and $account_level is set to 255. Any help would be greatly appreciated as I have gone through about 5 books and searched the net and can't find an answer as to why this isn't working. - This message is intended for the addressee named and may contain confidential information. If you are not the intended recipient, please delete it and notify the sender. Views expressed in this message are those of the individual sender and are not necessarily the views of the Mid Western Area Health Service. - <<<>>> -- -- ShenKong (shenkong(at)php.net) -- http://www.openphp.cn -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Re: Sessions and MySQL?
I'm not sure that this code will work. Try to use $_SESSION['..'] and (..). [Don't use the {, } for this purposes. vio- - Original Message - From: "pete M" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, October 16, 2003 4:02 PM Subject: [PHP-DB] Re: Sessions and MySQL? > might seem a bit long winded but this is how I would code it > > $sql = "INSERT INTO $table ( salutation, name, city} VALUES {" > $sql .= "'".$_SESSION{'salutation']."', " > $sql .= "'".$_SESSION{'name']."', " > $sql .= "'".$_SESSION{'city']."' ) " > > mysql_query($sql); > > regards > pete > >mysql_query("INSERT INTO $table ( > > salutation, > > name, > > city > > } VALUES { > > \"$_SESSION['salutation'];\", > > \"$_SESSION['name'];\", > > \"$_SESSION['city'];\" > > } > > > > > Tristan Pretty wrote: > > > Not sure if this is a MySQL Q. or a PHP one, but here goes... > > > > I'm just learning sessions... > > And I'm trying to add a session variable to a MySQL database. > > I've done this page that takes the results from a previous form... > > But I get this error: > > Parse error: parse error, expecting `T_STRING' or `T_VARIABLE' or > > `T_NUM_STRING' > > On line 83 > > Which is the line that relates to the line: > > \"$_SESSION['salutation'];\", > > > > I've tried removing the ';' but it change nothing...? > > Can anyone see my error? > > > > = > > > session_start(); > > header("Cache-control: private"); > > > >$_SESSION['salutation'] = $_POST['salutation']; > > > > //MySQL connection stuff > > mysql_query("INSERT INTO $table ( > > salutation, > > name, > > city > > } VALUES { > > \"$_SESSION['salutation'];\", > > \"$_SESSION['name'];\", > > \"$_SESSION['city'];\" > > } > > > > ?> > > //Rest of page... thanks etc... > > = > > > > * > > The information contained in this e-mail message is intended only for > > the personal and confidential use of the recipient(s) named above. > > If the reader of this message is not the intended recipient or an agent > > responsible for delivering it to the intended recipient, you are hereby > > notified that you have received this document in error and that any > > review, dissemination, distribution, or copying of this message is > > strictly prohibited. If you have received this communication in error, > > please notify us immediately by e-mail, and delete the original message. > > *** > > > > > > -- > PHP Database Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Re: Sessions and MySQL?
might seem a bit long winded but this is how I would code it $sql = "INSERT INTO $table ( salutation, name, city} VALUES {" $sql .= "'".$_SESSION{'salutation']."', " $sql .= "'".$_SESSION{'name']."', " $sql .= "'".$_SESSION{'city']."' ) " mysql_query($sql); regards pete mysql_query("INSERT INTO $table ( > salutation, > name, > city > } VALUES { > \"$_SESSION['salutation'];\", > \"$_SESSION['name'];\", > \"$_SESSION['city'];\" > } > Tristan Pretty wrote: Not sure if this is a MySQL Q. or a PHP one, but here goes... I'm just learning sessions... And I'm trying to add a session variable to a MySQL database. I've done this page that takes the results from a previous form... But I get this error: Parse error: parse error, expecting `T_STRING' or `T_VARIABLE' or `T_NUM_STRING' On line 83 Which is the line that relates to the line: \"$_SESSION['salutation'];\", I've tried removing the ';' but it change nothing...? Can anyone see my error? = $_SESSION['salutation'] = $_POST['salutation']; //MySQL connection stuff mysql_query("INSERT INTO $table ( salutation, name, city } VALUES { \"$_SESSION['salutation'];\", \"$_SESSION['name'];\", \"$_SESSION['city'];\" } ?> //Rest of page... thanks etc... = * The information contained in this e-mail message is intended only for the personal and confidential use of the recipient(s) named above. If the reader of this message is not the intended recipient or an agent responsible for delivering it to the intended recipient, you are hereby notified that you have received this document in error and that any review, dissemination, distribution, or copying of this message is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail, and delete the original message. *** -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Re: Sessions help needed!
It recently happened to me too... however, I use the session_id() to keep track of the same session... I also use a table to check on who's who.. Anyway, it was working fine and all of a sudden the client complained that no one can log in... I echoed the session id of the pages and saw that different session ids were being given by SESSION_ID() when the user goes from one page to another... Basically, the system thought that each page visited is another session... when I can the session table, i saw that the user was autheticated ok... and that the session was log during login. When he was transfered to the welcome page, the check_session routine, checked the session_id agaisnt the log and since it gave him a new session id, the system thought he wasn't logged in and proceeded to ask him to log again... Anyway, in both our cases, the session wasn't being kept -- making each page visit seem a new session... SOLUTION -- at least for us: It turns out that their sysad upgraded to the latest PHP and with it came a new config: SESSION_ONLY_COOKIES This is a new config and it was ON and it wasn;t present in the previous PHP version. I just asked them to turn it of and test it and it worked again. session ids were the same and therefore... Hope this helps.. "John Fuller" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > > Hello all, > I am new to php in general and am trying to set up a user authentification system with mysql. The registration page works well and sends all of the data to the appropriate table in mysql. However, when I try to get the registered user to log in and start a session, the system will not remember the session information past the page. For instance, this page will not work (the one that initially is supposed to register the session from the login form): > > session_start(); > $username="chris"; > $database="login"; > > $login = $_POST['login']; > $password = $_POST['password']; > if((!$login) || (!$password)){ > echo "Please enter ALL of the information! "; > include 'login.php'; > exit(); > } > mysql_connect(localhost,$username); > @mysql_select_db($database) or die( "Unable to select database"); > $sql=mysql_query("SELECT * FROM login WHERE login='$login' AND password='$password'"); > $login_check = mysql_num_rows($sql); > if($login_check > 0){ > // This is where I register the session > session_register('login'); > $_SESSION['login'] = $login; > mysql_close(); > include 'success.php'; > } else { > echo "You could not be logged in! Either the username and password do not match or you have not validated your membership! > Please try again!"; > include 'login.php'; > } > ?> > > It proceeds to login the user for that page (I know this happens because I have played around with it looking at the error checks), but it will not display any variable that resembles "$_SESSION['login']". > The next page sequentially (success.php) looks like this: > > session_start(); > echo 'Successful login for "$_SESSION['login']"'; > ?> > > Any and all variations of this page come up blank and white whenever the variable $_SESSION['login'] is called to display. It shows no memory of me registering a session. Any variation of quotes verse apostrophes changes nothing, so I figure that either I am blatantly screwing up the session code (possible for I have never written any sessions before) or my system is not supporting sessions. I have a php4 something, windows, apache 1.3.27 for my home network server, and mysql. Any help on this problem would be greatly appreciated. > Thanks a lot for your time, John > > > > > - > Do you Yahoo!? > SBC Yahoo! DSL - Now only $29.95 per month! -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Re: sessions
make sure that there is no character anywhere before session_start(). this also includes whitspaces. so check you're files, if there are whitspaces before the . of course you also cannot send any other characters or html to the browser before session_start is called. A workaround could be done using output buffering. Regards Michael "James Kupernik" <[EMAIL PROTECTED]> schrieb im Newsbeitrag [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I get this error when I try to start a session (I'm trying to create a > shopping cart). > > Warning: Cannot send session cache limiter - headers already sent > > > Thanks > > -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Re: Sessions
Hi there, make sure you aren't outputting anything to the browser prior to sending headers ie the echos on top of page 3. When you register a session variable you should assign it a value ie: session_register("mysessionvar"); $mysessionvar = $whateveryouwish; Also make sure session_start(); is at the top of every page with no space before. These should help you out a little. Joe :) Álvaro muñoz sánchez <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi, all > > First of all, I apologize if this is a dump question but I can't find the > answer. I'm trying to use sessions to keep the information about user and > password in a database driven web application. I am trying with a simple web > page but I can't make it work correctly. Help me, please. > > Environment: Red Hat Linux 7.2, Apache 1.3.20, PHP 4.0.6 > Web pages: > Page 1: web page with a form asking for a user name and password. > Page 2: php page to validate the user name and pass and register them as > session variables. > Page 3: php page to show the user name and pass introduced. > > Code: > > Page 2: > > > > > > Page 3 > > > > > > Results: > Page 2: Opening the session > Warning: Cannot send session cookie - headers already sent by (output started > at /var/www/html/sigma/agenda/index.php:13) in > /var/www/html/sigma/agenda/index.php on line 27 > > Warning: Cannot send session cache limiter - headers already sent (output > started at /var/www/html/sigma/agenda/index.php:13) in > /var/www/html/sigma/agenda/index.php on line 27 > > Page 3: the same warnings and the value of the session variables is lost. > > Here are my settings for sessions in the php.ini, It could be a configuration > mistake. > > session.save_handler = files > session.save_path = /tmp > session.use_cookies = 1 > session.name = PHPSESSID > session.auto_start = 0 > session.cookie_lifetime = 0 > session.cookie_path = / > session.cookie_domain = > session.serialize_handler = php > session.gc_probability = 1 > session.gc_maxlifetime = 1440 > session.referer_check = > session.entropy_length = 0 > session.entropy_file = > session.cache_limiter = nocache > session.cache_expire = 180 > session.use_trans_sid = 1 > > I know that questions related to sessions had been treated in the list before > but I can't find the answer to this, so I think this must be a very stupid > question, sorry. > > > Thank you very much in advanced. > -- > - > Álvar Muñoz Sánchez > Oficina Verde - UPV > Información y Documentación > - -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Re: Sessions and Frames
i don't think frames are the problem. check again if you printing anything in same frame before session_start(); "Tjaybelt" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I have a site that is successfully using sessions and authentication. > However, I am working on another site, and it uses Frames. The first site > does not use frames, so including the unit that has the session stuff first > works. But on the frames site, it gives the following error : > > 'Cannot add header information - headers already sent by ' > > I know that this is when something is trying to print before the session is > started. > > I just don't know how to accomplish this if the page I am loading is inside > a frame... so by the time the session stuff starts, html is already output > to the browser. > > thanks for any help you can give. > > -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DB] Re: sessions in PHP
http://www.phpbuilder.com/columns/ good articles on sessions Steve "Nirat" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > can anyone guide me to using sessions in PHP i've tried it a lot of times > but its not working. any help tutorials would be helpful... > > > -- > Nirat > > > -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
AW: [PHP-DB] Re: sessions
configure apache with modrewrite and configure it to rewrite a request URL like http://domain/DUMMY/1234109809--cookiedata---123412341234/file to localfile url /home/apache/triggeredpath/file or use one php-file for your total website (maybe modular with includes), then you can build URLS like file.php/cookiedata/balbladf?param=adfa the /cookiedata.. part will be stored in $PATH_INFO and $param will be set t adfa (just as you know it) (note:things may defer if your using php as cgi) -Ursprüngliche Nachricht- Von: Hoover, Josh [mailto:[EMAIL PROTECTED]] Gesendet: Freitag, 23. Februar 2001 15:00 An: 'Pankaj Ahuja'; php-db list Betreff: RE: [PHP-DB] Re: sessions Configure PHP with this line included --enable-trans-sid This will automatically put the session ID after every URL if the user does not have cookies enabled. Josh Hoover KnowledgeStorm, Inc. Searching for a new IT solution for your company? Need to improve your product marketing? Visit KnowledgeStorm at www.knowledgestorm.com to learn how we can simplify the process for you. KnowledgeStorm - Your IT Search Starts Here > This could be because cookies have been disabled. Can I > find a way such > that my code works even if cookies have been disabled ?? -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP-DB] Re: sessions
Configure PHP with this line included --enable-trans-sid This will automatically put the session ID after every URL if the user does not have cookies enabled. Josh Hoover KnowledgeStorm, Inc. Searching for a new IT solution for your company? Need to improve your product marketing? Visit KnowledgeStorm at www.knowledgestorm.com to learn how we can simplify the process for you. KnowledgeStorm - Your IT Search Starts Here > This could be because cookies have been disabled. Can I > find a way such > that my code works even if cookies have been disabled ??
[PHP-DB] Re: sessions
This could be because cookies have been disabled. Can I find a way such that my code works even if cookies have been disabled ?? - Original Message - From: Pankaj Ahuja To: php-db list Sent: Friday, February 23, 2001 12:04 PM Subject: sessions I am trying to execute the following code. It all works fine if the code is executed second time onwards. When the code is executed for the first time (a new session is created) the value of PHPSESSID is not assigned. Could this be because session.auto_start is assigned a value of 0 ? What could be a workaround for this ?? Thanks Hello visitor, you have seen this page times. is necessary to preserve the session id # in the case that the user has disabled cookies ?> To continue, click here -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]