[PHP-DB] Session and Access Privilages.
Hey, I am working on the application, thought its not OOP currently, I plan to take it further in a year or so. Right now, I have 4 access levels which define what the users can do on the application. Based on the access levels defined, a session varialble is set called $_SESSION['authtype'], and this defines what are the links shown to the user. so basically the session authtype, defines what links are shown to the users, now i am thinking that if a user comes to know of a link whihc he does not have access to, he / she can put that in the url and try to gain access, what i feel is there should be some check on each of the page for the access and if the acess criteria is not met, then the user should be sent back to him home page view. Any ideas on what the best way is to implement something like this? Any help is appreciated. Thanks, Vinay
Re: [PHP-DB] Session and Access Privilages.
Hi- Since you are checking the authtype variable in the environmental variable for each page which is requested, There cannot be any chance for a intruder to get access to the page. But then, for an enhanced security, do maintain a table in db with relation between authtype and access to page and privilege. Checking the same in the page before displaying it to the user might help you in solving the issue. Hope this helps. - Trinath S On Thu, Mar 29, 2012 at 1:00 PM, Vinay Kannan viny...@gmail.com wrote: Hey, I am working on the application, thought its not OOP currently, I plan to take it further in a year or so. Right now, I have 4 access levels which define what the users can do on the application. Based on the access levels defined, a session varialble is set called $_SESSION['authtype'], and this defines what are the links shown to the user. so basically the session authtype, defines what links are shown to the users, now i am thinking that if a user comes to know of a link whihc he does not have access to, he / she can put that in the url and try to gain access, what i feel is there should be some check on each of the page for the access and if the acess criteria is not met, then the user should be sent back to him home page view. Any ideas on what the best way is to implement something like this? Any help is appreciated. Thanks, Vinay
Re: [PHP-DB] Session and Access Privilages.
Hey, I am working on the application, thought its not OOP currently, I plan to take it further in a year or so. Right now, I have 4 access levels which define what the users can do on the application. Based on the access levels defined, a session varialble is set called $_SESSION['authtype'], and this defines what are the links shown to the user. so basically the session authtype, defines what links are shown to the users, now i am thinking that if a user comes to know of a link whihc he does not have access to, he / she can put that in the url and try to gain access, what i feel is there should be some check on each of the page for the access and if the acess criteria is not met, then the user should be sent back to him home page view. Any ideas on what the best way is to implement something like this? Any help is appreciated. Thanks, Vinay Hi Vinay If you are already checking your $_SESSION['authtype'] var, to know whether or not to display certain links.. then you can just add the same kind of checking at the top of any code that should be reserved for a certain level of user. If someone without proper access has hacked the URL then just redirect to your login page, or whatever you want to do to the intruders. HTH -Govinda -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Session and Access Privilages.
Yup, With some help from Jey earlier today, I was able to figure it out.. I only realized it later, how easy it was since all the auth types were being set already, the same piece of code at the beginning of every page should have been good ! Thanks, Vinay On Thu, Mar 29, 2012 at 7:28 PM, Govinda govinda.webdnat...@gmail.comwrote: Hey, I am working on the application, thought its not OOP currently, I plan to take it further in a year or so. Right now, I have 4 access levels which define what the users can do on the application. Based on the access levels defined, a session varialble is set called $_SESSION['authtype'], and this defines what are the links shown to the user. so basically the session authtype, defines what links are shown to the users, now i am thinking that if a user comes to know of a link whihc he does not have access to, he / she can put that in the url and try to gain access, what i feel is there should be some check on each of the page for the access and if the acess criteria is not met, then the user should be sent back to him home page view. Any ideas on what the best way is to implement something like this? Any help is appreciated. Thanks, Vinay Hi Vinay If you are already checking your $_SESSION['authtype'] var, to know whether or not to display certain links.. then you can just add the same kind of checking at the top of any code that should be reserved for a certain level of user. If someone without proper access has hacked the URL then just redirect to your login page, or whatever you want to do to the intruders. HTH -Govinda
Re: [PHP-DB] session expiration
On 28 September 2010 03:06, Ron nha...@gmail.com wrote: Hi, i would like to ask how to set the session expiration. on my site when a user logs in, i assign it to $_SESSION['username'] and on each page i check if (isset($_SESSION['username']) if not i redirect it back to login page. my problem is it seems like it expires very fast when there's no activity, how can i make it in such a way it won't expire unless the user logs out? regards Ron On each page do you have session_start(); You can extend the session duration using session_cache_expire(). Make sure you call session_cache_expire() before you call session_start(). -- Richard Quadling Twitter : EE : Zend @RQuadling : e-e.com/M_248814.html : bit.ly/9O8vFY -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] session expiration
Hi, i would like to ask how to set the session expiration. on my site when a user logs in, i assign it to $_SESSION['username'] and on each page i check if (isset($_SESSION['username']) if not i redirect it back to login page. my problem is it seems like it expires very fast when there's no activity, how can i make it in such a way it won't expire unless the user logs out? regards Ron -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Session start
I have a problem with my system, not sure how I can fix this one. A user has a log in page and takes them to different pages, now each of these pages has a check to make sure they are logged in with the following code: session_start(); if (!(isset($_SESSION['username']) $_SESSION['username'] != '')) { header (Location: login.html); exit; } So if they are not logged in it redirects them to the log in page. No problems there. Now if a user is not logged in and comes back to that page, it starts the session so giving them a session id and redirects them back to thge login page. The problem I have is I do NOT want the session to start, I need them to hit the log in page with no sessions there. I have tried all sorts but just cannot get this to work. I have tried adding this to the code. session_start(); if (!(isset($_SESSION['username']) $_SESSION['username'] != '')) { *session_destroy();* header (Location: login.html); exit; } But that did not work? Please I am stuck for ideas?
Re: [PHP-DB] Session start
On 14 May 2010 18:47, Barry Zimmerman barryzi...@googlemail.com wrote: I have a problem with my system, not sure how I can fix this one. A user has a log in page and takes them to different pages, now each of these pages has a check to make sure they are logged in with the following code: session_start(); if (!(isset($_SESSION['username']) $_SESSION['username'] != '')) { header (Location: login.html); exit; } So if they are not logged in it redirects them to the log in page. No problems there. Now if a user is not logged in and comes back to that page, it starts the session so giving them a session id and redirects them back to thge login page. The problem I have is I do NOT want the session to start, I need them to hit the log in page with no sessions there. I have tried all sorts but just cannot get this to work. I have tried adding this to the code. session_start(); if (!(isset($_SESSION['username']) $_SESSION['username'] != '')) { *session_destroy();* header (Location: login.html); exit; } But that did not work? Please I am stuck for ideas? Read the manual on session_destroy. Specifically, if you want to complete destroy the session, unset the session cookie as well. On a separate note: why do you care if the session has started or not? If nothing is stored in the session then there's not much difference to you. Regards Peter -- hype WWW: http://plphp.dk / http://plind.dk LinkedIn: http://www.linkedin.com/in/plind Flickr: http://www.flickr.com/photos/fake51 BeWelcome: Fake51 Couchsurfing: Fake51 /hype -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Session start
Barry, Did you try to use setcookie with expiry date in the past? You could use setcookie before header function of the following manner. session_start(); if (!(isset($_SESSION['username']) $_SESSION['username'] != '')) { setcookie(session,session id, 1); header (Location: login.html); } Best regards, Luiz Alberto On Fri, 2010-05-14 at 17:47 +0100, Barry Zimmerman wrote: I have a problem with my system, not sure how I can fix this one. A user has a log in page and takes them to different pages, now each of these pages has a check to make sure they are logged in with the following code: session_start(); if (!(isset($_SESSION['username']) $_SESSION['username'] != '')) { header (Location: login.html); exit; } So if they are not logged in it redirects them to the log in page. No problems there. Now if a user is not logged in and comes back to that page, it starts the session so giving them a session id and redirects them back to thge login page. The problem I have is I do NOT want the session to start, I need them to hit the log in page with no sessions there. I have tried all sorts but just cannot get this to work. I have tried adding this to the code. session_start(); if (!(isset($_SESSION['username']) $_SESSION['username'] != '')) { *session_destroy();* header (Location: login.html); exit; } But that did not work? Please I am stuck for ideas?
Re: [PHP-DB] Session start
id also suggest to revisit the entire login script that you have attached, its a bit overly complicated. Keep amount of if statements to the minimum and you will not get lost. Try to keep it simple. Session is not a problem for you, just make a very simple set of rules when user is logging in, logging out and how to check if he is logged in. i guess its worth having a look at some open source apps or frameworks and see how they do it, good luck art On 14 May 2010 18:24, Luiz Alberto gomes.l...@gmail.com wrote: Barry, Did you try to use setcookie with expiry date in the past? You could use setcookie before header function of the following manner. session_start(); if (!(isset($_SESSION['username']) $_SESSION['username'] != '')) { setcookie(session,session id, 1); header (Location: login.html); } Best regards, Luiz Alberto On Fri, 2010-05-14 at 17:47 +0100, Barry Zimmerman wrote: I have a problem with my system, not sure how I can fix this one. A user has a log in page and takes them to different pages, now each of these pages has a check to make sure they are logged in with the following code: session_start(); if (!(isset($_SESSION['username']) $_SESSION['username'] != '')) { header (Location: login.html); exit; } So if they are not logged in it redirects them to the log in page. No problems there. Now if a user is not logged in and comes back to that page, it starts the session so giving them a session id and redirects them back to thge login page. The problem I have is I do NOT want the session to start, I need them to hit the log in page with no sessions there. I have tried all sorts but just cannot get this to work. I have tried adding this to the code. session_start(); if (!(isset($_SESSION['username']) $_SESSION['username'] != '')) { *session_destroy();* header (Location: login.html); exit; } But that did not work? Please I am stuck for ideas?
Re: [PHP-DB] Session start
Barry, session_start(); will not wipe clean the user's session so there is something else going on. Does the login.html authentication script correctly set $_SESSION['username'] ? Also, it has been my experience that code like isset($_SESSION['username']) is better if you replace it with array_key_exists('username',$_SESSION) Thanks, --Dustin Barry Zimmerman wrote: I have a problem with my system, not sure how I can fix this one. A user has a log in page and takes them to different pages, now each of these pages has a check to make sure they are logged in with the following code: session_start(); if (!(isset($_SESSION['username']) $_SESSION['username'] != '')) { header (Location: login.html); exit; } So if they are not logged in it redirects them to the log in page. No problems there. Now if a user is not logged in and comes back to that page, it starts the session so giving them a session id and redirects them back to thge login page. The problem I have is I do NOT want the session to start, I need them to hit the log in page with no sessions there. I have tried all sorts but just cannot get this to work. I have tried adding this to the code. session_start(); if (!(isset($_SESSION['username']) $_SESSION['username'] != '')) { *session_destroy();* header (Location: login.html); exit; } But that did not work? Please I am stuck for ideas? -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] session management
Here I have a blog I setup but have not finished regarding web application authentication which includes source code and classes you can utilize. Unfortunately I have not been able to finish writing the article due to three jobs and school work. I can however assist you in getting it up and running via this message board. http://wtf-jas.blogspot.com/2010/04/web-application-authentication.html Richard Quadling wrote: On 22 April 2010 18:56, Vinay Kannan viny...@gmail.com wrote: Hey Guys, I need some help on an effficient session management, right now what I do is check if the user has loggedin using his username, and create a SESSION['logged']=1, setting a login flag actually, I am not sure if this is the best way ? What do you guys use for sessions, and which is the best possible way ? Thanks, Vinay https://code.google.com/p/loginsystem-rd/ This was developed as an easy drop-in secure login facility. It may give you some mileage. -- Jas -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] session management
Hey Guys, I need some help on an effficient session management, right now what I do is check if the user has loggedin using his username, and create a SESSION['logged']=1, setting a login flag actually, I am not sure if this is the best way ? What do you guys use for sessions, and which is the best possible way ? Thanks, Vinay
Re: [PHP-DB] session management
How secure would you want it? Is this is a public facing web application? Are you in a shared hosting environment vs. a dedicated hosting environment? Do you require alternative session management such as database or mcache vs. flat file session support? Have you thought about cross site request forgery's? session hijacking etc? There are tons of things to take into consideration but setting a flag per user session is indeed one method of ensuring a user has authenticated. Vinay Kannan wrote: Hey Guys, I need some help on an effficient session management, right now what I do is check if the user has loggedin using his username, and create a SESSION['logged']=1, setting a login flag actually, I am not sure if this is the best way ? What do you guys use for sessions, and which is the best possible way ? Thanks, Vinay -- Jas -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] session management
Hi Jason, Yes this is going to be a public facing application with 3 level heirarchy, and maybe around 100 tiny companies(3-4 employees) using it. App is going to be on a Hosted Server. DB session mgmt would be a bit slower, is it? I have thought about cross site forgery and session hijacking, but the more I think about it, I realize the lesser I know about it all :( So thought this would be the best place to start. Thanks, Vinay On Thu, Apr 22, 2010 at 11:19 AM, Jason Gerfen jason.ger...@scl.utah.eduwrote: How secure would you want it? Is this is a public facing web application? Are you in a shared hosting environment vs. a dedicated hosting environment? Do you require alternative session management such as database or mcache vs. flat file session support? Have you thought about cross site request forgery's? session hijacking etc? There are tons of things to take into consideration but setting a flag per user session is indeed one method of ensuring a user has authenticated. Vinay Kannan wrote: Hey Guys, I need some help on an effficient session management, right now what I do is check if the user has loggedin using his username, and create a SESSION['logged']=1, setting a login flag actually, I am not sure if this is the best way ? What do you guys use for sessions, and which is the best possible way ? Thanks, Vinay -- Jas
Re: [PHP-DB] Session Timeout question
Karl DeSaulniers wrote: What is the best way to set a user timeout on a session? Say if the user steps away from their computer for say 5 min, and they come back to the page they were on, I want when the user clicks something for the session to kick them off and redirect to login saying their session has timed out. I have this code currently: /*Users timout*/ function getIdle(){ global $database; if($this-isGuest()) { if (!isset($_SESSION['timeout_idle'])) { $_SESSION['timeout_idle'] = time() + GUEST_TIMEOUT; } else { if ($_SESSION['timeout_idle'] time()) { //destroy session return(true); } else { $_SESSION['timeout_idle'] = time() + GUEST_TIMEOUT; return(false); } } } else { if (!isset($_SESSION['timeout_idle'])) { $_SESSION['timeout_idle'] = time() + USER_TIMEOUT; } else { if ($_SESSION['timeout_idle'] time()) { //destroy session return(true); } else { $_SESSION['timeout_idle'] = time() + USER_TIMEOUT; return(false); } } } } But it doesn't time anything out.. I could walk away for an hour and come back and go to a link. TIA, Firstly - is it getting into this function (yep I ask stupid questions)? Which branch is it taking (guest or user)? What values are USER_TIMEOUT and GUEST_TIMEOUT? -- Postgresql php tutorials http://www.designmagick.com/ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Session Timeout question
What is the best way to set a user timeout on a session? Say if the user steps away from their computer for say 5 min, and they come back to the page they were on, I want when the user clicks something for the session to kick them off and redirect to login saying their session has timed out. I have this code currently: /*Users timout*/ function getIdle(){ global $database; if($this-isGuest()) { if (!isset($_SESSION['timeout_idle'])) { $_SESSION['timeout_idle'] = time() + GUEST_TIMEOUT; } else { if ($_SESSION['timeout_idle'] time()) { //destroy session return(true); } else { $_SESSION['timeout_idle'] = time() + GUEST_TIMEOUT; return(false); } } } else { if (!isset($_SESSION['timeout_idle'])) { $_SESSION['timeout_idle'] = time() + USER_TIMEOUT; } else { if ($_SESSION['timeout_idle'] time()) { //destroy session return(true); } else { $_SESSION['timeout_idle'] = time() + USER_TIMEOUT; return(false); } } } } But it doesn't time anything out.. I could walk away for an hour and come back and go to a link. TIA, Karl DeSaulniers Design Drumm http://designdrumm.com
[PHP-DB] session variable in select query showing picture from database
I'm trying to show picture from database. Everything works until I add variable into where part of the query. It works with plain number. example ...WHERE id=11... ...picture is shown on the page. Here's the code that retrieves the picture. show_pic.php ?php function db_connect($host='', $user='', $password='', $db='') { mysql_connect($host, $user, $password) or die('I cannot connect to db: ' . mysql_error()); mysql_select_db($db); } db_connect(); $band_id = $_SESSION['session_var']; $query=SELECT * FROM pic_upload WHERE band_id=$band_id; $result=mysql_query($query); while($row = mysql_fetch_array($result)) { $bytes = $row['pic_content']; } header(Content-type: image/jpeg); print $bytes; exit (); mysql_close(); ? other page that shows the picture ?php echo img width='400px' src='./show_pic.php' /; ? Any help would be appreciated...
Re: [PHP-DB] session variable in select query showing picture from database
On Feb 12, 2009, at 6:07 AM, Mika Jaaksi wrote: I'm trying to show picture from database. Everything works until I add variable into where part of the query. It works with plain number. example ...WHERE id=11... ...picture is shown on the page. Here's the code that retrieves the picture. show_pic.php ?php function db_connect($host='', $user='', $password='', $db='') { mysql_connect($host, $user, $password) or die('I cannot connect to db: ' . mysql_error()); mysql_select_db($db); } db_connect(); $band_id = $_SESSION['session_var']; $query=SELECT * FROM pic_upload WHERE band_id=$band_id; $result=mysql_query($query); while($row = mysql_fetch_array($result)) { $bytes = $row['pic_content']; } header(Content-type: image/jpeg); print $bytes; exit (); mysql_close(); ? other page that shows the picture ?php echo img width='400px' src='./show_pic.php' /; ? Any help would be appreciated... I'm not positive... But I believe you need to enclose $band_id like this: $query = SELECT * FROM pic_upload WHERE band_id='{$band_id}'; Give that a shot, and if it doesn't work, post back and we'll take it from there. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] session handling
hi all, i'm a newbie and i really would like to be able to understand how session works. for the scenario, i have customers with two users login to manage their records (like adding their own customers). e.g. customer A has a username customera1 and customera2, customer B has customerb1 and customerb2. when user logins, i add on the session accountcode $_SESSION['accountcode'] (which is the unique identifier for each customer). here are some of the questions i have: 1. how can i make sure each user can login only one time? 2. if customera1 and customera2 are logged in at the same time and they are going to access the same data, how can i lock it to whoever had access to it first? 3. if a session expires, is there a way to automatically logout that user and destroy the session? 4. if both a user in customer A and B are logged in, then user A logouts and i have a script that call session_destroy(), will that also destroy the session of customer B? hope someone can help me. regards, nhadie - Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now.
Re: [PHP-DB] session handling
Hi nhadie, 1. Unlike, ASP or ASP.NET, PHP only has a Session object, not an Application object. A session is only available to one single user only, and you can't share information between Sessions using PHP (you'd use the Application object for this in ASP(.NET)). While you can probably hack your way into the Session-files that PHP stores somewhere on the hard disk, that's obvioulsy not their intended you (but I want to mention this for the sake of being complete). What you can do is add a Boolean-field to your user-table in the database that says whether somebody is currently logged in. If the field is true, they can't log in a second time. The problem with this approach however is that it depends on the use actually logging out as well (thus calling a script that sets the field back to false). So here's a better solution: Create a separate table and call it something like Sessions. It should contain at least three fields: AccountCode, LoginTime and LastActivityTime. When somebody first logs in, you create a record in this Sessions table. Everytime he pulls up a new page, you update the LastActivityTime field with the current date/time in the database. When somebody tries to log in a second time, you can deny them access based on the record that exists in the Sessions table. Here's how it works when somebody forgets to log out: each time you access the Sessions table, you should run a second query that automatically deletes all the sessions that haven't been updated for the last 30 minutes (the number should be the same to the timeout value for the $_SESSION[] object). So each time a user performs an action, you automatically remove all the sessions of all users that have been inactive for 30 minutes or more. 2. This is trickier. What do you mean with access? Are you talking about lost updates? Are you talking about simple read-operations? Actually, even as you claim you're a newbie, you're asking questions that are keeping us all up at night! :-) The solutions vary depending on your situation. Maybe you can add field ActiveTable to the above-mentioned Sessions table and take it from there? 3. I think I've covered this under [1]. 4. No, it won't. Each user has his/her own $_SESSION[] object HTH, Yves -- Original Message -- Received: Mon, 28 Apr 2008 10:06:19 AM CDT From: Nhadie Ramos [EMAIL PROTECTED] To: php-db@lists.php.net Subject: [PHP-DB] session handling hi all, i'm a newbie and i really would like to be able to understand how session works. for the scenario, i have customers with two users login to manage their records (like adding their own customers). e.g. customer A has a username customera1 and customera2, customer B has customerb1 and customerb2. when user logins, i add on the session accountcode $_SESSION['accountcode'] (which is the unique identifier for each customer). here are some of the questions i have: 1. how can i make sure each user can login only one time? 2. if customera1 and customera2 are logged in at the same time and they are going to access the same data, how can i lock it to whoever had access to it first? 3. if a session expires, is there a way to automatically logout that user and destroy the session? 4. if both a user in customer A and B are logged in, then user A logouts and i have a script that call session_destroy(), will that also destroy the session of customer B? hope someone can help me. regards, nhadie - Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] session handling
2. This is trickier. What do you mean with access? Are you talking about lost updates? Are you talking about simple read-operations? Actually, even as you claim you're a newbie, you're asking questions that are keeping us all up at night! :-) The solutions vary depending on your situation. Maybe you can add field ActiveTable to the above-mentioned Sessions table and take it from there? it's more for editing records, when user customera1 opened a record to edit it, and almost at the same time user customera2 tried to edit the same record, customera2 will get an error message that the record is already open. Well, like I said: the lost update problem is well known in database circles. Basically, when two users want to do the same thing at the same time, one of them WILL loose out. The only question is how you handle the situation. Please read e.g. http://forums.mysql.com/read.php?97,56420,56420 to give you some more ideas on how to handle this. Google for database lost update for more general information and strategies. Before you come up with too advanced features to solve this problem, you may also want to ask yourself the chance of this problem occuring in your specific application? While I've worked on many systems, I've never had a situation arise where this was an effective issue. But there definitely are circumstances where it may! 4. No, it won't. Each user has his/her own $_SESSION[] object does that mean when user customera1 logs in, i passed $_SESSION[accountcode]. then user customera2 logs in also and i passed $_SESSION[accountcode] again, so now $_SESSION[accountcode] is the same for both user, if customera1 logs out, i call session_destroy, it wont destroy the session for user customera2? When customera1 logs in, a $_SESSION[] object is created for his/her eyes only. You can then e.g. say $_SESSION[code] = getaccountcode(). When customera2 logs in in turn, a second $_SESSION[] object is created that only applies to that user. You can see the progress of these sessions popping in and out of existence by monitoring the files in the c:\php\sessions\ folder. Since customera1 has no access to the $_SESSION of customera2, there's risk in accidentally removing another user's session. HTH, Yves -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] session handling
1. Logging in only once is easy. Make the login page only appear if isset($_SESSION['accountcode']) Else, have it display a page saying you are already logged in. 2. SSL 3. If a session expires the user logs out and the session is destroyed. That's why it's called expiration. 4. session_destroy() only destroys the session with the PHPSESSID that matches the cookie on the users system. In other words: no, unless both users run session_destroy. You're obviously new to this stuff. PHP was made for ease of use in mind, so most of your concerns are already addressed. It would be extremely difficult to use a session if any user logging out would log every other user out. Hope this helps, Aaron. -Original Message- From: Nhadie Ramos [mailto:[EMAIL PROTECTED] Sent: Monday, April 28, 2008 10:05 AM To: php-db@lists.php.net Subject: [PHP-DB] session handling hi all, i'm a newbie and i really would like to be able to understand how session works. for the scenario, i have customers with two users login to manage their records (like adding their own customers). e.g. customer A has a username customera1 and customera2, customer B has customerb1 and customerb2. when user logins, i add on the session accountcode $_SESSION['accountcode'] (which is the unique identifier for each customer). here are some of the questions i have: 1. how can i make sure each user can login only one time? 2. if customera1 and customera2 are logged in at the same time and they are going to access the same data, how can i lock it to whoever had access to it first? 3. if a session expires, is there a way to automatically logout that user and destroy the session? 4. if both a user in customer A and B are logged in, then user A logouts and i have a script that call session_destroy(), will that also destroy the session of customer B? hope someone can help me. regards, nhadie - Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Session Problem
what version of php are you using? i ran across a problem with sessions not working for windows in php 5.2 because the directories for the sessions were not created. On 1/12/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: I don't think that the problem is on the browser setting... Cause I've tried to browse the other web application (that using session too) on other server, and its running well... Forget to tell you, that if I used http://localhost http://localhost/ , the session running well... But if I change with http://hostname http://hostname/ , the session wasn't running... I thought the problem was on privileges... But I have setting the grant privilege to user root the hostname... Still the session not running.. Regards, Anita -Original Message- From: Bastien Koert [mailto:[EMAIL PROTECTED] Sent: Saturday, January 13, 2007 12:21 AM To: Adman, Nur anita; [EMAIL PROTECTED] Cc: php-db@lists.php.net Subject: RE: [PHP-DB] Session Problem are you sure that the problem is not in the browser settings (not to accept session cookies)? Bastien From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] CC: php-db@lists.php.net Subject: RE: [PHP-DB] Session Problem Date: Fri, 12 Jan 2007 15:34:06 +0900 1. Did you mean that on phpinfo(), the Session Support is enabled? Yes, it wrote so. 2. I have check the session.save_files, and its writable. I found some files session in there. Please advice... Thanks Regards, Anita -Original Message- From: Peter Beckman [mailto:[EMAIL PROTECTED] Sent: Friday, January 12, 2007 2:27 PM To: Adman, Nur anita Cc: php-db@lists.php.net Subject: Re: [PHP-DB] Session Problem 1. Is session support compiled into PHP, or if not, is the module there and being loaded? phpinfo() will tell you. If not, recompile PHP or build the dynamic module to support sessions. 2. If so, check the location of session.save_files and make sure it is writable by the web server user/group. If not, you must change this. Beckman On Fri, 12 Jan 2007, [EMAIL PROTECTED] wrote: Dear All, I need some help please... I'm developing an web application using PHP/MySQL, and its has been running on my company. I'm planning to migrate the system on a new server. I have installed everything that are needed on the new server to running the web application. But I'm confusing that the session isn't running. For your information, I've setting all configurations (MySQL PHP), included register globals to Off. I have trying to re-install the web server MySQL, but it still not running... Please advice... Thanks Regards, Anita --- - --- Peter Beckman Internet Guy [EMAIL PROTECTED] http://www.purplecow.com/ --- - --- _ Your opinion matters. Please tell us what you think and be entered into a draw for a grand prize of $500 or one of 20 $50 cash prizes. http://www.youthographyinsiders.com/R.aspx?a=116 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] Session Problem
I`m using PHP 5.0.4 on the new server, the same version with my old one Regards, Anita -Original Message- From: bob plano [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 17, 2007 8:45 AM To: Adman, Nur anita Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]; php-db@lists.php.net Subject: Re: [PHP-DB] Session Problem what version of php are you using? i ran across a problem with sessions not working for windows in php 5.2 because the directories for the sessions were not created. On 1/12/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: I don't think that the problem is on the browser setting... Cause I've tried to browse the other web application (that using session too) on other server, and its running well... Forget to tell you, that if I used http://localhost http://localhost/ , the session running well... But if I change with http://hostname http://hostname/ , the session wasn't running... I thought the problem was on privileges... But I have setting the grant privilege to user root the hostname... Still the session not running.. Regards, Anita -Original Message- From: Bastien Koert [mailto:[EMAIL PROTECTED] Sent: Saturday, January 13, 2007 12:21 AM To: Adman, Nur anita; [EMAIL PROTECTED] Cc: php-db@lists.php.net Subject: RE: [PHP-DB] Session Problem are you sure that the problem is not in the browser settings (not to accept session cookies)? Bastien From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] CC: php-db@lists.php.net Subject: RE: [PHP-DB] Session Problem Date: Fri, 12 Jan 2007 15:34:06 +0900 1. Did you mean that on phpinfo(), the Session Support is enabled? Yes, it wrote so. 2. I have check the session.save_files, and its writable. I found some files session in there. Please advice... Thanks Regards, Anita -Original Message- From: Peter Beckman [mailto:[EMAIL PROTECTED] Sent: Friday, January 12, 2007 2:27 PM To: Adman, Nur anita Cc: php-db@lists.php.net Subject: Re: [PHP-DB] Session Problem 1. Is session support compiled into PHP, or if not, is the module there and being loaded? phpinfo() will tell you. If not, recompile PHP or build the dynamic module to support sessions. 2. If so, check the location of session.save_files and make sure it is writable by the web server user/group. If not, you must change this. Beckman On Fri, 12 Jan 2007, [EMAIL PROTECTED] wrote: Dear All, I need some help please... I'm developing an web application using PHP/MySQL, and its has been running on my company. I'm planning to migrate the system on a new server. I have installed everything that are needed on the new server to running the web application. But I'm confusing that the session isn't running. For your information, I've setting all configurations (MySQL PHP), included register globals to Off. I have trying to re-install the web server MySQL, but it still not running... Please advice... Thanks Regards, Anita --- - --- Peter Beckman Internet Guy [EMAIL PROTECTED] http://www.purplecow.com/ --- - --- _ Your opinion matters. Please tell us what you think and be entered into a draw for a grand prize of $500 or one of 20 $50 cash prizes. http://www.youthographyinsiders.com/R.aspx?a=116
RE: [PHP-DB] Session Problem
are you sure that the problem is not in the browser settings (not to accept session cookies)? Bastien From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] CC: php-db@lists.php.net Subject: RE: [PHP-DB] Session Problem Date: Fri, 12 Jan 2007 15:34:06 +0900 1. Did you mean that on phpinfo(), the Session Support is enabled? Yes, it wrote so. 2. I have check the session.save_files, and its writable. I found some files session in there. Please advice... Thanks Regards, Anita -Original Message- From: Peter Beckman [mailto:[EMAIL PROTECTED] Sent: Friday, January 12, 2007 2:27 PM To: Adman, Nur anita Cc: php-db@lists.php.net Subject: Re: [PHP-DB] Session Problem 1. Is session support compiled into PHP, or if not, is the module there and being loaded? phpinfo() will tell you. If not, recompile PHP or build the dynamic module to support sessions. 2. If so, check the location of session.save_files and make sure it is writable by the web server user/group. If not, you must change this. Beckman On Fri, 12 Jan 2007, [EMAIL PROTECTED] wrote: Dear All, I need some help please... I'm developing an web application using PHP/MySQL, and its has been running on my company. I'm planning to migrate the system on a new server. I have installed everything that are needed on the new server to running the web application. But I'm confusing that the session isn't running. For your information, I've setting all configurations (MySQL PHP), included register globals to Off. I have trying to re-install the web server MySQL, but it still not running... Please advice... Thanks Regards, Anita --- Peter Beckman Internet Guy [EMAIL PROTECTED] http://www.purplecow.com/ --- _ Your opinion matters. Please tell us what you think and be entered into a draw for a grand prize of $500 or one of 20 $50 cash prizes. http://www.youthographyinsiders.com/R.aspx?a=116 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] Session Problem
I don't think that the problem is on the browser setting... Cause I've tried to browse the other web application (that using session too) on other server, and its running well... Forget to tell you, that if I used http://localhost http://localhost/ , the session running well... But if I change with http://hostname http://hostname/ , the session wasn't running... I thought the problem was on privileges... But I have setting the grant privilege to user root the hostname... Still the session not running.. Regards, Anita -Original Message- From: Bastien Koert [mailto:[EMAIL PROTECTED] Sent: Saturday, January 13, 2007 12:21 AM To: Adman, Nur anita; [EMAIL PROTECTED] Cc: php-db@lists.php.net Subject: RE: [PHP-DB] Session Problem are you sure that the problem is not in the browser settings (not to accept session cookies)? Bastien From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] CC: php-db@lists.php.net Subject: RE: [PHP-DB] Session Problem Date: Fri, 12 Jan 2007 15:34:06 +0900 1. Did you mean that on phpinfo(), the Session Support is enabled? Yes, it wrote so. 2. I have check the session.save_files, and its writable. I found some files session in there. Please advice... Thanks Regards, Anita -Original Message- From: Peter Beckman [mailto:[EMAIL PROTECTED] Sent: Friday, January 12, 2007 2:27 PM To: Adman, Nur anita Cc: php-db@lists.php.net Subject: Re: [PHP-DB] Session Problem 1. Is session support compiled into PHP, or if not, is the module there and being loaded? phpinfo() will tell you. If not, recompile PHP or build the dynamic module to support sessions. 2. If so, check the location of session.save_files and make sure it is writable by the web server user/group. If not, you must change this. Beckman On Fri, 12 Jan 2007, [EMAIL PROTECTED] wrote: Dear All, I need some help please... I'm developing an web application using PHP/MySQL, and its has been running on my company. I'm planning to migrate the system on a new server. I have installed everything that are needed on the new server to running the web application. But I'm confusing that the session isn't running. For your information, I've setting all configurations (MySQL PHP), included register globals to Off. I have trying to re-install the web server MySQL, but it still not running... Please advice... Thanks Regards, Anita --- - --- Peter Beckman Internet Guy [EMAIL PROTECTED] http://www.purplecow.com/ --- - --- _ Your opinion matters. Please tell us what you think and be entered into a draw for a grand prize of $500 or one of 20 $50 cash prizes. http://www.youthographyinsiders.com/R.aspx?a=116
[PHP-DB] Session Problem
Dear All, I need some help please... I'm developing an web application using PHP/MySQL, and its has been running on my company. I'm planning to migrate the system on a new server. I have installed everything that are needed on the new server to running the web application. But I'm confusing that the session isn't running. For your information, I've setting all configurations (MySQL PHP), included register globals to Off. I have trying to re-install the web server MySQL, but it still not running... Please advice... Thanks Regards, Anita
Re: [PHP-DB] Session Problem
1. Is session support compiled into PHP, or if not, is the module there and being loaded? phpinfo() will tell you. If not, recompile PHP or build the dynamic module to support sessions. 2. If so, check the location of session.save_files and make sure it is writable by the web server user/group. If not, you must change this. Beckman On Fri, 12 Jan 2007, [EMAIL PROTECTED] wrote: Dear All, I need some help please... I'm developing an web application using PHP/MySQL, and its has been running on my company. I'm planning to migrate the system on a new server. I have installed everything that are needed on the new server to running the web application. But I'm confusing that the session isn't running. For your information, I've setting all configurations (MySQL PHP), included register globals to Off. I have trying to re-install the web server MySQL, but it still not running... Please advice... Thanks Regards, Anita --- Peter Beckman Internet Guy [EMAIL PROTECTED] http://www.purplecow.com/ --- -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] Session Problem
1. Did you mean that on phpinfo(), the Session Support is enabled? Yes, it wrote so. 2. I have check the session.save_files, and its writable. I found some files session in there. Please advice... Thanks Regards, Anita -Original Message- From: Peter Beckman [mailto:[EMAIL PROTECTED] Sent: Friday, January 12, 2007 2:27 PM To: Adman, Nur anita Cc: php-db@lists.php.net Subject: Re: [PHP-DB] Session Problem 1. Is session support compiled into PHP, or if not, is the module there and being loaded? phpinfo() will tell you. If not, recompile PHP or build the dynamic module to support sessions. 2. If so, check the location of session.save_files and make sure it is writable by the web server user/group. If not, you must change this. Beckman On Fri, 12 Jan 2007, [EMAIL PROTECTED] wrote: Dear All, I need some help please... I'm developing an web application using PHP/MySQL, and its has been running on my company. I'm planning to migrate the system on a new server. I have installed everything that are needed on the new server to running the web application. But I'm confusing that the session isn't running. For your information, I've setting all configurations (MySQL PHP), included register globals to Off. I have trying to re-install the web server MySQL, but it still not running... Please advice... Thanks Regards, Anita --- Peter Beckman Internet Guy [EMAIL PROTECTED] http://www.purplecow.com/ ---
[PHP-DB] Session Variable from Recordset
What is the syntax for pulling a field out of a query and setting it as a session variable? Thanks, Jon -- Jonathan Gravois Omni Sports Technologies 800.529.6664 X125 http://www.omnisportstech.com Quote: Failure is not the only punishment for laziness; there is also the success of others. -- Jules Renard -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Session Variable from Recordset
JONATHAN GRAVOIS wrote: What is the syntax for pulling a field out of a query and setting it as a session variable? RTFM: http://php.net/mysqli (assuming you mean a MySQL query) and http://php.net/session Quote: Failure is not the only punishment for laziness; there is also the success of others. -- Jules Renard Say no more! -Stut -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Session don't store after header(Location: ...)
Hi everybody, I have a problem with mysql session handler and redirect. My situation: - mysql session handler - one page is posted to another page, that saves a session variable and redirect to the first page again. If I do the redirect the variable is not properly setted, otherwise it's all ok. My PHP version is 4.3.10-16 They said me I have to use cookies, but I use this. I use this code before starting session: @ini_set('session.use_cookies', true); @ini_set('session.use_only_cookies', false); @ini_set('url_rewriter.tags', ''); @ini_set('arg_separator.output', 'amp;'); Can you help me? bye and thanks in advance -- Giacomo -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Session don't store after header(Location: ...)
Hi everybody, I have a problem with mysql session handler and redirect. My situation: - mysql session handler - one page is posted to another page, that saves a session variable and redirect to the first page again. If I do the redirect the variable is not properly setted, otherwise it's all ok. My PHP version is 4.3.10-16 They said me I have to use cookies, but I use this. I use this code before starting session: @ini_set('session.use_cookies', true); @ini_set('session.use_only_cookies', false); @ini_set('url_rewriter.tags', ''); @ini_set('arg_separator.output', 'amp;'); Can you help me? Don't use Header(Location:...). Instead spit back very minimal javascript that does something like: script document.location.href = '.'; /script That way the cookies that get sent back in the header will take affect. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Session don't store after header(Location: ...)
Philip Hallstrom ha scritto: Don't use Header(Location:...). Instead spit back very minimal javascript that does something like: script document.location.href = '.'; /script That way the cookies that get sent back in the header will take affect. I have to use header(Location...), cause I'm using Mojavi (http://www.mojavi.org/), an MVC framework. Can I set cookie before calling header(Location) command? Giacomo -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Session don't store after header(Location: ...)
Philip Hallstrom ha scritto: Don't use Header(Location:...). Instead spit back very minimal javascript that does something like: script document.location.href = '.'; /script That way the cookies that get sent back in the header will take affect. I have to use header(Location...), cause I'm using Mojavi (http://www.mojavi.org/), an MVC framework. Can I set cookie before calling header(Location) command? Don't know. All I know is that whenever I've tried to use the Location header while setting a cookie, it never seems to take. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] session confusion| can anyone help?
try defining the values as empty strings first... ?php // accesscontrol.php include_once 'common.php'; include_once 'db.php'; session_start(); $suid = ''; $spwd = ''; $suid = isset($_POST['suid']) ? $_POST['suid'] : $_SESSION['suid']; //line 7 $spwd = isset($_POST['spwd']) ? $_POST['spwd'] : $_SESSION['spwd']; //line 8 if(!isset($suid)) { ? bastien From: bo [EMAIL PROTECTED] Reply-To: bo [EMAIL PROTECTED] To: php-db@lists.php.net Subject: [PHP-DB] session confusion| can anyone help? Date: Fri, 26 Aug 2005 11:42:18 +0800 here is the code for accesscontrol.php which control the access to protected page, the server gives an error as of Notice: Undefined index: uid in E:\www\signup\accesscontrol.php on line 7 Notice: Undefined index: pwd in E:\www\signup\accesscontrol.php on line 8 I tried input username and password and it will give the error as: Access Denied Your user ID or password is incorrect, or you are not a registered user on this site. To try logging in again, click here. To register for instant access, click here. code // ?php // accesscontrol.php include_once 'common.php'; include_once 'db.php'; session_start(); $suid = isset($_POST['suid']) ? $_POST['suid'] : $_SESSION['suid']; //line 7 $spwd = isset($_POST['spwd']) ? $_POST['spwd'] : $_SESSION['spwd']; //line 8 if(!isset($suid)) { ? !DOCTYPE html PUBLIC -//W3C/DTD XHTML 1.0 Transitional//EN http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd; html xmlns=http://www.w3.org/1999/xhtml; head title Please Log In for Access /title meta http-equiv=Content-Type content=text/html; charset=iso-8859-1 / /head body h1 Login Required /h1 pYou must log in to access this area of the site. If you are not a registered user, a href=signup.phpclick here/a to sign up for instant access!/p pform method=post action=?=$_SERVER['PHP_SELF']? User ID: input type=text name=suid size=8 /br / Password: input type=password name=spwd SIZE=8 /br / input type=submit value=Log in / /form/p /body /html ?php exit; } $_SESSION['suid'] = $suid; $_SESSION['spwd'] = $spwd; dbConnect(cartoon); $sql = SELECT * FROM userinfo WHERE uid = '$suid' AND pwd = PASSWORD('$spwd'); $result = mysql_query($sql); if (!$result) { error('A database error occurred while checking your '. 'login details.\\nIf this error persists, please '. 'contact [EMAIL PROTECTED]'); } if (mysql_num_rows($result) == 0) { unset($_SESSION['suid']); unset($_SESSION['spwd']); ? !DOCTYPE html PUBLIC -//W3C/DTD XHTML 1.0 Transitional//EN http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd; html xmlns=http://www.w3.org/1999/xhtml; head title Access Denied /title meta http-equiv=Content-Type content=text/html; charset=iso-8859-1 / /head body h1 Access Denied /h1 pYour user ID or password is incorrect, or you are not a registered user on this site. To try logging in again, click a href=?=$_SERVER['PHP_SELF']?here/a. To register for instant access, click a href=signup.phphere/a./p /body /html ?php exit; } $username = mysql_result($result,0,'unick'); echo $username; ? // Thanks. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] session confusion| can anyone help?
here is the code for accesscontrol.php which control the access to protected page, the server gives an error as of Notice: Undefined index: uid in E:\www\signup\accesscontrol.php on line 7 Notice: Undefined index: pwd in E:\www\signup\accesscontrol.php on line 8 I tried input username and password and it will give the error as: Access Denied Your user ID or password is incorrect, or you are not a registered user on this site. To try logging in again, click here. To register for instant access, click here. code // ?php // accesscontrol.php include_once 'common.php'; include_once 'db.php'; session_start(); $suid = isset($_POST['suid']) ? $_POST['suid'] : $_SESSION['suid']; //line 7 $spwd = isset($_POST['spwd']) ? $_POST['spwd'] : $_SESSION['spwd']; //line 8 if(!isset($suid)) { ? !DOCTYPE html PUBLIC -//W3C/DTD XHTML 1.0 Transitional//EN http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd; html xmlns=http://www.w3.org/1999/xhtml; head title Please Log In for Access /title meta http-equiv=Content-Type content=text/html; charset=iso-8859-1 / /head body h1 Login Required /h1 pYou must log in to access this area of the site. If you are not a registered user, a href=signup.phpclick here/a to sign up for instant access!/p pform method=post action=?=$_SERVER['PHP_SELF']? User ID: input type=text name=suid size=8 /br / Password: input type=password name=spwd SIZE=8 /br / input type=submit value=Log in / /form/p /body /html ?php exit; } $_SESSION['suid'] = $suid; $_SESSION['spwd'] = $spwd; dbConnect(cartoon); $sql = SELECT * FROM userinfo WHERE uid = '$suid' AND pwd = PASSWORD('$spwd'); $result = mysql_query($sql); if (!$result) { error('A database error occurred while checking your '. 'login details.\\nIf this error persists, please '. 'contact [EMAIL PROTECTED]'); } if (mysql_num_rows($result) == 0) { unset($_SESSION['suid']); unset($_SESSION['spwd']); ? !DOCTYPE html PUBLIC -//W3C/DTD XHTML 1.0 Transitional//EN http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd; html xmlns=http://www.w3.org/1999/xhtml; head title Access Denied /title meta http-equiv=Content-Type content=text/html; charset=iso-8859-1 / /head body h1 Access Denied /h1 pYour user ID or password is incorrect, or you are not a registered user on this site. To try logging in again, click a href=?=$_SERVER['PHP_SELF']?here/a. To register for instant access, click a href=signup.phphere/a./p /body /html ?php exit; } $username = mysql_result($result,0,'unick'); echo $username; ? // Thanks. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] session confusion| can anyone help?
session_start() should be given at the starting of the file before others u can include anthing after the session_satrt() functon only On Fri, 26 Aug 2005, bo wrote: here is the code for accesscontrol.php which control the access to protected page, the server gives an error as of Notice: Undefined index: uid in E:\www\signup\accesscontrol.php on line 7 Notice: Undefined index: pwd in E:\www\signup\accesscontrol.php on line 8 I tried input username and password and it will give the error as: Access Denied Your user ID or password is incorrect, or you are not a registered user on this site. To try logging in again, click here. To register for instant access, click here. code // ?php // accesscontrol.php include_once 'common.php'; include_once 'db.php'; session_start(); $suid = isset($_POST['suid']) ? $_POST['suid'] : $_SESSION['suid']; //line 7 $spwd = isset($_POST['spwd']) ? $_POST['spwd'] : $_SESSION['spwd']; //line 8 if(!isset($suid)) { ? !DOCTYPE html PUBLIC -//W3C/DTD XHTML 1.0 Transitional//EN http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd; html xmlns=http://www.w3.org/1999/xhtml; head title Please Log In for Access /title meta http-equiv=Content-Type content=text/html; charset=iso-8859-1 / /head body h1 Login Required /h1 pYou must log in to access this area of the site. If you are not a registered user, a href=signup.phpclick here/a to sign up for instant access!/p pform method=post action=?=$_SERVER['PHP_SELF']? User ID: input type=text name=suid size=8 /br / Password: input type=password name=spwd SIZE=8 /br / input type=submit value=Log in / /form/p /body /html ?php exit; } $_SESSION['suid'] = $suid; $_SESSION['spwd'] = $spwd; dbConnect(cartoon); $sql = SELECT * FROM userinfo WHERE uid = '$suid' AND pwd = PASSWORD('$spwd'); $result = mysql_query($sql); if (!$result) { error('A database error occurred while checking your '. 'login details.\\nIf this error persists, please '. 'contact [EMAIL PROTECTED]'); } if (mysql_num_rows($result) == 0) { unset($_SESSION['suid']); unset($_SESSION['spwd']); ? !DOCTYPE html PUBLIC -//W3C/DTD XHTML 1.0 Transitional//EN http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd; html xmlns=http://www.w3.org/1999/xhtml; head title Access Denied /title meta http-equiv=Content-Type content=text/html; charset=iso-8859-1 / /head body h1 Access Denied /h1 pYour user ID or password is incorrect, or you are not a registered user on this site. To try logging in again, click a href=?=$_SERVER['PHP_SELF']?here/a. To register for instant access, click a href=signup.phphere/a./p /body /html ?php exit; } $username = mysql_result($result,0,'unick'); echo $username; ? // Thanks. -- * You wouldn't know an OS if it hit you in the face ... Linux Baby ! * -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] session
In my php.ini I've enabled session.use_cookies=1 Everytime I initialize a session, it create the session storage file in my /tmp At the top my script, I've added session_start (); In my test login function, this was what I did: $_SESSION['username'] = 'abcdef'; session_set_cookie_params (time () + 3600); Whereas, in my logout function: unset ($_SESSION['username']); setcookie ('PHPSESSID', '', time () -1); Everytime I load this page, this is what it does: echo p{$_SESSION['username']}; Everytime load this page a session id is generated, which means, a session file name sess_current session_id is created, and my session variable $_SESSION['username'] get stored in there. Now, everytime I perform a logout, it creates a sess_session id file under /tmp, and when I perform a login again, it creates yet another sess_session id. I'm not exactly sure why does it do this. My intention is actually, to use register a session variable to denote login status, and session_set_cookie_params (); to set the expiry date for the cookie for my session. And every the page loads, to use session_get_cookie_params (); to check whether the cookie has expired, if it has, force for a new login (via redirect or link), if it hasn't expired, display the appropriate authenticated page content. Thanks. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Session in URL
Hello I have tested this app on my machine but it doesnt do this - but when testing on development server, my script is displaying the session in the url. I was reading in man about session.use_only_cookies can keep this from happening but the dev server has php 4.1.2 Is there another way to stop this? My script is such: while($row = mysql_fetch_row($res)) { echo lia href = sess_downloads_p2.php?$row[0]$row[1]/a/li; } where $row[0] is a filename like filename.pdf But when sess_download_p2.php loads in browser the URL has ...PHPSESSID=(rand number) Thanks for any help -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] - Session in URL - wrong list
Sorry I posted this to wrong list - meant to send to general...should I re-post or no. * Hello I have tested this app on my machine but it doesnt do this - but when testing on development server, my script is displaying the session in the url. I was reading in man about session.use_only_cookies can keep this from happening but the dev server has php 4.1.2 Is there another way to stop this? My script is such: while($row = mysql_fetch_row($res)) { echo lia href = sess_downloads_p2.php?$row[0]$row[1]/a/li; } where $row[0] is a filename like filename.pdf But when sess_download_p2.php loads in browser the URL has ...PHPSESSID=(rand number) Thanks for any help -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] session
sorry, forgot to change the subject :), just to be sure here is my question again.. Hi everybody, For quite a while i'm struggeled with my session. It doesn't seem to work, can anyone help me? This is my code: page 1: session_start(); $_SESSION[test] = tryin...; if (isset($_SESSION[test])) { echo a href='session2.php'next page/a; echo br.session_id(); } page 2: session_start(); if (isset($_SESSION[test])) { echo $_SESSION[test]; }else { echo No sessionvariable found..; } echo br.session_id().br; On page two, there's always the 'no sessionvariable found...'-message, further the session id also changes... i dont understand what i am doing wrong... _ Play online games with your friends with MSN Messenger http://messenger.msn.nl/ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] session
I believe you need to pass the session variable along to the next page... Something like: On page 1: if session is set { $s = SID; echo a href=\page.php?$s\Link/a; } - Original Message - From: H. J. Wils [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, October 17, 2004 9:38 AM Subject: [PHP-DB] session sorry, forgot to change the subject :), just to be sure here is my question again.. Hi everybody, For quite a while i'm struggeled with my session. It doesn't seem to work, can anyone help me? This is my code: page 1: session_start(); $_SESSION[test] = tryin...; if (isset($_SESSION[test])) { echo a href='session2.php'next page/a; echo br.session_id(); } page 2: session_start(); if (isset($_SESSION[test])) { echo $_SESSION[test]; }else { echo No sessionvariable found..; } echo br.session_id().br; On page two, there's always the 'no sessionvariable found...'-message, further the session id also changes... i dont understand what i am doing wrong... _ Play online games with your friends with MSN Messenger http://messenger.msn.nl/ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] session
hey thanx it works, but why is that? i mean, session are there to save data which te user cant see... isnt there another way to pass the SID? i have the feeling passing the SID trhough the url-paramters is harming the security, am i right? From: Brad Bonkoski [EMAIL PROTECTED] To: H. J. Wils [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: [PHP-DB] session Date: Sun, 17 Oct 2004 09:46:06 -0400 MIME-Version: 1.0 Received: from pb1.pair.com ([216.92.131.4]) by mc5-f14.hotmail.com with Microsoft SMTPSVC(5.0.2195.6824); Sun, 17 Oct 2004 06:47:55 -0700 Received: (qmail 35123 invoked by uid 1010); 17 Oct 2004 13:47:04 - Received: (qmail 33188 invoked by uid 1010); 17 Oct 2004 13:46:19 - X-Message-Info: JGTYoYF78jGDHqvDtc0+QckXsrFscNGe Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm Precedence: bulk list-help: mailto:[EMAIL PROTECTED] list-unsubscribe: mailto:[EMAIL PROTECTED] list-post: mailto:[EMAIL PROTECTED] Delivered-To: mailing list [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] References: [EMAIL PROTECTED] X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 X-Virus-Scanned: Symantec AntiVirus Scan Engine Return-Path: [EMAIL PROTECTED] X-OriginalArrivalTime: 17 Oct 2004 13:47:55.0249 (UTC) FILETIME=[E77EF610:01C4B44F] I believe you need to pass the session variable along to the next page... Something like: On page 1: if session is set { $s = SID; echo a href=\page.php?$s\Link/a; } - Original Message - From: H. J. Wils [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, October 17, 2004 9:38 AM Subject: [PHP-DB] session sorry, forgot to change the subject :), just to be sure here is my question again.. Hi everybody, For quite a while i'm struggeled with my session. It doesn't seem to work, can anyone help me? This is my code: page 1: session_start(); $_SESSION[test] = tryin...; if (isset($_SESSION[test])) { echo a href='session2.php'next page/a; echo br.session_id(); } page 2: session_start(); if (isset($_SESSION[test])) { echo $_SESSION[test]; }else { echo No sessionvariable found..; } echo br.session_id().br; On page two, there's always the 'no sessionvariable found...'-message, further the session id also changes... i dont understand what i am doing wrong... _ Play online games with your friends with MSN Messenger http://messenger.msn.nl/ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php _ MSN Search, for accurate results! http://search.msn.nl -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] session
Look at the URL when you pass it? It does not show anything, in fact the session is still using cookies or other means to tansfer the data. You should also be able to sniff the data being passed by the URL and not see any of the session data. - Original Message - From: H. J. Wils [EMAIL PROTECTED] To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Sunday, October 17, 2004 10:17 AM Subject: Re: [PHP-DB] session hey thanx it works, but why is that? i mean, session are there to save data which te user cant see... isnt there another way to pass the SID? i have the feeling passing the SID trhough the url-paramters is harming the security, am i right? From: Brad Bonkoski [EMAIL PROTECTED] To: H. J. Wils [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: [PHP-DB] session Date: Sun, 17 Oct 2004 09:46:06 -0400 MIME-Version: 1.0 Received: from pb1.pair.com ([216.92.131.4]) by mc5-f14.hotmail.com with Microsoft SMTPSVC(5.0.2195.6824); Sun, 17 Oct 2004 06:47:55 -0700 Received: (qmail 35123 invoked by uid 1010); 17 Oct 2004 13:47:04 - Received: (qmail 33188 invoked by uid 1010); 17 Oct 2004 13:46:19 - X-Message-Info: JGTYoYF78jGDHqvDtc0+QckXsrFscNGe Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm Precedence: bulk list-help: mailto:[EMAIL PROTECTED] list-unsubscribe: mailto:[EMAIL PROTECTED] list-post: mailto:[EMAIL PROTECTED] Delivered-To: mailing list [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] References: [EMAIL PROTECTED] X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 X-Virus-Scanned: Symantec AntiVirus Scan Engine Return-Path: [EMAIL PROTECTED] X-OriginalArrivalTime: 17 Oct 2004 13:47:55.0249 (UTC) FILETIME=[E77EF610:01C4B44F] I believe you need to pass the session variable along to the next page... Something like: On page 1: if session is set { $s = SID; echo a href=\page.php?$s\Link/a; } - Original Message - From: H. J. Wils [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, October 17, 2004 9:38 AM Subject: [PHP-DB] session sorry, forgot to change the subject :), just to be sure here is my question again.. Hi everybody, For quite a while i'm struggeled with my session. It doesn't seem to work, can anyone help me? This is my code: page 1: session_start(); $_SESSION[test] = tryin...; if (isset($_SESSION[test])) { echo a href='session2.php'next page/a; echo br.session_id(); } page 2: session_start(); if (isset($_SESSION[test])) { echo $_SESSION[test]; }else { echo No sessionvariable found..; } echo br.session_id().br; On page two, there's always the 'no sessionvariable found...'-message, further the session id also changes... i dont understand what i am doing wrong... _ Play online games with your friends with MSN Messenger http://messenger.msn.nl/ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php _ MSN Search, for accurate results! http://search.msn.nl -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Session confusion
Back to my multi page form again ;) I am going to try it with Session variables . So, one thing is confusing me. The page requires the user to be logged in and is being tracked via authentication. Do I still need to do a session_start();, at the beginning of the form process ? Stuart -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Session Objects, Dynamic Parameters
Guys can anyone explain why this is returning odd results? function getObject($class, $params=NULL) { if (!is_array($_SESSION['objects'])) { $_SESSION['objects'] = array(); } if (!isset($_SESSION['objects'][$class])) { if (is_array($params)) { // this is what is erroring $args = implode(, , array_map(paramType, $params)); echo $class.'('.$args.')'; $_SESSION['objects'][$class] = new $class($args); } elseif($params != NULL) { $_SESSION['objects'][$class] = new $class(paramType($params)); } else { $_SESSION['objects'][$class] = new $class; } } return $_SESSION['objects'][$class]; } function paramType($var) { if (is_string($var)) { return '.$var.'; } else { return $var; } } when i call this $dbParams = array( 'server' = 'localhost', 'database' = 'ipro2', 'username' = 'root', 'password' = '**' ); $db = getObject('Mysql', $dbParams); $db-connect(); it seems to take this, (which is the actual call in the getObject function Mysql('localhost', 'database', 'user', '**') it seems that 'localhost', 'database', 'user', '**' is being taken as one parameter, i am guessing because the getObject function creates it as one string, my question is how can i get this to think it is different arguments, i keep getting errors like this mysql error: Unknown MySQL Server Host ''localhost', 'database', 'user', '**'' (-1) -- Joseph Crawford Jr. Codebowl Solutions [EMAIL PROTECTED] 802-558-5247 For a GMail account contact me OFF-LIST -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] session
Execuse me, i know i am not putting my question in right mail forum but i trust that many of you can give me the right answer. also request you to kindly give me email add. of mailing list where this type question should be put up. i am using session_cache_limiter(public); in one of my webpages, now when i click on logout (where i used session_destroy() function), it works well but when i press back button of brower it comes to my same page from where i logged out. i can not remove the session_cache_limiter(public) because i am using this function to remember data. is there any other option so that after logout the back button could not show the same page. with best wishes balwant -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Session Cache Limiter
Hi, has anyone used session_cache_limiter('must-revalidate') before to solve the problem on Warning: Page Expire..? i saw it on some websites, tried it and it worked for me.. but i never come across this word officially in any books or sites.. Can someone kindly direct me to something that provides me with more information on this? thank you so much!! hwee PS: i'm not sure if this is appropriate for this list.. sorry, if it is not!!! =(
[PHP-DB] Session Values Change
Hello, I am trying to start a blog page where the person selects their person they want to view (bottom of the page) and then it somehow changes the session variable (top of the code) and then accesses the database. I was wondering, what is the correct way to do something like this. I have tried a couple of options (a hrefs) but they didn¹t seem to work and was wondering if anybody had any suggestions. Thank You In Advance Jacob ?php session_start(); if (! isset($_SESSION['view'])) { $_SESSION['view'] = Jacob; } ? #FORMATTING CODE HERE $dbuser='php' ; $dbpass=''; $dbhost='localhost'; $conn = mysql_connect ( $dbhost , $dbuser , $dbpass ); //mysql_select_db ( web ); $sql = 'Select UNIX_TIMESTAMP(date) AS date,title,article from web.blog where user='.$view.' order by date desc LIMIT 10'; $result = mysql_query($sql); //Execute For Future Use: SELECT DATE_FORMAT(date,'%W, %D %M, %Y %l:%i%p') content FROM blog while ( $dataRow = mysql_fetch_row ( $result ) ) { $date=date(F dS Y h:i:s A, $dataRow[0]); echo 'a name='.$date.'/a'; echo ' div class=date'.$date. '/div'; echo ' h3'.$dataRow[1].'/h3'; echo ' p'.$dataRow[2].'/pbr'; #echo $sql ; } mysql_close ( $conn ); #FORMATTING CODE HERE div id=footer p Other Users: br Jacob Hackamack | Julie Hackamack | David Hackamack/p /div
[PHP-DB] Session
Hi, I have a problem with my session variables. I set them using for e.g., $_SESSION[user]=$name; However, because of weak network links, somehow my $_SESSION variables get unset. Is there a way to still keep the session variables even though the network is unstable?? i.e. as long as my browser is open, is there a way to still store my session variables? by the way, i'm not referring to the session ids, I'm referring to the variables that i wanted to session_register(). Thank you. Regards, Hwee
Re: [PHP-DB] Session
Session objects has nothing to do with weak network connections. If your sessions gets un-set, it's most probably because you forgot the session_start(); command in the beginning of some file that is using sessions. Without that line, no sessions will be neither stored nor read. Mike On Apr 27, 2004, at 07:46, Ng Hwee Hwee wrote: Hi, I have a problem with my session variables. I set them using for e.g., $_SESSION[user]=$name; However, because of weak network links, somehow my $_SESSION variables get unset. Is there a way to still keep the session variables even though the network is unstable?? i.e. as long as my browser is open, is there a way to still store my session variables? by the way, i'm not referring to the session ids, I'm referring to the variables that i wanted to session_register(). Thank you. Regards, Hwee -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Session
thanx Wendell for your suggestion. apparently i tried using cookies, but my cookies also get deleted after my session is disconnected. (?!?!) i did not set an expiry date to my cookies because i need them to be deleted when the user closes his browser. what could i have done wrong?? - Original Message - From: Wendell Frohwein [EMAIL PROTECTED] To: 'Ng Hwee Hwee' [EMAIL PROTECTED] Sent: Tuesday, April 27, 2004 3:00 PM Subject: RE: [PHP-DB] Session Im sure you can store the session ID in a cookie. Then this will save all your variables. I hope this helps. Wendell -Original Message- From: Ng Hwee Hwee [mailto:[EMAIL PROTECTED] Sent: Monday, April 26, 2004 11:46 PM To: DBList Subject: [PHP-DB] Session Hi, I have a problem with my session variables. I set them using for e.g., $_SESSION[user]=$name; However, because of weak network links, somehow my $_SESSION variables get unset. Is there a way to still keep the session variables even though the network is unstable?? i.e. as long as my browser is open, is there a way to still store my session variables? by the way, i'm not referring to the session ids, I'm referring to the variables that i wanted to session_register(). Thank you. Regards, Hwee -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Session
thanx Mike, i'm sure i have session_start() on all my pages. Why I'm so confident is because my session gets unset occassionally and not everytime. i cannot find a pattern and so it is not a consistent problem.. it's so unpredictable! what could be the problem?? - Original Message - From: Mikael Grön [EMAIL PROTECTED] To: Ng Hwee Hwee [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Tuesday, April 27, 2004 3:54 PM Subject: Re: [PHP-DB] Session Session objects has nothing to do with weak network connections. If your sessions gets un-set, it's most probably because you forgot the session_start(); command in the beginning of some file that is using sessions. Without that line, no sessions will be neither stored nor read. Mike On Apr 27, 2004, at 07:46, Ng Hwee Hwee wrote: Hi, I have a problem with my session variables. I set them using for e.g., $_SESSION[user]=$name; However, because of weak network links, somehow my $_SESSION variables get unset. Is there a way to still keep the session variables even though the network is unstable?? i.e. as long as my browser is open, is there a way to still store my session variables? by the way, i'm not referring to the session ids, I'm referring to the variables that i wanted to session_register(). Thank you. Regards, Hwee -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Session
Ng Hwee Hwee [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] thanx Mike, i'm sure i have session_start() on all my pages. Why I'm so confident is because my session gets unset occassionally and not everytime. i cannot find a pattern and so it is not a consistent problem.. it's so unpredictable! what could be the problem?? Take alook at this option: ini_set('session.gc_maxlifetime', 3600); // 3600 seconds If you don't set it the standard value is 1440 seconds, then your session data is deleted based on the garbage probablility. Take a look here: http://de3.php.net/session Look out for session.gc_maxlifetime and session.gc_probability. Regards, Torsten - Original Message - From: Mikael Grön [EMAIL PROTECTED] To: Ng Hwee Hwee [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Tuesday, April 27, 2004 3:54 PM Subject: Re: [PHP-DB] Session Session objects has nothing to do with weak network connections. If your sessions gets un-set, it's most probably because you forgot the session_start(); command in the beginning of some file that is using sessions. Without that line, no sessions will be neither stored nor read. Mike On Apr 27, 2004, at 07:46, Ng Hwee Hwee wrote: Hi, I have a problem with my session variables. I set them using for e.g., $_SESSION[user]=$name; However, because of weak network links, somehow my $_SESSION variables get unset. Is there a way to still keep the session variables even though the network is unstable?? i.e. as long as my browser is open, is there a way to still store my session variables? by the way, i'm not referring to the session ids, I'm referring to the variables that i wanted to session_register(). Thank you. Regards, Hwee -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Session
Hi Torsten, That is a wonderful insight!!! :o) thanxxx! okie, my 'session.gc_maxlifetime' = 1440 and session.gc_probability = 1. so, should I change it to something like 43,200 (12hours*60mins*60sec)?? for example, one person works a maximun of 12 hours a day. But does it mean that by lengthening this value, the session will still be kept even if the user closes his browser?? Please advice! looking forward to solving this!! many thanks, Hwee - Original Message - From: Torsten Roehr [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, April 27, 2004 6:07 PM Subject: Re: [PHP-DB] Session Ng Hwee Hwee [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] thanx Mike, i'm sure i have session_start() on all my pages. Why I'm so confident is because my session gets unset occassionally and not everytime. i cannot find a pattern and so it is not a consistent problem.. it's so unpredictable! what could be the problem?? Take alook at this option: ini_set('session.gc_maxlifetime', 3600); // 3600 seconds If you don't set it the standard value is 1440 seconds, then your session data is deleted based on the garbage probablility. Take a look here: http://de3.php.net/session Look out for session.gc_maxlifetime and session.gc_probability. Regards, Torsten - Original Message - From: Mikael Grön [EMAIL PROTECTED] To: Ng Hwee Hwee [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Tuesday, April 27, 2004 3:54 PM Subject: Re: [PHP-DB] Session Session objects has nothing to do with weak network connections. If your sessions gets un-set, it's most probably because you forgot the session_start(); command in the beginning of some file that is using sessions. Without that line, no sessions will be neither stored nor read. Mike On Apr 27, 2004, at 07:46, Ng Hwee Hwee wrote: Hi, I have a problem with my session variables. I set them using for e.g., $_SESSION[user]=$name; However, because of weak network links, somehow my $_SESSION variables get unset. Is there a way to still keep the session variables even though the network is unstable?? i.e. as long as my browser is open, is there a way to still store my session variables? by the way, i'm not referring to the session ids, I'm referring to the variables that i wanted to session_register(). Thank you. Regards, Hwee
Re: [PHP-DB] Session
Hi Hwee, of course you could set it to 43200 seonds if you want. The session.gc_probability value should stay 1 which means that the session data is deleted with a probability of 1 percent. The session life time itself is not critical - the life time of the session DATA is. Which means you should unset all session data after the desired period of time. Maybe it's easier for you to use a ready-made package like PEAR::Auth or PEAR::LiveUser: http://pear.php.net/package/Auth http://pear.php.net/package/LiveUser Hope this helps, Regards, Torsten Ng Hwee Hwee [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi Torsten, That is a wonderful insight!!! :o) thanxxx! okie, my 'session.gc_maxlifetime' = 1440 and session.gc_probability = 1. so, should I change it to something like 43,200 (12hours*60mins*60sec)?? for example, one person works a maximun of 12 hours a day. But does it mean that by lengthening this value, the session will still be kept even if the user closes his browser?? Please advice! looking forward to solving this!! many thanks, Hwee - Original Message - From: Torsten Roehr [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, April 27, 2004 6:07 PM Subject: Re: [PHP-DB] Session Ng Hwee Hwee [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] thanx Mike, i'm sure i have session_start() on all my pages. Why I'm so confident is because my session gets unset occassionally and not everytime. i cannot find a pattern and so it is not a consistent problem.. it's so unpredictable! what could be the problem?? Take alook at this option: ini_set('session.gc_maxlifetime', 3600); // 3600 seconds If you don't set it the standard value is 1440 seconds, then your session data is deleted based on the garbage probablility. Take a look here: http://de3.php.net/session Look out for session.gc_maxlifetime and session.gc_probability. Regards, Torsten - Original Message - From: Mikael Grön [EMAIL PROTECTED] To: Ng Hwee Hwee [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Tuesday, April 27, 2004 3:54 PM Subject: Re: [PHP-DB] Session Session objects has nothing to do with weak network connections. If your sessions gets un-set, it's most probably because you forgot the session_start(); command in the beginning of some file that is using sessions. Without that line, no sessions will be neither stored nor read. Mike On Apr 27, 2004, at 07:46, Ng Hwee Hwee wrote: Hi, I have a problem with my session variables. I set them using for e.g., $_SESSION[user]=$name; However, because of weak network links, somehow my $_SESSION variables get unset. Is there a way to still keep the session variables even though the network is unstable?? i.e. as long as my browser is open, is there a way to still store my session variables? by the way, i'm not referring to the session ids, I'm referring to the variables that i wanted to session_register(). Thank you. Regards, Hwee -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Session
Hi Torsten, Thank you! Thank you! just would like to clarify what do you mean by The session life time itself is not critical - the life time of the session DATA is. Which means you should unset all session data after the desired period of time. does it mean that if I set 'session.gc_maxlifetime' = 43200 and then make sure my user logoff, where my logoff script unset all the sessions, then I'm on a safe track? I'm designing an intranet, so I can instruct my staff to logoff and not just close the browser. Will this be okay? I'm not familar with PEAR yet, but surely would like to learn more about it in future!! look forward to your reply! thanks again, Hwee - Original Message - From: Torsten Roehr [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, April 27, 2004 6:48 PM Subject: Re: [PHP-DB] Session Hi Hwee, of course you could set it to 43200 seonds if you want. The session.gc_probability value should stay 1 which means that the session data is deleted with a probability of 1 percent. The session life time itself is not critical - the life time of the session DATA is. Which means you should unset all session data after the desired period of time. Maybe it's easier for you to use a ready-made package like PEAR::Auth or PEAR::LiveUser: http://pear.php.net/package/Auth http://pear.php.net/package/LiveUser Hope this helps, Regards, Torsten Ng Hwee Hwee [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi Torsten, That is a wonderful insight!!! :o) thanxxx! okie, my 'session.gc_maxlifetime' = 1440 and session.gc_probability = 1. so, should I change it to something like 43,200 (12hours*60mins*60sec)?? for example, one person works a maximun of 12 hours a day. But does it mean that by lengthening this value, the session will still be kept even if the user closes his browser?? Please advice! looking forward to solving this!! many thanks, Hwee - Original Message - From: Torsten Roehr [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, April 27, 2004 6:07 PM Subject: Re: [PHP-DB] Session Ng Hwee Hwee [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] thanx Mike, i'm sure i have session_start() on all my pages. Why I'm so confident is because my session gets unset occassionally and not everytime. i cannot find a pattern and so it is not a consistent problem.. it's so unpredictable! what could be the problem?? Take alook at this option: ini_set('session.gc_maxlifetime', 3600); // 3600 seconds If you don't set it the standard value is 1440 seconds, then your session data is deleted based on the garbage probablility. Take a look here: http://de3.php.net/session Look out for session.gc_maxlifetime and session.gc_probability. Regards, Torsten - Original Message - From: Mikael Grön [EMAIL PROTECTED] To: Ng Hwee Hwee [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Tuesday, April 27, 2004 3:54 PM Subject: Re: [PHP-DB] Session Session objects has nothing to do with weak network connections. If your sessions gets un-set, it's most probably because you forgot the session_start(); command in the beginning of some file that is using sessions. Without that line, no sessions will be neither stored nor read. Mike On Apr 27, 2004, at 07:46, Ng Hwee Hwee wrote: Hi, I have a problem with my session variables. I set them using for e.g., $_SESSION[user]=$name; However, because of weak network links, somehow my $_SESSION variables get unset. Is there a way to still keep the session variables even though the network is unstable?? i.e. as long as my browser is open, is there a way to still store my session variables? by the way, i'm not referring to the session ids, I'm referring to the variables that i wanted to session_register(). Thank you. Regards, Hwee -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Session
Ng Hwee Hwee [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi Torsten, Thank you! Thank you! just would like to clarify what do you mean by The session life time itself is not critical - the life time of the session DATA is. Which means you should unset all session data after the desired period of time. does it mean that if I set 'session.gc_maxlifetime' = 43200 and then make sure my user logoff, where my logoff script unset all the sessions, then I'm on a safe track? I'm designing an intranet, so I can instruct my staff to logoff and not just close the browser. Will this be okay? I'm not familar with PEAR yet, but surely would like to learn more about it in future!! If you unset all session data you should be safe, but it's better to REALLY destroy all session data with session_destroy() - take a look at the manual: http://de.php.net/session_destroy This should be called when your users logout. The is the preferred way to end the session. Your users should not just close the browser window - the session will still be active then and all session data would still be available if someone gets hold of the session id. After the logout you should redirect to the login screen WITHOUT forwarding the session id so that a new session is started. I'm not familiar with PEAR::Auth nor PEAR::LiveUser - take a look at it and decide if it's what you want. I'm using the PEAR::HTTP_Session package to control the session data and have my own Auth class to check if a user is logged in, the session is expired and so on. Regards, Torsten look forward to your reply! thanks again, Hwee - Original Message - From: Torsten Roehr [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, April 27, 2004 6:48 PM Subject: Re: [PHP-DB] Session Hi Hwee, of course you could set it to 43200 seonds if you want. The session.gc_probability value should stay 1 which means that the session data is deleted with a probability of 1 percent. The session life time itself is not critical - the life time of the session DATA is. Which means you should unset all session data after the desired period of time. Maybe it's easier for you to use a ready-made package like PEAR::Auth or PEAR::LiveUser: http://pear.php.net/package/Auth http://pear.php.net/package/LiveUser Hope this helps, Regards, Torsten Ng Hwee Hwee [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi Torsten, That is a wonderful insight!!! :o) thanxxx! okie, my 'session.gc_maxlifetime' = 1440 and session.gc_probability = 1. so, should I change it to something like 43,200 (12hours*60mins*60sec)?? for example, one person works a maximun of 12 hours a day. But does it mean that by lengthening this value, the session will still be kept even if the user closes his browser?? Please advice! looking forward to solving this!! many thanks, Hwee - Original Message - From: Torsten Roehr [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, April 27, 2004 6:07 PM Subject: Re: [PHP-DB] Session Ng Hwee Hwee [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] thanx Mike, i'm sure i have session_start() on all my pages. Why I'm so confident is because my session gets unset occassionally and not everytime. i cannot find a pattern and so it is not a consistent problem.. it's so unpredictable! what could be the problem?? Take alook at this option: ini_set('session.gc_maxlifetime', 3600); // 3600 seconds If you don't set it the standard value is 1440 seconds, then your session data is deleted based on the garbage probablility. Take a look here: http://de3.php.net/session Look out for session.gc_maxlifetime and session.gc_probability. Regards, Torsten - Original Message - From: Mikael Grön [EMAIL PROTECTED] To: Ng Hwee Hwee [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Tuesday, April 27, 2004 3:54 PM Subject: Re: [PHP-DB] Session Session objects has nothing to do with weak network connections. If your sessions gets un-set, it's most probably because you forgot the session_start(); command in the beginning of some file that is using sessions. Without that line, no sessions will be neither stored nor read. Mike On Apr 27, 2004, at 07:46, Ng Hwee Hwee wrote: Hi, I have a problem with my session variables. I set them using for e.g., $_SESSION[user]=$name; However, because of weak network links, somehow my $_SESSION variables get unset. Is there a way to still keep the session variables even though the network is unstable?? i.e. as long as my browser is open, is there a way to still store my session variables? by the way, i'm not referring to the session ids, I'm referring to the variables
Re: [PHP-DB] Session
From: Ng Hwee Hwee [EMAIL PROTECTED] okie, my 'session.gc_maxlifetime' = 1440 and session.gc_probability = 1. so, should I change it to something like 43,200 (12hours*60mins*60sec)?? for example, one person works a maximun of 12 hours a day. But does it mean that by lengthening this value, the session will still be kept even if the user closes his browser?? Setting your gc_maxlifetime to that means that the server will not delete the users session data files until they are over 43200 seconds old, meaning the user hasn't requested a page in over 12 hours. The session does not exist past the point of closing the browser unless you increase the lifetime of the session cookie itself. I would recommend you just leave it at zero, though, meaning it only persists for as long as the browser window is open. The longer you make the sessions last, the easier it is for someone to hijack them. ---John Holmes... -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Session
Hi - John W. Holmes wrote: The session does not exist past the point of closing the browser unless you increase the lifetime of the session cookie itself. I would recommend you just leave it at zero, though, meaning it only persists for as long as the browser window is open. The longer you make the sessions last, the easier it is for someone to hijack them. One point of clarification here. The *cookie* doesn't exist past the point of closing the browser, but the session file (assuming using files) will continue to exist until it has been garbage collected or until session_destroy() is called. Also, if you weren't using cookies (were passing session id in URL) you could open your browser again and navigate back using your history you'd still be logged in. That's why it's a good idea to always call session_destroy() when a user logs out. That will effectively delete all session data on the server. Of course, as John mentions, once the user closes the browser the in-memory cookie will be deleted and (if you're using only cookies) there's no longer any connection between that client computer and the session stored on the server. In that respect the session exists no longer, but as mentioned the data will still be there on the server. If someone knows (e.g. hijacker) the session ID, they can revive the session by just adding it to the URL. On that note, here are a few things you might want to consider if you want to make sessions more secure: - use only cookies for sessions. (session.use_only_cookies = 1) This prevents the session ID from *ever* being added to the URL. URLs get logged -- by apache, by proxy servers, by user bookmarks :) -- and if a URL contains a session ID then you have that mentioned problem where a session can be easily revived after the user closes the browser (effectively session hijacking, intentional or not). - regenerate the session id when a user logs in. simply run session_regenerate_id() after the username/password has been verified. This goes a long way to prevent session fixation, another type of session attack in which an attacker makes a user log in using a fixed session id (e.g. by clicking on a link that includes something like PHPSESSID=1234); once the user logs in using this fake session id, the attacker can use that session id in order to have access to the system as whichever user logged in. (Do a search on session fixation for more information on that.) - keep your gc_maxlifetime as small as possible; that way if a user does close their browser their session won't remain active for 12+ hours. You might want to consider ways of periodically refreshing the page using an iframe or even just a meta refresh... solution. That will address the need to stay logged-in while the browser is open, while also allowing you to have a very brief session lifetime. Hans -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Session
From: Hans Lellelid [EMAIL PROTECTED] - keep your gc_maxlifetime as small as possible; that way if a user does close their browser their session won't remain active for 12+ hours. You might want to consider ways of periodically refreshing the page using an iframe or even just a meta refresh... solution. That will address the need to stay logged-in while the browser is open, while also allowing you to have a very brief session lifetime. Excellent points, Hans. One other thing to add. When a user requests a page and you determine that their session is not valid (probably because they've been inactive too long and the garbage collection deleted their session file), start a new session and store the filename and query string of the request before you redirect back to the login page. Then, after you validate any login, check for the existance of a saved page and query string and redirect there instead of your page page. The end result is a lot cleaner for the user. Sure, they'll have to log in again, but they'll be redirected right back to the page they requested, anyhow. You end up with shorter session files making hijacking harder and less frustration from the user having to navigate back to wherever they were. ---John Holmes... -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Session
On that note, here are a few things you might want to consider if you want to make sessions more secure: - use only cookies for sessions. (session.use_only_cookies = 1) This prevents the session ID from *ever* being added to the URL. URLs get logged -- by apache, by proxy servers, by user bookmarks :) -- and if a URL contains a session ID then you have that mentioned problem where a session can be easily revived after the user closes the browser (effectively session hijacking, intentional or not). This might be the way to go for an intranet application, like Hwee is going to do, but not for a website with a wide audience because you are reliant on the user's client (browser) accepting cookies. One could log the user's user agent ident string or his ip address and check those with every page request for further security. Anyway, very good pieces of advice. Thanks, Hans! Regards, Torsten -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Session
Hi, I have a problem in handling session... so I just reply in this topic. I have created a site... when user login from one browser ..i set a session['user'] the problem is that when user open another browser ...he is not login ...he have to login again... So that 1 pc may login as 2 or more different user from different browser... Nicholas Sk2 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Session
Depends on the browser. IE and Netscsape handle opening another window differently. Hi, I have a problem in handling session... so I just reply in this topic. I have created a site... when user login from one browser ..i set a session['user'] the problem is that when user open another browser ...he is not login ...he have to login again... So that 1 pc may login as 2 or more different user from different browser... Nicholas Sk2 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Session
Do you mean a new browser window or a new browser? Like using IE first and then netscape? If it's the latter, it wont be saved. It generates a new session ID and wont use the same session as the first browser. -- Marcjon -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] session problem
Hi When I create an session var ...It stored in server right?? then everytime I change the session value then it should connect to the server to update...is it still right?? When I want to change the session value and the connection is down then the session value won't be update?? Thanks Nicholas sk2 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] session variables when accessing the same page
Working with storing and reusing session variables. If I use t1.php to generate a form, and the form calls t2.php, the session vars are available. If upgrade t1.php to recognize if it is the first time it has been called versus the second time e.g. if (isset($some_session_var)) { generate_second_page(); } else { # set $some_sesson_var in the function # and use session_register() for that var. # I have verified that I'm using global $some_session_var # under here as well as generate_second_page(). generate_initial_page(); }; Under this scenario, I'm unable to find any session vars. That is, $some_session_var is never set the second time I call t1.php. If I change the form tag to call t2.php that has the code for 'generate_second_page()' than all seems to work ok. Am I missing something? -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] SESSION SID Question
Howdy Listers, Can someone explain to me the mechanism by which SID acquires a value? For example, $FOO = SID; echo $FOO; produces something like PHPSESSID=ade4055eef947f1a00cdb280470e859b when IE is first opened and the page is loaded, whereas reloading of the page produces an empty string when $FOO is echo'd. Seems to have something to do with creating a browser instance. Thanks, David
[PHP-DB] SESSION SID Question
Howdy Listers, Can someone explain to me the mechanism by which SID acquires a value? For example, $FOO = SID; echo $FOO; produces something like PHPSESSID=ade4055eef947f1a00cdb280470e859b when IE is first opened and the page is loaded, whereas reloading of the page produces an empty string when $FOO is echo'd. Seems to have something to do with creating a browser instance. Thanks, David
Re: [PHP-DB] SESSION SID Question
From: [EMAIL PROTECTED] Can someone explain to me the mechanism by which SID acquires a value? For example, $FOO = SID; echo $FOO; produces something like PHPSESSID=ade4055eef947f1a00cdb280470e859b when IE is first opened and the page is loaded, whereas reloading of the page produces an empty string when $FOO is echo'd. Seems to have something to do with creating a browser instance. SID is used to pass the session ID around in URLs. It gives you the text formatted so that you can just stick it into a URL. Normally cookies are used to hold the session id and pass it from page to page. If for some reason PHP cannot set the session cookie (or it's not present), then PHP creates SID. This means you can include SID in all of your URLs and when the cookie is there, it'll be empty and nothing will appear in your URL (rightly so), but if the cookie is not there, SID will place the session ID in your URL so that your sessions persist. ---John Holmes... -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Session help...
Sorry for the slightly off-topic post... I have a couple pages that use a login page. If the user tries to bring up one of these pages without being logged in, then the pages redirects him to the login page. After successful login, the user is directed back to the page they were attempting to originally load. For some reason, this is not working and I have been looking at this off and on for two days now without much luck. The first section of code is the snippet that directs users to the login page, and the second snippet is the code from the login page that sends users back. First code snippet... session_start(); if ($sbcuid $passwd) { mysql_select_db($database, $Prod); $query = select * from contacts_sa . where sbcuid='$sbcuid' and passwd='$passwd'; $result = mysql_query($query, $Prod) or die(mysql_error()); # $data = mysql_fetch_assoc($result); $test = mysql_num_rows($result); if (mysql_num_rows($result) 0 ) { $valid_user = $sbcuid; $_SESSION['valid_user'] = $sbcuid; } } if (!session_is_registered(valid_user)) { $return_url = $_SERVER['PHP_SELF']; $_SESSION['return_url'] = $return_url; header('Location: http://ldsa.sbcld.sbc.com/DW/sa_login.php'); exit(); } else { $sbcuid = $valid_user; } End of first snippet... Second code snippet... session_start(); if ($sbcuid $passwd) { if (isset($_SESSION['return_url'])) { $link = $_SESSION['return_url']; } else { $link = 'oncall_log.php'; } mysql_select_db($database, $Prod); $query = select * from contacts_sa . where sbcuid='$sbcuid' and passwd='$passwd'; $result = mysql_query($query, $Prod) or die(mysql_error()); # $data = mysql_fetch_assoc($result); $test = mysql_num_rows($result); if (mysql_num_rows($result) 0 ) { $valid_user = $sbcuid; # session_register(valid_user); $_SESSION['valid_user'] = $sbcuid; header(Location: http://.$_SERVER['HTTP_HOST'].$link); } } End of second snippet... Thanks in advance for any help. Scott Nipp Phone: (214) 858-1289 E-mail: [EMAIL PROTECTED] Web: http:\\ldsa.sbcld.sbc.com -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] session problem
I have installed an user-login aplication on my website ( http://www.norbertnet.ro ) but i have problems with session controls. I receive all kinds of warnings and i don't know how to interpret them thanks advanced - Want to chat instantly with your online friends? Get the FREE Yahoo!Messenger
RE: [PHP-DB] session problem
This is advertising a porno site. -Original Message- From: tana dsasa [mailto:[EMAIL PROTECTED] Sent: 23 July 2003 11:11 To: [EMAIL PROTECTED] Subject: [PHP-DB] session problem I have installed an user-login aplication on my website ( http://www.norbertnet.ro ) but i have problems with session controls. I receive all kinds of warnings and i don't know how to interpret them thanks advanced - Want to chat instantly with your online friends? Get the FREE Yahoo!Messenger http://www.cantor.com CONFIDENTIAL: This e-mail, including its contents and attachments, if any, are confidential. If you are not the named recipient please notify the sender and immediately delete it. You may not disseminate, distribute, or forward this e-mail message or disclose its contents to anybody else. Copyright and any other intellectual property rights in its contents are the sole property of Cantor Fitzgerald. E-mail transmission cannot be guaranteed to be secure or error-free. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. Although we routinely screen for viruses, addressees should check this e-mail and any attachments for viruses. We make no representation or warranty as to the absence of viruses in this e-mail or any attachments. Please note that to ensure regulatory compliance and for the protection of our customers and business, we may monitor and read e-mails sent to and from our server(s). For further important information, please read the Important Legal Information and Legal Statement at http://www.cantor.com/legal_information.html -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] Session error?
you need to look in your php.ini file to see where it is dumping the session data, then make sure that directory exits... -Original Message- From: Tim Winters [mailto:[EMAIL PROTECTED] Sent: Monday, June 23, 2003 10:21 AM To: [EMAIL PROTECTED] Subject: [PHP-DB] Session error? Ok, Tried playing with sessions (which is new to me) and didn't get very far. I have the following in my page ?php session_start(); ? and there is no other PHP in my page at all. The error I get is below, Can anyone help. If this is too OT for php-db let me know. Warning: session_start() [ http://www.php.net/function.session-start function.session-start]: open(/tmp\sess_bf0c0a0a020087aa573e357a2553f828, O_RDWR) failed: No such file or directory (2) in C:\Program Files\Apache Group\Apache2\htdocs\MailOrderDynamic\c.php on line 6 Warning: session_start() [ http://www.php.net/function.session-start function.session-start]: Cannot send session cookie - headers already sent by (output started at C:\Program Files\Apache Group\Apache2\htdocs\MailOrderDynamic\c.php:5) in C:\Program Files\Apache Group\Apache2\htdocs\MailOrderDynamic\c.php on line 6 Warning: session_start() [ http://www.php.net/function.session-start function.session-start]: Cannot send session cache limiter - headers already sent (output started at C:\Program Files\Apache Group\Apache2\htdocs\MailOrderDynamic\c.php:5) in C:\Program Files\Apache Group\Apache2\htdocs\MailOrderDynamic\c.php on line 6 Warning: Unknown(): open(/tmp\sess_bf0c0a0a020087aa573e357a2553f828, O_RDWR) failed: No such file or directory (2) in Unknown on line 0 Warning: Unknown(): Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in Unknown on line 0 Tim Winters Creative Development Manager Sampling Technologies Incorporated 1600 Bedford Highway, Suite 212 Bedford, Nova Scotia B4A 1E8 www.samplingtechnologies.com [EMAIL PROTECTED] [EMAIL PROTECTED] Office: 902 450 5500 Cell: 902 430 8498 Fax:: 902 484 7115 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] Session error?
some of the other errors occurred ( such as the headers already sent) because you probably have white space before your php code. Eddie -Original Message- From: Tim Winters [mailto:[EMAIL PROTECTED] Sent: Monday, June 23, 2003 10:21 AM To: [EMAIL PROTECTED] Subject: [PHP-DB] Session error? Ok, Tried playing with sessions (which is new to me) and didn't get very far. I have the following in my page ?php session_start(); ? and there is no other PHP in my page at all. The error I get is below, Can anyone help. If this is too OT for php-db let me know. Warning: session_start() [ http://www.php.net/function.session-start function.session-start]: open(/tmp\sess_bf0c0a0a020087aa573e357a2553f828, O_RDWR) failed: No such file or directory (2) in C:\Program Files\Apache Group\Apache2\htdocs\MailOrderDynamic\c.php on line 6 Warning: session_start() [ http://www.php.net/function.session-start function.session-start]: Cannot send session cookie - headers already sent by (output started at C:\Program Files\Apache Group\Apache2\htdocs\MailOrderDynamic\c.php:5) in C:\Program Files\Apache Group\Apache2\htdocs\MailOrderDynamic\c.php on line 6 Warning: session_start() [ http://www.php.net/function.session-start function.session-start]: Cannot send session cache limiter - headers already sent (output started at C:\Program Files\Apache Group\Apache2\htdocs\MailOrderDynamic\c.php:5) in C:\Program Files\Apache Group\Apache2\htdocs\MailOrderDynamic\c.php on line 6 Warning: Unknown(): open(/tmp\sess_bf0c0a0a020087aa573e357a2553f828, O_RDWR) failed: No such file or directory (2) in Unknown on line 0 Warning: Unknown(): Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in Unknown on line 0 Tim Winters Creative Development Manager Sampling Technologies Incorporated 1600 Bedford Highway, Suite 212 Bedford, Nova Scotia B4A 1E8 www.samplingtechnologies.com [EMAIL PROTECTED] [EMAIL PROTECTED] Office: 902 450 5500 Cell: 902 430 8498 Fax:: 902 484 7115 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Session error?
Warning: session_start() [ http://www.php.net/function.session-start function.session-start]: open(/tmp\sess_bf0c0a0a020087aa573e357a2553f828, O_RDWR) failed: No such file or directory (2) in C:\Program Files\Apache Group\Apache2\htdocs\MailOrderDynamic\c.php on line 6 The default session.save_path in php.ini is set to /tmp. It appears you're on a windows machine and probably do not have a c:\tmp directory. Either create one (if that's where you want to store your session files) or change the path in php.ini to some other folder that exists. Ensure the Apache user has permission to write to the folder you specify, also. The other errors are caused by the output of your first error. ---John Holmes... -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] Session error?
Thanks John, So is that address relative to the physical machine or is it relative to the directory where the php files are contained. Tim Winters Creative Development Manager Sampling Technologies Incorporated 1600 Bedford Highway, Suite 212 Bedford, Nova Scotia B4A 1E8 www.samplingtechnologies.com [EMAIL PROTECTED] [EMAIL PROTECTED] Office: 902 450 5500 Cell: 902 430 8498 Fax:: 902 484 7115 -Original Message- From: CPT John W. Holmes [mailto:[EMAIL PROTECTED] Sent: June 23, 2003 11:40 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: [PHP-DB] Session error? Warning: session_start() [ http://www.php.net/function.session-start function.session-start]: open(/tmp\sess_bf0c0a0a020087aa573e357a2553f828, O_RDWR) failed: No such file or directory (2) in C:\Program Files\Apache Group\Apache2\htdocs\MailOrderDynamic\c.php on line 6 The default session.save_path in php.ini is set to /tmp. It appears you're on a windows machine and probably do not have a c:\tmp directory. Either create one (if that's where you want to store your session files) or change the path in php.ini to some other folder that exists. Ensure the Apache user has permission to write to the folder you specify, also. The other errors are caused by the output of your first error. ---John Holmes... -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] Session error?
Just put the full path of the dir. For instance I placed mine at C:\php\session to keep things separated. -M -Original Message- From: Tim Winters [mailto:[EMAIL PROTECTED] Sent: Monday, June 23, 2003 12:31 PM To: 'CPT John W. Holmes'; [EMAIL PROTECTED] Subject: RE: [PHP-DB] Session error? Thanks John, So is that address relative to the physical machine or is it relative to the directory where the php files are contained. Tim Winters Creative Development Manager Sampling Technologies Incorporated 1600 Bedford Highway, Suite 212 Bedford, Nova Scotia B4A 1E8 www.samplingtechnologies.com [EMAIL PROTECTED] [EMAIL PROTECTED] Office: 902 450 5500 Cell: 902 430 8498 Fax:: 902 484 7115 -Original Message- From: CPT John W. Holmes [mailto:[EMAIL PROTECTED] Sent: June 23, 2003 11:40 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: [PHP-DB] Session error? Warning: session_start() [ http://www.php.net/function.session-start function.session-start]: open(/tmp\sess_bf0c0a0a020087aa573e357a2553f828, O_RDWR) failed: No such file or directory (2) in C:\Program Files\Apache Group\Apache2\htdocs\MailOrderDynamic\c.php on line 6 The default session.save_path in php.ini is set to /tmp. It appears you're on a windows machine and probably do not have a c:\tmp directory. Either create one (if that's where you want to store your session files) or change the path in php.ini to some other folder that exists. Ensure the Apache user has permission to write to the folder you specify, also. The other errors are caused by the output of your first error. ---John Holmes... -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] Session error?
Thanks Mike!! Ok, been doing dome more reading on sessions. Is there any sort of consensus on whether to use cookies or not for sessions? Tim Winters Creative Development Manager Sampling Technologies Incorporated 1600 Bedford Highway, Suite 212 Bedford, Nova Scotia B4A 1E8 www.samplingtechnologies.com [EMAIL PROTECTED] [EMAIL PROTECTED] Office: 902 450 5500 Cell: 902 430 8498 Fax:: 902 484 7115 -Original Message- From: Mike Brum [mailto:[EMAIL PROTECTED] Sent: June 23, 2003 2:08 PM To: [EMAIL PROTECTED]; 'CPT John W. Holmes'; [EMAIL PROTECTED] Subject: RE: [PHP-DB] Session error? Just put the full path of the dir. For instance I placed mine at C:\php\session to keep things separated. -M -Original Message- From: Tim Winters [mailto:[EMAIL PROTECTED] Sent: Monday, June 23, 2003 12:31 PM To: 'CPT John W. Holmes'; [EMAIL PROTECTED] Subject: RE: [PHP-DB] Session error? Thanks John, So is that address relative to the physical machine or is it relative to the directory where the php files are contained. Tim Winters Creative Development Manager Sampling Technologies Incorporated 1600 Bedford Highway, Suite 212 Bedford, Nova Scotia B4A 1E8 www.samplingtechnologies.com [EMAIL PROTECTED] [EMAIL PROTECTED] Office: 902 450 5500 Cell: 902 430 8498 Fax:: 902 484 7115 -Original Message- From: CPT John W. Holmes [mailto:[EMAIL PROTECTED] Sent: June 23, 2003 11:40 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: [PHP-DB] Session error? Warning: session_start() [ http://www.php.net/function.session-start function.session-start]: open(/tmp\sess_bf0c0a0a020087aa573e357a2553f828, O_RDWR) failed: No such file or directory (2) in C:\Program Files\Apache Group\Apache2\htdocs\MailOrderDynamic\c.php on line 6 The default session.save_path in php.ini is set to /tmp. It appears you're on a windows machine and probably do not have a c:\tmp directory. Either create one (if that's where you want to store your session files) or change the path in php.ini to some other folder that exists. Ensure the Apache user has permission to write to the folder you specify, also. The other errors are caused by the output of your first error. ---John Holmes... -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] Session Question
Graeme, What version of PHP? If you're using $HTTP_SESSION_VARS[] to store your variables (if 4.0.6 or earlier) or $_SESSION[] (if later) you shouldn't use session_register(). Peter. -Original Message- From: Boa Constructor [mailto:[EMAIL PROTECTED] Sent: Sunday, 15 June 2003 3:50 AM To: [EMAIL PROTECTED] Subject: [PHP-DB] Session Question Greetings all, Now that my shopping cart is just about complete I've been working on the rest of the order process. I have got two pages before finally placing an order. The first page takes address details and the next page prints them all out with the contents of the shopping cart so the user can verify that they are correct. I have put an Edit button on it so that the user can go back and change address details. The problem is this. I am using sessions to store the address details and when the user clicks Edit the current details are printed out which is expected. When the user changes any of these details they aren't recorded in the session and so only the original values are recorded in the session and aren't overwritten or changed. I have got calls to session_register(); for each variable on the address details page and also on the confirmation page. Any ideas? Cheers, Graeme :) -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Session Question
Greetings all, Now that my shopping cart is just about complete I've been working on the rest of the order process. I have got two pages before finally placing an order. The first page takes address details and the next page prints them all out with the contents of the shopping cart so the user can verify that they are correct. I have put an Edit button on it so that the user can go back and change address details. The problem is this. I am using sessions to store the address details and when the user clicks Edit the current details are printed out which is expected. When the user changes any of these details they aren't recorded in the session and so only the original values are recorded in the session and aren't overwritten or changed. I have got calls to session_register(); for each variable on the address details page and also on the confirmation page. Any ideas? Cheers, Graeme :) -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] session
Hi all, I had create a session and stored some value into session. ?php session(); session_register("id 123","name leooi"); ? How can i retrieved the value??? TQ Leooi IncrediMail - Email has finally evolved - Click Here
Re: [PHP-DB] session
hi! well - this is not really a DB-question. and if you take a look at the php-docu at http://www.php.net/manual/en/language.variables.predefined.php you'd see that you can access and alter them with $_SESSION or $HTTP_SESSION_VARS (older versions of php). .ma [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] 3:34 Uhr: Hi all, I had create a session and stored some value into session. ?php session(); session_register(id 123,name leooi); ? How can i retrieved the value??? TQ Leooi http://www.incredimail.com/redir.asp?ad_id=309amp;lang=9 IncrediMail - Email has finally evolved - Click Here http://www.incredimail.com/redir.asp?ad_id=309amp;lang=9 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] session
Also, you don't register values, you register variables. $id = 123; $name = leooi; $_SESSION['id'] = $id; // same as session_register(id), but better $_SESSION['name'] = $name; // same as session_register(name), but better You could also skip the whole variable setting and just do this: $_SESSION['id'] = 123; What I like to do is this (and yes, I know, the brackets cause additional overhead): $r = db_query(select * from user where username='{$un}' and password='{$pw}'); $_SESSION['user'] = mysql_fetch_object($r); Now anything in the user table is now accessible in my session: if ($_SESSION['user']-id) { do something for the user that's logged in } Peter On Thu, 5 Jun 2003, heilo wrote: well - this is not really a DB-question. and if you take a look at the php-docu at http://www.php.net/manual/en/language.variables.predefined.php you'd see that you can access and alter them with $_SESSION or $HTTP_SESSION_VARS (older versions of php). [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] 3:34 Uhr: Hi all, I had create a session and stored some value into session. ?php session(); session_register(id 123,name leooi); ? How can i retrieved the value??? --- Peter Beckman Internet Guy [EMAIL PROTECTED] http://www.purplecow.com/ --- -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Session variables
I am using session variables throughout an application, and every time I try to log in as someone else after the first time I've logged in, it uses the userid of the first person that logged in. I know the session has to be destroyed or something, so I wanted to make a logoff page, but it is not working. I'm getting an Internal Server Error. Here is my code for logoff.php: ?php session_start(); session_unset(); session_destroy(); setcookie(ses_username,,,/); include('logoff.html'); exit; ? Does anyone know what I am doing wrong? Thank you, Alexa
Re: [PHP-DB] Session variables
on 4/6/03 10:39 PM, Alexa Kirk at [EMAIL PROTECTED] appended the following bits to my mbox: I am using session variables throughout an application, and every time I try to log in as someone else after the first time I've logged in, it uses the userid of the first person that logged in. I know the session has to be destroyed or something, so I wanted to make a logoff page, but it is not working. I'm getting an Internal Server Error. Here is my code for logoff.php: This is pretty off-topic for the PHP-DB list. It should be on PHP-General instead. If I recall correctly, the actual session files aren't deleted on the server when you call session_destroy(); They hang around until garbage collection kicks in. The user's cookie is also not deleted so they come back with the same session next time if the browser isn't quit first. One solution is to manually unset the session variables as well. I've done things like this: session_start(); session_unregister('this_password'); session_unregister('this_username'); session_unset(); session_destroy(); According to php.net, you should also do: $_SESSION = array(); Before the calls to unset and destroy. See the comments on this page for a bunch more information: http://www.php.net/manual/en/function.session-destroy.php HTH. Sincerely, Paul Burney http://paulburney.com/ ?php while ($self != asleep) { $sheep_count++; } ? -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] session and header(location....)
anyway if header(location) does not work, you can insert a small hidden form into the login-checking page, and if login/password is correct, just set body.onLoad event handler to HIDDENFORM.submit(); , where HIDDENFORM is your small hidden form. Ok. i know it is a weird way to solve your problem :-(. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] session and header(location....)
Hi everyone, Thanks for looking at my question! Well, i just made a script that firstly check's up username and password (log-in script) then next if the user enteret the correct information a session is set like this: session_id($sessid); session_start(); $_SESSION['ngskdsngjkla465gfdh'] = LOGETIN-TRUE; But then when this session is set it changes from the log in page to the real password-protected page. I tried with a normal header location, but it did'nt work, so i tried to look at php.net about sessions, it says that you're had to transfer the sessionid to the next page. Now i'm trying that, but it just wount work... The header location im using looks like this: header(Location: http://www.domain.tld/admin/index.php?PHPSESSID=.sessid); And i also tried with: header(Location: http://www.domain.tld/admin/index.php?PHPSESSID=.$sessid); But none of them will worki hope you will look at it, and tell me if you have a solution. Thanks folks. Regards. Lars Rasmussen -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] session and header(location....)
Hi everyone, Thanks for looking at my question! Well, i just made a script that firstly check's up username and password (log-in script) then next if the user enteret the correct information a session is set like this: session_id($sessid); session_start(); $_SESSION['ngskdsngjkla465gfdh'] = LOGETIN-TRUE; But then when this session is set it changes from the log in page to the real password-protected page. I tried with a normal header location, but it did'nt work, so i tried to look at php.net about sessions, it says that you're had to transfer the sessionid to the next page. Now i'm trying that, but it just wount work... The header location im using looks like this: header(Location: http://www.domain.tld/admin/index.php?PHPSESSID=.sessid); And i also tried with: header(Location: http://www.domain.tld/admin/index.php?PHPSESSID=.$sessid); But none of them will worki hope you will look at it, and tell me if you have a solution. Thanks folks. Regards. Lars Rasmussen -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] session and header(location....)
Lars, I'm not sure if this is related (possibly), but I has similar problems with cookies. I doiscovered that the cookie was only being set if the page that set it actually produced HTML. By redirecting, you cut out the HTML-writing. Why not redirect the user if the test fails instead. HTH George -Original Message- From: Lars Rasmussen [mailto:[EMAIL PROTECTED] Sent: 12 March 2003 3:40 pm To: [EMAIL PROTECTED] Subject: [PHP-DB] session and header(location) Hi everyone, Thanks for looking at my question! Well, i just made a script that firstly check's up username and password (log-in script) then next if the user enteret the correct information a session is set like this: session_id($sessid); session_start(); $_SESSION['ngskdsngjkla465gfdh'] = LOGETIN-TRUE; But then when this session is set it changes from the log in page to the real password-protected page. I tried with a normal header location, but it did'nt work, so i tried to look at php.net about sessions, it says that you're had to transfer the sessionid to the next page. Now i'm trying that, but it just wount work... The header location im using looks like this: header(Location: http://www.domain.tld/admin/index.php?PHPSESSID=.sessid); And i also tried with: header(Location: http://www.domain.tld/admin/index.php?PHPSESSID=.$sessid); But none of them will worki hope you will look at it, and tell me if you have a solution. Thanks folks. Regards. Lars Rasmussen -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Session troubles, could this be my isp's fault?
I Have made two pages, sess2.php and sess3.php trying to create a session variable then access it in the other page. now when i try and call the session in the second page i get no value, and i have tried var_dump, and it gives me NULL anyone know if there is a reason for this?! page 1 is like this = ? session_start();? html head titleSession Test/title meta http-equiv=Content-Type content=text/html; charset=iso-8859-1 /head body ? session_register(name); $_SESSION[name] = dave; echo $_SESSION[name]; ? br a href=sess3.php next /a /body /html _ Surf together with new Shared Browsing http://join.msn.com/?page=features/browsepgmarket=en-gbXAPID=74DI=1059 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Session variables when global variables switched off
I am making a section on a web site which requires that visitors log-in. Log-in, password, etc are in an MySQL table. I am using (via a web host) PHP 4.2.2 with global variables turned off. Until now, I have worked with a different host in which global variables were switched on. The way it works The user logs in at index.php. When she does so successfully, index.php returns a menu of links. However, if she clicks on any of those links, which are different pages, she gets a please log-in first message eBusiness Consultant - ITP Europe http://www.itp-europe.com [EMAIL PROTECTED] +32 2 721 51 00 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Session variables when global variables switched off [Sorry, first message accidentally fired off to quickly ]
[sorry for the incomplete posting of a couple moments ago. I hit ctl something or other and outlook fired off the e-mail against my wishes!] I am making a section on a web site which requires that visitors log-in. Log-in, password, etc are in an MySQL table. I am using (via a web host) PHP 4.2.2 with global variables turned off. Until now, I have worked with a different host in which global variables were switched on. The way it works The user logs in at index.php. When she does so successfully, index.php returns a menu of links. However, if she clicks on any of those links, which are different pages, she gets a please log-in first message because each page includes... if ($_SESSION['verified'] yes){ echo Pa href='index.php'Please log in first/a/P; exit(); } Returning to index.php requires a log-in again. So, it seems the session variable is not being sent being sent between pages, although it works within the same page. I expect I am missing something obvious. I've made this kind of thing work with global variables on - so I assume I am misunderstanding something related to lack of global variables. I use session_start(); at the top of all pages and session_register($_SESSION['okbabe']); on index.php. Your enlightenment will be highly appreciated. Jeffrey Baumgartner -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] Session variables when global variables switched off [Sorry, first message accidentally fired off to quickly ]
Hi Jeff Don't use session_register() just use the $_SESSION superglobal as you would use any other array. So does this work? ? //index.php session_start(); // Login stuff done OK $_SESSION['verified'] = true; ? ? // Other pages needing a valid login session_start(); if (!isset($_SESSION['verified'])) { // push user back to login page header('Location: http://mysite/index.php'); exit(); } ? HTH Rich -Original Message- From: Baumgartner Jeffrey [mailto:[EMAIL PROTECTED]] Sent: 18 February 2003 11:20 To: '[EMAIL PROTECTED]' Subject: [PHP-DB] Session variables when global variables switched off [Sorry, first message accidentally fired off to quickly ] [sorry for the incomplete posting of a couple moments ago. I hit ctl something or other and outlook fired off the e-mail against my wishes!] I am making a section on a web site which requires that visitors log-in. Log-in, password, etc are in an MySQL table. I am using (via a web host) PHP 4.2.2 with global variables turned off. Until now, I have worked with a different host in which global variables were switched on. The way it works The user logs in at index.php. When she does so successfully, index.php returns a menu of links. However, if she clicks on any of those links, which are different pages, she gets a please log-in first message because each page includes... if ($_SESSION['verified'] yes){ echo Pa href='index.php'Please log in first/a/P; exit(); } Returning to index.php requires a log-in again. So, it seems the session variable is not being sent being sent between pages, although it works within the same page. I expect I am missing something obvious. I've made this kind of thing work with global variables on - so I assume I am misunderstanding something related to lack of global variables. I use session_start(); at the top of all pages and session_register($_SESSION['okbabe']); on index.php. Your enlightenment will be highly appreciated. Jeffrey Baumgartner -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] Session variables when global variables switched off [Sorry, firs t message accidentally fired off to quickly ]
Try changing your code to if ($_SESSION['verified'] != yes){ I think that's the problem Nick -Original Message- From: Baumgartner Jeffrey [mailto:[EMAIL PROTECTED]] Sent: 18 February 2003 11:20 To: '[EMAIL PROTECTED]' Subject: [PHP-DB] Session variables when global variables switched off [Sorry, firs t message accidentally fired off to quickly ] [sorry for the incomplete posting of a couple moments ago. I hit ctl something or other and outlook fired off the e-mail against my wishes!] I am making a section on a web site which requires that visitors log-in. Log-in, password, etc are in an MySQL table. I am using (via a web host) PHP 4.2.2 with global variables turned off. Until now, I have worked with a different host in which global variables were switched on. The way it works The user logs in at index.php. When she does so successfully, index.php returns a menu of links. However, if she clicks on any of those links, which are different pages, she gets a please log-in first message because each page includes... if ($_SESSION['verified'] yes){ echo Pa href='index.php'Please log in first/a/P; exit(); } Returning to index.php requires a log-in again. So, it seems the session variable is not being sent being sent between pages, although it works within the same page. I expect I am missing something obvious. I've made this kind of thing work with global variables on - so I assume I am misunderstanding something related to lack of global variables. I use session_start(); at the top of all pages and session_register($_SESSION['okbabe']); on index.php. Your enlightenment will be highly appreciated. Jeffrey Baumgartner -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php This private and confidential e-mail has been sent to you by Egg. The Egg group of companies includes Egg Banking plc (registered no. 2999842), Egg Financial Products Ltd (registered no. 3319027) and Egg Investments Ltd (registered no. 3403963) which carries out investment business on behalf of Egg and is regulated by the Financial Services Authority. Registered in England and Wales. Registered offices: 1 Waterhouse Square, 138-142 Holborn, London EC1N 2NA. If you are not the intended recipient of this e-mail and have received it in error, please notify the sender by replying with 'received in error' as the subject and then delete it from your mailbox. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] Session on PHP with MySQL
I have some confusing about my script, this is story I have login page, and then the user got current page with various menu, but when user click one of menu, its has error mesage, here my script [snip] do I have mistake with my script, pls give me solution thanks all for yr help Yes, you have a mistake. In fact, you have two. The second one is that you never told us the error that you're getting. That would help us determine your problem. ---John W. Holmes... PHP Architect - A monthly magazine for PHP Professionals. Get your copy today. http://www.phparch.com/ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Session on PHP with MySQL
Dear all, I have some confusing about my script, this is story I have login page, and then the user got current page with various menu, but when user click one of menu, its has error mesage, here my script html p align = center ? //require setup.php; require common.php; include setup.php; global $action; banner_login(); $sql = select user_name from iduser where user_name='$name' and ; $sql = $sql . user_pass = '$password' ; if (! $tampil = mysql_query($sql,$dbh)) { echo mysql_error(); return 0; } $result = mysql_query($sql); if ( mysql_num_rows($result)==0) { echo font face=verdana size=2User ID atau Password yang anda masukkan tidak benar /font; } else { echo centerfont face=verdana size=2 Welcome strong$name/strong /font/centerbr; ? centerfont size=-2 face=Verdana/font | A href=i_login.php?action=upload_fileUpload File/a | A href=i_login.php?action=upload_nilaiUpload Nilai/A | A href=i_login.php?action=upload_jadwal_klhUpload Jadwal Kuliah/A | A href=i_login.php?action=upload_jadwal_bmbUpload Jadwal Bimbingan/A | A href=i_login.php?action=newsUpload News/a | A href=i_login.php?action=upload_silabusSilabus Kuliah/A | A href=i_login.php?action=upload_artikelUpload Artikel/A | A href=i_login.php?action=upload_stuffFun Stuff/A | A href=./guestbook.phpGuestBook/a | A href=i_login.php?user=?echo $name?$action=preferencePreference/A |/font/center ? //function list_record() { //a href=menu_mhs.php?nbi=$nbiamp;th_akd=$th_akdamp;semester=$semester title=MenuMenu Mahasiswa/abr/ $query =SELECT count(*) FROM news where byname='$name'; $result = mysql_query($query); if (!$result) error_message(sql_error()); $query_data = mysql_fetch_row($result); $total_num_news = $query_data[0]; //if (!$total_num_news) error_message('Belum Pernah Posting'); echo brCENTERfont size=2 face=verdana$name, Anda telah strong$total_num_news/strong posting Break News/font/CEBTER; function upload_file() { global $name; echo oke pilih upload rek; } function upload_nilai() { echo oke pilih upload rek; } function upload_jadwal_klh() { echo oke pilih upload rek; } function upload_jadwal_bmb() { echo oke pilih upload rek; } function upload_silabus() { echo oke pilih upload rek; } function news() { echo isi news; } function upload_stuff() { echo oke pilih upload rek; } function nilai() { echo isi nilai; } function jadwal() { echo isi jadwal; } function prefer() { global $action,$name; echo $name ini isi preference; } if ($action == 'preference') { prefer(); } elseif ($action == 'upload_file') { upload_file();} elseif ($action == 'upload_nilai') { upload_nilai();} elseif ($action == 'upload_jadwal_klh') { upload_jadwal_klh();} elseif ($action == 'upload_jadwal_bmb') { upload_jadwal_bmb();} elseif ($action == 'news') { news();} elseif ($action == 'upload_silabus') { upload_silabus();} elseif ($action == 'upload_artikel') { upload_artikel();} elseif ($action == 'upload_stuff') { upload_stuff();} ? /html ? echo br; footer(); } ? do I have mistake with my script, pls give me solution thanks all for yr help -- Warm regards, Afif mailto:[EMAIL PROTECTED] -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Session variable problems
Hello to everybody!!! I have a problem with the sessions variable registration. I register a variable with the $_SESSION[] array and set it to 1, but when I try to access that variable in another script it is emty... What's the problem there?? Thank you very much in advance!!! _ Tutopia - Acceso a Internet rápido, fácil y a los mejores precios. http://www.tutopia.com -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php