Re: [PHP-DB] Problem Using Sessions. .. .
Shawn Singh wrote:
that was very helpful...Thank you. One question I have is that I want
to ensure that my admin page cannot get accessed unless a variable
that was registered upon a successful login has been passed into the
session...what can I do to ensure this?
There are several ways to do this. The simplest way is to authenticate
once and store a authentication flag in the session. You can set this
authentication flag to true if the log-in was sucesfull.
On the administration page, you an just access the flag to see if the
user is permitted (i.e. logged on). You can do this using the $_SESSION
super global, something like this:
(pseudo php code)
login.php
...
if ( authentication sucessfull ) /* username/password matched*/
{
$_SESSION['auth'] = true;
// redirect to admin page
}
else
{
Display login page with error.
}
...
admin.php
...
if ( $_SESSION['auth'] )
{
Show administration page.
}
else
{
Display login page with error.
}
...
-
NB: Make sure you use Header() redirects BEFORE your scripts prints
anything. Otherwise you'll keep getting the warning/error "Warning:
Cannot modify header information ..."
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Problem Using Sessions. .
that was very helpful...Thank you. One question I have is that I want
to ensure that my admin page cannot get accessed unless a variable
that was registered upon a successful login has been passed into the
session...what can I do to ensure this?
Thank you,
Shawn
On 5/4/05, Patel, Aman <[EMAIL PROTECTED]> wrote:
> From the PHP help page on "session_register()"
>
> "If your script uses session_register(), it will not work in
> environments where the PHP directive register_globals is disabled."
>
> I'm assuming since you compiled and installed PHP 5.0.4 that your
> "register_globals" is disabled. I wouldn't recommend enabling it to fix
> this problem. Instead use $_SESSION super global to register session data.
>
> So instead of:
>
> session_register("username");
>
> try this:
>
> $_SESSION['username'] = $username; /* TO SET */
> $username = $_SESSION['username']; /* TO GET */
>
> Hope this helps,
>
> Aman
>
> Shawn Singh wrote:
> > Hey All,
> >
> > I'm fairly new to PHP Programming. I have compiled and installed
> > postgres version 8.0.1, and with that compiled postgres support into
> > my postgres (I'm using PHP version 5.0.4), and I've compiled support
> > for PHP into Apache (version 2.0.53) and all is working (in that I can
> > embed PHP into my HTML documents and get the expected results).
> >
> > Recently I started working on a website in which I would like there to
> > be an administration page where the person who is logged in can add
> > and delete records. I figured that the best way to do this would be to
> > establish a session, (at the login page) then if the user login is
> > successful, I would then register the username and password and
> > redirect the user to the admin page. I chose not to use cookies, b/c
> > everyone may not have cookies enabled on their browser and I didn't
> > want that to be a hurdle that a user would have to jump over.
> >
> > I've written the code but when I try to login to the site I get this
> > message:
> >
> > Warning: Cannot modify header information - headers already sent by
> > (output started at /export/home/www/htdocs/login.php:13) in
> > /export/home/www/htdocs/login.php on line 25
> >
> > Warning: Unknown: Your script possibly relies on a session side-effect
> > which existed until PHP 4.2.3. Please be advised that the session
> > extension does not consider global variables as a source of data,
> > unless register_globals is enabled. You can disable this functionality
> > and this warning by setting session.bug_compat_42 or
> > session.bug_compat_warn to off, respectively. in Unknown on line 0
> >
> > Information I've seen on the web for these types of messages would
> > indicate that I don't have a /tmp directory, but such is not the case.
> > Other messages have indicated that my session variables are not
> > getting written to /tmp, but that is not true either, as I have seen
> > them in there...as I see entries such as:
> >
> > sess_ec2249332b8b29863f161461cf8c1409
> >
> > So, I'm guessing that there aren't problems with my /tmp filesystem.
> >
> > Please excuse the lack of style as I have mainly been trying to hack
> > out something, but plan to clean it up later.
> >
> > My source code for the login page is as follows:
> >
>
>
>
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] Problem Using Sessions
Why dont'n you use soma classes from www.phpclasses.com about User
Management!!
There are great classes in this site!!
-Original Message-
From: Shawn Singh [mailto:[EMAIL PROTECTED]
Sent: MiƩrcoles, 04 de Mayo de 2005 03:14 p.m.
To: php-db@lists.php.net
Subject: [PHP-DB] Problem Using Sessions
Hey All,
I'm fairly new to PHP Programming. I have compiled and installed
postgres version 8.0.1, and with that compiled postgres support into
my postgres (I'm using PHP version 5.0.4), and I've compiled support
for PHP into Apache (version 2.0.53) and all is working (in that I can
embed PHP into my HTML documents and get the expected results).
Recently I started working on a website in which I would like there to
be an administration page where the person who is logged in can add
and delete records. I figured that the best way to do this would be to
establish a session, (at the login page) then if the user login is
successful, I would then register the username and password and
redirect the user to the admin page. I chose not to use cookies, b/c
everyone may not have cookies enabled on their browser and I didn't
want that to be a hurdle that a user would have to jump over.
I've written the code but when I try to login to the site I get this
message:
Warning: Cannot modify header information - headers already sent by
(output started at /export/home/www/htdocs/login.php:13) in
/export/home/www/htdocs/login.php on line 25
Warning: Unknown: Your script possibly relies on a session side-effect
which existed until PHP 4.2.3. Please be advised that the session
extension does not consider global variables as a source of data,
unless register_globals is enabled. You can disable this functionality
and this warning by setting session.bug_compat_42 or
session.bug_compat_warn to off, respectively. in Unknown on line 0
Information I've seen on the web for these types of messages would
indicate that I don't have a /tmp directory, but such is not the case.
Other messages have indicated that my session variables are not
getting written to /tmp, but that is not true either, as I have seen
them in there...as I see entries such as:
sess_ec2249332b8b29863f161461cf8c1409
So, I'm guessing that there aren't problems with my /tmp filesystem.
Please excuse the lack of style as I have mainly been trying to hack
out something, but plan to clean it up later.
My source code for the login page is as follows:
Joshua Generation Login Page
Enter Username:
Enter Password:
";
if ( $_POST )
{
$username = $_POST['username'];
$password = $_POST['password'];
if ( $username == "test" && $password == "test" )
{
global $username, $password;
session_register("username");
session_register("password");
echo "Authorized Entry";
header("Location: http://joshua1and8.homelinux.org/admin.php";);
}
else
{ echo $username;
echo "";
echo $password;
echo "";
echo "Login FAILED";
}
}
echo "
";
?>
My source code for the admin page is as follows:
Joshua Generation Admin Page
Joshua Generation Admin's Corner
Name
Cell Phone
Work Phone
Home Phone
Email Address
";
if ($_POST)
{
$conn_string = "dbname=joshua_generation user=admin password=admin";
$conn_hndl = pg_connect($conn_string);
switch ($_POST['proc'])
{
case 'add':
$name = $_POST['name'];
$cphone = $_POST['cphone'];
$wphone = $_POST['wphone'];
$hphone = $_POST['hphone'];
$emailaddr = $_POST['emailaddr'];
/*
To add a member a name is all that is needed.
Based on the name that is entered, the next nameid
will be generated by the dbms, and the insert will
be done into:
NAMES, PNUMBERS, EMAILADDRS, MBRSTATUS
based on that number
The default MBRSTATUS.status will be ACTIVE
*/
$ins_names_stmt = "INSERT INTO NAMES VALUES ('nextval('nid'),'";
$ins_names_stmt .= $name;
$ins_names_stmt .= "');";
pg_query($ins_names_stmt);
$getcurval = "SELECT currval('$nid[0]') FROM NAMES";
$curval = pg_fetch_row(pg_query($getcurval[0]));
$ins_pnums_stmt = "INSERT INTO PNUMBERS (nameid, cnumber,
wnumber, hnumber) VALUES ('";
$ins_pnums_stmt = $curval[0];
$ins_pnums_stmt .= "','";
$ins_pnums_stmt .= $cphone;
$ins_pnums_stmt .= "','";
$ins_pnums_stmt .= $wphone;
$ins_pnums_stmt .= "','";
$ins_pnums_stmt .= $hphone;
$ins_names_stmt .= "');";
pg_query($ins_names_stmt);
$ins_emads_stmt = "INSERT INTO EMAILADDRS (nameid, emailaddr)
VALUES ('";
$ins_emads_stm
Re: [PHP-DB] Problem Using Sessions
The browser has already sent headers on line 13 of your code- line 25 must be
the session_start - it has to come first and be at the very top of your code
>>> Shawn Singh <[EMAIL PROTECTED]> 05/04/05 03:13PM >>>
Hey All,
I'm fairly new to PHP Programming. I have compiled and installed
postgres version 8.0.1, and with that compiled postgres support into
my postgres (I'm using PHP version 5.0.4), and I've compiled support
for PHP into Apache (version 2.0.53) and all is working (in that I can
embed PHP into my HTML documents and get the expected results).
Recently I started working on a website in which I would like there to
be an administration page where the person who is logged in can add
and delete records. I figured that the best way to do this would be to
establish a session, (at the login page) then if the user login is
successful, I would then register the username and password and
redirect the user to the admin page. I chose not to use cookies, b/c
everyone may not have cookies enabled on their browser and I didn't
want that to be a hurdle that a user would have to jump over.
I've written the code but when I try to login to the site I get this message:
Warning: Cannot modify header information - headers already sent by
(output started at /export/home/www/htdocs/login.php:13) in
/export/home/www/htdocs/login.php on line 25
Warning: Unknown: Your script possibly relies on a session side-effect
which existed until PHP 4.2.3. Please be advised that the session
extension does not consider global variables as a source of data,
unless register_globals is enabled. You can disable this functionality
and this warning by setting session.bug_compat_42 or
session.bug_compat_warn to off, respectively. in Unknown on line 0
Information I've seen on the web for these types of messages would
indicate that I don't have a /tmp directory, but such is not the case.
Other messages have indicated that my session variables are not
getting written to /tmp, but that is not true either, as I have seen
them in there...as I see entries such as:
sess_ec2249332b8b29863f161461cf8c1409
So, I'm guessing that there aren't problems with my /tmp filesystem.
Please excuse the lack of style as I have mainly been trying to hack
out something, but plan to clean it up later.
My source code for the login page is as follows:
Joshua Generation Login Page
Enter Username:
Enter Password:
";
if ( $_POST )
{
$username = $_POST['username'];
$password = $_POST['password'];
if ( $username == "test" && $password == "test" )
{
global $username, $password;
session_register("username");
session_register("password");
echo "Authorized Entry";
header("Location: http://joshua1and8.homelinux.org/admin.php";);
}
else
{ echo $username;
echo "";
echo $password;
echo "";
echo "Login FAILED";
}
}
echo "
";
?>
My source code for the admin page is as follows:
Joshua Generation Admin Page
Joshua Generation Admin's Corner
Name
Cell Phone
Work Phone
Home Phone
Email Address
";
if ($_POST)
{
$conn_string = "dbname=joshua_generation user=admin password=admin";
$conn_hndl = pg_connect($conn_string);
switch ($_POST['proc'])
{
case 'add':
$name = $_POST['name'];
$cphone = $_POST['cphone'];
$wphone = $_POST['wphone'];
$hphone = $_POST['hphone'];
$emailaddr = $_POST['emailaddr'];
/*
To add a member a name is all that is needed.
Based on the name that is entered, the next nameid
will be generated by the dbms, and the insert will
be done into:
NAMES, PNUMBERS, EMAILADDRS, MBRSTATUS
based on that number
The default MBRSTATUS.status will be ACTIVE
*/
$ins_names_stmt = "INSERT INTO NAMES VALUES ('nextval('nid'),'";
$ins_names_stmt .= $name;
$ins_names_stmt .= "');";
pg_query($ins_names_stmt);
$getcurval = "SELECT currval('$nid[0]') FROM NAMES";
$curval = pg_fetch_row(pg_query($getcurval[0]));
$ins_pnums_stmt = "INSERT INTO PNUMBERS (nameid, cnumber,
wnumber, hnumber) VALUES ('";
$ins_pnums_stmt = $curval[0];
$ins_pnums_stmt .= "','";
$ins_pnums_stmt .= $cphone;
$ins_pnums_stmt .= "','";
$ins_pnums_stmt .= $wphone;
$ins_pnums_stmt .= "','";
$ins_pnums_stmt .= $hphone;
$ins_names_stmt .= "');";
pg_query($ins_names_stmt);
$ins_emads_stmt = "INSERT INTO EMAILADDRS (nameid, emailaddr)
VALUES ('";
$ins_emads_stmt .= $curval[0];
$ins_pnums_stmt .= "','";
$ins_emads_stmt .= $emailaddr;
Re: [PHP-DB] Problem Using Sessions. .
From the PHP help page on "session_register()"
"If your script uses session_register(), it will not work in
environments where the PHP directive register_globals is disabled."
I'm assuming since you compiled and installed PHP 5.0.4 that your
"register_globals" is disabled. I wouldn't recommend enabling it to fix
this problem. Instead use $_SESSION super global to register session data.
So instead of:
session_register("username");
try this:
$_SESSION['username'] = $username; /* TO SET */
$username = $_SESSION['username']; /* TO GET */
Hope this helps,
Aman
Shawn Singh wrote:
Hey All,
I'm fairly new to PHP Programming. I have compiled and installed
postgres version 8.0.1, and with that compiled postgres support into
my postgres (I'm using PHP version 5.0.4), and I've compiled support
for PHP into Apache (version 2.0.53) and all is working (in that I can
embed PHP into my HTML documents and get the expected results).
Recently I started working on a website in which I would like there to
be an administration page where the person who is logged in can add
and delete records. I figured that the best way to do this would be to
establish a session, (at the login page) then if the user login is
successful, I would then register the username and password and
redirect the user to the admin page. I chose not to use cookies, b/c
everyone may not have cookies enabled on their browser and I didn't
want that to be a hurdle that a user would have to jump over.
I've written the code but when I try to login to the site I get this message:
Warning: Cannot modify header information - headers already sent by
(output started at /export/home/www/htdocs/login.php:13) in
/export/home/www/htdocs/login.php on line 25
Warning: Unknown: Your script possibly relies on a session side-effect
which existed until PHP 4.2.3. Please be advised that the session
extension does not consider global variables as a source of data,
unless register_globals is enabled. You can disable this functionality
and this warning by setting session.bug_compat_42 or
session.bug_compat_warn to off, respectively. in Unknown on line 0
Information I've seen on the web for these types of messages would
indicate that I don't have a /tmp directory, but such is not the case.
Other messages have indicated that my session variables are not
getting written to /tmp, but that is not true either, as I have seen
them in there...as I see entries such as:
sess_ec2249332b8b29863f161461cf8c1409
So, I'm guessing that there aren't problems with my /tmp filesystem.
Please excuse the lack of style as I have mainly been trying to hack
out something, but plan to clean it up later.
My source code for the login page is as follows:
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
