Re: [PHP] php session in ie
On 11/14/05, Ford, Mike [EMAIL PROTECTED] wrote: On 11 November 2005 18:47, sunaram patir wrote: array(1) { [PHPSESSID]= string(32) 337a44c0d6c9ed3cf4ba4e97d707589e } is returned by firefox on calling var_dump($_COOKIE). NULL in ie. If the very same piece of PHP produces different results in different browsers, this *MUST* be due to differences between the browsers. It could be due to settings in the browsers, or it might simply be a bug in one or the other -- but it can NOT NOT NOT be down to PHP. (Well, except inasmuch as you might be able to make reasonable adjustments in your PHP to allow for the difference. ;) Cheers! Mike Fuck you bill gates! Fuck your ie! bye! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] php session in ie
On 11 November 2005 18:47, sunaram patir wrote: array(1) { [PHPSESSID]= string(32) 337a44c0d6c9ed3cf4ba4e97d707589e } is returned by firefox on calling var_dump($_COOKIE). NULL in ie. If the very same piece of PHP produces different results in different browsers, this *MUST* be due to differences between the browsers. It could be due to settings in the browsers, or it might simply be a bug in one or the other -- but it can NOT NOT NOT be down to PHP. (Well, except inasmuch as you might be able to make reasonable adjustments in your PHP to allow for the difference. ;) Cheers! Mike - Mike Ford, Electronic Information Services Adviser, Learning Support Services, Learning Information Services, JG125, James Graham Building, Leeds Metropolitan University, Headingley Campus, LEEDS, LS6 3QS, United Kingdom Email: [EMAIL PROTECTED] Tel: +44 113 283 2600 extn 4730 Fax: +44 113 283 3211 To view the terms under which this email is distributed, please go to http://disclaimer.leedsmet.ac.uk/email.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php session in ie
to be redirected to login must have at least one of ( if(!isset($_SESSION['student_username']) !isset($_SESSION['student_password'])) ) not set, which one (or both) fail under i.e. ??? hth ag. 2005/11/11, sunaram patir [EMAIL PROTECTED]: Hi, i am having problem with internet explorer. i am working on a project on building a website where i need to keep track of the users i.e. i use a login system in there in short. with the following code i check whether the user is logged in or not. ?php session_start(); $_SESSION['myurl']=$_SERVER['PHP_SELF']; if(!isset($_SESSION['student_username']) !isset($_SESSION['student_password'])) header(Location: login.php); ? if the user is not logged in, it redirects to the login page login.php as is shown in the above code. now the user is allowed to log in through the following code: ?php session_cache_limiter('private_no_expire'); session_set_cookie_params(0,/,schools.zenrays.com); session_start(); if(isset($_POST['submit'])){ include(../database.inc); $login=trim($_POST['login']); $pass=trim($_POST['pass']); $Effectivelogin=strtoupper($login); $auth=false; $connection=mysql_connect($host,$user,$password); mysql_select_db($database,$connection); $query=SELECT password FROM students WHERE userID='$Effectivelogin'; $result=mysql_query($query); if(mysql_num_rows($result)){ while($row=mysql_fetch_array($result)) { if($row[0]!=$pass) echo (Wrong Username/Password!); else $auth=true; } } if($auth){ $_SESSION[student_username]=$Effectivelogin; $_SESSION[student_password]=$pass; if(isset($_SESSION['myurl'])) header(Location: http://schools.zenrays.com.$_SESSION['myurl']); else header(Location: http://schools.zenrays.com/students;); } } ? html head titleUser Authentication/title /head body form method=post LoginID: input type=text name=loginbr Password: input type=password name=passbr input type=submit name=submit value=Login /form /body /html then the user is redirected back to the page he visited. it workd fine in firefox and msn explorer. in internet explorer, when i visit to a link in any page it asks for the login details again. could anyone please help me out?! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php session in ie
On 11/12/05, adriano ghezzi [EMAIL PROTECTED] wrote: to be redirected to login must have at least one of ( if(!isset($_SESSION['student_username']) !isset($_SESSION['student_password'])) ) not set, which one (or both) fail under i.e. ??? hth if both of them aren't set, the user is redirected. but it doesnot relate to not working in ie or i don't understand what u are meaning. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php session in ie
On 11 Nov 2005, at 11:43, sunaram patir wrote: it works fine in firefox and msn explorer. in internet explorer, when i visit to a link in any page it asks for the login details again. could anyone please help me out?! It just sounds like you have cookies disabled or not allowed for this site in IE. Marcus -- Marcus Bointon Synchromedia Limited: Putting you in the picture [EMAIL PROTECTED] | http://www.synchromedia.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php session in ie
sunaram patir wrote: Hi, i am having problem with internet explorer. i am working on a project on building a website where i need to keep track of the users i.e. i use a login system in there in short. with the following code i check whether the user is logged in or not. ?php session_start(); $_SESSION['myurl']=$_SERVER['PHP_SELF']; if(!isset($_SESSION['student_username']) !isset($_SESSION['student_password'])) header(Location: login.php); It might not fix your problem but you should exit after location header. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php session in ie
For security.. *never* store the password in a cookie.. if you must... instead do some sort of encryption on it and some other value store that and use it for verification. On Friday 11 November 2005 05:43 am, sunaram patir wrote: Hi, i am having problem with internet explorer. i am working on a project on building a website where i need to keep track of the users i.e. i use a login system in there in short. with the following code i check whether the user is logged in or not. ?php session_start(); $_SESSION['myurl']=$_SERVER['PHP_SELF']; if(!isset($_SESSION['student_username']) !isset($_SESSION['student_password'])) header(Location: login.php); ? if the user is not logged in, it redirects to the login page login.php as is shown in the above code. now the user is allowed to log in through the following code: ?php session_cache_limiter('private_no_expire'); session_set_cookie_params(0,/,schools.zenrays.com); session_start(); $auth=false; if($auth){ $_SESSION[student_username]=$Effectivelogin; $_SESSION[student_password]=$pass; if(isset($_SESSION['myurl'])) header(Location: http://schools.zenrays.com.$_SESSION['myurl']); else header(Location: http://schools.zenrays.com/students;); } it works fine in firefox and msn explorer. in internet explorer, when i visit to a link in any page it asks for the login details again. could anyone please help me out?! regards, sunaram -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php session in ie
Stephen Leaf wrote: For security.. *never* store the password in a cookie.. OP stores the password in session -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php session in ie
i will for sure. thanks. On 11/11/05, M [EMAIL PROTECTED] wrote: Stephen Leaf wrote: For security.. *never* store the password in a cookie.. OP stores the password in session -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php session in ie
On Fri, November 11, 2005 5:20 am, sunaram patir wrote: session_start(); This one here... (see below) header(Location: login.php); Not crucial, but you'd save some HTTP connections by just doing: require 'login.php'; exit; instead of bouncing the user's agent back and forth session_cache_limiter('private_no_expire'); session_set_cookie_params(0,/,schools.zenrays.com); session_start(); ... will probably not match this one here. You've set the Cookie Parameters here to very specific values. You should do that consitently on every session_start() to make sure your site's cookies are always operating under the same conditions. if(isset($_POST['submit'])){ include(../database.inc); $login=trim($_POST['login']); $pass=trim($_POST['pass']); $Effectivelogin=strtoupper($login); $auth=false; You really ought to do more validation than that... http://php.net/mysql_real_escape_string Possibly limit 'login' to alphanumeric and 'pass' to non-control characters. then the user is redirected back to the page he visited. it workd fine You also won't need to re-direct the user back to what they wanted -- The URL will already be what they asked for when the login works. Change the ACTION= to ACTION=?php echo $_SERVER['PHP_SELF']? -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php session in ie
instead of bouncing the user's agent back and forth session_cache_limiter('private_no_expire'); session_set_cookie_params(0,/,schools.zenrays.com); session_start(); ... will probably not match this one here. You've set the Cookie Parameters here to very specific values. You should do that consitently on every session_start() to make sure your site's cookies are always operating under the same conditions. i included the tfollowing two lines to my starting script on each page, but still not working session_cache_limiter('private_no_expire'); session_set_cookie_params(0,/,schools.zenrays.com); when i call var_dump($_COOKIE), it returns null. i can't make out what's happening! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php session in ie
He's not storing the password in a Cookies. He's storging it in a $_SESSION Which is still a Risk, especially on a shared server, but it's not necessarily in the category of Never do this On Fri, November 11, 2005 9:48 am, Stephen Leaf wrote: For security.. *never* store the password in a cookie.. if you must... instead do some sort of encryption on it and some other value store that and use it for verification. On Friday 11 November 2005 05:43 am, sunaram patir wrote: Hi, i am having problem with internet explorer. i am working on a project on building a website where i need to keep track of the users i.e. i use a login system in there in short. with the following code i check whether the user is logged in or not. ?php session_start(); $_SESSION['myurl']=$_SERVER['PHP_SELF']; if(!isset($_SESSION['student_username']) !isset($_SESSION['student_password'])) header(Location: login.php); ? if the user is not logged in, it redirects to the login page login.php as is shown in the above code. now the user is allowed to log in through the following code: ?php session_cache_limiter('private_no_expire'); session_set_cookie_params(0,/,schools.zenrays.com); session_start(); $auth=false; if($auth){ $_SESSION[student_username]=$Effectivelogin; $_SESSION[student_password]=$pass; if(isset($_SESSION['myurl'])) header(Location: http://schools.zenrays.com.$_SESSION['myurl']); else header(Location: http://schools.zenrays.com/students;); } it works fine in firefox and msn explorer. in internet explorer, when i visit to a link in any page it asks for the login details again. could anyone please help me out?! regards, sunaram -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php session in ie
On Fri, November 11, 2005 12:06 pm, sunaram patir wrote: session_start(); session_cache_limiter('private_no_expire'); session_set_cookie_params(0,/,schools.zenrays.com); when i call var_dump($_COOKIE), it returns null. i can't make out what's happening! Is $_COOKIE NULL in the browsers that work, or just in IE? If it's only in IE, then is IE configured to not accept Cookies from your site, or perhaps never from 3rd-party sites, or perhaps Security settings are preventing the Cookies from being accepted... You can't force the User to accept your Cookies. Perhaps consider using trans_sid in php.ini to embed the Session ID in the URL instead of a Cookie. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php session in ie
array(1) { [PHPSESSID]= string(32) 337a44c0d6c9ed3cf4ba4e97d707589e } is returned by firefox on calling var_dump($_COOKIE). NULL in ie. On 11/11/05, Richard Lynch [EMAIL PROTECTED] wrote: On Fri, November 11, 2005 12:06 pm, sunaram patir wrote: session_start(); session_cache_limiter('private_no_expire'); session_set_cookie_params(0,/,schools.zenrays.com); when i call var_dump($_COOKIE), it returns null. i can't make out what's happening! Is $_COOKIE NULL in the browsers that work, or just in IE? If it's only in IE, then is IE configured to not accept Cookies from your site, or perhaps never from 3rd-party sites, or perhaps Security settings are preventing the Cookies from being accepted... You can't force the User to accept your Cookies. Perhaps consider using trans_sid in php.ini to embed the Session ID in the URL instead of a Cookie. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php session in ie
On 11/11/05, Richard Lynch [EMAIL PROTECTED] wrote: On Fri, November 11, 2005 12:06 pm, sunaram patir wrote: session_start(); session_cache_limiter('private_no_expire'); session_set_cookie_params(0,/,schools.zenrays.com); when i call var_dump($_COOKIE), it returns null. i can't make out what's happening! Is $_COOKIE NULL in the browsers that work, or just in IE? Perhaps consider using trans_sid in php.ini to embed the Session ID in the URL instead of a Cookie. Please look at http://schools.zenrays.com/phpinfo.php . trans_sid is on. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php session in ie
Try setting session.use_cookies to Off so PHP won't even try to use Cookies. On Fri, November 11, 2005 12:49 pm, sunaram patir wrote: On 11/11/05, Richard Lynch [EMAIL PROTECTED] wrote: On Fri, November 11, 2005 12:06 pm, sunaram patir wrote: session_start(); session_cache_limiter('private_no_expire'); session_set_cookie_params(0,/,schools.zenrays.com); when i call var_dump($_COOKIE), it returns null. i can't make out what's happening! Is $_COOKIE NULL in the browsers that work, or just in IE? Perhaps consider using trans_sid in php.ini to embed the Session ID in the URL instead of a Cookie. Please look at http://schools.zenrays.com/phpinfo.php . trans_sid is on. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php session in ie
- Original Message - From: sunaram patir [EMAIL PROTECTED] To: php-general@lists.php.net Sent: Friday, November 11, 2005 5:31 AM Subject: [PHP] php session in ie Hi, i am having problem with internet explorer. i am working on a project on building a website where i need to keep track of the users i.e. i use a login system in there in short. with the following code i check whether the user is logged in or not. ?php session_start(); $_SESSION['myurl']=$_SERVER['PHP_SELF']; if(!isset($_SESSION['student_username']) !isset($_SESSION['student_password'])) header(Location: login.php); ? if the user is not logged in, it redirects to the login page login.php as is shown in the above code. now the user is allowed to log in through the following code: ?php session_cache_limiter('private_no_expire'); session_set_cookie_params(0,/,schools.zenrays.com); session_start(); if(isset($_POST['submit'])){ include(../database.inc); $login=trim($_POST['login']); $pass=trim($_POST['pass']); $Effectivelogin=strtoupper($login); $auth=false; $connection=mysql_connect($host,$user,$password); mysql_select_db($database,$connection); $query=SELECT password FROM students WHERE userID='$Effectivelogin'; $result=mysql_query($query); if(mysql_num_rows($result)){ while($row=mysql_fetch_array($result)) { if($row[0]!=$pass) echo (Wrong Username/Password!); else $auth=true; } } if($auth){ $_SESSION[student_username]=$Effectivelogin; $_SESSION[student_password]=$pass; if(isset($_SESSION['myurl'])) header(Location: http://schools.zenrays.com.$_SESSION['myurl']); else header(Location: http://schools.zenrays.com/students;); } } ? html head titleUser Authentication/title /head body form method=post LoginID: input type=text name=loginbr Password: input type=password name=passbr input type=submit name=submit value=Login /form /body /html then the user is redirected back to the page he visited. it workd fine in firefox and msn explorer. in internet explorer, when i visit to a link in any page it asks for the login details again. could anyone please help me out?! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Hello, I used this article for sessions with success http://www.sitepoint.com/article/users-php-sessions-mysql Best regards, Andras Kende http://www.kende.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php session in ie
if it's a risk then it's in my never get into the practice of doing this category. Passwords should always be used to verify and discarded. never saved in any form which can be seen directly or decoded. And true $_SESSION isn't a cookie.. however there are some systems that a cookie is used like a session. in both cases I'd personally feel uneasy storing a password like that. On Friday 11 November 2005 12:23 pm, Richard Lynch wrote: He's not storing the password in a Cookies. He's storging it in a $_SESSION Which is still a Risk, especially on a shared server, but it's not necessarily in the category of Never do this On Fri, November 11, 2005 9:48 am, Stephen Leaf wrote: For security.. *never* store the password in a cookie.. if you must... instead do some sort of encryption on it and some other value store that and use it for verification. On Friday 11 November 2005 05:43 am, sunaram patir wrote: Hi, i am having problem with internet explorer. i am working on a project on building a website where i need to keep track of the users i.e. i use a login system in there in short. with the following code i check whether the user is logged in or not. ?php session_start(); $_SESSION['myurl']=$_SERVER['PHP_SELF']; if(!isset($_SESSION['student_username']) !isset($_SESSION['student_password'])) header(Location: login.php); ? if the user is not logged in, it redirects to the login page login.php as is shown in the above code. now the user is allowed to log in through the following code: ?php session_cache_limiter('private_no_expire'); session_set_cookie_params(0,/,schools.zenrays.com); session_start(); $auth=false; if($auth){ $_SESSION[student_username]=$Effectivelogin; $_SESSION[student_password]=$pass; if(isset($_SESSION['myurl'])) header(Location: http://schools.zenrays.com.$_SESSION['myurl']); else header(Location: http://schools.zenrays.com/students;); } it works fine in firefox and msn explorer. in internet explorer, when i visit to a link in any page it asks for the login details again. could anyone please help me out?! regards, sunaram -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php