Vyoma
Jul 30 2006, 06:12 AM
This is quite a bit of problem I am facing, and I cannot point exactly where I am going wrong. I have been lurking around here at the Asta Host forums with regard to login and user authentication scripts and I have got as far as this: - Starting a session - Registering a session variable - Using the variable to check if the user is authenticated or not. - Authenticating the user through MySQL database - Logging of the user, by setting the session variable to un-authenticated I have been able to achive the following things too that I think is not related to this problem: - Encapsulate the database handling to a seperate source file - Use a templating system of my own. - Handle everything in only one page using the querying through URL (this is my requirement due to the templating system I use) - I want only one file (index.php) to be called with appropriate action requests (?q=login or ?q=logout) Here is the code I have so far: CODE <?php session_start(); session_register('auth'); require_once('database.inc'); // These $d_<something> variables will be placed in the template $d_html_head = 'Some portal DART'; $d_header = 'The header - DART'; $d_status = NULL; $d_content = NULL; $d_nav = '<h2>Link set 1</h2><ul><li><a href="#">Link 1</a></li><li><a href="#">Link 2</a></li><li><a href="#">Link 3</a></li></ul><h2>Link set 2</h2><ul><li><a href="#">Link 4</a></li><li><a href="#">Link 5</a></li><li><a href="#">Link 6</a></li></ul><h2>Link set 3</h2><ul><li><a href="#">Link 7</a></li><li><a href="#">Link 8</a></li><li><a href="#">Link 9</a></li></ul>'; $d_footer = 'copyright info'; $q = ''; // Database handling part $dartdb = new dbhandler; $connection = $dartdb->setconnection( 'dbadmin', 'dbpassword', 'localhost'); if(!$connection) $d_status .= "Unable to get a connection <BR /> $dartdb->errorstring <BR />"; $connection = $dartdb->setdatabase('dartdb'); if(!$connection) $d_status .= "Unable to select DART database <BR /> $dartdb->errorstring <BR />"; if ( isset($_GET['q']) ) $q = $_GET['q']; if ( $q == 'login') { // Check the 'user' and 'pass' against database and set // 'auth' based on the result $loginmessage = "The Employee number or the password given is wrong. Please try again."; $_SERVER['auth'] = 'NO'; $user = NULL; $pass = NULL; $user = $_POST['user']; $pass = $_POST['pass']; $query = "SELECT * FROM dart_emp WHERE empid = '".$user."'"; $dartdb->query($query); if ( $user != NULL && $dartdb->result != NULL ) { $array = $dartdb->fetch_object(); if( isset($array->empid) && $array->empid == $user && $array->password == $pass ) { $loginmessage = "Login successful."; $_SERVER['auth'] = 'YES'; } } $d_status .= $loginmessage; } else if ($q == 'logout') { // User has logged out. Hence set the 'auth' to 'NO' $_SERVER['auth'] = 'NO'; $d_status .= 'Logged out. <BR />'; } if( isset($_SERVER['auth']) && $_SERVER['auth'] == 'YES' ) { $d_status .= 'Authorized access <BR />'; $d_content .= 'Content, content. <BR />Logout <A href="?q=logout">link</A>.'; } else { //Show the login form if ($q != 'logout') $d_status .= 'Not logged in. <BR />'; $d_content .= '<form action="?q=login" method="post" name="login"> Employee Number: <input type="text" name="user" size="6" maxlength="6" id="user" /> <BR /> Password: <input type="password" name="pass" size="30" maxlength="30" id="pass" /> <BR /> <input type="submit" name="login" value="Login" id="login" /> </form>'; } // This is the templating system I use. The above $d_<something> values // are replaced in the appropriate places require 'template/page.tpl'; ?> Now, here is my problem. Once I log in, the URL will be: http://localhost/index.php?=loginAfter successful login, it will show the content. Now, if I type the http://locahost/index.php, it should still be showing the content. But it does not. For some reason, I am loosing the $_SERVER['auth'] variable. I am not sure, where in the flow I am doing wrong. Could some one please check this up and let me know what I am doing wrong, or what more should I be including? Please let me know, if you need anything more, or want me to explain why I put the code as I put it there.
Comment/Reply (w/o sign-up)
Quatrux
Jul 30 2006, 07:09 AM
I didn't get into to your script very much, but isn't it $_SESSION['auth']; you want to use and not $_SERVER; superglobal? I myself that to optimize the script, usually at the start of the script, where I need to use superglobals, I do something like this $s =& $_SERVER; to use $s as superglobal, very convenient, but I don't do this for SESSION and COOKIES as I had problems. 
Comment/Reply (w/o sign-up)
Vyoma
Jul 31 2006, 10:04 AM
Oh! The _SERVER and _SESSION variables are different. I should have thought about that. I will check this up and let you guys know how it turns out to be.
Comment/Reply (w/o sign-up)
Chesso
Aug 1 2006, 12:44 AM
Here's an example of my login which seems to work just perfectly thus far: I do use files split up though. What I do with login.php is display a form with two input text fields and send that to my check_login.php file which checks the information against the database and then registers the session like so: CODE session_register('username');
$_SESSION['username'] = $username;
session_register('password');
$_SESSION['password'] = $password; $username and $password being the variabels send from the form that were validated to be correct. If not I just sent them back the login.php?error=incorrectlogindetails or somesuch. For pages that need to check if a user is logged in: CODE session_start();
if(isset($_SESSION['username']) && isset($_SESSION['password'])){header("location:login_successful.php?error=loggedin");} Which is in my login.php file, if isset is true then they are allready logged in and do not need to be here so it redirects them. And for logging out, it's as simple as: CODE session_start();
session_destroy(); I'm not sure if it's the best way to do it but it hasn't failed me yet.
Comment/Reply (w/o sign-up)
Quatrux
Aug 1 2006, 04:15 AM
I wonder why people here still is using session_register(); Here is a caution "If you are using $_SESSION (or $HTTP_SESSION_VARS), do not use session_register(), session_is_registered(), and session_unregister()." and to end the session, one of the best method is to do this: CODE
function session_delete($sname = 'Current User') {
# Set Session Name to a Variable
$name = session_name();
/* Empty the Cookie from Session */
if (!headers_sent() ) { setcookie($name,"",0,"/"); }
/* Remove the Cookie Value */
unset($_COOKIE[$name]);
/* Remove all the Info from the Super Global */
$_SESSION = array();
/* Free all session variables */
session_unset();
/* Destroy all data registered to a session */
if (session_destroy() === FALSE) {
return FALSE;
} else {
return TRUE;
}
}
and just call the function when you need to logout or remove the session.
Comment/Reply (w/o sign-up)
Chesso
Aug 1 2006, 04:20 AM
What's wrong with session_register()? It works and is the only thing that worked for me back when I first wrote it lol.
Comment/Reply (w/o sign-up)
Quatrux
Aug 1 2006, 04:46 AM
QUOTE(Chesso @ Aug 1 2006, 07:20 AM) 
What's wrong with session_register()? It works and is the only thing that worked for me back when I first wrote it lol.
Well, read the PHP Manual and search google on session register, it isn't needed anymore. QUOTE
Caution
If you want your script to work regardless of register_globals, you need to instead use the $_SESSION array as $_SESSION entries are automatically registered. If your script uses session_register(), it will not work in environments where the PHP directive register_globals is disabled.
QUOTE
register_globals: important note: Since PHP 4.2.0, the default value for the PHP directive register_globals is off, and it is completely removed as of PHP 6.0.0. The PHP community encourages all to not rely on this directive but instead use other means, such as the superglobals.
Look at this code and read the comments. CODE
<?php
// Use of session_register() is deprecated
$barney = "A big purple dinosaur.";
session_register("barney");
// Use of $_SESSION is preferred, as of PHP 4.1.0
$_SESSION["zim"] = "An invader from another planet.";
// The old way was to use $HTTP_SESSION_VARS
$HTTP_SESSION_VARS["spongebob"] = "He's got square pants.";
?>
session_register() is deprecated !!!
Comment/Reply (w/o sign-up)
Chesso
Aug 1 2006, 05:10 AM
But if I use $_SESSION alone it won't work for me.... only when I use session_register, last time I checked atleast.
Comment/Reply (w/o sign-up)
Vyoma
Aug 1 2006, 11:24 AM
Ok. As for the problem I had, it got solved when I replaced all _SERVER occurances with _SESSION. But I see that this thread has developed quite a bit since I last left. Yes, I have heard that session_register is deprecated. So, Quatrax, should I just go ahead and use _SESSION variables and not do any session_open() and session_register() functions?
Comment/Reply (w/o sign-up)
Chesso
Aug 1 2006, 11:46 AM
I am curious about this too, it'll save me a few bytes of space  which I am always looking to do.
Comment/Reply (w/o sign-up)
Habble
Mar 15 2008, 07:00 PM
Yeah Lol but it can be hard to work out how to do Lol not to easy at all
Comment/Reply (w/o sign-up)
Houdini
Aug 2 2006, 06:54 PM
Actually whenever you want to use (or read) session variables you must always start a session using session_start() the you can CODE echo $_SESSION['myvariable']; You must use session_start() to assign or use $_SESSION variables. It is a good practice to place the session start at or very near the beginning of your script to avoid the error about resending headers.
Comment/Reply (w/o sign-up)
Vyoma
Aug 2 2006, 01:14 PM
OK Quatrax. That answered my questions. I think this thread may be deemed closed.
Comment/Reply (w/o sign-up)
Chesso
Aug 2 2006, 03:38 AM
Well for now (for me) it's basically what ever works works, when I am happy with features and functioning I'll go through the whole lot and remove redundant code and fix things up.
Comment/Reply (w/o sign-up)
Similar Topics
Keywords : user, authentication, session, handling, problems, authorization, server, variables, staying, pages
- View Php In Another Server
(5)
How To Create/edit/delete Ftp Accounts With Php
Help me to create one php page to create FTP user accounts in Unix Ser (2) Thanks /cool.gif" style="vertical-align:middle" emoid="B)" border="0" alt="cool.gif" /> ....
Make A Script Run Even If No User Is Online
(6) Hey! Is there any way to make a script run, even if no user is online. Because at the moment, my
scripts run, only when a user is online. And another thing: How can i make the following: (this is
just an example) mysql_query"SELECT maxhp FROM users WHERE username = 'allusers'"; How can I
select all users maxhp, in the same query? Thanks //Feelay....
Run A Script When Expires A Session
(6) For example, when a user logins to a page -with a login form- and after validating and verifying
it's credentials i store some information related to this user in session variables and a table
with his state -connected- is updated, then i use it in other pages, etc. When this user logouts
-by clicking a logout link- i release -unregister, destroy, etc- all the session variables stored
and the same table is updated with his state -disconnected-. All of this funcionality works very
well, the problem comes when the user do not click on the logout link and the session ....
Automated Product Suggestion Script
Compare user lists and suggest related items based on pattern matching (2) I recently got an idea for a project and one of the features I wanted the project to have was an
automated suggestion service. If anyone has been to Amazon, it would work much like their
recommended product feature. What I want to do is take several users lists of whatever but for this
example, I'll use web links like from the browser history. I would want to suggest links to a
user based on common links in many other users lists. User A: Amazon, Ebay, Excite, Google, Yahoo,
MySpace, Walmart User B: Amazon, Ebay, Google, Yahoo, You Tube, MySpace, CVS User C: Amazo....
Php Session Problem
(7) i have downloaded easyphp on my PC and i am a bit noob with php mysql commands. i have a problem
making session work the problem that the session file in my server get deleted after leaving the
page where the session was start for the first time. the problem that the session can only be used
within the creation page unless you leave it. why?? i have no idea ... i have been looking around
for three days now .. thank in advance for any help. if you need more details let me know
/smile.gif" style="vertical-align:middle" emoid=":)" border="0" alt="smile.gif" />. Joe.k....
Five Common Php Database Problems
(0) I just read this excelent article from the IBM's developerWorks website, it's name is Five
common PHP database problems . This article shows five database problems that occur in PHP
applications as well as their solutions and include database schema design, database access, and the
business logic code that uses the database. It is a bit older -a year ago more or less- but i
think that can be helpful for everybody that works with PHP and MySql. Best regards,....
Using Php With A Mail Server
(2) We all know you can use PHP with a web server, but can you use it with a mail server? I've made
a personal messenger system, and I was thinking about adding additional functionality in the future,
such as the ability to send mail from it. Then I started thinking, would it be possible to recieve
mail with it? Say, have a PHP script that checked when a message arrived at the server, and when it
does, check for something in the message (e.g. "pmsystem-to: admin") that would tell it to send it
to a certain user, and then have it do the scripts to send a PM. So, is it....
Php Long Variables
How do you make them? (5) Don't ask why but I need to make a long variable that contains ' " ; and ) meaning I cannot
use: CODE $var=('Test'); It will create an error. Here is an example of what I am
talking about: CODE $var=("I want to use ' and " while allowing html and not using
htmlspecialchars"); Basicly is what I want is a CODE echo This is some echo. I can use '
" ) and; without using htmlspecialchars END; Is there a way to make a simalur code that works
with variables? Do you get what I mean? That would really help me out. Thanks, Sparkx Note....
Already Sent Session Cookies?
(2) Er, this is the second topic I've posted about session problems. Here's the html file that
keeps showing up: CODE Warning: session_start() : Cannot send session cookie - headers already
sent by (output started at C:\Program Files\xampp\htdocs\index2\loggingin.php:2) in C:\Program
Files\xampp\htdocs\index2\loggingin.php on line 39 Warning: session_start() : Cannot send session
cache limiter - headers already sent (output started at C:\Program
Files\xampp\htdocs\index2\loggingin.php:2) in C:\Program Files\xampp\htdocs\index2\loggingin.php on
line 39 Fatal ....
I'm Having Problems With Sessions
(2) I haven't really read much about sessions, i usually study PHP by viewing other's codes and
learning from it. Here's what keeps on popping out when I open the page. CODE Warning:
session_start() : Cannot send session cookie - headers already sent by (output started at
C:\Program Files\xampp\htdocs\maple-radio-live\loggingin.php:7) in C:\Program
Files\xampp\htdocs\maple-radio-live\loggingin.php on line 40 and CODE Warning: Cannot
modify header information - headers already sent by (output started at C:\Program
Files\xampp\htdocs\maple-radio-live....
Htaccess/gd Problems.
(0) On this shell, that has shared apache, php and gd, I have this file working.
http://users.phoenix-network.org/~tobylane/gd.php But, with the normal htaccess of CODE
RewriteEngine on RewriteRule ^sig.png$ gd.php http://users.phoenix-network.org/~tobylane/sig.png
Doesn't work. Also, another gd picture doesn't display the text. CODE
header("(anti-spam-(anti-spam-(anti-spam-content-type:))) image/png"); $im =
imagecreatefrompng("button.png"); $bg = imagecolorallocate($im,255,55,25); imagefill($im,0,0,$bg);
imagestring($im,3,20,5,"Your IP is ",$b....
Sql Injection Prevention (passing Numerical Data Across Pages).
PHP/mySQL (9) Even if your building something as simple as a basic news page for your website, if your passing
along url variable strings like (mysite/index.php?page=1), you may be vulnerable to SQL injection
attacks. For cases like these (passing numerical data in url strings), I have a handy dandy little
function to thwart these attempts silly: CODE // For checking if value is a number, if not
return 1. function isNum($val) { if (!is_numeric($val)) { $val = 1; } return ($val); } I
have this function, within my functions.php file, which I use as an include in files w....
Making My Album
problems with rights (3) We have to make something in PHP for school, so I decided to make a complete photoalbum. One of the
things that it can is creating and storing thumbnails, but here is where the problems start. The
thumbnails have to be stored in a subfolder called 'thumbnails', if this folder doesn't
exist, my script creates this folder and everything works like it is supposed to be. But it
doesn't do that the way I want. The folder is made with: CODE mkdir($thumbnail_folder,
0777); but when I check it via FTP, it is set to 755. Even worse is that I can't acce....
Authentication Script
PHP Help #2 -- I need help tweaking it - it won't work (1) Okay, my first issue about the MySQL echo problem has been solved, thank you to those who helped.
/smile.gif" style="vertical-align:middle" emoid=":)" border="0" alt="smile.gif" /> Now I am focusing
on the login portion of my site, and I have this so far: CODE // we must never forget to start
the session session_start(); $errorMessage = ''; if (isset($_POST ) && isset($_POST ))
{ $username = $_POST ; $password = $_POST ; //Connect to database $con =
mysql_connect("localhost","myDatabaseUsername","myDatabasePassword"); if (!$con) { die('Co....
Proper Way To Grab User Data?
(1) I'm working on a script where there is a custom user profile and I was wondering if there was a
more efficient way to grab data stored in a database than this method: CODE $sql = "SELECT *
FROM users WHERE `access_name` = \"" .$active_user. "\""; $row =
mysql_fetch_array(mysql_query($sql)); //Link the two tables together; grab the most common thing
that is the *SAME* $user_id = $row ; $sql2 = "SELECT * FROM content WHERE `cid` = \"" .$user_id.
"\""; $row2 = mysql_fetch_array(mysql_query($sql2)); Then on the pages, I just do a where ever
something is supp....
Quickly Create Form Variables
simple form, variable creation, referer check, safe guard variables (5) The reason I wanted to share this is I've seen so many people do this with their forms when
using PHP. CODE $username = $_POST ; $password = sha1($_POST ); $another_var = $_POST ; ...
and so on, just imagine if you had a large number of form inputs, do you really want to create each
and every variable name? Why people do this, is probably due to most of the examples I've seen
on the web, that does not show an easier and much quicker way of doing it. Though my way might be
much easier and quicker, it does introduce security concerns which I've tried....
Backing Up User Forms As Static HTML
(5) System: Activity System for use in Universities Users: Faculty members Scenario: User fills out a
list of activites they participated in. Example: A faculty member attended a seminar about Object
Orientated Programming. They record that seminar into their records by filling out a form and
adding that activity into the database and identifying it with a designed term id. Spring terms are
different than fall terms etc etc. We want to create html snapshots of these forms that can be
included by a simple include('oldForm.html') into another form for review. ....
How To Delete Files When Session Ends
(4) Dear Friends I need solution to a problem. The problem is as under: I am creating certain files
(playlist) in server disk when user selects some songs. The files are created in ram format. What I
want to do is to delete these files created during a particular session. Is it possible to do so?
Now I am deleting these files using on Unload event fired by JavaScript. I am using PHP. ....
Session And Security
(0) Hi everyone, I'd like to explain my idea for basic session handling to you guys. I've
thought about it, and I can't see any problem with it, but I'd like other's opinions as
well, please. Ok, here goes. So basically, there's two base cases that can happen. User
visits any page, session class is initialized, etc. Case 1 - User not logged in; no cookie or
session info in DB If the user is not logged in, has no cookie, and/or there is no session info in
the DB for this user, any specified activities, protected like so: php: if ( $session....
How To Reset The Server Variable Php_auth_user
(9) Hi, i'm developing a web application which obviously requires a log in/log out script that i
just implementing but i dont know why the log out script dont work fine. The problem is related
with the server variable $_SERVER which remains set even when in the log out script i unset it with
the unset() function. Does someone knows how can i reset or clear the server variable $_SERVER ???
Best regards, ....
Simple PHP News System Problems
(1) For the new version of my website I'm trying to make a very simple newssytem based on php. Each
newsitem will get it's own html page, something like this: CODE Welkom HERE
COMES THE TXT All other data will be stored in a file called news.inc CODE $news
= array(); $news = '110706_jovolka.html'; $news = '110706_lorum.html'; $news =
'090706_welkom.html'; $title = array(); $title = 'Over JoVolKa'; $title =
'Lorum Ipsum'; $title = 'Welkom'; $date = array(); $date = '11/....
Problem With PHP Scripts Without MySQL
i have problems with scripts (1) I've been working on my site, and the first time i tried my hand witha php guestbook script, i
did good, it worked on my host. but although i successfully installed an "send email" php script,
but somehow although on the site when i tired out the form, though it says email has been sent,
i've not received any email at all!!! and i've checked the account that was to specified
for the email to be sent , i have entered everything right. This are the steps the manual asked me
to do, QUOTE 1) Open up config.php with a word editor such as notepad. Fill ....
Need Help - How To Remove Session ID From URL
(6) Oflate I was going through Google information for webmasters and I noticed the following technical
guideline for the webmasters: QUOTE Allow search bots to crawl your sites without session IDs or
arguments that track their path through the site. These techniques are useful for tracking
individual user behavior, but the access pattern of bots is entirely different. Using these
techniques may result in incomplete indexing of your site, as bots may not be able to eliminate URLs
that look different but actually point to the same page. It clearly shows that undesir....
PHP Script: Separating News Into Pages
(2) look. I' ve got such a script to add news: CODE if($mess&&$subj) {
$fp=fopen("news.txt", "a"); $d=date("d").".".date("m").".".date("Y"); $c=0;
if(file_exists("news.txt")&&filesize("news.txt")>0) { if($c==0) {
$news=" |$subj|$d|$login|$mess\n"; } else {
$news=" |$subj|$d|$login|$mess"; } } else {
if($c==0) { $news="|$subj|$d|$login|$mess\n"; }
else { $news="|$subj|$d|$lo....
Some Problems Sometimes On Other Sites!
Others come up with wierd problems! (2) I am not the most regular contributer to PHP Builder but every now and then there is just a question
from a newbie or someone that can not be fixed. I do not know if it is that they do not know how to
ask the question but this one has been going on too long. It seemed from the question that they
asked that they wanted to insert some data froma text file into the MySQL database. So after looking
at their query (the original question) QUOTE Here's part of my code: Code: $result =
mysql_query("INSERT INTO AL_BVA (contact, time, phone, address, city, state, zip, ....
Multilingual Site: Send The User To Page Of Choice
(6) If you have one site in diferent laanguages, this simple script can redirect the user to the correct
page acording to his/her language: CODE // Enslish EUA elseif ($HTTP_ACCEPT_LANGUAGE ==
"en-us"){ header("Location: index_eng.html"); } // Inglês UK elseif ($HTTP_ACCEPT_LANGUAGE ==
"en-gb"){ header("Location: ingles_enuk.html"); } // Portuguese if ($HTTP_ACCEPT_LANGUAGE ==
"pt-br"){ header("Location: index_ptbr.html"); } //German elseif ($HTTP_ACCEPT_LANGUAGE ==
"de-de"){ header("Location: index_ger.html"); } // Swedish elseif ($HTTP_ACCEPT....
Php : Variables Included Dont Work In Functions
Variables from Included files dont work (4) Today, I came up with this strange PHP behaviour. Just wanted to know if anyone has any
suggestions! I make a common variable/function file called config.php. I put in my generally used
functions in it. Suppose this is my file CODE // -----VARIABLES --- // $a=10,$b.... //
-----FUCTIONS--- // function doit() { print "A value is " . $a; } ?> Here, suppose we execute
this file directly. Since A has a global scope, it does work perfectly. But if this same file is
imported in another file say, mainfile.php CODE // -----VARIABLES --- // $c,$d.... include &#....
Mini Apache Server W/ Php
Grab it right now ... (5) Hi, Those who don't want to go into all the hassle of configuring Apache with PHP -
here's a quick alternative. Grab MiniApache_PHP from http://213.106.116.50/james/ . It's
a much downscaled version of the real Apache server but includes the PHP modules too - very little
headache over installation and you can start hosting your own sites rightaway. Good alternative for
testing your custom php codes too... This is what the site says about the software: QUOTE
MiniApache_PHP is a cut-down version of the open-source Apache web server software for W....
Php, Sql Lite: Storing Session's Data?
how so store session in SQLITE? (1) normally, in windows, session data is saved in the location as directed by the "session.save_path"
directives. they only show how to store session data in file. is it possible to store it inside the
SQLite? anyone?....
Looking for user, authentication, session, handling, problems, authorization, server, variables, staying, pages
|
See Also,
*SIMILAR VIDEOS*
Searching Video's for user, authentication, session, handling, problems, authorization, server, variables, staying, pages
|
advertisement
|
|
