I use nuBuilder 4. When a user is logged in and refreshes the page (e.g. by hitting F5) he gets logged out.
I read that session_start(); needs to be at the very beginning of the code. But that didn't help.
index.php starts with this code:
(https://github.com/steven-copley/nubuilder4/blob/master/index.php)
<?php
require_once('nuchoosesetup.php');
require_once('nuindexlibs.php');
if ( !$_SESSION['nubuilder_session_data']['PLUGIN'] ) {
require_once('nustandalonesetuplibs.php');
nuStandaloneImportNewDB();
}
if ( $_SESSION['nubuilder_session_data']['PLUGIN'] && !isset($_SESSION['nubuilder_session_data']['SESSION_ID']) ) {
require_once('nuwordpresssetuplibs.php');
nuCheckWPUser();
}
require_once('nusystemupdatelibs.php');
nuMigrateSQL();
?>
Unfortunately I don't know PHP sessions so well and don't know where to change what. I'm grateful for hints.
This may help you. I had similar problem with calling session.
if (!session_id()) {
session_start();
} else {
// your code
}
Related
I have the following code
<?php
if($_SESSION['loggedin']){
echo '<li id="login-btn">Logout</li>';
}
else{
echo '<li id="login-btn">Login</li>';
}
?>
This is inside of the HTML for my Navbar. I want it to where if they are logged in, it will show "Logout", if they aren't logged in, it'll show "Login", (self explanatory)
I have this in my login.php
$loggedin = "";
$_SESSION['loggedin'] = true;
For some reason, no matter what I do, my navbar keeps displaying "Login"? Help please, thank you!
Session are global variables in php...
Session variables are not passed individually to each new page,
instead they are retrieved from the session we open at the beginning
of each page (session_start()).
if you want to access it on different page... you have to add
<?php
session_start();
?>
at the begining .... even in your login.php page
I'm looking for a way to combine this working script with another check: request uri ?=en or ?=nl. I need this because a php include according to the active language cookie (nl or en) doesn't change immediately after you press the language button. The buttons bring you to [].php?=en - which in fact just refreshes the page. To see the php include in the correct language, you need to refresh the page one more time. Thats a problem. Can anybody help me?
<?php
if( $_COOKIE['lang'] == "nl"){
include ('statement_nl.php');
}
else{
include ('statement_en.php');
}
?>
EDIT:
After a few hours of puzzling I found a way to make it work:
<?php
if( $_COOKIE['lang'] == "nl"){
include ('statement_nl.php'); }
else if (isset($_GET["lang"]) AND ($_GET["lang"]=="nl")) {
include ('statement_nl.php'); }
else if (isset($_GET["lang"]) AND ($_GET["lang"]=="en")) {
include ('statement_en.php'); }
else{
include ('statement_en.php'); }
?>
I am trying to get this script to work properly but am not having any luck, please can someone show me what i need to do.
At the moment the script counts the number of times a page has been accessed and redirects the user to another page if the count reaches 6.
It should only redirect if the user is not logged in, but instead it is also redirecting users when they are logged in. Please can someone show me where im going wrong.
Thanks.
<?
!session_id() ? session_start() : null;
if(!isset($_SESSION['logged_in']) && empty($_SESSION['logged_in'])){
verify_profile_visit_limit();
}
function verify_profile_visit_limit(){
$free_profiles = array(99999,99998,99997,99996,99995,99994,99993);
if(in_array($_GET["id"], $free_profiles)) return;
if(! isset($_SESSION["page_access_count"])){
$_SESSION["page_access_count"] = 1;
}
$_SESSION["page_access_count"]++;
if($_SESSION["page_access_count"] > 6){
header("Location: limit.php");
exit();
}
}
?>
Add an 'is logged in?' check to the pagecount check:
if (($_SESSION["page_access_count"] > 6) && (!isset($_SESSION['logged_in']))
if they're logged in, the check fails and they don't get redirected.
I'm aware that this topic has been covered before here on Stack, and I have looked at some answers, but I'm still a bit stuck, being fairly new to PHP. Every page on my website requires a login, and so users are redirected to a login page on page load. At the top of each page then I have:
<?
require("log.php");
include_once("config.php");
include_once("functions.php");
?>
This redirects the user to log.php (with new code added):
<?
session_name("MyLogin");
session_start();
if(isset($_SESSION['url']))
$url = $_SESSION['url']; // holds url for last page visited.
else
$url = "index.php"; // default page for
if($_GET['action'] == "login") {
$conn = mysql_connect("localhost","",""); // your MySQL connection data
$db = mysql_select_db(""); //put your database name in here
$name = $_POST['user'];
$q_user = mysql_query("SELECT * FROM users WHERE login='$name'");
if (!$q_user) {
die(mysql_error());
}
if(mysql_num_rows($q_user) == 1) {
$query = mysql_query("SELECT * FROM users WHERE login='$name'");
$data = mysql_fetch_array($query);
if($_POST['pwd'] == $data['password']) {
$_SESSION["name"] = $name;
header("Location: http://monthlymixup.com/$url"); // success page. put the URL you want
exit;
} else {
header("Location: login.php?login=failed&cause=".urlencode('Wrong Password'));
exit;
}
} else {
header("Location: login.php?login=failed&cause=".urlencode('Invalid User'));
exit;
}
}
// if the session is not registered
if(session_is_registered("name") == false) {
header("Location: login.php");
}
?>
The login form is contained in login.php. The code for login.pho relevant to the PHP/log.php is:
<?
session_start();
if($_GET['login'] == "failed") {
print $_GET['cause'];
}
?>
and
<form name="login_form" id="form" method="post" action="log.php?action=login">
The answer that I came across stated that I should add:
session_start(); // starts the session
$_SESSION['url'] = $_SERVER['REQUEST_URI'];
to the top of each page, which I did, at the top of the page (above "require("log.php");"), and then add:
if(isset($_SESSION['url']))
$url = $_SESSION['url']; // holds url for last page visited.
else
$url = "index.php"; // default page for
to my login page, and use the following URL for redirect on successful login:
header("Location: http://example.com/$url"); // perform correct redirect.
I am not 100% where the code which stores the referring URL should go, at the top of log.php or login.php.
I have tried adding it to both, but the login page is just looping once I have entered the username and password.
I wonder if someone could help me get this working?
Thanks,
Nick
It appears that I don't have the privilege to comment on your post, so I'll do the best that I can to answer. I apologize for all of the scenarios, I'm just doing the best I can to answer on a whim.
SCENARIO 1:
If you've truly not selected a database in your code, as demonstrated here, could that potentially be your issue? Please do note, that the code below, is the code you've posted.
$db = mysql_select_db(""); //put your database name in here
SCENARIO 2:
The code below is not something I've ever used in anything I've built, might I suggest that you try replacing that line of code with the line below it?
if(session_is_registered("name") == false) { // Current
if(isset($_SESSION['name']) == false) { // Potential Replacement
SCENARIO 3:
If you're logic for the following, exists on the login.php file as well... That could potentially be your problem. Upon visiting your site, I noticed your form appears on login.php, yet your logic is posting to log.php. I'm hoping this bit of code can help rule out that "jump", as login.php might be saving itself and overwriting the $_SESSION variable you've established
session_start(); // starts the session
$_SESSION['url'] = $_SERVER['REQUEST_URI'];
If it's too complex to take it out of the login.php file, if you even have it there, I've put together some code that you can use to create "internal" breadcrumbs, so you can go 2 pages back in your history.
if(!isset($_SESSION['internal_breadcrumbs']))
$_SESSION['internal_breadcrumbs'] = array();
$_SESSION['internal_breadcrumbs'][] = $_SERVER['REQUEST_URI'];
$max_breadcrumbs = 5;
while(count($_SESSION['internal_breadcrumbs']) > $max_breadcrumbs)
array_shift($_SESSION['internal_breadcrumbs']);
That will create an array with a max of $max_breadcrumbs elements, with your most recent page at the end, like the following
Array
(
[internal_breadcrumbs] => Array
(
[0] => /other_page.php
[1] => /other_page.php
[2] => /other_page.php
[3] => /user_page.php <-- desired page
[4] => /login.php <-- most recent page
)
)
So now... you can setup your url to be something more like the following...
// I'm doing - 2 to accommodate for zero indexing, to get 1 from the current page
if(isset($_SESSION['internal_breadcrumbs']))
$url = $_SESSION['internal_breadcrumbs'][count($_SESSION['internal_breadcrumbs']) - 2];
else
$url = "index.php"; // default page for
All the best, and I certainly hope this has helped in some way.
IN SCENARIO 4
From the client test the login/password which ajax XMLHttpRequest with javascript code to a dedicated script for validation (do it on mode https for secure)
If response is right send the login password to your script server.
Stips : Encoding password is better secure !
Using header() function it's a bad idea.
Manual specification say ;
Remember that header() must be called before any actual output is
sent, either by normal HTML tags, blank lines in a file, or from PHP.
It is a very common error to read code with include, or require,
functions, or another file access function, and have spaces or empty
lines that are output before header() is called. The same problem
exists when using a single PHP/HTML file.
So in your case, i suggest that to use cookies with an ID generate only for the session, at the first connection its generate, and the duration of the cookie maybe for only from 2 to 10 minutes.
Regenerate cookie each time the loging.PHP is called !
Have a nice day
On my site, forms are brought in via AJAX and checked against a sessionid. I know this is not optimal, but it's working for us. If the referrer doesn't have the session ID they are redirected back to "anotherpage". I need to allow some outside URL's access the form directly.
we set the sessionid on the page with the link to the form.
Here is what we have now on the form page:
<?php
$code = $_GET['sessionid'];
if(strcmp( $code , 'XXXXX' ) != 0) {
header("Location: http://www.domain.com/anotherpage.php");
}
?>
I need to allow some outside domains direct access to the form page and am having issues with this:
(I'm putting it above the head tag on the form page)
<?php
$code = $_GET['sessionid'];
$referrer = $_SERVER['HTTP_REFERER'];
if(strcmp( $code , 'XXXXX' ) !=0) {
header("Location: http://www.domain.com/anotherpage.php");
} else {
if (preg_match("/site1.com/",$referrer)) {
header('Location: http://www.domain.com/desiredpage.php');
}
}
?>
this still bounces me back to "anotherpage.php" any ideas?
********EDIT*******
thx for the help, it works ad I requested. Now I see what I asked wasn't entirely correct. This appends the URL with =sessionid?=XXXXX. This isn't an issue on my site because I'm loading the content with .jquery .load so the URL doesn't change. I don't want the sessionid to be visible, and now it is. Can I either a) "trim" the url somehow or b) separate the two functions so they are exclusive?
if(strcmp( $code , 'XXXXX' ) !=0) {
if (preg_match("/site1.com/",$referrer)) {
header('Location: http://www.domain.com/desiredpage.php');
} else {
header("Location: http://www.domain.com/anotherpage.php");
}
}
As I read your post, you want anyone from the preg_match to get the desired page regardless of sessionID status, so you don't want to test sessionID first.
Start the if block with the preg_match test.
Your first if is checking to see if they don't have the $code and redirecting them. This will always be the case. You should probably check the $referrer first and then do the $code check.
Try reverse if with else
<?php
$code = $_GET['sessionid'];
$referrer = $_SERVER['HTTP_REFERER'];
if (preg_match("/site1.com/", $referrer)) {
header('Location: http://www.domain.com/desiredpage.php');
} else if (strcmp( $code , 'XXXXX' ) != 0) {
header("Location: http://www.domain.com/anotherpage.php");
}
?>
If I'm not misunderstanding this, the problem is in the order in which you are checking things.
If you want to allow some referrers to access the site even if they don't have the session id, you have to check for that before checking for the session id. Otherwise, they will end up being treated just like everyone else.
You can either switch the order of the conditions (first check for the referrer and then check fo the session id) or check for the referrer inside the branch in which you already know the session id is not valid.
The issue could be in your regex, it should be:
if (preg_match("/site1\.com/",$referrer))
notice escaping the dot (.)