I'm experiencing a strange issue with the PHP session. I can store values and everything until the end of the request. As soon as a new request is created, a new session file is created with a new session and data loss of the previous session as a result.
I have installed both php and apache manually on a Windows 7 machine. The session.save_path setting is set to null, but the files are being written to: C:\Windows\Temp. The session files are present there and have the actual values in them so I don't think that this is a permission issue.
Note that session_start() is being called at the very start of the php file that handles the request. This is not a code issue as I have used dummy code to verify the behavior on a different machine with a xampp server. There everything works fine.
I accidentally deleted a file that I have been working on for the last 2 days using the unlink() function. I was using the unlink function to delete other files but the name of the other files was similar to the file I was working on so it got deleted.
Also the same page that just got delete is still open in my browser and functioning normally. I am thinking it must be open or saved in a temp file somewhere by my Apache, could this be true? or am I dreaming?
I have tried recovery tools but I have given up on them as I am a new Ubuntu user and don't want to spend too much time fiddling around with things I don't know anything about.
Also the same page that just got delete is still open in my browser and functioning normally. I am thinking it must be open or saved in a temp file somewhere by my Apache, could this be true?
No.
Apache executes the PHP program, sends the output of it to the client, then stops. It doesn't keep the program running after the page has been delivered.
So this has been asked a few times before, and my problem seems to be of a little different character.
Two domains:
x.y.com
z.y.com
I want to share sessions, so I do this on both sites:
session_name("shared");
session_set_cookie_params(0, '/', '.hojio.com'); <--- i have experiemented with many versions of this, nothing seems to change much
session_save_path("XX");
session_start();
When I do a print_r($_COOKIE) it gives me:
[shared] => gpppai72ukd0fnoesca08g5vk4
(on both sites)
So it has the same session_id across sites. But when i put a variable on one site, the other site will, on load, remove it from the session file.
Why is the information not kept, when it obviously looks into the same session file on the server?
I tried replicating on a windows localhost - and it works perfectly fine, apache on ubuntu. Not.
Soren
I need to connect to a mysql database using PHP. I am storing my login, user, password, and other info in a separate php file (let's say "mysql_connect.php") and then accessing it via require_once (mysql_connect.php) in a different file.
I have done a bit of googling and I know that I am supposed to keep "mysql_connect.php" out of the web root. I have moved it outside of the html folder and tried calling to it by using "../../mysql_connect.php" This is not working, it gives me an error "function not found" or something like that. Upon googling that, the internet says that its because it can't locate the file i'm referencing. When I move mysql_connect.php into a folder below root, everything works fine. The issue is because it is moved outside of the web root (i think).
I have been googling for two days now and cannot find a detailed explanation on how to get this to work. Something about changing the .htaccess file? I've read a bunch of articles on the theory but I am really looking for a step-by-step tutorial (I am a beginner). The only step-by-step tutorials I can find just tell you to put the config.php file into the same folder which is not secure.
Also in reading, it says that putting mysql_connect.php above root might not be THE most secure way to store the information as it is still basically just a .txt file and it can be retrieved easily(like downloading it). I am looking for a balance between secure and also do-able (for a beginner like myself). The mysql database I am trying to protect will not have any personal information and I plan on using a dedicated server (with no other information on it).
Can any one help me to solve this issue?
it gives me an error "function not found" or something like that.
This.
Is your main problem.
You either didn't bother to read this error message yourself nor didn't bring it here to help us to help you.
While
there is no problem in having this file below document_root,
and there is no problem in having this file above document root either,
the only problem you have is to assign a correct filename.
And the error message you got could help you more than 1000 volunteers from this site.
Despite of that, you can use PHP predefined variable to make this path work from whatever part of your site. Aassuming the file is one level above the document root, the code would be
require($_SERVER['DOCUMENT_ROOT']."/../mysql_connect.php");
however, this one may produce an error too, as nobody knows a real file locations. Thus, you may read the error message and corect the paths. Or post it here and get an interpretation
You can store the database information inside your web server configuration.
If you run Apache you can use SetEnv inside the VirtualHost. Since you're still on a shared host, your server admin probably need to help you with this. You can read more about this approach here.
... tried calling to it by using "../../mysql_connect.php" This is not working, it gives me an error "function not found" or something like that.
Include the connection details with:
require_once("../../mysql_connect.php");
This assumes that the file mysql_connect.php is two levels up from the currently executing script.
The database connection details will always be able to be read by whomever has administrative access to the server. It is not feasible to encrypt the file, because you would still need to store whatever key or password needed to decrypt it on the server as well, which would still not hide it from the server administrators.
Besides moving out of the web-root (which is a good step forward) an approach I've seen used is:
// at the top of your index or bootstrap file
define('SECURED', true);
And:
// at the top of any file subsequently included, such as mysql_connect.php
if(!defined('SECURED'))
{
exit();
}
This will at least prevent the file(s) from being accessed (executed) directly. This is helpful is the to-be-included files would otherwise issue a warning or error, that could potentially dump sensitive data as output.
If you're in a shared hosting environment you won't be allowed access outside of document root (most likely). You will need the password therefore it won't be completely secure. Instead, you can look into creating seperate mysql users with priviledges and limiting connections to to local accesses only.
i know i'm new, but something as simple as form for your login should be checked in order for it to work.
<form action="insertphpfilepath.php" method="POST">
and then in "insertphpfilepath.php", would have the mysql_query to check the login and password, not forgetting the mysql_query for connecting to the database and table using the right username and password .
a newbie recommendation to you for use mysql_real_escape_string for any $_POST['login'] so that it would become $login=mysql_real_escape_string($_POST['login']); for evading mysql injection.
I have a script named INDEX.php that runs from root directory //htdocs because that script needs to use $SESSION variables and other things in sub folder.
Now If I try to debug using eclipse, it asks me new work space, even if i put new work space under htdocs. still the settings inside script are lost.
How to resolve this? How to set dev env in eclipse so that it treats as if code is run from htdocs?
This is a poorly asked question. What do you mean "script needs to use $SESSION variables and other things in sub folder"? If you're referring to $_SESSION, it has nothing to do with folders.
If you're saying that values within $_SESSION are not staying there from one execution to the next, then you need to make sure that cookies are enabled, and that whatever browser/environment you are using to view the page supports cookies.
The cookie holds the ID that identifies the session that allows PHP to find the session data. You can also pass the ID from one URL to another, but that probably won't work in your case.