Something may be wrong with my logic or the hosting server because when I tried it locally it works flawlessly!! however, when I upload it always execute the second statement no matter what the value of applicant_email_activated is??
It is driving me crazy please help!
<?php
// Santize the provided inputs
$applicant_email = filter_var(stripAndCleanHTML($_GET['applicant_email']), FILTER_SANITIZE_EMAIL); # santize the email
$applicant_token = stripAndCleanHTML($_GET['applicant_token']); # santize the token
/**************** Find the applicant that has the same email *******************/
$database_connection = Database::database_connect();
$find_email_query = $database_connection->prepare('SELECT * FROM applicants WHERE applicant_email = :applicant_email && applicant_token = :applicant_token LIMIT 1');
$find_email_query->execute(['applicant_email' => $applicant_email, 'applicant_token' => $applicant_token]);
if ($find_email_query->errorCode() > 0) {
if (DEBUG === true) {
echo 'There was an issue in searching for the email Big Boss: <br>';
print_r($find_email_query->errorInfo());
die();
} else {
header('location:../404.shtml', true, 404);
die();
}
}
$applicants = $find_email_query->fetchAll();
foreach ($applicants as $applicant) {
$applicant_username = (string) stripAndCleanHTML($applicant['applicant_username']);
$applicant_password = (string) stripAndCleanHTML($applicant['applicant_password']);
$applicant_name = (string) stripAndCleanHTML($applicant['applicant_name']);
$applicant_phone = (string) stripAndCleanHTML($applicant['applicant_phone']);
$applicant_birthdate = (string) stripAndCleanHTML($applicant['applicant_birthdate']);
$applicant_city = (string) stripAndCleanHTML($applicant['applicant_city']);
$applicant_country = (string) stripAndCleanHTML($applicant['applicant_country']);
$applicant_major = (string) stripAndCleanHTML($applicant['applicant_major']);
$applicant_major_type = (string) stripAndCleanHTML($applicant['applicant_major_type']);
$applicant_exp_years = (string) stripAndCleanHTML($applicant['applicant_exp_years']);
$applicant_cv = (string) stripAndCleanHTML($applicant['applicant_cv']);
$applicant_email_activated = (int) stripAndCleanHTML($applicant['applicant_email_activated']);
}
if ($applicant_email_activated === 1) {
include '../../includes/job_app/email_has_been_activated.inc.php';
} elseif ($applicant_email_activated === 0) {
include '../../includes/job_app/email_confirmed.php';
}
?>
this is the function I used to clean the value:
function stripAndCleanHTML($to_clean)
{
return htmlspecialchars(strip_tags(stripslashes(trim($to_clean))));
}
and this is the Database class:
class Database
{
private const DB_HOST = 'domain.com';
private const DB_NAME = 'ats';
private const DB_CHARSET = 'utf8';
private const DB_USER = 'public_user';
private const DB_PASS = '1F#kaH$!q5r2as';
public static function database_connect()
{
try {
// setting DSN (Data Source Name)
$dsn = 'mysql:host=' . Database::DB_HOST . ';' . 'dbname=' . Database::DB_NAME . ';' . 'charset=' . Database::DB_CHARSET;
// creating a PDO (PHP Data Object) instance
$pdo = new PDO($dsn, Database::DB_USER, Database::DB_PASS);
$pdo->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC);
return $pdo;
} catch (Exception $e) {
if (DEBUG === true) {
echo $e->getMessage().'<br>';
die();
} else {
die();
}
}
return $db_info;
}
}
It did work after I removed the (int) and put the compersion numbers into single quotes!! crazy right!!?
I guess the server on the hosting company handles PHP in a peculiar manner!! or maybe I have pumped up the app with a lot of stripping non-sense as some of you would agree, nonetheless, I have done it and I could go home and sleep knowing my baby app is safe and sound!
A huge thank you for the tips and mentoring, have a good day! and do not forget to be awesome.
Related
I'm looking for option to make install.php where user puts all needed data e.g. db host, db username, db pwd etc. Script must put it to php class called config.
public function __construct(){
$this->site_address = '';
$this->db_prefix = '';
$this->site_desc = '';
$this->site_title = '';
$this->hash = '';
$this->sidebar = false;
$this->db_host = '';
$this->db_name = '';
$this->db_pass = '';
$this->db_user = '';
$this->db_port = 3306;
$this->folder = NULL;
$this->mailserver = '';
$this->mailport = '';
$this->mailuser = '';
$this->mailpassword ='';
}
How to put data from form on install.php page to this class constructor?
I was thinking about getting content->find $this->db_host = and replace '' for '.$_POST['db_host'].' from form and then put content to file and save, but I don't know how exactly do that. Please help.
Simply add variable to your __construct()
public function __construct($site_address='',$db_prefix='',$site_desc='',$site_title='',$hash='',$sidebar=false){
$this->site_address = $site_address;
$this->db_prefix = $db_prefix;
$this->site_desc = $site_desc;
$this->site_title = $site_title;
$this->hash = $hash;
$this->sidebar = $sidebar;
// And so on
}
Then from your form you do a new yourAwesomeClassName('http://hello','$_POST['db_prefix']',...)
Don't forget few things:
Never trust user input
Sanitize/check all your data/inputed format before using them
Don't save passwords in plain text, at least hash them, better would be using a salt in addition to that of course.
Update according to comment
(The following may not be a good practice but I'm open to suggestions as this is part of my current work)
If you need to save your data I suggest you to have a generic file for example ...
Generic file
Source
class Database
{
/**
* Database host
* #var string Default: 'your-database-host'
*/
const DB_HOST = 'your-database-host';
/**
* Database name
* #var string Default: 'your-database-name'
*/
const DB_NAME = 'your-database-name';
// And so on
}
Then you need a function that writes your data
Write default data
Source
public static function writeDatabaseConfig($data)
{
if (is_array($data)) {
$root = static::getRoot();
$databaseFile = $root . 'App' . DIRECTORY_SEPARATOR . 'Config' . DIRECTORY_SEPARATOR . 'Database.php';
$currentFile = file_get_contents($databaseFile);
if (strpos($currentFile, 'your') !== false) {
$oldToNew = array(
'host' => 'your-database-host',
'name' => 'your-database-name',
);
foreach ($oldToNew as $key => $value) {
if (isset($data[$key])) {
$currentFile = str_replace($value, $data[$key], $currentFile);
}
}
if (file_put_contents($databaseFile, $currentFile)) {
return true;
}
return false;
}
return false;
}
return false;
}
At the end in your __construct() you only need to call writeDatabaseConfig() to write your data. Once done you can get your information by calling ConfigClass::DB_HOST for example ...
This is my code
class WcfClient {
public $wcfClient = null;
public $user = null;
public function __construct(){
if(isset($_SESSION['APIClient']) && $_SESSION['APIClient'] != null){
$this->wcfClient = $_SESSION['APIClient'];
}
}
public function __destruct(){
}
// Authanticate
private function Authenticate(){
global $_sogh_soapUrl, $_isDebug, $_sogh_header;
$wcargs = array();
$consumerAuthTicket = null;
if($this->wcfClient == null){
$args = array(
'clubname'=>'Wellness Institute at Seven Oaks',
'consumerName'=>'api',
'consumerPassword'=>'api'
);
try{
$wcargs = array(
'soap_version'=>SOAP_1_2
);
if($_isDebug){
$wcargs = array(
'soap_version'=>SOAP_1_2,
'proxy_host'=>"192.168.0.1",
'proxy_port'=>8080
);
}
// Connect to the API with soapclient
$soapAPIClient = new SoapClient($_sogh_soapUrl, $wcargs);
$response = $soapAPIClient->AuthenticateClubConsumer($args);
if(isset($response->AuthenticateClubConsumerResult)){
if(isset($response->AuthenticateClubConsumerResult->IsException) && $response->AuthenticateClubConsumerResult->IsException == true){
// some error occur
$this->wcfClient = null;
$_SESSION['APIClient'] = $this->wcfClient;
} else{
// set consumer ticket
$consumerAuthTicket = $response->AuthenticateClubConsumerResult->Value->AuthTicket;
// $loginData = $responseCode->ReturnValueOfConsumerLoginData;
$headers = array();
$headers[] = new SoapHeader($_sogh_header, "ConsumerAuthTicket", $consumerAuthTicket);
$soapAPIClient->__setSoapHeaders($headers);
// add to session
$this->wcfClient = $soapAPIClient;
$_SESSION['APIClient'] = $this->wcfClient;
}
}
} catch(SoapFault $fault){
$this->error('Fault: ' . $fault->faultcode . ' - ' . $fault->faultstring);
} catch(Exception $e){
$this->error('Error: ' . $e->getMessage());
}
}
return $this->wcfClient;
}
I store the soap client object in $_SESSION['APIClient'], but second times when run some data has been changed in session, I am use this class in drupal 7, I want to save the time using session, because authenticating takes long time.
Please help
Thank in advance
I'm trying to figure out why the code below won't persist my $_SESSION['objSession'] object across pages unless i keep the serialize/unserialize in place below. I get tired of manually serializing/unserializing to make object changes in the session and people keep saying i shouldn't have to do it but i do see other complaints about session objects not persisting without it on the web including here on stack... PHP 5.3 Apache 2.2 Windows 2008.
<?php require_once("/php/php_clsSession.php");?>
<?php session_start(); ?>
<?php
// Session Object Create/Log
$objSession = new clsSession;
if ( !(isset($_SESSION['objSession']) )) {
// This line will populate some properties in the obj
// like Session_ID and Create_dt
$objSession->CreateSession(session_id(),$_SERVER);
}
else {
// this code will only run if the session is already
// set
$objSession = unserialize($_SESSION['objSession']);
$objSession->UpdateSession(session_id(),$_SERVER);
}
// Update Session Object
$_SESSION['objSession'] = serialize($objSession);
unset($objSession);
?>
---- clsSession Below this line... you can ignore the db include as the code has the same problem without using the db functionality and i have the db function temporarily commented anyhow....
<?php
// -----------------------------------------------------------------
// Program Type: Class
// Program Name: clsSession
// Program Date: 01/08/2012 Programmer: Tim Wiley
// Description: Standard class for session creation/update
// -----------------------------------------------------------------
class clsSession {
// Properties
public $Session_Id = null;
public $Creation_Dt = null;
public $Action_Dt = null;
public $Session_IP_Address = null;
public $Browser_Type = null;
public $Display_Resolution = null;
public $Is_Https_Ind = null;
public $Is_Logged_In_Ind = 0;
public $User_Key = null;
public $User_Id = null;
public $Email_Address = null;
public $Request_Method = null;
public $Page_Requested = null;
public $Page_Request_Params = null;
public $Page_Action = null;
public $Login_Attempts = 0;
public $Max_Login_Attempts = 3;
private function UpdateSessionClassData (&$xSessionId = null, &$xSessionObj = null, &$xPageAction = "N/A" ) {
$this->Session_Id = &$xSessionId;
$this->Action_Dt = date( 'Y-m-d H:i:s', time( ));
$this->Session_IP_Address = substr(trim(&$xSessionObj['REMOTE_ADDR']),0,24);
$this->Browser_Type = substr(trim(&$xSessionObj['HTTP_USER_AGENT']),0,140);
$this->Request_Method = substr(trim(&$xSessionObj['REQUEST_METHOD']),0,24);
$this->Page_Requested = substr(trim(&$xSessionObj['SCRIPT_NAME']),0,140);
$this->Page_Request_Params = substr(trim(&$xSessionObj['QUERY_STRING']),0,140);
$this->Is_Https_Ind = &$xSessionObj['SERVER_PORT'] == 443 ? 1 : 0;
if (is_null($this->Display_Resolution)) {
require_once('/javascript/js_SaveScreenResolutionInCookie.js');
$this->Display_Resolution = !( IS_NULL( $_COOKIE['users_resolution'] )) ? substr(trim($_COOKIE['users_resolution']),0,16) : "N/A";
}
$this->Page_Action = substr(trim(&$xPageAction),0,32);
}
// Initialize Session objSession for $_SESSION
public function CreateSession($xSessionId = null, &$xSessionObj = null ) {
$this->Creation_Dt = date( 'Y-m-d H:i:s', time( ));
$this->UpdateSessionClassData(&$xSessionId, &$xSessionObj);
// $this->WriteSessionToDb();
}
// Update Session objSession for $_SESSION
public function UpdateSession($xSessionId = null, &$xSessionObj = null, $xPageAction = "N/A" ) {
$this->UpdateSessionClassData(&$xSessionId, &$xSessionObj, &$xPageAction);
// $this->WriteSessionActivityToDb();
}
// Writes the session data to database
public function WriteSessionToDb($xUserType = "Web") {
$objConnect = new clsDb;
$objDb = $objConnect->GetDbConnection($xUserType);
//$objDb = $this->GetDbConnection($xUserType);
$_InsertSQL = new PDOStatement;
$_InsertSQL = $objDb->prepare("INSERT INTO T_SESSION_STATS(" .
"F_ACTION_DT, F_SESSION_ID, F_SESSION_IP_ADDRESS, F_BROWSER_TYPE," .
"F_DISPLAY_RESOLUTION, F_PAGE_REQUESTED, F_PAGE_REQUEST_PARAMS," .
"F_REQUEST_METHOD, F_IS_HTTPS_IND, F_IS_LOGGED_IN_IND, F_USER_KEY)" .
"Values (?,?,?,?,?,?,?,?,?,?,?)");
$_InsertSQL->bindParam(1, $this->Action_Dt );
$_InsertSQL->bindParam(2, $this->Session_Id );
$_InsertSQL->bindParam(3, $this->Session_IP_Address );
$_InsertSQL->bindParam(4, $this->Browser_Type );
$_InsertSQL->bindParam(5, $this->Display_Resolution );
$_InsertSQL->bindParam(6, $this->Page_Requested );
$_InsertSQL->bindParam(7, $this->Page_Request_Params );
$_InsertSQL->bindParam(8, $this->Request_Method );
$_InsertSQL->bindParam(9, $this->Is_Https_Ind );
$_InsertSQL->bindParam(10, $this->Is_Logged_In_Ind );
$_InsertSQL->bindParam(11, $this->User_Key );
try {
$objDb->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$objDb->beginTransaction();
$_InsertSQL->execute();
$objDb->commit();
unset($objDb);
} catch (Exception $e) {
$objDb->rollBack();
echo "Failed: " . $e->getMessage();
unset($objDb);
unset($objConnect);
}
}
// Writes the session data to database
public function WriteSessionActivityToDb($xUserType = "Web",$xPageAction = "N/A") {
$objConnect = new clsDb;
$objDb = $objConnect->GetDbConnection($xUserType);
//$objDb = $this->GetDbConnection($xUserType);
$_InsertSQL = new PDOStatement;
$_InsertSQL = $objDb->prepare("INSERT INTO T_SESSION_ACTIVITIES(" .
"F_ACTION_DT, F_SESSION_ID, F_SESSION_IP_ADDRESS, " .
"F_PAGE_REQUESTED, F_PAGE_REQUEST_PARAMS," .
"F_REQUEST_METHOD, F_PAGE_ACTION, F_IS_HTTPS_IND, F_IS_LOGGED_IN_IND, F_USER_KEY)" .
"Values (?,?,?,?,?,?,?,?,?,?)");
$_InsertSQL->bindParam(1, $this->Action_Dt );
$_InsertSQL->bindParam(2, $this->Session_Id );
$_InsertSQL->bindParam(3, $this->Session_IP_Address );
$_InsertSQL->bindParam(4, $this->Page_Requested );
$_InsertSQL->bindParam(5, $this->Page_Request_Params );
$_InsertSQL->bindParam(6, $this->Request_Method );
$_InsertSQL->bindParam(7, substr(trim($xPageAction),0,32));
$_InsertSQL->bindParam(8, $this->Is_Https_Ind );
$_InsertSQL->bindParam(9, $this->Is_Logged_In_Ind );
$_InsertSQL->bindParam(10, $this->User_Key );
try {
$objDb->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$objDb->beginTransaction();
$_InsertSQL->execute();
$objDb->commit();
unset($objDb);
unset($objConnect);
} catch (Exception $e) {
$objDb->rollBack();
unset($objDb);
echo "Failed: " . $e->getMessage();
}
}
}
?>
The issue seems to be in your clsSession class. This is using &. Since the session object is serialized these references aren't stored correctly. Try removing these (i.e. change UpdateSessionClassData and UpdateSession to remove the & from parameters) and see if this sorts the issue.
to start, put session_start(); before require_once and add var_dump($_SESSION) for debug.
could you please help me to find what cause this process to reach 500MB of memory usage.
It is basically an html page downloader.
Despite the fact that the process is stable (and do not exceed that limit), it' meant to use on low performing machine and I'm not satisfied.
The size of the mysql table 'Sites' is 170MB.
following the script code.
Thanks in advance.
function start() {
try {
global $log;
$db = getConnection();
Zend_Db_Table::setDefaultAdapter($db);
$log->logInfo("logger start");
while (1) {
$sitesTable = new Zend_Db_Table('Sites');
$rowset = $sitesTable->fetchAll();
foreach ($rowset as $row) {
if (time() >= (strtotime($row->lastUpdate) + $row->pollingHours * 60 * 60)) {
db_updateHtml($row);
}
}
}
} catch (Exception $e) {
global $log;
$log->logError($e->getMessage());
}
}
function db_updateHtml($siteRecord) {
try {
if ($siteRecord instanceof Zend_Db_Table_Row) {
$rowwithConnection = $siteRecord;
$url = $siteRecord->url;
$idSite = $siteRecord->idSite;
$crawler = new Crawler();
$sitesTable = new Zend_Db_Table('Sites');
//$rowwithConnection = $sitesTable->fetchRow(
// $sitesTable->select()->where('idSite = ?', $idSite));
$newHtml = HtmlDbEncode($crawler->get_web_page($url));
if (strlen($newHtml) < 10) {
global $log;
$log->logError("Download failed for: url: $url \t idsite: $idSite ");
}
if ($rowwithConnection->isChecked != 0) {
$rowwithConnection->oldHtml = $rowwithConnection->newHtml;
$rowwithConnection->isChecked = 0;
}
$rowwithConnection->newHtml = $crawler->get_web_page($url);
$rowwithConnection->lastUpdate = date("Y-m-d H:i:s");
//$rowwithConnection->diffHtml = getDiff($rowwithConnection->oldHtml, $rowwithConnection->newHtml, false, $rowwithConnection->minLengthChange);
$rowwithConnection->diffHtml = getDiffFromRecord($rowwithConnection, false, $rowwithConnection->minLengthChange);
/* if (strlen($rowwithConnection->diffHtml) > 30) {
$rowwithConnection->lastChanged = $rowwithConnection->lastUpdate;
} */
$rowwithConnection->save();
} else {
$log->logCrit("siteRecord is uninitialized");
}
} catch (Exception $e) {
global $log;
$log->logError($e->getMessage());
}
}
function getDiffFromRecord($row, $force = false, $minLengthChange = 100) {
if ($row instanceof Zend_Db_Table_Row) {
require_once '/var/www/diff/library/finediff.php';
include_once '/var/www/diff/library/Text/Diff.php';
$diff = new AndreaDiff();
$differences = $diff->getDiff($row->oldHtml, $row->newHtml);
if ($diff->isChanged($minLengthChange) || $force) {
$row->lastChanged = $row->lastUpdate;
$row->isChecked = false;
return ($differences);
}
}
return null;
}
function getConnection() {
try {
$pdoParams = array(
PDO::MYSQL_ATTR_USE_BUFFERED_QUERY => true
);
$db = new Zend_Db_Adapter_Pdo_Mysql(array(
'host' => '127.0.0.1',
'username' => 'root',
'password' => 'administrator',
'dbname' => 'diff',
'driver_options' => $pdoParams
));
return $db;
} catch (Exception $e) {
global $log;
$log->logError($e->getMessage());
}
}
1) Try use fetch method, not fetchAll:
foreach($sitesTable->fetch() as $row){
//...
}
2) try to unset all variables which store html code (if you save it in memory), at last iteration i suppose variable $rowwithConnection will have html code inside.
When i want profile php application i use xhprof it will save you a LOT of time. Good Luck!
Im currently creating my own forum for my website and i have read plenty of topics on cookie/session authentication and i think im aware of the attacks etc that exists. I get that its not 100% secure but im trying to do it as safe as possible.
Im currently storing IP in the cookie and im aware that some might have problems with that but im going to change to check the first 2 blocks of the IP instead. I dont think its going to be a problem since 95% of the people in Sweden got broadband which rarely changes IP.
Something that im really insecure about is the session_start which i do need later for forms etc what is the best practice to implement it? im pretty sure that im doing that thing pretty much wrong.
Any inputs is much appreciated!
Class
class user2
{
private $db = null;
private $cookie_salt = '!!PLonSIMDSAM35324dfg5DAUSHODNASDJ353NMASDSA&%&A/SD&HASNJDdfghAS&DGIHYAUSDNA3535SDFASDF%A3532dfgsdfggsdg53532535SDGIASYDU';
var $user_ip = false;
var $user_id = false;
var $user_username = false;
var $cookie_identifier = false;
var $user_logged_in = false;
function __construct()
{
global $mysql_server;
global $mysql_user;
global $mysql_password;
global $mysql_database_name;
$this->db = new database($mysql_server, $mysql_user, $mysql_password, $mysql_database_name, true);
$this->checkUserAuthentication();
}
public function Login($input_username, $input_user_password)
{
// If empty parameters return false
if (empty($input_username) || empty($input_user_password))
{
return false;
}
$user_login = $this->db->q("SELECT user_id, username FROM `forum_user` WHERE username = ? AND password = ? LIMIT 1", 'ss' , $input_username, $input_user_password);
if ($user_login != false)
{
$this->user_ip = $_SERVER['REMOTE_ADDR'];
$this->user_id = $user_login[0]['user_id'];
$this->user_username = $user_login[0]['username'];
if($this->initiateSessionCookie() == true)
{
$this->user_logged_in = true;
return true;
}
else
{
return false;
}
}
else
{
return false;
}
}
private function initiateSessionCookie()
{
// Delete old sessions from this user or USE REPLACE instead
$this->db->q("DELETE FROM `forum_session` WHERE userid = ?", 'i' , $this->user_id);
$identifier = md5($this->cookie_salt . md5($this->user_username . $this->user_ip) . $this->cookie_salt);
$token = md5($this->generateToken());
$timeout = time() + 60 * 60 * 24 * 7; // 7 days
$timeout_minutes = 10080; // 7 days
$init_session = $this->db->q("INSERT INTO forum_session SET session = ?
, token = ?
, userid = ?
, sess_start = now()
, last_activity = now()
, sess_expire = DATE_ADD(curdate(),INTERVAL ? MINUTE)
, ip = ?", 'ssiis' , $identifier, $token, $this->user_id, $timeout_minutes, $this->user_ip);
if($init_session != false) {
setcookie('auth', "$identifier:$token", $timeout);
return true;
}
else {
return false;
}
}
private function generateToken()
{
$chars = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXTZabcdefghiklmnopqrstuvwxyz!#&";
for($i = 1; $i <= 20; $i++)
{
$rand_number = rand(0, 59);
$random_string .= $chars[$rand_number];
}
return $random_string;
}
private function checkUserAuthentication()
{
$this->user_logged_in = false;
list($_cookie_identifier, $_cookie_token) = explode(':', $_COOKIE['auth']);
if(ctype_alnum($_cookie_identifier) && ctype_alnum($_cookie_token))
{
$_cookie_data['identifier'] = $_cookie_identifier;
$_cookie_data['token'] = $_cookie_token;
}
else
{
return false;
}
$auth_user = $this->db->q("SELECT *
FROM forum_session a
LEFT JOIN
forum_user b ON a.userid = b.user_id
WHERE
a.session = ? AND
a.token = ?
LIMIT 1", 'ss' , $_cookie_data['identifier'], $_cookie_data['token']);
if($auth_user != false)
{
if(time() > strtotime($auth_user[0]['sess_expire']))
{
return false;
}
if($_cookie_data['identifier'] == md5($this->cookie_salt . md5($auth_user[0]['username'] . $_SERVER['REMOTE_ADDR']) . $this->cookie_salt))
{
$this->user_logged_in = true;
$this->user_id = $auth_user[0]['user_id'];
$this->user_username = $auth_user[0]['username'];
$this->user_ip = $_SERVER['REMOTE_ADDR'];
return true;
// TODO list
// Renew token every 5 min?
// Renew cookie expire date
// Renew session expire date
}
else
{
return false;
}
}
else
{
return false;
}
}
public function isUserLoggedIn()
{
return $this->user_logged_in;
}
}
The session handler which i include in all pages on the forum.
require_once('classes/user2.class.php');
$user = new User2();
session_start();
Why not start with session_start() in the controller(?).
If not needed always, I'd use a method in the controller so you avoid double session_start:
class controller {
$sStarted = false;
function sStart() {
if (!$this->sStarted) {
session_start();
$this->sStarted = true;
}
regards
/t