I have assigned my variable $_SESSION['Username'] with a value from a form $_POST['Username']. This displays fine on the validation page where the system checks it against the database.
(EDIT: I have checked the validation page, and calling displays the correct value as it should)
I then html redirect using
<meta http-equiv='refresh' content='3; url=".$_GET['Last']."' />
this takes the user back to the page they were on before login,if the details were correct. If not, error message is displayed. This works okay.
However, on the page that the user is redirected to, if i try to
<?php echo $_SESSION['Username']; ?>
No value is displayed, even though it was set on the previous page.
How can I keep the value in SESSION['Username']?
Thanks.
Make sure you're using session_start() to begin a session.
Related
The home page on my website has a form with two fields: Make of the Car (carmake) and Car Model (carmodel). Upon submit, it takes the user to the 2nd page that displays information about the specific make and model that the user has input on the homepage.
I am using post-method to pass the variables to the 2nd page, where I start a new session with the two variables:
<?php
session_start();
$_SESSION['carmake']=$_POST['carmake'];
$_SESSION['carmodel']=$_POST['carmodel'];
?>
This works fine. On this 2nd page, I have a link for a 3rd page that uses the same two session variables. So on the 3rd page, I start the page with the session function and the session variables are available for use. No problem so far.
There are 2 problems I am experiencing from this point onwards:
Problem 1: I have a button on the 3rd page that links back to the 2nd page. When I use this button to go back to the 2rd page, the 2nd page does not echo the session variables. However, if I use the browser 'back' button to go back to the 2nd page, I am asked to "confirm resubmission" which I do and then 2nd page correctly echoes the session variables.
My question 1: How can I design the navigation to previously visited pages without losing the session variables?
Question 2: Is there a way to avoid having to "confirm resubmission" (when using the browser back button) on a previously visited page that uses session variables?
(I am a newbie here and apologize in advance for the long post for what may be a very simple question.)
Question 1 solution:
Change your code
<?php
session_start();
$_SESSION['carmake']=$_POST['carmake'];
$_SESSION['carmodel']=$_POST['carmodel'];
To
<?php
session_start();
if(isset($_POST['carmake']))
$_SESSION['carmake']=$_POST['carmake'];
if(isset($_POST['carmodel']))
$_SESSION['carmodel']=$_POST['carmodel'];
It will set session value only if form is submit (which is submit from Form1), so when you click back button, it will not set blank values and will keep last session value remains)
Question 2 solution:
<?php
session_start();
if(isset($_POST['carmake']))
$_SESSION['carmake']=$_POST['carmake'];
if(isset($_POST['carmodel']))
$_SESSION['carmodel']=$_POST['carmodel'];
if(isset($_POST['carmake']) || isset($_POST['carmodel'])){
# Redirect on same page when submitting the form
# will not ask for form submission when click back on browser page
header("Location: page2.php")
exit;
}
Problem 1: Unless you are checking to see if $_POST has values before you assign them, the sessions will get empty values. Turn on a higher error log level and display errors and you should see a notice about an undefined variable. Also, it works when you confirm submission because you are re-POSTing the data to the second page.
Question 1: Check that the POST variables are not empty() before assigning them.
Question 2: Not that I am aware of, you are going back to a page that your browser previously POSTed to and it wants to know if you want to again (to get the "same" results as before)
UPDATE: Also, you should post more code.
I know I am late here, but just thought to share my solution. I hope this helps someone.
Question 1 : Solution
Store the value in session only if form is submitted.
<?php
session_start();
if(isset($_POST['carmake'])) $_SESSION['carmake'] = $_POST['carmake'];
if(isset($_POST['carmodel'])) $_SESSION['carmodel'] = $_POST['carmodel'];
/* Rest of the code goes here */
Question 2 : Solution (easy alternative)
Cache control and Session cache limiter prevents form resubmission when using browser back button.
<?php
session_start();
header("Cache-Control: no cache");
session_cache_limiter("private_no_expire");
/* Rest of the code goes here */
~ Full code ~
<?php
session_start();
header("Cache-Control: no cache");
session_cache_limiter("private_no_expire");
if(isset($_POST['carmake'])) $_SESSION['carmake']=$_POST['carmake'];
if(isset($_POST['carmodel'])) $_SESSION['carmodel']=$_POST['carmodel'];
/* Rest of the code goes here */
i have a html login form on my site that submits to login.php.
within login.php is a header redirect with a session message which echo's out onto the next page home.php.
what i am trying to do is make it so that this message only runs once and doesnt show again until the user logs in again. at the moment what is happening is the message is showing on each page refresh.
can someone please show me what i can do to sort this, thanks.
code in login.php:
<?php
if (logged_in())
{
$_SESSION['login_message']="<div class=\"login-overlay\">
<h1>Login You In Securely</h1>
</div>";
header("Location:home.php");
}
?>
code in home.php:
<?php session_start();
if(isset($_SESSION['login_message'] ))
echo $_SESSION['login_message'];
unset($_SESSION['loginframe2']) ;
?>
Simply unset the login message once it has been displayed.
if(isset($_SESSION['login_message'] )) {
echo $_SESSION['login_message'];
unset($_SESSION['login_message']);
}
Now if a user has seen the message, it won't be in the session anymore. And once he logs in again, login.php will set the variable again.
Just use and track a variable like $_SESSION['message_displayed']. Set it to true when you first display the message, and only display it if !array_key_exists('message_displayed', $_SESSION)
I have a simple controller which shows confirmations to be approved.When the users press register button confirmation page is shown.
But when users enter url as ..../confirmation without registering , the page is shown. I dont want it to be shown without registering.
in asp.net mvc4 this can be done with ChildActionOnly anotation.
Is it possible?
First make sure you have the session started:
<?php session_start(); ?>
OK, this seems to be quite simple - after registration, and before you redirect a user to the confirmation page, do something like this (this is pseudo-code naturally). Let's say the $user->registered() returns TRUE/FALSE as a result of registration, and $user->hasConfirmedRegistration() returns TRUE/FALSE as a result of reistration confirmation. So you should do something like:
//this should be in your registration controller/function, i.e. /users/register
if ($user->registered()) {
$_SESSION['showConfirmation'] = TRUE;
}
Then you should put this in the beggining of your function, to prevent showing your confirmation page to non-registered users.
//This should be in your confirmation controller/function,
//i.e. /users/confirm_registration:
//if user has not registered, do not show the page
if (! $_SESSION['showConfirmation']) {
header('Location: /'); // redirect to main page
return;
}
// -- enter code that handles storing confirmation, handling $_GET/$_POST etc. --
//then unset session variable, which is no longer needed
if ($user->hasConfirmedRegistration()) {
unset($_SESSION['showConfirmation']);
}
I dont fully understand what you're trying to achieve without seeing your code. But it sounds like you dont want someone to beable to access a specific page without performing an action first.
Something like this might help you.
<?php
session_start();
if(!session_is_registered(somesessionamehere)){
header("location:form.php");
}
?>
Register a session when the user submits the form, then when they go to that page it checks to see if the session is registered. If it isn't then it redirects to the previous page.
Have a look at this URL for a login based example: http://www.phpeasystep.com/phptu/6.html
As I understand, you need to check, on your confirmation page, that the user has just send registration data.
For example, if you have an input field named "login" in your form, you can check the presence and value of "login" in either $_REQUEST, $_POST or $_GET, depending on your form "method" attribute. If it's not there, the form has not been posted and you can assume that the user just entered the URL. You can redirect him to the login page.
<form method="post" action="/confirmation">
<input type="text" name="login" />
[...]
<input type="submit" />
</form>
<?php
if (!isset($_POST["login"])) {
// redirect
header("HTTP/1.0 302 Found");
header("Location: /login");
return;
}
// show confirmation
// [...]
I have written code in PHP where I want to use session variable so that when I will click on submit button then I will get the same session variable after landing to the new page.
But session variable is showing empty after submit.
Below is my code:
session_start();
$i=6;
$_SESSION['testing1']=$_SESSION['testing'];
$_SESSION['testing']=$i;
but value for $_SESSION['testing1'] always shows empty.
1st time it will be empty but after clicking on submit button which is calling same page then it should not give empty value
You are setting $_SESSION['testing'] after $_SESSION['testing1']=$_SESSION['testing'];, so it is still empty while setting. Switch both statements around.
try this
session_start();
$i=6;
$_SESSION['testing']=$i;
$_SESSION['testing1']=$_SESSION['testing'];
so I made a simple user log in website, and I want to set a cookie so that when they come back to the website, it will take them to the members area and not the main page, kind of like a "remember me" function that redirects users to a members area if a cookie is set.
Problem I am facing: The php code right before the html code does not redirect to the member.php page even though the cookie is set!
Note: I'm just using parts of the code, and not the entire code/ other files to simplify the question.
here's my code:
main.php (this is the main page, and also where the log-in form is, but log in form is not shown)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<?php
//Checks if there is a login cookie
if(isset($_COOKIE["blablabla"])) //if cookie is set
{
header("Location: www.website.com/member.php"); //redirect to member.php
}
else
{
//otherwise, redirect to nocookiefound.php
header("Location: www.website.com/nocookiefound.php");
}
?>
<html>
<body>
<?php
echo "Welcome " . $_COOKIE["blablabla"] . "!<br />";
//I ran a echo test to see if cookie is still there, and it is.
?>
</body>
</html>
So my question is, can my redirect work the way it is?
I must be doing something wrong because it's not redirecting to member.php even though the cookie echos the correct value.
So, if i was originally in the members.php page after I logged in, then go back to main.php, it SHOULD redirect me to members.php, but it doesn't, it just stays at main.php. Anyone know what's going on? I would appreciate all the help I can get. Thanks
The PHP code should be the first thing on the page, as you're sending a redirect "Header". Move it to before the Doctype declaration.
As well as what #Dogbert says, your redirection is invalid. Try:
header("Location: http://www.website.com/member.php");
In addition to the other answers, put an exit(); after the header lines. It's possible to write a script that ignores headers, hence running the other code inadvertently.
People often use headers to protect admin areas without realising that.