I am currently coding a project in which requires the user to login to the website before being able to view any information. I am currently tracking when a user is logged in or not by using a Session Variable named "usernamelogged". I believe I have all my formatting correct as well.
After logging in you're brought to the main page, in which I have set up (temporarily) to print_r() the session array. Im also using a class to help prevent session hijacking.
Login Page Relevant PHP:
<?php
include dirname(__FILE__).'/includes.php';//INCLUDES FILE
if ($count == 1) {// IF USERNAME AND PASSWORD ARE GOOD
SessionManager::sessionStart('LoginDetails', 10800, '/', 'localhost', true, $username);
$_SESSION['usernamelogged'] = $username;//Declare Session
header("location: members.php"); // Redirecting To Other Page
} else {
$error = "Username or Password is invalid";
}
?>
Here is where the problem occurs. Down below I have it print_r() the array, in which comes up with the following details:
Array ( [IPaddress] => Censored IP [userAgent] => Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.81 Safari/537.36 )
However you will notice that there is no "usernamelogged" in that array like there should be.
Here is the php from the page you receive after logging in:
<?php
include dirname(__FILE__).'/includes.php';
SessionManager::sessionStart('LoginDetails', 0, '/', 'localhost', true, $_SESSION['usernamelogged']);
print_r ($_SESSION);// TEMP
echo $_SESSION['usernamelogged'];
$checkses = $sql->prepare("SELECT * FROM staff WHERE username=:user");
$checkses->bindParam(':user', $_SESSION['usernamelogged']);
$checkses->execute();
$count = $checkses->rowCount();
if (!$count == 1) {
echo "Error, you're not logged in";
print_r($count);//TEMP
//header("location: login.php");
die();
}
include dirname(__FILE__).'/header.php';
?>
Finally, the class I am using for session hijacking:
class SessionManager
{
static function sessionStart($name, $limit = 0, $path = '/', $domain = null, $secure = null, $username)
{
// Set the cookie name
session_name($name . '_Session');
// Set SSL level
$https = isset($secure) ? $secure : isset($_SERVER['HTTPS']);
// Set session cookie options
session_set_cookie_params($limit, $path, $domain, $https, true);
session_start();
$_SESSION['usernamelogged'] = $username;
// Make sure the session hasn't expired, and destroy it if it has
if(self::validateSession())
{
// Check to see if the session is new or a hijacking attempt
if(!self::preventHijacking())
{
// Reset session data and regenerate id
$_SESSION = array();
$_SESSION['IPaddress'] = $_SERVER['REMOTE_ADDR'];
$_SESSION['userAgent'] = $_SERVER['HTTP_USER_AGENT'];
self::regenerateSession();
// Give a 5% chance of the session id changing on any request
}elseif(rand(1, 100) <= 5){
self::regenerateSession();
}
}else{
$_SESSION = array();
session_destroy();
session_start();
}
}
static protected function preventHijacking()
{
if(!isset($_SESSION['IPaddress']) || !isset($_SESSION['userAgent']))
return false;
if ($_SESSION['IPaddress'] != $_SERVER['REMOTE_ADDR'])
return false;
if( $_SESSION['userAgent'] != $_SERVER['HTTP_USER_AGENT'])
return false;
return true;
}
static function regenerateSession()
{
// If this session is obsolete it means there already is a new id
if(isset($_SESSION['OBSOLETE'])){
if($_SESSION['OBSOLETE'] == true){
return;
}
}
// Set current session to expire in 10 seconds
$_SESSION['OBSOLETE'] = true;
$_SESSION['EXPIRES'] = time() + 10;
// Create new session without destroying the old one
session_regenerate_id(false);
// Grab current session ID and close both sessions to allow other scripts to use them
$newSession = session_id();
session_write_close();
// Set session ID to the new one, and start it back up again
session_id($newSession);
session_start();
// Now we unset the obsolete and expiration values for the session we want to keep
unset($_SESSION['OBSOLETE']);
unset($_SESSION['EXPIRES']);
}
static protected function validateSession()
{
if( isset($_SESSION['OBSOLETE']) && !isset($_SESSION['EXPIRES']) )
return false;
if(isset($_SESSION['EXPIRES']) && $_SESSION['EXPIRES'] < time())
return false;
return true;
}
}
Other Details:
I cut out the HTML and CSS and only gave the PHP.
I don't have any form of output before my session_start();
PHP Version 5.4.40 and Apache 2.4.12
There are no more details that I can think of.
Im happy to answer any questions I can, THANKS for reading and helping!
Edit:
As requested,
The print out of $_SERVER:
Array ( [UNIQUE_ID] => VWvIW2uWJsoAACKtzW8AAAAC [HTTPS] => on [SSL_TLS_SNI] => *Censored* [HTTP_HOST] => *Censored* [HTTP_CONNECTION] => Keep-Alive [HTTP_ACCEPT_ENCODING] => gzip [HTTP_CF_IPCOUNTRY] => US [HTTP_X_FORWARDED_FOR] => *CENSORED* [HTTP_CF_RAY] => 1ef79bdf5d900418-ORD [HTTP_X_FORWARDED_PROTO] => https [HTTP_CF_VISITOR] => {"scheme":"https"} [HTTP_ACCEPT] => text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 [HTTP_USER_AGENT] => Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.81 Safari/537.36 [HTTP_DNT] => 1 [HTTP_ACCEPT_LANGUAGE] => en-US,en;q=0.8,es;q=0.6 [HTTP_COOKIE] => __cfduid=d616d6faa0ec4dd338e855665846ad2da1432945387 [HTTP_CF_CONNECTING_IP] => *CENSORED* [PATH] => /bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin:/usr/local/sbin [LD_LIBRARY_PATH] => /usr/local/apache/lib [SERVER_SIGNATURE] => [SERVER_SOFTWARE] => Apache/2.4.12 (Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4 PHP/5.4.40 [SERVER_NAME] => bbwatch.co.uk [SERVER_ADDR] => *CENSORED* [SERVER_PORT] => 443 [REMOTE_ADDR] => *CENSORED* [DOCUMENT_ROOT] => /home/bbwatchc/public_html [REQUEST_SCHEME] => https [CONTEXT_PREFIX] => [CONTEXT_DOCUMENT_ROOT] => /home/bbwatchc/public_html [SERVER_ADMIN] => webmaster#*Censored* [SCRIPT_FILENAME] => /home/***/public_html/members.php [REMOTE_PORT] => 35348 [REMOTE_USER] => *CENSORED* [AUTH_TYPE] => Basic [GATEWAY_INTERFACE] => CGI/1.1 [SERVER_PROTOCOL] => HTTP/1.1 [REQUEST_METHOD] => GET [QUERY_STRING] => [REQUEST_URI] => /members.php [SCRIPT_NAME] => /members.php [PHP_SELF] => /members.php [PHP_AUTH_USER] => *CENSORED* [PHP_AUTH_PW] => *CENSORED* [REQUEST_TIME_FLOAT] => 1433127003.37 [REQUEST_TIME] => 1433127003 [argv] => Array ( ) [argc] => 0 )
Also, the printout of $_SESSION:
Array ( [IPaddress] => *CENSORED* [userAgent] => Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.81 Safari/537.36 ) Error, you're not logged in0
Related
I have created a form in Wordpress using gravity forms, which includes a file upload field. On completion of the form I am using a webhook, setup within Gravity forms elite plugin, to pass the form fields into a PHP script which then uploads the data into an external system via API.
The issue is that when I complete the form without a file uploaded it works great, all of the fields are passed into PHP variables and script runs. However when the form does include a file upload field the script fails with no output to the error log.
I have re-created the problem with a much more simple form and script to confirm that this is the issue, my test form contains two fields a field upload and single line text field. My simple test script looks like this:
<?php
$output = var_export($_POST, true);
error_log($output);
?>
When the form is submitted with no file attached the log file shows the following variables outputted:
[01-Feb-2018 21:44:36 Europe/London] array (
'id' => '1166',
'form_id' => '17',
'date_created' => '2018-02-01 21:44:34',
'is_starred' => '0',
'is_read' => '0',
'ip' => '82.**.**.246',
'source_url' => 'http://****.******.co.uk/?gf_page=preview&id=17',
'currency' => 'USD',
'created_by' => '1',
'user_agent' => 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36',
'status' => 'active',
1 => 'Test No Photo',
2 => '',
)
Note: The source url and IP have been masked the actual log contains the correct IP and URL.
However, as soon as I include a file upload in the form and then send this to the script nothing is outputted to the log at all and the script does not appear to run.
It's worth noting that the request does work with Requestbin. Here is the output from there including data which comes from the upload field:
is_starred: 0
id: 1163
1: Test with Photo
user_agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36
created_by: 1
source_url: http://***.****.co.uk/?gf_page=preview&id=17
ip: 82.**.***.246
form_id: 17
status: active
currency: USD
2: http://****.***.co.uk/wp-content/uploads/gravity_forms/17-b570285e8ba734ff4ab3956428bd8eb9/2018/02/Child26.jpg
is_read: 0
date_created: 2018-02-01 20:48:20
The raw body is:
id=1163&form_id=17&date_created=2018-02-01+20%3A48%3A20&is_starred=0&is_read=0&ip=82.**.***.246&source_url=http%3A%2F%2F***.***.co.uk%2F%3Fgf_page%3Dpreview%26id%3D17¤cy=USD&created_by=1&user_agent=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F63.0.3239.132+Safari%2F537.36&status=active&1=Test+with+Photo&2=http%3A%2F%2Fwww.********.co.uk%2Fwp-content%2Fuploads%2Fgravity_forms%2F17-b570285e8ba734ff4ab3956428bd8eb9%2F2018%2F02%2FChild26.jpg
Again I have removed the actual domain name but the rest of the request is as shown in Request Bin.
So can anyone please help me work out why the file upload value in the post data above would cause PHP to grind to a complete stop without an error message? Is there anything I can do to access this variable from the array in PHP in the same way Request Bin does?
Do I have to somehow decode the value before I can use it in a script/output it to the log? As a side note in my actual script I don't dump all the variables to a log this is just to show it in it's most simple example, in my main script they are selected one by one and assigned to variables using var = $_POST["1"] etc.
Edit:
I have enabled the logging option in Gravity Forms, it confirms the POST data content sent is:
[body] => Array
(
[id] => 1167
[form_id] => 17
[date_created] => 2018-02-01 22:31:42
[is_starred] => 0
[is_read] => 0
[ip] => 82.**.***.246
[source_url] => http://***.***.co.uk/?gf_page=preview&id=17
[post_id] =>
[currency] => USD
[payment_status] =>
[payment_date] =>
[transaction_id] =>
[payment_amount] =>
[payment_method] =>
[is_fulfilled] =>
[created_by] => 1
[transaction_type] =>
[user_agent] => Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36
[status] => active
[1] => Test No Photo
[2] => http://***.***.co.uk/wp-content/uploads/gravity_forms/17-b570285e8ba734ff4ab3956428bd8eb9/2018/02/miniserver-image.jpg
)
Is there anything about variable 2 which would cause my PHP script to crash when it dumps the POST data to a log file? (I've removed the domain and IP in the code above.)
Thanks
You can not use $_POST directly to get the payloads of webhook, use something like this:
if($json = json_decode(file_get_contents("php://input"), true)) {
print_r($json);
$data = $json;
} else {
print_r($_POST);
$data = $_POST;
}
error_log(print_r($data,true));
I have a PHP project in which I have an index.html with a simple form:
<p>Test connection</p>
<form action="Servicios.php" method="post">
<input type='submit' name='Test' value='Test'>
</form>
in Servicios.php Im trying to process it like this
<?php
echo "can you print this";
if($_SERVER["REQUEST_METHOD"]=="POST" )
{
if(!empty($_POST["Test"]))
{
echo "Hello world";
}
}
But it doesn't works, thats because it never evaluates the first if like "true". The first echo at the top does works but if I do an echo to $_SERVER["REQUEST_METHOD"] it doesn't give me anything. I've tried with isset($_POST['Hola']) but I had the same result.
This only happens in the project I have in an internet host. I wrote this exact same code in my local computer using netbeans and xampp and it works perfectly. I have no idea why.
I have the feeling that I'm making some silly mistake but I cant find it.
My host is an Ubuntu server from the ec2 Amazon Web Services.
Edit
this is the output of <?=print_r($_SERVER);?> in Servicios.php
I replaced the parts where my ip is showed with [ip]
Array (
[HTTP_HOST] => [ip]
[HTTP_USER_AGENT] => Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0
[HTTP_ACCEPT] => text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
[HTTP_ACCEPT_LANGUAGE] => es-MX,es-ES;q=0.9,es;q=0.7,es-AR;q=0.6,es-CL;q=0.4,en-US;q=0.3,en;q=0.1
[HTTP_ACCEPT_ENCODING] => gzip, deflate
[HTTP_REFERER] => http://[ip]/ProyectoPM/
[CONTENT_TYPE] => application/x-www-form-urlencoded
[CONTENT_LENGTH] => 11
[HTTP_CONNECTION] => keep-alive
[HTTP_UPGRADE_INSECURE_REQUESTS] => 1
[PATH] => /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
[SERVER_SIGNATURE] => Apache/2.4.18 (Ubuntu) Server at [ip] Port 80
[SERVER_SOFTWARE] => Apache/2.4.18 (Ubuntu)
[SERVER_NAME] => [ip]
[SERVER_ADDR] => 172.31.43.105
[SERVER_PORT] => 80
[REMOTE_ADDR] => 189.208.87.127
[DOCUMENT_ROOT] => /var/www/html
[REQUEST_SCHEME] => http
[CONTEXT_PREFIX] =>
[CONTEXT_DOCUMENT_ROOT] => /var/www/html
[SERVER_ADMIN] => webmaster#localhost
[SCRIPT_FILENAME] => /var/www/html/ProyectoPM/Servicios.php
[REMOTE_PORT] => 5672
[GATEWAY_INTERFACE] => CGI/1.1
[SERVER_PROTOCOL] => HTTP/1.1
[REQUEST_METHOD] => POST
[QUERY_STRING] =>
[REQUEST_URI] => /ProyectoPM/Servicios.php
[SCRIPT_NAME] => /ProyectoPM/Servicios.php
[PHP_SELF] => /ProyectoPM/Servicios.php
[REQUEST_TIME_FLOAT] => 1510846404.812
[REQUEST_TIME] => 1510846404 ) 1
This is in the array it returns with <?=var_dump($_SERVER); ?>
["SERVER_PROTOCOL"]=> string(8) "HTTP/1.1"
["REQUEST_METHOD"]=> string(4) "POST"
["QUERY_STRING"]=> string(0) ""
["REQUEST_URI"]=> string(25) "/ProyectoPM/Servicios.php"
["SCRIPT_NAME"]=> string(25) "/ProyectoPM/Servicios.php"
["PHP_SELF"]=> string(25) "/ProyectoPM/Servicios.php"
["REQUEST_TIME_FLOAT"]=> float(1510847672.582)
["REQUEST_TIME"]=> int(1510847672) }
A more important edit
At first I said that a simple echo "can you print this"; worked in the host, now I see that it doesn't either. When I move to Servicios.php in by clicking my button in index.html the browser moves to Servicios.php (it displays it in the url) but it simply doesnt show anything. It only shows something if i delete all the code an put a instrucion like <?=print_r($_SERVER);?> which result I already put above.
if(isset($_POST['Test'])){
echo 'Hello world';
}
This should work. This is checking is button is submitted using POST method. This should be enough check to see if form has been submitted.
You can try this to check if post method
if(strtoupper($_SERVER['REQUEST_METHOD']) === 'POST') {
// if form submitted with post method
// validate request,
// manage post request differently,
// log or don't log request,
// redirect to avoid resubmition on F5 etc
}
I'm trying to make one page control all incoming requests. [Is that a good choice?]
This feature bans bruteforcing of directories and files with, say, DirBuster.
My website's public_html looks like this:
data/
<files and libraries>
.htaccess
index.php
.htaccess
The data/.htaccess file only contains Deny from all.
What is the query for /.htaccess to redirect everything after first slash
website.com/query?a=b&c=d
to
website.com/index.php?resolve=query%3Fa%3Db%26c%3Dd
To use like this:
[index.php]
<?php
if(isset($_GET["resolve"])){
$URL = $_GET["resolve"];
require("data/resolve.php");
exit;
}
?>
[data/resolve.php]
<?php
echo "Resolving " . $URL;
?>
UPDATE
I'm using this rule:
RewriteEngine on
RewriteRule ^(.*)$ index.php?u=$1 [NC,QSA]
And this is the dump of $_SERVER:
Array
(
[REDIRECT_UNIQUE_ID] => WPNBPFfUF3-ZHr123R9sKVVAAAAAY
[REDIRECT_PHP_DOCUMENT_ROOT] => /storage/h1231/8412316/1388846/public_html
[REDIRECT_DOCUMENT_ROOT] => /storage/h2134/846/138123231846/public_html
[REDIRECT_SERVER_ADMIN] => webmaster#000webhost.io
[REDIRECT_STATUS] => 200
[UNIQUE_ID] => WPNBPFfUF3-ZHrCR123KVVAAAAAY
[PHP_DOCUMENT_ROOT] => /storage/h14/84123/1238846/public_html
[DOCUMENT_ROOT] => /storage/h14/846/1312346/public_html
[SERVER_ADMIN] => webmaster#000webhost.io
[HTTP_CONNECTION] => Keep-Alive
[HTTP_PROXY_CONNECTION] => Keep-Alive
[HTTP_HOST] => fanfiction-app.ml
[HTTP_X_FORWARDED_PROTO] => http
[HTTP_X_REAL_IP] => RE.DA.CT.ED
[HTTP_X_FORWARDED_FOR] => RE.DA.CT.ED
[HTTP_X_DOCUMENT_ROOT] => /storage/h123/1236/11236/public_html
[HTTP_X_OPEN_BASEDIR] => /opt/awex-pages:/storage/h14/846/1388846
[HTTP_X_UPSTREAM] => php71_7
[HTTP_X_SERVER_ADMIN] => webmaster#000webhost.io
[HTTP_X_SERVER_NAME] => website.com
[HTTP_X_AWEX_UID] => 13236
[HTTP_X_TEMP_DIR] => /storage/h14/846/1123123/tmp
[HTTP_WE_ARE_HIRING] => 1492336956.980
[HTTP_CACHE_CONTROL] => max-age=0
[HTTP_UPGRADE_INSECURE_REQUESTS] => 1
[HTTP_USER_AGENT] => Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36
[HTTP_ACCEPT] => text/html,application/xhtml+xml,application/xml;q=0.9,image/webp;q=0.8
[HTTP_DNT] => 1
[HTTP_ACCEPT_ENCODING] => gzip, deflate, sdch
[HTTP_ACCEPT_LANGUAGE] => en-US,en;q=0.8,ru;q=0.6
[PATH] => /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin
[SERVER_SIGNATURE] =>
[SERVER_SOFTWARE] => Apache
[SERVER_NAME] => website.com
[SERVER_ADDR] => 2202:3380:bad:7::126
[SERVER_PORT] => 80
[REMOTE_ADDR] => RE.DA.CT.ED
[REQUEST_SCHEME] => http
[CONTEXT_PREFIX] =>
[CONTEXT_DOCUMENT_ROOT] => /storage/h14/836/1312346/public_html
[SCRIPT_FILENAME] => /storage/h13/846/138123846/public_html/index.php
[REMOTE_PORT] => 34141
[REDIRECT_QUERY_STRING] => resolve=query.php&a=b
[REDIRECT_URL] => /query.php
[GATEWAY_INTERFACE] => CGI/1.1
[SERVER_PROTOCOL] => HTTP/1.1
[REQUEST_METHOD] => GET
[QUERY_STRING] => resolve=index.php&resolve=query.php&a=b
[REQUEST_URI] => /query.php?a=b
[SCRIPT_NAME] => /index.php
[PHP_SELF] => /index.php
[REQUEST_TIME_FLOAT] => 1492336956.981
[REQUEST_TIME] => 1492336956
)
When getting website.com/query?a=b, however the output of $_GET["resolve"] is query.php.
Add this to .htaccess file as the first lines.
RewriteEngine On
RewriteRule ^(.*)$ index.php?resolve=$1 [QSA]
Where $1 matches query?a=b&c=d
I haven't found a pure Apache .htaccess solution, but I'm going to accept my own answer since I made a PHP hack that seems to be working.
To achieve such functionality, redirect all traffic to one page. In my situation, it's index.php.
[.htaccess]
RewriteEngine on
RewriteRule ^(.*)$ index.php?resolve=$1 [NC,QSA]
[index.php]
<?php
if(isset($_GET["resolve"]) && $_GET["resolve"] != "") {
$URL = $_SERVER["REQUEST_URI"];
$GET = $_GET;
require "system/resolve.php";
exit;
}
echo "<pre>";
echo "Requested /";
echo "</pre>";
?>
[system/resolve.php]
<?php
/**
* $URL: Full URL query after the slash.
* $GET: All get parameters of the query.
*/
switch($_GET["resolve"]){
case "ping":
require "system/ping.php";
exit;
case "auth":
require "system/auth.php";
exit;
}
?>
In result, when you request http://example.com/ping, you will see a page from system/ping.php
After success autorization I get array with a information about user:
$authdata = array(
'logged_in' => true,
'id_user' => $checked['idUsers'],
'time_auth' => time(),
'status' => $checked['UsersStatus'],
'type' => $checked['UsersTypeAccount'],
);
Then set this array to session Codeigniter(array $checked is not empty, there is a UsersStatus and UsersTypeAccount):
$this->session->set_userdata($authdata);
After do redirect at controller profile:
redirect('profile');
This controllers checks a user session on empty/true:
if ($this->session->userdata("session_id") && $this->session->userdata("type") && (($this->session->userdata("status")){
// Return Success
}
If make var_dump() session:
var_dump($this->session->userdata("type")).'<br>'; // false
var_dump($this->session->userdata("status")).'<br>'; die(); // false
I get a false value, why type and status fields is not true in session?
Edition:
Also I have done:
var_dump($this->session->all_userdata()); die();
Response:
array(5) { ["session_id"]=> string(32) "85d9e0aa1f738c551b4ba649c36f977c" ["ip_address"]=> string(12) "46.32.174.82" ["user_agent"]=> string(109) "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.111 Safari/537.36" ["last_activity"]=> int(1416142399) ["user_data"]=> string(0) "" }
So, session is created, but without fields status, type
From tutorial:
$newdata = array(
'username' => 'johndoe',
'email' => 'johndoe#some-site.com',
'logged_in' => TRUE
);
$this->session->set_userdata($newdata);
Important:
$this->session->set_userdata($authdata);
var_dump($this->session->all_userdata()); die(); // Here I get full session array.
After some a long attempts to resolve this trouble I had decided:
Update Codeigniter to version 2.2
After the code had worked:
Set session:
$this->session->set_userdata($authdata);
Get session:
$type = $this->session->userdata['type'];
$status = $this->session->userdata['status'];
$session_id = $this->session->userdata['session_id'];
It helped me, maybe someone too
Notice: Undefined index: HTTP_REFERER
$http_referer = $_SERVER['HTTP_REFERER']
i used this from tutorial.and it looks okay
also code is calling it from including file
what should i change?
i added print_r($_SERVER); and now page gives me this
Array ([UNIQUE_ID] => UoSxWa56310AAAwUckIAAAAA
[HTTP_HOST] => movafaghha.com
[HTTP_COOKIE] => __utma=210711305.58608218.1372977010.1372977010.1372977010.1; __utmz=210711305.1372977010.1.1.utmcsr=who.is|utmccn=(referral)|utmcmd=referral|utmcct=/whois/movafaghha.com; PHPSESSID=83eb0e2ae7ebe4b6c2eeb071d9f5de71
[HTTP_X_REAL_IP] => 109.109.41.81
[HTTP_X_FORWARDED_HOST] => movafaghha.com
[HTTP_X_FORWARDED_SERVER] => movafaghha.com
[HTTP_X_FORWARDED_FOR] => 109.109.41.81
[HTTP_CONNECTION] => close
[HTTP_CACHE_CONTROL] => max-age=0
[HTTP_ACCEPT] => text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
[HTTP_USER_AGENT] => Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.48 Safari/537.36
[HTTP_ACCEPT_LANGUAGE] => en-US,en;q=0.8,fa;q=0.6
[PATH] => /sbin:/usr/sbin:/bin:/usr/bin
[SERVER_SIGNATURE] =>
[SERVER_SOFTWARE] => Apache
[SERVER_NAME] => movafaghha.com
[SERVER_ADDR] => 174.122.223.93
[SERVER_PORT] => 80
[REMOTE_ADDR] => 109.109.41.81
[DOCUMENT_ROOT] => /home/memarest/public_html/movafaghha.com
[SERVER_ADMIN] => webmaster#movafaghha.memarestan.com
[SCRIPT_FILENAME] => /home/memarest/public_html/movafaghha.com/tutorials/login200/register.php
[REMOTE_PORT] => 49737
[GATEWAY_INTERFACE] => CGI/1.1
[SERVER_PROTOCOL] => HTTP/1.0
[REQUEST_METHOD] => GET
[QUERY_STRING] =>
[REQUEST_URI] => /tutorials/login200/register.php
[SCRIPT_NAME] => /tutorials/login200/register.php
[PHP_SELF] => /tutorials/login200/register.php
[REQUEST_TIME_FLOAT] => 1384427865.54
[REQUEST_TIME] => 1384427865
[argv] => Array ( )
[argc] => 0
)
edited the code but still unable to echo all fiedds are required
<?php
ini_set("display_errors", true);
error_reporting(E_ALL);
require 'core.inc.php';
if(!loggedIn()) {
//check mikunim ke tamame field ha dar form vojod darand va set shudan
if(isset($_POST['username'])&&isset($_POST['password'])&&isset($_POST['password_again'])&&isset($_POST['firstname'])&&isset($_POST['surename'])) {
$username = $_POST['username'];
$password = $_POST['password'];
$password_again = $_POST['password_again'];
$firtsname = $_POST['firstname'];
$surename = $_POST['surename'];
//HALA CHECK MIKUNIM KHALI HASTAND YA NA
if(!empty($username)&&!empty($password)&&!empty($password_again)&&!empty($firstname)&&!empty($surename)){
echo 'ok' ;
} else {
echo ' All fields are required';
}
}
?>
<form action="register.php" method="POST">
Username:<br> <input type="text" name="username"><br> <br>
Password:<br> <input type="password" name="password"><br><br>
Password again:<br> <input type="password" name="password_again"><br><br>
Firstname:<br> <input type="text" name="firstname"><br><br>
Surname:<br> <input type="text" name="surename"><br><br>
<input type="submit" value="register">
</form>
<?php
} elseif (loggedIn()) {
echo 'you \'re already logged in';
}
?>
now after adding
"e"
page says "all fields are required"
but even when fill all fields message do not change
HTTP_REFERER is not guaranteed to be sent by the client:
The address of the page (if any) which referred the user agent to the current page. This is set by the user agent. Not all user agents will set this, and some provide the ability to modify HTTP_REFERER as a feature. In short, it cannot really be trusted.
In your case it's clearly not being sent, so really all you can do is
if(isset($_SERVER['HTTP_REFERER'])) {
//do what you need to do here if it's set
}
else
{
//it was not sent, perform your default actions here
}
if (isset($_SERVER['HTTP_REFERER'])) {$THE_REFER=$_SERVER['HTTP_REFERER']}
Undefined index means the array key is not set, do a:
var_dump($_POST); die();
before the line that throws the error and see that you're trying to get an array key that does not exist.
The Correct way to reffer is
$my_referer = isset($_POST['referer']) ? trim($_POST['referer']) : (isset($_SERVER['HTTP_REFERER']) ? base64_encode($_SERVER['HTTP_REFERER']) : false);