I have a very perplexing problem, namely at the top of my files I call a foreign function "sessionTest", which tests various session criteria and returns the correct header string. This is necessary, because I have two different headers: one for logged in users and one for non-users/logged out users.
My problem is in the following code:
<?php include './session.php';
include './db.php';
$con = genCon();
if(isset($_SESSION['logged'])){
echo "Logged: ".$_SESSION['logged'];
}
$headerstring = sessionTest($con); ?>
...Rest of Page...
For some reason, isset($_SESSION['logged']) is returning false here, but true in sessionTest:
function sessionTest($con){
session_start();
$fingerprint = md5($_SERVER['HTTP_USER_AGENT'].session_id());
if(isset($_SESSION['user']) && isset($_SESSION['logged']) && $_SESSION['logged']==TRUE){
$dbFingerprint = qGetUserFingerprint($_SESSION['user'],$con);
$fpMatch = ($dbFingerprint == $fingerprint);
//LEAVING OUT NON RELEVANT CODE
$headerstring = './lheader.html';
}else{
$headerstring = './header.html';
}
return $headerstring;
}
The headerstring is being set to lheader.html, so isset($_SESSION['logged']) is returning true here. Does anyone have an idea why??
Thanks in advance!
you need to put session_start();
<?php
-> session_start();
include './session.php';
include './db.php';
$con = genCon();
if(isset($_SESSION['logged'])){
echo "Logged: ".$_SESSION['logged'];
}
$headerstring = sessionTest($con); ?>
Related
Am new to php, so any help would be greatly appreciated. I have a page to create account for users, and while creating account, there is a select field which has three specific value to select from "notfcode" "tfail" **"tfcode".
There is another page check.php which allows the user check his ttype. What i want to do is make the page try to read the sql table row which is ttype and if the value present on the user's account is "notfcode" it redirects to notfcode.php page, if its "tfail" it redirects to tfail.php and if its "tfcode" it stays on the page. below is the code i have been battling with without success.
<?php session_start();
include_once ('session.php');
require_once 'class.user.php';
if(!isset($_SESSION['acc_no'])){
header("Location: login.php");
exit();
}
$reg_user = new USER();
$stmt = $reg_user->runQuery("SELECT * FROM account WHERE acc_no=:acc_no");
$stmt->execute(array(":acc_no"=>$_SESSION['acc_no']));
$row = $stmt->fetch(PDO::FETCH_ASSOC);
$email = $row['email'];
$temp = $reg_user->runQuery("SELECT * FROM transfer WHERE email = '$email' ORDER BY id DESC LIMIT 1");
$temp->execute(array(":acc_no"=>$_SESSION['acc_no']));
$rows = $temp->fetch(PDO::FETCH_ASSOC);
$transfertype = $row['ttype'];
if(isset($_SESSION['acc_no'])){
$transfertype = $row['ttype'];
if($transfertype == nocodetf){
header("Location: nocodetf.php");
}
elseif($transfertype == tfail){
header("Location: nocodetf.php");
}
else {
header("Location: check.php");
}
}
include_once ('counter.php');
?>
When the page loads up, it does nothing, no redirects which is what i intend. A pointer in the right direction will be appreciated.
This are strings.
if($transfertype == "nocodetf"){
or
if($transfertype == 'nocodetf'){
Activate PHP error reporting than PHP shows you this.
error_reporting(E_ALL);
ini_set('display_errors', 1);
$transfertype = "foo";
if ($transfertype == nocodetf) { # <-- as you did it
//...
}
// <b>Warning</b>: Use of undefined constant nocodetf - assumed 'nocodetf' (this will throw an Error in a future version of PHP) in ...
I was finally able to resolve it using this code
<?php
$transfertype = $row['ttype'];
if($transfertype == 'nocodetf'){
header('Location: nocodetf.php'); }
else if($transfertype == 'failtf'){
header('Location: failtf.php');
exit();
}
?>
The problem seemed to be in the fact that i wasn't quoting the value which php should try to get from the sql column.
My logout.php file is like this. Is there any mistake in my code
logout.php
<?php
session_start();
session_destroy();
header('Location:index.php');
exit;
?>
Here is my index.php file. If I am set $_SESSION['s_activId'] then it is working properly but when I am trying to put condition if $_SESSION['s_activId'] is not set at that time I want to pass header on index page sometimes it works sometimes it does not work.
<?php
include('include/config.inc.php');
if(!isset($_SESSION['s_activId']))
{
$_SESSION['s_urlRedirectDir'] = $_SERVER['REQUEST_URI'];
header("Location:index.php");
}
else
{
$wrong = '';
if(isset($_POST['submit']))
{
$checkLogin = "SELECT userName,password,userType
FROM user
WHERE BINARY userName = '".$_POST['userName']."'
AND BINARY password = '".$_REQUEST['password']."'";
$checkLoginresult = mysql_query($checkLogin);
if($userLoginRow = mysql_fetch_array($checkLoginresult))
{
$_SESSION['s_activId'] = $userLoginRow['userName'];
$_SESSION['s_password'] = $userLoginRow['password'];
$_SESSION['hg_userType'] = $userLoginRow['userType'];
if(!$_SESSION['s_urlRedirectDir'])
{
header("Location:index.php");
}
else
{
header("Location:reminder.php");
}
}
else
{
$wrong = "UserId And Password Is Not Valid";
}
}
}
include("bottom.php");
$smarty->assign('wrong',$wrong);
$smarty->display("index.tpl");
?>
The problem arise in the condition below in index.php:
if(!isset($_SESSION['s_activId']))
{
$_SESSION['s_urlRedirectDir'] = $_SERVER['REQUEST_URI'];
header("Location:index.php");
}
When you logout, you are calling session_destroy() on logout.php and redirecting on index.php and the condition above gets true as s_activId is not set in session and again you are redirecting on index.php (without setting s_activId in session). The above condition will be true until the variable s_activId set in session and because of this you are getting ERR_TOO_MANY_REDIRECTS error.
The solution is, on index.php set the variable s_activId in session before calling the header method. Refer the code below:
if(!isset($_SESSION['s_activId']))
{
$_SESSION['s_urlRedirectDir'] = $_SERVER['REQUEST_URI'];
$_SESSION['s_activId'] = true;
header("Location:index.php");
}
Dont redirect index.php to index.php. you having redirects loop. Also
if you have code below that also can fire add die in if because after
redirect code below still executes. I didnt read your code, maybe
there isnt problems with this but after
header("Location: lalala"); always add die(); or exit();
I cannot figure this out. Sometimes after the redirect (see code below), the session variables are lost. Any ideas?
Note the script is initially called with ?p=1&u=2&k=3.
As you can see, the script redirects to itself. The session variables something are lost after the redirect.
<?php
session_start();
if ((isset($_SESSION['p'])) and ($_SESSION['p'] != "")) {
// do something
} else {
$_SESSION['p'] = $_GET['p'];
$_SESSION['w'] = $_SERVER["HTTP_HOST"];
$_SESSION['u'] = $_GET['u'];
$_SESSION['k'] = $_GET['k'];
header("Location: http://".$_SESSION['w'].$_SERVER['PHP_SELF']."");
exit();
}
?>
Cheers
Copied and pasted your code and it works just fine for me.
Do you maybe have some spaces or whatever before your <?php-tag?
I am not sure why it happens.
Probably you have some misconfiguration on your php.ini file.
Or you don't have the right session.save_path or permissions to write there.
But if the problem persists, try this way:
<?php
session_start();
if (!$_SESSION['p']) {
$_SESSION['p'] = $_GET['p'];
$_SESSION['w'] = $_SERVER["HTTP_HOST"];
$_SESSION['u'] = $_GET['u'];
$_SESSION['k'] = $_GET['k'];
}
//code comes here
?>
In my opinion, this is the way things should be done.
I created a site where you need to login to visit the different pages, nothing special.
To keep the user logged in, I'm setting the session on top of every page.
My problem is, I don't wanna have to set the different session variables on top on each page. I'd rather have one function I can call to set them. Plus I don't need all those variables on each page, so I'd like the function to accept optional parameters (like the email, or profile picture that are not used on every page).
I call this on top of each page:
<?php
require_once 'session.php';
confirm_logged_in();
$username = $_SESSION['username'];
$email = $_SESSION['email'];
$picture = $_SESSION['picture'];
$group = $_SESSION['group'];
?>
I would like to make it more like this and be able to set only the variables I need:
<?php
require_once 'session.php';
confirm_logged_in();
set_variables($username, $email);
?>
The 'session.php' file is like this:
<?php
session_start();
function logged_in(){
return isset($_SESSION['username']);
}
function confirm_logged_in(){
if(!logged_in()){
header('location: start.php');
}
}
?>
I've tried a few things, but it just led me to huge amounts of errors.
Has someone already done this or found a script doing this? Is that possible?
First of all, if what you want to do is overload your function, you can't do that. For more info on that see this. However, you can do this:
<?php
set_variables($username, $email, $picture,$group)
{
$_SESSION['username'] = $username;
$_SESSION['email'] = $email;
$_SESSION['picture'] = $picture;
$_SESSION['group'] = $group;
}
?>
Put this function in your session.php file.
I am not sure if I understood right, but if I did, all you need to do is create a new file, let's call it "Session_Variables.php".
After you created the file, paste the following code into it:
<?php
require_once 'session.php';
confirm_logged_in();
$username = $_SESSION['username'];
$email = $_SESSION['email'];
$picture = $_SESSION['picture'];
$group = $_SESSION['group'];
?>
Then, finally, just replace the old code with:
include("Session_Variables.php");
Not directly related to the question you are asking, but you should really add exit; after a redirect header. Clients can ignore headers and still load your page even while not being logged in.
if you want to make set_variables($username, $email) work like i think you wanted, you need to write something like this.
Session.php
<?php
session_start();
function logged_in(){
return isset($_SESSION['username']);
}
function confirm_logged_in(){
if(!logged_in()){
header('location: start.php');
}
}
//Only Picture and group are Optionals
function set_variables($username, $email, $picture = '', $group = ''){
//you can check here is thoses variables are set or valid before assign them
$_SESSION['username'] = $username;
$_SESSION['email'] = $email;
$_SESSION['picture'] = $picture;
$_SESSION['group'] = $group;
}
//create a function that we need to retrieve thoses values
function get_variable($name){
if ( isset( $_SESSION[$name] ) ) return $_SESSION[$name];
return FALSE; //if the variable is not set.
}
?>
And you can use it like this
<?php
require_once 'session.php';
confirm_logged_in();
set_variables($username, $email);
$username = get_variable('username');
?>
I think you need to move the session_start(); to the actual page. Using a require_once on the session_start(); is not a good plan.
Here's the scenerio of what is happening in the script:
Session is start.
$id is set to a number (tournament ID number).
Result:
User SESSION vars are reset with the ID number and the ID number's respective user data. Essentially logging the user in under a different account.
Troubleshooting:
Renaming $id to $tid stops the glitch.
Not starting the session (session_start()) stops the glitch.
Thought Process:
$id must overwrite similar variable which is inside a block which contains:
if(isset( $_SESSION['someVar'] )) {
$id = "some Value";
}
Since $id is only overwritten when session is started.
The Problem:
There is no block of code that uses that syntax.
Here's the call stack.
jointourney.php
<?
session_start();
$id = (isset($_POST['id'])) ? $_POST['id'] : false;
include("html.php");
?>
html.php
<?
if(session_id() == '') session_start();
if(!function_exists('isLogged')) include("includes/islogged.inc.php");
include("includes/autologin.inc.php");
$query = mysql_query("SELECT value FROM config WHERE name='shutdown'");
$query = mysql_fetch_array($query);
$shutdown = end($query);
if(!class_exists('ban')) include("class/ban.class.php");
$ban = new ban();
if(isLogged()){
$ban->setUsername($_SESSION['username']);
}
$user_level = (isset($_SESSION['user_level'])) ? $_SESSION['user_level'] : "0";
$ban->setIP($_SERVER['REMOTE_ADDR']);
if((strlen($shutdown) > 0 || $ban->isBanned()) && $user_level == 0 && strtolower($_SERVER['REQUEST_URI']) != "/login.php"){
if(strtolower($_SERVER['REQUEST_URI']) != "/error.php"){
header("Location: ./error.php");
}
}
?>
islogged.inc.php
File not needed, no variables set: only returns true/false.
autologin.inc.php
<?
if(!class_exists('login')) include("./class/login.class.php");
$login = new Login();
if(isset($_COOKIE['username'],$_COOKIE['password']) && !$login->isLoggedIn()){
$login->setUsername($_COOKIE['username']);
$login->setPasswordDirect($_COOKIE['password']);
if(!$login->_error){
$login->processLogin();
}
}
?>
As you see, there is absolutely no place where jointourney.$id can overwrite - since there is no other variable called $id being used.
Note: There are no variables that are being set globally (i.e. global $id)
I do not understand why this is happening, are you guys able to figure this out? Everything you see here is exactly how it looks (minus HTML).
Turn register_globals Off in your server's php.ini.