My url is opening in all browsers even when I am using sessions. Ex abc.com/123.php without users logged in. This opens up in all browsers. I am using this code.All codes are in < php open/close tags ok codes which ia m using are
<?php
session_start();
if (isset($_SESSION['LAST_REQUEST_TIME'])) {
if (time() - $_SESSION['LAST_REQUEST_TIME'] > 600) {
// session timed out, last request is longer than 10 minutes ago
unset($_SESSION);
session_destroy();
header("location:userlogin.php");
}
} else {
$_SESSION['LAST_REQUEST_TIME'] = time();
}
if($_SESSION['username']=="");
?>
I am not sure that this compiles well. Because there are a couple of problems.
Be careful with this line of code:
if($_SESSION['username']=="");
This means that true part of this if statement finishes at semicolon.
Second thing is that your else part is never executed but printed as regular HTML.
I would write it like this:
<?php
session_start();
if (isset($_SESSION['LAST_REQUEST_TIME'])) {
if (time() - $_SESSION['LAST_REQUEST_TIME'] > 600) {
// session timed out, last request is longer than 10 minutes ago
unset($_SESSION);
session_destroy();
header("location:userlogin.php");
}
} else {
$_SESSION['LAST_REQUEST_TIME'] = time();
}
if(isset($_SESSION['username'])) {
?>
///////SOME HTML CODE/////
<?php
} else {
header("location:to_some_login_page.php");
}
?>
And I believe that is what you intended to to with closing <?php tag.
Also for readability I suggest you to do just this:
if ($_SESSION['username']!="") {
header("location:to_some_login_page.php");
}
So you don't even need else part, because as soon as header is set, he will be redirected.
Because your
else {
header("location:to_some_login_page.php");
}
is outside of <?php ?>
Try This:
<?php
session_start();
if (isset($_SESSION['LAST_REQUEST_TIME'])) {
if (time() - $_SESSION['LAST_REQUEST_TIME'] > 600) {
// session timed out, last request is longer than 10 minutes ago
unset($_SESSION);
session_destroy();
header("location:userlogin.php");
}
else {
$_SESSION['LAST_REQUEST_TIME'] = time();
}
if($_SESSION['username']=="");
///////your code/////
}
else {
header("location:to_some_login_page.php");
}
?>
Related
I'm trying to get a page refresh once after a set amount of seconds only on a set page.
So something like
if is_page('test.php') {
refresh page 5000(once);
} else
continue
You can do this by jQuery
like
window.setTimeout(function() {location.href="URL of test.php"}, 5000);
in PHP you can:
if(is_page('test.php') && !isset($_GET['r'])){
header("Refresh: 5;url='http://zasite.com/test.php?r=1'");
}
NOTE: This can only be done if the headers have not already been sent http://php.net/manual/ro/function.headers-sent.php otherwise you will end up with a warning and the refresh will not work. A workaround would be:
if(is_page('test.php') && !isset($_GET['r'])){
if(!headers_sent()){
header("Refresh: 5;url='http://zasite.com/test.php?r=1'");
} else {
echo '<meta http-equiv="refresh" content="5" ; url=http://zasite.com/test.php?r=1>';
}
}
OR - PHP with Gyandeep Sharma's JS answer
if(is_page('test.php') && !isset($_GET['r'])){
if(!headers_sent()){
header("Refresh: 5;url='http://zasite.com/test.php?r=1'");
} else {
echo '<script>window.setTimeout(function () {location.href="http://zasite.com/test.php?r=1";}, 5000);</script>';
}
}
Please excuse me, I know there are some questions on stack overflow regarding this, but I don't find any solution that suits my problem. I've a problem, when the session is expired the page is not reloading automatically. Please help. Thank You! Any help would be appreciated.
This is the code I've tried, $_SESSION['created'] = time();
if((time() - $_SESSION['created']) > 600) {
header("Refresh: 1;url='logout.php'");
} else {
$_SESSION['created'] = time();
}
As per your need you have to check the session each seconds once session is valid or not in server side so do something like this.
1) Created a javascript and ajax for checking a session is expired or not in server side each seconds once
2) session.php page to check the valid session or not
3) Then return the 1 or -1 based on that trigger the location.reload() function it automatically moved to logout.php because your top condition become true now.
session.php
<?php
session_start();
if(!isset( $_SESSION['created'] ) || (time() - $_SESSION['created']) > 600) {
session_destroy();
echo "-1";
} else {
echo "1";
}
?>
Paste this javascript in each and every page
Java Script :
<script type="text/javascript">
function session_checking()
{
$.post( "session.php", function( data ) {
if(data == "-1")
{
alert("Your session has been expired!");
location.reload();
}
});
}
var validateSession = setInterval(session_checking, 1000);
</script>
This code should be each page top
if(!isset( $_SESSION['created'] ) || (time() - $_SESSION['created']) > 600) {
header("Refresh: 1;url=logout.php");
} else {
$_SESSION['created'] = time();
}
Spent ages going crazy over the simplest PHP If Statement; this time-based Redirect:
<?php
$time = date("Hi");
if ($time < "1400") {
header("Location: http://eurogamer.net");
}
else {
header("Location: http://ign.com");
}
?>
For AGES (I'm fairly new to PHP...) I couldn't figure out why the redirect worked, but wouldn't update to the new URL after 1400. Then I tested on another device and it DID work, but on both, it seems to store the redirect that people see when they're first directed to the PHP file, then send them there everytime.
As the plan here is to direct people to a different sign-up page depending on time of day, that's a problem if people revisit the page and get directed to an older sign up page that no longer works...
Is there a way to enforce the rules of this bit of code EVERY time they visit, or am I stuck here?
SOLVED: Switching the redirect from the PHP Header Function to Javascript seems to have solved the issue!
<?php
$time = date("Hi");
if ($time < "1400") {
echo "<script type='text/javascript'>window.location.href = 'http://eurogamer.net';</script>";
die();
}
else {
echo "<script type='text/javascript'>window.location.href = 'http://ign.com';</script>";
die();
}
?>
I think you should send this as a 307 redirect (temporary) to ensure that browser cache did interfere:
<?php
$time = date("Hi");
if ($time < "1400") {
header("HTTP/1.1 307 Temporary Redirect");
header("Location: http://eurogamer.net");
}
else {
header("HTTP/1.1 307 Temporary Redirect");
header("Location: http://ign.com");
}
?>
Also - to test it, try clearing all your browser cache before.
On using header(Location:) for redirection use die() or exit() after that.
if ($time < "1400") {
header("Location: http://eurogamer.net");
die();
}
else {
header("Location: http://ign.com");
die();
}
Refer
Php header location redirect not working
I need a session timeout for my website.
My current code works when I add it in all functions on all my controllers.
Is there a way to write it only once and include it to all of the controllers?
-in config file with URL & Session check or so?
My code which works:
if(isset($_SESSION['timeout']) && $_SESSION['timeout'] + 4 < time()) //4 seconds
{
session_destroy();
echo "<script>
alert('Session Timed Out.');
</script>";
?> <script> window.location ="<?php echo URL;?>"; </script> <?php
}
$_SESSION['timeout'] = time();
The above code works when I add this in all functions on all my controllers.
But I need a single page code.
You need to start the session before you could destroy it
use the following code in your config file
session_start();
if(isset($_SESSION['timeout']) && $_SESSION['timeout'] + 4 < time()) //4 seconds
{
session_destroy();
echo "<script>
alert('Session Timed Out.');
</script>";
?> <script> window.location ="<?php echo URL;?>"; </script> <?php
}
$_SESSION['timeout'] = time();
and delete session_start from your controller files. It should work, I tested it on my localhost
Edit
To exclude login page use the following code
assuming that your login page url contains "login", modify $string as per your login page url
$string = "login";
$url = $_SERVER['REQUEST_URI'];
session_start();
if(isset($_SESSION['timeout']) && $_SESSION['timeout'] + 4 < time() && !strpos($url, $string)) //4 seconds
{
session_destroy();
echo "<script>
alert('Session Timed Out.');
</script>";
?> <script> window.location ="<?php echo URL;?>"; </script> <?php
}
$_SESSION['timeout'] = time();
place this code in common or config php file
<?php
if ($_SESSION['timeout'] + 10 * 60 < time()) {
// session timed out
} else {
// session ok
}
?>
You can set session parameters with
session_set_cookie_params http://php.net/manual/en/function.session-set-cookie-params.php
Here is my code
<?php
if (!isset($_SESSION)) { session_start(); }
if (!isset($_SESSION['username'])) { header("Location: index.php"); }
ob_start();
if($_POST) {
$id = $_POST['book_id'];
$command = $_POST['command'];
$sourcePage = $_POST['source'];
} else if ($_GET){
$command = $_GET['command'];
$sourcePage = $_GET['source'];
$id = $_GET['book_id'];
} else {
header("Location: index.php");
}
// if command is 2 then show cart content
if($command == 2) {
showCart();
// if command is 1 then add book to cart
} else if($command == 1) {
addToCart($id);
header("Location: $sourcePage");
// if command is 0, then remove book from cart
} else if($command == 0) {
deleteFromCart($id);
header("Location: $sourcePage");
} else if(!isset($command)){
header("Location: index.php");
}
ob_flush();
?>
Why is it that even if I'm not logged in, I'm not redirected?
is it possible that the page is simply refreshing under the condition that $_POST or $_GET exists, falling into one of the later header("Location: ...") commands?
If so, you'd want to fix the problem by adding a die();
if (!isset($_SESSION['username'])) { header("Location: index.php"); die(); }
Using exit() or die functions may fix the problem. But there is only very very limited amount of situations where actually need to use one of these functions.
I think you can enhance if else conditions by putting some more conditions. But this will increase your lines of code.
From my experience, every time there is redirect via headers, its following connected code tends to execute.
For example : if you have an else/else if along with an if(which has the redirect code) then they will also be executed and the redirect never happens. However if you break up the conditions into individual ifs then after entering one if if a redirect is present such that there is no succeeding code after that header code in the if then the redirect will happen.
Better to use die()/exit() all over to avoid discrepancies.