I've read quite a few solutions on the web, but none really works for me. So Coming back to Stackoverflow:
The Issue is as following: My session gets created, it get's passed trough the pages, and it is usually still running if uploading a picture or changing information via AJAX. But sometimes, and that's not something I can reproduce - It just changes the Session ID as soon a picture is uploaded - I just get a new Session ID on the upload script - meaning if i browse trough the page it's the old ID but the picture of course won't get saved as it's a new session_id - and what's even more funny this one will stay the same for picture uploads until it's destroyed! So in fact I'll have 2 session_id's for the same session.
I am getting unpatient so it would be really nice if somebody had a clue for me. Of course session_start is executed at the top of every page ;).
I am doing quite a few unneccesary mistakes since a couple of weeks.. Oh well of course there was nothing wrong with the code as it was... The mistake was on my side as of I forget that flash doesn't pass anything if not told to.
And as I use the swfuploader libary, oh well I think you can imagine the rest.
Don't ever forget to pass your session id if using flash!
Related
I know there is a ready to use API for facebook, but since I last tried the API they change to much, now you need permissions an checks for everything you want to do ...
This project is only for personal usage, therefore I don't care about give my facebook password.
My goal is to make an comment to an picture on a facebook page, in this test aviciis
I created my first git repo https://github.com/fritz-net/facebook-AntiAPI because i have 4 files. For login etc. I hope this messy testing code is readable
The problem is that facebook shows an error that something happened (no acces, wrong page, out of date,... - German stuff),... even though the http headers are the same and the post data too. There is no point why facebook should not save this comment like any other. The login also worked well.
I'm using the mobile version because with the ajax/json version i had no real success either.
I hope I forget nothing about my problem in my tiredness. I tried to find other code from people who had done this, but everyone uses the api and I also tried to solve the problem myself for the last 6 hours (from about 02am till now 8) please excuse my bad English writing, dirty code and missing things
Maybe someone can give me a hint, good night
It turned out that solution was very easy.
in the api.class.php there is a regex where I read out the form action, I added the following $action = str_replace("&", "&", $action); and everything worked.
The problem where the html entities in the action url of the form
EDIT: I committed the changes to github for anyone interested
I am helping develop a web application for one of the departments in the company I work for.
I was asked to look into a way to log off every user that might be on the application at once, so that if updates to the Web App are pushed out, people aren't working with an old version of it.
My problem is that as I am not very savvy with PHP, JQuery, AJAX, etc. which is what we're using, I have not known exactly what to look for.
We have a timer script running every couple seconds in the background, so I was thinking that I could add an admin button that updated a field in the database which this script could check every so often, and if the field was set, the logoff script could be executed. But this seems like a hack to work around the issue.
The guy I'm working with suggested I look into custom SESSION handlers.
What do you guys think? Any ideas?
Any help would be appreciated. Even if it's an idea on what to start searching for.
Thanks in advance!
EDIT: I should mention that this is a one-page web app. The user is not following any links or leaving the page.
Make an entry for logged in users in your database of choice, maybe memcached if performance is a criteria.
Use a custom Session save handler which stores the sessions in database or file. When you want to destroy all sessions, you can clear the storage (be it database, or file).
Start from - http://php.net/manual/en/function.session-set-save-handler.php
What I ended up doing was the following:
I added a field into one of out database tables and checked its value every time our browser tick came through (about every minute or so). If the field is set when the tick comes through, their page is refreshed, thus logging them off the application and destroying their session (We destroy the session when someone leaves the page).
The users cannot log back in until that field has been reverted to '0'
The admin account can change that field with the click of a button. Therefore their field in the database remains as a '0'
It might be kind of a hack, but it's what I could come up with even after everyone's help. The only issue is that it takes a bit to log everyone off. Problems of pulling vs pushing I guess.
And yes, an email will be sent out some time before logging everyone off so they don't lose work.
Thank you all for your help!
so I've hit a potential problem in my site....it's a post-based system, with the posts being in text files. Uses some Javascript and a lot of PHP.
When you make a submission on the form on the homepage, you are sent to a page where data is posted and processed, but you don't see it because you get redirected back. Then the homepage is changed based on what the post you made says. All that was working fine.
But now I'm trying to add a new feature that modifies the post you made, based on a button you hit which submits a hidden form using javascript, and sends to another process and redirect page you don't see, and it works fine until the block that I realized today. I don't know how to specify that the post being altered is the right one.
I anticipate a good amount of users of this site, so my concern is what if user X makes a post while user Y is making a post, and the post of user X becomes the top post, so user Y's options actually change user X's post.....
I was thinking of adding to the main processing page (the one that happens when you first submit) a COOKIE or something that would make note of the number of the line that post will become, by counting the number of the lines in that file at the time and adding 1 to it. Then checking it against the user's number (each user has a number) to see if it's that user's most recent post....but the problem is I don't know how I would pass that value around to be read in the next page.
Setting a COOKIE is out I think because the page both redirects, AND reads and writes to files. The only output to the page though are currently var_dumps.
POST/GET is out because to my knowledge the user would have to do SOMETHING to submit it, and the user's not even going to see the page.
Writing to a file would be messy if lots of users are trying to get their own data.
I think what I may be looking for is SESSION variables...but I don't know anything about those except that they're used to login to pages, and this site has no login.
To make things more fun, when a user posts the same content within a minute of another user, the first user's post is replaced and it gets a little +1 next to it...which makes it harder to check it against the user's number....
AND in the end I'm trying to use AJAX (which I dont know yet) to make the updates in real-time...now THAT is going to suck. But for now I'm worried about my static little site.
Baby steps.
Any ideas how to go about this??
Use Session variables, just as you have alluded. They aren't just used by login pages, they are used by everything. Sessions are the equivalent of server-side cookies / server-side storage, so you don't have to worry (as much) about your users tampering with them.
If you want to make life more difficult for yourself, you can json encode your variables and store them as an object in a database or even flat text file. But really, read up on sessions.
All you need to know is session_start(); before anything else then $_SESSION['var']=$yourvar; to save data and $_SESSION['yourvar'] to retrieve it later (such as on another page).
I've been working on a website which contains alot of links. I want to protect those links from bots/crawlers by implementing a CAPTCHA. I've tried reCAPTCHA by Google but it doesn't suit my needs(complex specially when it comes to people who are poor in English :P) plus I just want to stop the new programmers or crawlers, I know it can easily be broken by experienced programmers. So I searched and found this one to be good.
http://www.hardcode.nl/subcategory_4/article_243-simple-php-captcha-script.htm
Downloaded it and its working like a charm but my problem is :
1. I can see the index.html files checks the entered code and if correct redirects to write.php where session is created and output is shown. I want this to be done on the same page. Like when user enters correct code, he should be able to view the view the links on the same page to save bandwidth (I'll fetch them from mysql server)
2. This is more important one, since I don't know anything about php sessions and php.net tutorials are just too short or next to nothing, can this be done that whenever a user input correct captcha once, he can see the links for rest of the time without captcha? And he will have to re-enter the captcha only when he closes the browser or after some interval like 10 minutes in case previous one can't be done.
Thank you
PS. I can use Javascript on my server but probably a php solution will be better since I'm also learning php
Use AJAX to pull the links and then replace the HTML in the page.
Store a variable in the session that determines whether or not they've entered a CAPTCHA, then just check that before deciding whether to show the CAPTCHA or the links.
So this is a pretty weird topic, but lets just say I made a big mistake while building a site. There is an application form on my website and people basically fill up the form and their entry gets saved in the database. Now how it is supposed to work is that the form is supposed to post to a page that catches the form fields and stores it in the database. However, I forgot to put the file under action. So basically the form has been posting to itself. Bummer. So based on analytics there were about 100 applicants on my site on that day which means that about 100 applicants are lost as the form was posted to just the page itself and not to the page that was supposed to catch form fields.
So is there a way, any way to get those applicants back?
Thanks
The only book I can think of that could possibly help is this: http://www.amazon.com/Build-Time-Machine-Paul-Davies/dp/0142001864
I hate to have to say it, but NO.
Unless you had the form input being recorded in a database, logfile, or other persistent storage, it's lost.
No.
You did not store the data, so it is gone.
Depending on what you are using I would check the logs. I'm not 100% on this but you maybe able to see some errors in there.
If not I think you are out of luck.
In some pretty weird cases you can find some data in your server access log file.
It doesnt hurt to check.