After validating user input and storing login credentials I start a session by calling session::start and then reload the index.php file by calling general::reload. The I use session::is_start() to determine which page to load from the index file.
I don't think this is working correctly as I always get the same page loaded - b1e.htm.
My concern is that my static class session does not maintain its value between the AJAX/PHP call and the reload index.php call.
Similar posting - here
index.php
include 'b2.php';
if(session::is_start())
{
include 'b2e.htm'; // user is logged in
}
else
{
include 'b1e.htm'; // user is not logged it
}
Snippet - session:start() and session::is_start();
class session
{
protected static $ses_id ="";
public static function start()
{
self::$ses_id = session_start();
}
public static function is_start()
{
return self::$ses_id;
}
public static function finish()
{
self::$ses_id = 0;
$_SESSION=array();
if (session_id() != "" || isset($_COOKIE[session_name()]))
{
setcookie(session_name(), '', time()-2592000, '/');
}
session_destroy();
}
}
Snippet - general::reload()
class general
{
public static function reload()
{
$uri = 'http://';
$uri .= $_SERVER['HTTP_HOST'];
header('Location: '.$uri.'/host_name');
}
You can encapsulate and consolidate session functionality, but you can not fully monitor sessions with a class as php user code is stateless (even when using static keyword)...i.e. it will depend upon SESSION to retain state.
You need to call your session_start(); to actually start the session on each page.
Related
I am trying to create a login controller for my website ... in terms of keeping people logged in I've decided to use sessions.
I am currently attempting to create a class that can be referenced when I include the controller file of the sessions. This will allow me to create, authenticate (delete) and update sessions.
<?php
class Session {
static function start($name, $value) {
session_start();
$_SESSION[$name] = $value;
$_SESSION['EXPIRE'] = time() + 10;
}
// checking for expire
static function auth() {
if (isset($_SESSION['EXPIRE']) && $_SESSION['EXPIRE'] < time()) {
$_SESSION = array();
session_destroy();
}
}
static function update($time = 20) {
if (isset($_SESSION['EXPIRE'])) {
$_SESSION['EXPIRE'] = time() + $time;
session_regenerate_id(false);
}
}
}
Currently it does not set sessions properly. When I try to call the sessions on pages once I set them it does not fetch properly.
The session isn't expiring before I call it because I never call the function that expires it inside the class on the document.
You can't call your Session class as you need to include session_start() and you are only having this in the start method.
Option 1: You would have to call session_start() in each page where you want to deal with sessions
Option 2: Add a function to your class and call it after your class is created and add in there session_start() so wherever you include the Session Class session_start would already been initialized
Example:
Sessions.php
class Session {
static function init(){
session_start();
}
//rest of your methods...
}
//initialize it
Session::init();
page-that-uses-session.php
include('Sessions.php');
Session::update();
Better set php session timeout variable in php.ini or from ini_set() function and don't create own $_SESSION['expire'] variable; You can regenerate_session_id() each time when user sent request; Better test user ip address in session. In most projects you have one page on server or only your own pages.
Set user id in session:
$_SESSION['userid'] = $loggoed_id_from_db;
// and test
if((int)$_SESSION['userid'] == 0){
header('Location: logout.php');
exit;
}else{
if(empty($_SESSION['ip'])){
$_SESSION['ip'] = $_SERVER['REMOTE_ADDR'];
}else{
if($_SESSION['ip'] != $_SERVER['REMOTE_ADDR']){
header('Location: logout.php');
exit;
}
}
}
And probably you don't start session from class!
Okay, so this is what I do:
I go to www.mywebsite.com/orders?id=1
It redirects be to login before proceeding.
I log in successfully but it redirects to www.mywebsite.com/orders.
If I am already logged in and go directly using GET method, it works fine. But if I am asked to login, the GET method disappears.
How do I preserve ?id=1?
Before redirecting the user back to the login page store the current page (the requested page) in a session variable. Assuming you have a function called check_login this would more or less look like what you should do:
public function check_login() {
if (!$this->session->has_userdata('logged_in') || $this->session->logged_in !== true) {
if (!empty($_SERVER['QUERY_STRING'])) {
$uri = uri_string() . '?' . $_SERVER['QUERY_STRING'];
} else {
$uri = uri_string();
}
$this->session->set_userdata('redirect', $uri);
redirect('/auth/login');
}
}
Then when the user successfully logs in your login function should somewhere have the following logic:
public function login() {
// form validation
// get post vars
// check username/pwd against db
if ($login) {
if ($this->session->has_userdata('redirect')) {
redirect($this->session->redirect);
} else {
redirect('/dashboard');
}
} else {
// error logging in
}
}
session variable could store the id.While log in using session pass the id value.You can retrive the value anywhere in session.
$this->load->library('session');
$this->session->set_userdata('userId', 'YourId');
where userId would be the name of the session variable, and YourId would be the value.
Simply Use this
redirect($_SERVER['HTTP_REFERER']);
The session I set is lost after the form is submitted.
I had built the session class to set new session, unset and so on. In function.php of wordpress template.
function.php
if (!session_id()) {
session_start();
}
include get_template_directory() . "/custom/session.php";
Session.php
class session {
function __construct() {
}
function set_flashdata($name, $value) {
$_SESSION[$name] = $value;
}
function flashdata($name) {
if (isset($_SESSION[$name])) {
$str = $_SESSION[$name];
return $str;
} else {
return FALSE;
}
}
function userdata($name) {
if (isset($_SESSION[$name])) {
return $_SESSION[$name];
} else {
return FALSE;
}
}
function set_userdata($name, $value) {
$_SESSION[$name] = $value;
}
function unset_userdata($name) {
if (isset($_SESSION[$name])) {
unset($_SESSION[$name]);
}
}
}
I try to set session as :
<?php
$sess = new session();
$sess->set_userdata('sess_name',"some value");
?>
<form action="get_permalink(212);">
//input buttons
</form>
After submit the form it goes to the permalink(212). Then I tried.
<?php
$sess = new session();
$value = $sess->userdata('sess_name');
var_dump($value); //returns false. That means session is lost after form submit. Why?
?>
You need to move session start/resume into your Session's constructor.
Like so:
class session
{
function __construct()
{
if (! session_id()) {
session_start();
}
}
Another thing to mention, every time you'll do new Session you'll be getting an object of the same functionality working with same global variable $_SESSION.
You don't need more than one $session object, it would be a good time to look into Singleton pattern.
You have to call always session_start() for each request.
The mission of session_start() is:
Creates a new session
Restart an existing session
That means, if you have created a session, and you don't call to the method session_start(), the variable $_SESSION is not going to be fulfilled.
Except: If in your php.ini you have set the option session.auto_start to 1, then, in that case it is not needed to call the session_start() because the variable $_SESSION is fulfilled implicitly.
You need to use wordpress global variable for condition that session is set or not something like :
global $session;
if (!session_id()) {
session_start();
}
include get_template_directory() . "/custom/session.php";
It might be due to www. at the start of your website domain. Make sure that both of pages use the same structure.
Also I faced with the same issue long time ago when the form sends the data to a secured address (https://)
I hope these two items may help you.
Sounds to me like session_start() is not set at the start of the page that get_permalink(212;) refers to.
I have almost no experience with WP itself though, so I might misunderstand the functionality of get_permalink()
I agree with the answer from #rock3t to initialize session in constructor of class, but every time a class object is initiated, it will go to check for session!
Instead, if you are fine, the simplest way to get access to session is by adding following lines to your wp-config.php file before the call to wp-settings
if (!session_id())
session_start();
This will set/initialize session globally and you won't need to set/check for session_start in constructor of a class.
Thank you.
I am working on a school project where I need my .php pages communicating. I have header.php where I set connection to the database and start the session. In order to start the session only once, I've used this:
if(session_id() == '') {
session_start();
}
PHP version is PHP 5.3.10-1 ubuntu3.18 with Suhosin-Patch (cli)
I am trying to pass some $_SESSION variables between pages, but they keep being unset when I try to use them on a page that doesn't set them.
I see many people have complained about this, but I still can't find the solution.
login-form.php
<?php
if (isset($_SESSION["login-error"])) {
echo '<p>'.$_SESSION["login-error"].'</p>';
}
?>
login.php
$_SESSION["login-error"]= "Username or password incorrect";
There is a code snippet of what is not working for me.
Thanks
You can try this.
In your function file put this
function is_session_started()
{
if ( php_sapi_name() !== 'cli' ) {
if ( version_compare(phpversion(), '5.4.0', '>=') ) {
return session_status() === PHP_SESSION_ACTIVE ? TRUE : FALSE;
} else {
return session_id() === '' ? FALSE : TRUE;
}
}
return FALSE;
}
Then you can run this in every page you want session started
if ( is_session_started() === FALSE ) session_start();
With this I think you should be good to go on starting your session across pages. Next is to ensure you set a session to a value. If you are not sure what is unsetting your sessions you can try var_dump($_SESSION) at different parts of your code so you be sure at what point it resets then know how to deal with it.
The variables are probable not set, because you haven't activate the session variables with session_start().
session_id() == '' is not a correct conditional . Use instead:
if (!isset($_SESSION)) { session_start();}
if you have session started then you can set a session variable
if (!isset($_SESSION["login-error"])) { $_SESSION["login-error"]= "Username or password incorrect";}
Before you call $_SESSION["login-error"], type session_start(), just for testing, to find when the session signal is missing. You said
PHP $_SESSION variables are not being passed between pages
session_start() and SESSION variables needs to be included at the beginning of EVERY page or at the place where SESSION variables are being called (through a common file, bootstrap, config or sth) at the beginning of EVERY page. ie the command to read those data from the server is needed.
Since my header.php file included "connection.php" file, I put
session_start();
at the beginning of connection.php and deleted it from header.php file. Now it works fine. Thanks all for your help!
PHP sessions rely on components of HTTP, like Cookies and GET variables, which are clearly not available when you're calling a script via the CLI. You could try faking entries in the PHP superglobals, but that is wholly inadvisable. Instead, implement a basic cache yourself.
<?php
class MyCache implements ArrayAccess {
protected $cacheDir, $cacheKey, $cacheFile, $cache;
public function __construct($cacheDir, $cacheKey) {
if( ! is_dir($cacheDir) ) { throw new Exception('Cache directory does not exist: '.$cacheDir); }
$this->cacheDir = $cacheDir;
$this->cacheKey = $cacheKey;
$this->cacheFile = $this->cacheDir . md5($this->cacheKey) . '.cache';
// get the cache if there already is one
if( file_exists($this->cacheFile) ) {
$this->cache = unserialize(file_get_contents($this->cacheFile));
} else {
$this->cache = [];
}
}
// save the cache when the object is destructed
public function __destruct() {
file_put_contents($this->cacheFile, serialize($this->cache));
}
// ArrayAccess functions
public function offsetExists($offset) { return isset($this->cache[$offset]); }
public function offsetGet($offset) { return $this->cache[$offset]; }
public function offsetSet($offset, $value) { $this->cache[$offset] = $value; }
public function offsetUnset($offset) { unset($this->cache[$offset]); }
}
$username = exec('whoami');
$c = new MyCache('./cache/', $username);
if( isset($c['foo']) ) {
printf("Foo is: %s\n", $c['foo']);
} else {
$c['foo'] = md5(rand());
printf("Set Foo to %s", $c['foo']);
}
Example runs:
# php cache.php
Set Foo to e4be2bd956fd81f3c78b621c2f4bed47
# php cache.php
Foo is: e4be2bd956fd81f3c78b621c2f4bed47
This is pretty much all PHP's sessions do, except a random cache key is generated [aka PHPSESSID] and is set as a cookie, and the cache directory is session.save_path from php.ini.
I have 2 php websites in the same machine. The first site (a legacy system) has a basic auth: checks if is set $_SESSION['user_id']. I'm working in the second site (a Kohana 3.1 based) that will extends the funcionalities of the first one.
Both sites will link each other, so I need to share the session between those systems. Both sites use the same Database. Users will login in the first site.
In my site I have a code that detects the $_SESSION['user_id'] of the first one, but I'm having problems retaining the session with the Kohana-Auth module.
The first site (the legacy one) checks the session like this:
<?php
session_start();
if(empty($_SESSION['user_id']))header("Location: index.php?action=3");
... //more dark code
this is in all php files... a lot of files.
In my Kohana site I have a controller that before any action checks the session.
<?php
class My_Controller extends Controller_Template {
public function before() {
session_start();
$this->auth = Auth::instance();
if ($this->auth->logged_in()) {
//I have session in the second site... Do I have a session on the first one?
if (!isset($_SESSION['user_id']) || $_SESSION['user_id'] == "") {
//I have no session in the first site... I logout the user in my site
$controller = Request::current()->controller();
if ($controller != 'auth') {
Request::current()->redirect('auth/logout');
}
}
$this->user = ORM::factory('user', $this->auth->get_user()->id);
} else {
//I have no session in the second site... Do I have a session on the first one?
$user_id = isset($_SESSION['user_id']) ? $_SESSION['user_id'] : null;
if (isset($user_id)) {
$user = Model_User::get_user($user_id);
if ($user->loaded()) {
//I have session in the first site... I login the user in my site
$this->auth->force_login($user);
$this->user = ORM::factory('user', $this->auth->get_user()->id);
}
}
if (!$this->auth->logged_in()) {
//I still have no session => redirect to login of the first site
//Request::current()->redirect(...);
echo Debug::vars("BUUUU");
}
}
}
}
This code is near to work: I can go from one site to the other and the user is detected... but I realised that when the user navegates between the differents actions inside my Kohana site, the "logins" couter of the Users table increases.
That means that before any action the "$this->auth->logged_in()" is FALSE... and this means that the Auth module do not retains my user between actions and do the force-login every time.
I don't know what can I do.
I want detect the session form the first site, but I don't want to login this user in every click.
I found the answer!!
In Kohana 3.1, the Kohana_Session class has a default value of the cookie.
/**
* #var string cookie name
*/
protected $_name = 'session';
That value didn't match with the default name of the PHP session: "PHPSESSID".
And that value is modified by creating a config file called "session.php" in the config directory. So I created a config/session.php like this:
<?php defined('SYSPATH') or die('No direct script access.');
return array(
'native' => array(
'name' => 'PHPSESSID',
)
);
And my final controller was something like this:
<?php
class My_Controller extends Controller_Template {
public function before() {
$this->auth = Auth::instance();
if ($this->auth->logged_in()) {
//I have session in the second site... Do I have a session on the first one?
$user_id = Session::instance()->get('user_id');
if (!isset($user_id) || $user_id == "") {
//I have no session in the first site... I logout the user in my site
$controller = Request::current()->controller();
if ($controller != 'auth') {
Request::current()->redirect('auth/logout');
}
}
$this->user = ORM::factory('user', $this->auth->get_user()->id);
} else {
//I have no session in the second site... Do I have a session on the first one?
$user_id = Session::instance()->get('user_id');
if (isset($user_id) && $user_id != "") {
$user = Model_User::get_user($user_id);
if ($user->loaded()) {
//I have session in the first site... I login the user in my site
$this->auth->force_login($user);
$this->user = ORM::factory('user', $this->auth->get_user()->id);
}
}
if (!$this->auth->logged_in()) {
//I still have no session => redirect to login of the first site
//Request::current()->redirect(...);
echo Debug::vars("BUUUU");
}
}
}
}
that's all...