I have a login page that sets a $_SESSION['usertype'] when I log in. I have a separate PHP file that contains a menu that loads on the side. That file is loaded on every PHP file through
<?php include('menu.php') ?>
But when I check for $_SESSION['usertype'] in menu.php, it is not set.
Why is this?
Just checking whether you're using session_start() before you include the file which needs to access $_SESSION['usertype']?
Have a check through this tutorial.
Do you have session_start() at the top of menu.php or before the include of menu.php?
Related
Quick question here. How can I make sure that a user can view a HTML page only if they are logged in (using PHP). I understand that I must use $_SESSION to state whether the user is logged in, but how should I check on an HTML page if the user is logged in if all I am using is HTML code?
I read up that an option is to change the .htacess file to allow PHP in an HTML file? If so, where can I find the .htaccess file on the WWW stream? (I am using FileZilla and cannot seem to find it).
Basically, I do not want a user to access a URL page (even if they have the URL link) without being logged in.
Thanks!
I agree with Kalmanation's comment.
I prefer to make a separate page (API) that contains code LIKE below at bottom which checks the $_SESSION variable. Then, as already stated, change your html pages to php and at the top of each page use an 'include' or 'require' statement. If the file containing the code below was named logincheck.php, all other pages (now php instead of html) might use:
<?php
include 'logincheck.php'
?>
<?php
if(!$_SESSION['logged_in'] || isset($_POST['LogOut'])) {
$_SESSION['logged_in']=FALSE;
session_unset();
session_destroy();
if(isset($_COOKIE[session_name()])){
setcookie(session_name(), '', time()-360000, '/');
}
session_regenerate_id(TRUE);
header('Location: login.php');
exit();
}
?>
Also check out which is best for your application: require, require_once, include, include_once.
http://php.net/manual/en/function.include.php
I have catalog named "scripts"(PATH: /home/olo/www/site/scripts). In this catalog i have file called "login.php". This file create SESSION after user login. I have file called "index.php"(PATH: /home/olo/www/site). My SESSIONS created in "scripts" don't work in "index.php". It showed me, that SESSION isn't set. Can anybody help me ? Thanks a lot.
You must start session in every page after login
try to add this code at the top of your index.php file
<?php
session_start();
?>
Your session isn't restored. You'll have to call session_start()
See: PHP docs
session_start() creates a session or resumes the current one based on a session identifier passed via a GET or POST request, or passed via a cookie.
I have 2 folders/directories:
login/helper.php
dashboard/index.php
I have set a session in helper.php in the login folder. I am trying to retrieve a session on the index page in the dashboard folder. Somehow i cannot retrieve the session in another folder or a parent directory.
Here is the Code on the login/helper.php
session_start();
$_SESSION['userID'] = $checklogin['userID'];
Here is the code on the dashboard/index.php
echo $_SESSION['userID'];
Is there a way to make a session available in a parent directory and all it's folders?
Kind Regards
Just start the session again in dashboard/index.php:
session_start();
echo $_SESSION['userID'];
In your case looks like you need to add session_start() at the starting of your file.
But as per coding standards I would suggest to put that session_start() in a common file and may be try to include that file in your all pages, that way you don't need to include session_start(0) everywhere.
I have problem with session. I create a different Session file with name Session.php & want to include this file in each page of website to manage session. can it work? suggest me please I am a fresher and working first time woth session .
my session.php file is as follow
<?php include("lib/config.php");
function start_session() {
$_SESSION['userid']=$rows[0];
$_SESSION['first_name']=$rows[2];
$_SESSION['last_name']=$rows[3];
$_SESSION['user_email']=$rows[4];
$_SESSION['user_password']=$rows[5];
$_SESSION['user_gen']=$rows[6];
$_SESSION['user_contact']=$rows[7];
$_SESSION['picture']="profile/".$rows_pic[0];
$user_id=$_SESSION['userid'];
$fnam=$_SESSION['first_name'];
$lnam=$_SESSION['last_name'];
$email=$_SESSION['user_email'];
$pic_ed=$_SESSION['picture'];
}
function destroy() {
session_destroy();
}
?>
You need to include session_start() at the top of your file then your function will surely work.
1) You have used $rows in function, what is that variable?
2) yes, you can include that file in all pages, but better you create session.php under lib folder and include that file in lib/config.php. So you just need to include config.php in all pages.
3) You need session_start() at very top most code of your php file.
What is the use of creating session.php file?
You can access session like that:
#session_start();
if you want to write new session than use like that $_SESSION['MySession'] = 'XYZ';
Accessing Session echo $_SESSION['MySession'];
You can access session $_SESSION['MySession'] on every page but you need to include #session_start() at the top of every php file.
Is it not mandatory to use session_start() before using any session variables in PHP?
I tried the following piece of code without declaring session_start() at the beginning, it worked fine.
So, now I'm confused. Please help !!!!
Also, I did not use any $_POST or $_GET to pass $uname to home.php, but still how does it work? If we use include 'home.php' then does it treat login.php and home.php as same page?
// code login.php//
<?
require_once 'db_connect.php';
if (isset($_SESSION ['user_id']) && !empty($_SESSION ['user_id']))
{
$u_name = $_SESSION['user_name'];
include 'home.php';
}
else
{
//some stmt
}
?>
/*******home.php file ****/
<?php
require_once 'dbconnect.php';
$_SESSION['username'] = $u_name;
//echo $_SESSION['username'];
//blah blah
?>
You definitely need it, if session.autostart is not set in php.ini. But you would probably know that then.
Do you not call it in db_connect.php? Also, I'm pretty sure you wouldn't get any errors, the session would just be empty.
If you include a file via php, Session keeps active (as any others variables set too). If you would access this file as new request, you would need to set session_start().
This behaviour is because include and require act like moving the code of the included file into the current one, as you would have typed the code into one single file.
Plus: you don't need to require dbconnect.php twice.
edit: you asked about both files used as the same page - the page is the output given after the whole php code is done. The page itself doesn't care about how many files internally are used for generating it.
Use the session_start () is obligatory for every session in php. Being passed through a variable values is not necessary to make POST or GET the same, since there is already the case the value increment. If not ouver value in the same session is null or blank, if you open the page in the same way the condition is wrong.
(!Isset($_SESSION ['user_id']) &&!Is_Null($_SESSION['user_id']))
isset to check if empty this need! before, IF(!isset($_SESSION['user_id']) and in the second case would be to check if it is not null and void, for a session either exists or does not exist and if a value is set inesistente is null. So correct view is this: is_null($_SESSION ['user_id'])
Importantly, in the login page does not include but redirect to the page. in the case with a header.
Or could do everything in a single page, but it would not be legal to display on a page called login page. The default would be the index, ie if the login stay within a folder, you place it inside the index page and the address of the folder.
The reason for the session can still open is that sometimes the webserver does not realize that erased part of the code and loads of it from the system cache.