I have a simple PHP upload script that is called from my Flash App. I am sure it makes the call because it actually uploads the file!
session_start();
$default_path = 'files/';
$target_path = ($_POST['dir']) ? $_POST['dir'] : $default_path;
if(!file_exists($target_path)) mkdir($target_path, 0777, true);
$destination = $target_path . basename( $_FILES[ 'Filedata' ][ 'name' ] );
$file_name = rand(1,9999).$_FILES[ 'Filedata' ][ 'name' ];
if(move_uploaded_file($_FILES[ 'Filedata' ][ 'tmp_name' ], $destination)){
$_SESSION['path'] = 'flashuploader_online/upload/'.$destination;
}
However, I try to use the session variable "path" in another script but it gives me an empty value! Yes, I have made sure to use session_start.
Am I missing something?
Update
At least now I know what the problem is! But I am not sure how to solve it without it getting messy to pass across session variables. Any ideas?
You are going to have to persist the session_id across all requests by passing it as a variable. I promise it won't get too messy! There are a couple changes you will need to make to the page that displays the flash as well as the script it posts to. You will also need to make a slight change to the Flash application itself, so that it can include the session ID when it uploads the file to the server.
First, you will want to provide flash with the session ID by including it with FlashVars. You're going to need the page that is displaying the flash to be preprocessed with PHP, or it will not be possible to persist a session. Make sure you call session_start() in the page that outputs the Flash. You'll end up with something like this:
<object classid="clsid:(blah)" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=9,0,28,0" width="800" height="800" id="ZoomifyHotspotViewer">
<param name="flashvars" value="phpsessionid=<? print session_id(); ?>">
<param name="src" value="YourSWF.swf">
<embed flashvars="phpsessionid=<? print session_id(); ?>" src="YourSWF.swf" pluginspage="http://www.adobe.com/go/getflashplayer" type="application/x-shockwave-flash" width="800" height="800" name="YourSWF"></embed>
</object>
This part in particular is what needs to be added, in both the param and embed tags:
phpsessionid=<? print session_id(); ?>
Then, in your Flash app when you make the request, you will now have access to the session id in the variable 'phpsessionid'. You need to include the value in the POST variable named PHPSESSID (all caps) - include it however you are including your other variables such as the 'dir' variable you make use of.
Including that variable will ensure that when you call session_start() on the next page, the session will be restored instead of a new session being started. There are a couple configuration cases where this doesn't happen automatically. If that turns out to be the case for you (i.e. the session id is still different on the next page), you need to do the following in the page that processes the upload:
session_id($_POST['PHPSESSID']);
session_start();
This will manually force PHP to renew the saved session with the specified ID. This shouldn't even be an issue you have to deal with, but if it is you may have to do something similar on the next page the user continues to as well, or add a general case to all pages:
if (isset($_REQUEST['PHPSESSID'])) {
session_id($_REQUEST['PHPSESSID']);
}
session_start();
Be sure that if you do end up needing to call session_id() in this way as a setter, that you do so before calling session_start().
Every time a web server provides you with a response ( a page, a graphic, etc. ) it has the opportunity to send your browser a cookie.
1) Each cookie is only sent back to the same web site as it came from in the first place
2) The "contents" of the cookie( the data it contains) can only be made up of whatever information the web server already knew anyway.
So your browser automatically send cookies in "Cookie" variable in HTTP header. You can read it with folowing command in PHP:
$headers = apache_request_headers();
echo $headers['Cookie'];
Server ( if session support enabled in PHP configuration ) automatically creates PHPSESSID ( you can modify variable name in configuration ) in a cookie and you can access it directly with above script ( you need to parse $headers in order to get PHPSESSID variable or any other cookie). I think there is no need to use flashvars, your browser automatically add Cookie variable in HTTP header.
Hope this helps !
Related
So in my HTML markup I have an image tag like this one:
<img src="image_generation.php" alt="template" id="image" />
And the 'src' attribute links to a PHP script that generates an image using a couple of variables defined there which are mostly randomly generated.
Now, what I want to be able to do is to access those random variables in the page which includes the image generation script. I suppose I could send cookies and access them after the image tag as they technically should be readily available to the including file. I don't want to send too much information, just a couple (10-20) variables. Not sure if in that case sessions would be a better choice, as I would have to send several cookies. Sessions also pose a problem as the including script gets the old session and I would have to refresh the page to obtain the values of the previously generated image. I suppose I could also set up a DB and access the DB in the including script, but the variables are temporary and I would have to delete them and that seems like a lot of fuss to me.
The image generation script finishes with:
header('Content-type: image/png');
imagepng($image);
imagedestroy($image);
And nothing can be sent to the browser before the header call or else the image won't be displayed. If I use cookies or sessions, the image_generation.php would have to send both the image and set the cookie(s)/session.
None of the options (cookies, sessions or DB) really convince me, as there are problems with each in this particular situation. Can you think of a way to solve this? Thanks.
MAJOR EDIT #1:
Including script gets session of previously generated image without refreshing / Setting cookie(s) and/or a session in included script before / after sending image without output buffering does not pose a problem.
You can use a $_SESSION, but to make the session available in the same script that included the <img> tag (which would have executed before the image script), you would need to make AJAX calls via JavaScript. An AJAX handler that runs at window.onload should have access to the $_SESSION created by the image script, since the image should have fully loaded when it executes.
Example PHP handler getsession.php:
header('Content-type: application/json');
// Simply part of the session into JSON
// Obviously you would want to limit this to only the variables
// that should be sent back, so you don't expose the session on the client side!
echo json_encode(array($_SESSION['var1'],$_SESSION['var2']));
exit();
Example AJAX call (using jQuery since it will be easy to get started with)
// Variable to hold the object returned by PHP
var imgPHPSession;
$(window).load(function() {
$.ajax({
url: 'getsession.php',
dataType: 'json',
success: function(data) {
imgPHPSession = data;
}
});
});
Update:
It can be done entirely in PHP, but would require changing your design a bit such that the variables necessary to generate the image are created in $_SESSION by the main script. They are then available in $_SESSION to image_generation.php to be used as needed, but are already known to the main script.
Update 2:
Since the image vars contain info about how it was created, if the image is not too large, you can actually create it in the main script and store it to disk. The image_generation.php script can still be used as the <img src>, but its purpose would then be to retrieve the correct image from disk and serve it back to the browser and delete it from disk when no longer needed. The $_SESSION is then available to both the main and image scripts.
You can pass you parameters to src attribute, for example:
<img src="image_generation.php/user/1/name/tom/param1/variable2"
or
<img src="image_generation.php?user=1&name=tom
this solution lets you forget about session, cookies - it's stateless
Php can do smart tricks with buffer by ob_* function, so at the beginning of your script you can call ob_start() to buffer every php output, it lets you avoid all 'Header already send' errors.
Your image_generation.php does not need to send any cookie. This script will receive cookie with sessionid (browser attach cookie information to every request to the server) what makes possible identify user session on php side - after that you have access to every session parameters.
I am using PHP and jQuery for an uploader. I am having a huge problem though and would like some input as to how best handle these two together.
I am using a PHP session variable that I am using to change the filename after the jquery uploader has finished. The jquery "url" is pointing to a PHP function that handles the actual upload. When I use the jquery uploader to upload an image, the session variable is never available. I'm assuming because the uploader itself is not using a session.
How can I resolve this issue? I need to have that session variable to change the filename.
EDIT: I am using jqUploader
Here is the code
function jqUploadPhoto( ){
$picSize = '50550500';
$picDir = '/photos';
$temp = $_FILES['uploadfile']['name'];
... substr()... convert old name to new name
$file = $_SESSION['name'].$ext; // This is set and can be echoed when this func is used from a browser. Not available in JQ
if (move_uploaded_file($_FILES['uploadfile']['tmp_name'], $file) == false){ // This dies because the filename isn't available.
echo 'NOTOK';
}
}
I had this issue with Uploadify.
The problem
Your browser makes a request to your site, the session is started and a cookie containing your session ID is set.
You then make an upload using Flash, note that Flash is not your browser and it acts as a new request. So a new session id is created and a new cookie is created, giving you two different sessions.
The solution
I got around this by setting the session id in the page, eg. in a hidden input and appening this session id to the request when Flash makes the upload. You need to detect this session id when you upload and set it using session_id() - http://php.net/manual/en/function.session-id.php . This will then replicate the session that the browser created.
Hope that helps.
I have a flash upload script, that uses a .php file as the processor. I need the processor file to set a cookie with a gallery ID that was created by php script, and pass it on to the confirmation page. Except when Flash runs the php file... it doesnt set the cookie. It does set the session variable, which was good enough, but now Im using lighttpd for the site (including the confirmation page) and apache for the actual uploader processor script (because lighttps sucks at uploading large files), so the session vars don't get transferred between the 2 server software.
How can I transfer a variable from the php processor (running on apache) to a confirmation page running lighttpd?
Well I would assume that it doesn't set a cookie as it was called by a flash script not a browser, and cookies are stored by the browser.
The only ways I can think of are a mysql database, or simply a text file.
Just thought of a second solution which is probably less efficient than Nico's but may be better suited to you. If the cookie being sent to Flash isn't being sent to the browser also, you could use Flash's ExternalInterface class to pass the contents of the cookie to a javascript function which would set the cookie in the browser. Or you could call a javascript function which will make an AJAX call to fetch the contents of the cookie.
Not sure if we're doing the same thing, but I had a similar problem, not being able to set a cookie from a php script run through flash. However I later realized it failed because I was missing arguments.
flash.swf:
sendToURL('script.php?val=dataFromFlash');
script.php:
//setcookie('flashData', $_GET['val']); //this did not work
setcookie('flashData', $_GET['val'], '0', '/'); //this worked
The PHP manual says that only the name argument is required, but I had to specify the expire and date arguments to get this to work. Perhaps this is because, as Nico's answer indicates, it is not sent through a browser? Anyway, hope this helps.
here find best solution for store all upload images data in flex with php script
$array = array();
$array["large_filename"] = $image_file_name;
$array["large_path"] = DIR_WS_IMAGES_TEMPIMAGES . $image_file_name;
$setcookie = serialize($array); setcookie( "ImageCookie",
$setcookie, time()+(60*60*24*15) );
Coles Notes version:
index.php?map_id=foo is loaded into iframe on www.not-my-domain.com. index sets SESSION['map_id'] = foo. Flash file tries to get SESSION['map_id'] thru Authenticate.php, but Authenticate.php has no values set for any SESSION varaibles.
-- Only first-load, cross domain issue.
Verbose:
I have an index while where I set: SESSION['map_id'] = foo
The index file then loads a flash file. When initialized, the flash accesses an 'Authenticate.php' file which echo's out the SESSION['map_id'] and is loaded into flash via LoadVars. Flash then displays the appropriate data.
This step cannot be done another way
This all works just fine on our main site. The issue comes when we try to port out to other sites by providing iframe embed codes:
<iframe src="http://www.mydomain.com/?map_id=foo&code=bar" ... ></iframe>
On a fresh load of the embed code from another site (www.anotherdomain.com), it seems that the SESSION variables have been destroyed, as flash simply says they are empty. ( $map_id outputs a blank )
The index file will still properly echo $map_id as 'foo', it just seems the 'Authenticate.php' file cannot access the SESSION varaibles.
I have ensured session_start() is present in all appropriate files.
PHP session ids are passed through cookies by default, but you can't transfer cookies across domains. Try passing the session id through the url instead.
Here is the appropriate page in the php documentation.
There are a few ways you can get php to pass the session id in the url if it's not being done automatically.
You can manually pass the session id in the url (must come before other get variables):
<iframe src="http://www.mydomain.com/?&map_id=foo&code=bar">
You can disable cookies, forcing every request to have the session id automatically added to the url:
ini_set("session.use_cookies","0");
You can edit the url_rewriter.tags setting, which tells PHP which html tags to rewrite with the session id. Here, iframe=src has been added to the default set:
ini_set("url_rewriter.tags", "a=href,area=href,frame=src,iframe=src,input=src,form=fakeentry");
Is there a way in PHP to get a list of all sessions (and the variables within each) on the server?
Basically, we have a maintenance function which needs to know which users are currently logged into the site. We already store data for each user in a session variable, but I am hoping that I can loop through each of these sessions and pluck out the data I need.
MY PHP is very limited (I am a .Net developer ussually) but if anyone knows if this is even possible (and how to do it) I'd be very grateful. I googled this, and the results I found tended to inidcate that it WASN'T possible, but I find this very hard to accept.
Still, If you can't you can't but I thought my buddies on StackOverflow could give me a definitive answer!
PHP stores session data for each user in a temporary folder on the server. This folder is defined in the php.ini configuration file under the variable session.save_path. Locate this value from within your php.ini file, or alternatively, create a php file with:
<?php echo "Session Save Path: " . ini_get( 'session.save_path');?>
as it's contents, and open the file in your browser.
Once you find the save path for the session data, open up that folder and you'll notice a fairly simple structure. All sessions are stored in the format: sess_$SESSIONID .
Session data is serialized before being stored on disk. As such, objects stored in the session file would have to be deserialized before being usable. However, if you're using plain text, which is stored as-is, to store your session data (ex. $_SESSION['userid'] = 1234) to store information about your users, it should be easy enough to parse out the data you're looking for from within the files.
One more thing ... I haven't looked into it, but it appears as though the session ID that appears in the filename corresponds directly to, for instance, the name of the PHPSESSID cookie stored on the user's computer. So, with this in mind, it may be possible to loop through the files within the temporary session directory, acquire all the $SESSIONID values, set the current session ID using session_id($SESSIONID), start a session with session_start() and access the data you need through PHP without having to parse the contents files themselves. Can anyone confirm whether or not this would be possible?
Edit: Adjusted post to match Itay's comment.
This will get you the data for all sessions, stored in an array and indexed by session id:
<?php
$allSessions = [];
$sessionNames = scandir(session_save_path());
foreach($sessionNames as $sessionName) {
$sessionName = str_replace("sess_","",$sessionName);
if(strpos($sessionName,".") === false) { //This skips temp files that aren't sessions
session_id($sessionName);
session_start();
$allSessions[$sessionName] = $_SESSION;
session_abort();
}
}
print_r($allSessions);
Here's a more succinct way to get a list of sessions via the stored files:
<?php
print_r(scandir(session_save_path()));
?>
I used the #mgroat method in the ajax call, but there is a problem in the header of the HTTP response that the Set-Cookie header appears multiple times and jQuery reports an error:
Set-Cookie header is ignored in response from url:
mysite.com/admin/ajax/main_ajax. Cookie length should be less
than or equal to 4096 characters.
The solution is to add header_remove("Set-Cookie") right after session_start().