Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Major PHP Session Problems HELP

  • 04-01-2007 5:34am
    #1
    Registered Users, Registered Users 2 Posts: 1,987 ✭✭✭


    I've spent hours on this problem trying to figure out have to keep a session id across multiple pages, i've tried everything but when a user posts a comment, it stores the session ID and wont let the user post again by checking there current session ID!

    Problem is when the user posts a comment, the session ID is stored but the user can post as many times as they want as the session ID changes everytime they post their comment!

    Basicly need to know how to keep a session ID across mutliple pages that will stay until they close the browser!?????


Comments

  • Closed Accounts Posts: 4,655 ✭✭✭Ph3n0m


    Make sure that the first line of each subsequent page, after you create the session id/etc has the following line


    session_start();

    That way you can consistently refer to the already stored session, without having to create a new one.

    I also include this immediately after the session_start
    if (!session_is_registered('sessUserID')){
     $_SESSION = array();
    session_unset();
    session_destroy(); 
    header("Location:index.html");
    }
    

    basically if a specific item is not in the session, they are thrown out of the system


  • Registered Users, Registered Users 2 Posts: 1,987 ✭✭✭Ziycon


    Nice one man, i'll try this and see if it works!


  • Registered Users, Registered Users 2 Posts: 1,987 ✭✭✭Ziycon


    if (!session_is_registered('sessUserID')){
     $_SESSION = array();
    session_unset();
    session_destroy(); 
    header("Location:index.html");
    }
    

    This code just send the user to the index page all the time! do i hav 2 register the session??


  • Registered Users, Registered Users 2 Posts: 1,987 ✭✭✭Ziycon


    Got your code working, the session id changes everytime a user posts a comment and its saved to the DB! The user is brought back to the previous page with a meta refresh tag!
    I have tried everything and just cant figure out why the session ID is changing after a comment is changed!??!
    Its the same browser open the whole time!?!:confused:


  • Closed Accounts Posts: 8,866 ✭✭✭Adam


    Post the code of the comment processing page.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 1,987 ✭✭✭Ziycon


    This code calls a method and passes all the information through:
    $validate = check_session(session_id(),$id_num);
    if($validate == false)
    {
       rating_update_cl($id_num,$club_vote,$v_cl);
       add_sess_id(session_id(),$id_num,$ip);
       echo'
       <h3>Registering your vote.</h3>
       <h4>Your IP has been logged: <font color="#FF0000">';echo $ip;echo'</font></h4>
       You will be redirected to the page you where viewing in 3 seconds.';
    }
       elseif($validate == true)
    {
    echo'Error processing.';
    }
    
    These methods are called above:
    function check_session($c,$club)
    {
        $valid = false;
        $result = mysql_query("SELECT sess_id,club FROM sess_id WHERE sess_id='".$c."' AND club='".$club."' LIMIT 1");  
        while ($row = mysql_fetch_object( $result )) 
    	{
           //Entry already exists
           $valid = true;
        }
        return $valid;
    }
    
    function rating_update_cl($c,$value,$v)
    {
    	$v1 = rating_cl_internal($c);
    	$v1 = $v1 + $value;
    	mysql_query("UPDATE cl SET vote=".$v1." WHERE id=".$c."");
    	$v2 = $v + 1;
    	mysql_query("UPDATE cl SET voters=".$v2." WHERE id=".$c."");
    	$average = av_rating_cl($c) / av_voters_cl($c);
    	mysql_query("UPDATE cl SET vote_average = ".$average." WHERE id=".$c."");
    }
    
    function add_sess_id($c,$club,$ip)
    {
    	mysql_query("INSERT INTO sess_id (sess_id,date,club,rest,ip) VALUES ('".$c."','".date("Y-m-d")."','".$club."',0,'".$ip."')");
    }
    


  • Closed Accounts Posts: 8,866 ✭✭✭Adam


    If I'm not mistaken, in the check_session function, $value is false the whole time, because $value is only true if it exists WITHIN the while() function. As in

    [php]
    <?php

    while(criteria goes here)
    {
    //$value is only true in here if the sql returned a value, but even if it returned a value
    }
    //its still false here i.e. outside the while() function

    ?>
    [/php]

    I may be wrong though...


  • Registered Users, Registered Users 2 Posts: 9,579 ✭✭✭Webmonkey


    Mirror wrote:
    If I'm not mistaken, in the check_session function, $value is false the whole time, because $value is only true if it exists WITHIN the while() function. As in

    [php]
    <?php

    while(criteria goes here)
    {
    //$value is only true in here if the sql returned a value, but even if it returned a value
    }
    //its still false here i.e. outside the while() function

    ?>
    [/php]

    I may be wrong though...
    Nope, if value gets changed to true inside the while loop it will remain true outside. Don't think while loops are included in scope rules.


  • Registered Users, Registered Users 2 Posts: 9,579 ✭✭✭Webmonkey


    This is how i would handle sessions anyways. This way requires cookies to be enabled on client side though as far as i know a simple change will allow a SESSID variable to be passed to every link.

    Anyways i dont' think using the database is a good way to keep track of sessions as its a bit time consuming.

    On every page i restrict access to, IE require person logged in i would have this code:

    [php]
    <?
    // check login
    session_start();
    if (!isset($HTTP_SESSION_VARS)) {
    require("./login.php");
    }
    ?>
    [/php]

    And then the login page code would simply look like this:

    [php]
    <?
    //include db connection functions here too
    session_start();


    if (isset($_POST) && isset($_POST))
    {
    $username = $_POST;
    $password = $_POST;
    $password = md5($password);

    $query = "select * from users where loginid = '$username' and pass = '$password'";

    $result = mysql_query($query);
    $row = mysql_fetch_array($result);
    $num = mysql_num_rows($result);

    if (num > 0)
    {

    $HTTP_SESSION_VARS = $username;
    $HTTP_SESSION_VARS = $row;

    }
    }

    ?>

    //rest of page:
    <div>
    <? if (isset($HTTP_SESSION_VARS)) { $valid_user = $HTTP_SESSION_VARS; print ("Logged In As: $valid_user"); } else { print 'Not Logged In'; } ?> <strong></strong> </div>

    <? if (isset($HTTP_SESSION_VARS)) { print ("Logged In"); } else { print 'Login Error'; } ?>

    </div>
    <? if (isset($HTTP_SESSION_VARS)) {
    print ' <div id="content">
    <div class="feature">
    <h3>Sucessfully Logged In</h3>
    <p>
    We will now forward you to the control panel</p>
    </div>
    </div> ';
    } else {
    ?>
    <div id="content">
    <div class="feature">
    <h3>Please Login</h3>
    <p>
    <?=$message?>
    Please login with your username and password </p>
    <form name="form1" method="post" action="<?=$PHP_SELF;?>">
    <strong>Username:</strong>
    <input name="username" type="text" id="username">
    <strong><br>
    Password:&nbsp</strong>
    <input name="password" type="password" id="password">
    <br>
    <br>
    <input type="submit" name="Submit" value="Login">
    <input name="login" type="hidden" id="login" value="yes">
    </form>
    <? } ?>
    </div>
    </div>
    <div id="siteInfo">
    <div align="left"></div>
    </div>
    </div>

    [/php]


    Don't know if this is any help or not. But basically the table has a userid,password field.

    User passwords is md5 encoded for security.

    Don't know if that any help or not.

    Webmonkey


  • Registered Users, Registered Users 2 Posts: 1,987 ✭✭✭Ziycon


    If I'm not mistaken, in the check_session function, $value is false the whole time, because $value is only true if it exists WITHIN the while() function. As in

    All the functions and all work fine! Its that the session id keeps changing for some reason even though the same window is open!

    i dont want people to have to log in!


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 9,579 ✭✭✭Webmonkey


    Ok my post up above won't do much good for you, ill look at your code more closely. If the sessions are changing all the time that must mean that validate() is returning false all the time


  • Registered Users, Registered Users 2 Posts: 1,987 ✭✭✭Ziycon


    The session id stays the same on every page of the site but as soon as a user submits something, after the user is returned to the previous page with a meta tag then the id is different!


  • Registered Users, Registered Users 2 Posts: 9,579 ✭✭✭Webmonkey


    I don't know how how exactly you handle after the submit but could you try a header(location: ); thing instead of the meta refresh?


  • Registered Users, Registered Users 2 Posts: 1,987 ✭✭✭Ziycon


    the header(location: ) things has seemed to workin now,
    Go here and see if it only lets you vote each one once if you can http://www.dublinnites.ic/clubs.php???


  • Registered Users, Registered Users 2 Posts: 9,579 ✭✭✭Webmonkey


    I managed to vote 3 times there for one club so hmm doesn't look like it working! :(
    Maybe if you print out the values of each variables in the webpage just to see what happening. For example check if validate will always be false?


  • Registered Users, Registered Users 2 Posts: 1,987 ✭✭✭Ziycon


    From what i can see in the table it says that you only voted once!

    Can you try this, go here http://www.dublinnites.com/clubs.php
    then go to the cats club, its got no user votes, now click rate me 3 times and see if the votes changes!??


  • Registered Users, Registered Users 2 Posts: 9,579 ✭✭✭Webmonkey


    Ah yes its working! See i expected to see an error if i voted the second time but obviously you got nothing saying that at the moment.

    Looks like it works!


  • Registered Users, Registered Users 2 Posts: 1,987 ✭✭✭Ziycon


    Thanks so much man, you have no idea how stressed i was getting trying to fix that problem, also i will be adding a message saying thank you for your vote or i'll hide the rating bar or something whne you have voted!

    Thanks again.


  • Registered Users, Registered Users 2 Posts: 9,579 ✭✭✭Webmonkey


    No probs. Glad i was of some help!

    Just bare in mind you can't output anything before using the headers in php so you are going to have to build the message into the page you go back to sayin thank you for your vote or what ever.

    Ne ways best of luck in it.


  • Registered Users, Registered Users 2 Posts: 1,987 ✭✭✭Ziycon


    Ok, seems to be all working fine, last thing i sweer!

    This is the header tag i have:
    header("Location: cl_desc.php?".$_SERVER['QUERY_STRING']);
    

    When it goes back to the previous page this is what i get:
    cl_desc.php?id=%3C?php%20echo%20$id_num;%20?%3E&v=%3C?php%20echo%20$v_cl;%20?%3E

    What it should be is(doesn't have to be 11, its ment to be what ever id number was passed to the page with the header tag:
    cl_desc.php?id=11


  • Advertisement
  • Closed Accounts Posts: 8,866 ✭✭✭Adam


    You've closed a php tag early I would guess, or missed an " or ' or some such...


  • Registered Users, Registered Users 2 Posts: 1,987 ✭✭✭Ziycon


    Mirror wrote:
    You've closed a php tag early I would guess, or missed an " or ' or some such...

    Yup, got it, stupid error with an echo statement. Thanks.


  • Closed Accounts Posts: 8,866 ✭✭✭Adam


    No problemo!


  • Registered Users, Registered Users 2 Posts: 1,023 ✭✭✭[CrimsonGhost]


    You can always use urldecode() to make all those %xx values appear as whatever character they represent.


Advertisement