Page 1 of 1

Understanding session varables

Posted: Tue Mar 14, 2006 1:14 pm
by winn
I have added a security image to my guestbook. Someone has been using spoofed ip address to abuse our book. I have installed the GD library, and have been successful with the image dispay. However when i test echo the generated code i get and empty varable. Here is the code i have so far.

Below is the code that calls the include, and is suposed to generate

Code: Select all

<?php
   // include security image class
   require('includes/security-image.inc.php');

   // start PHP session
   session_start();

   // get parameters
   isset($_GET['width']) ? $iWidth = (int)$_GET['width'] : $iWidth = 150;
   isset($_GET['height']) ? $iHeight = (int)$_GET['height'] : $iHeight = 30;

   // create new image
   $oSecurityImage = new SecurityImage($iWidth, $iHeight);
   if ($oSecurityImage->Create()) {
      // assign corresponding code to session variable
      // for checking against user entered value
      $_SESSION['code'] = $oSecurityImage->GetCode();
   } else {
      echo 'Image GIF library is not installed.';
   }
?>
Below is the code to valadate that the session code = the inputed code

Code: Select all

else if (isset($_POST['submit']))
  {
         if (strtoupper($_POST['code2']) == $_SESSION['code'])
                {
                        echo 'Congratulations, you entered the correct code.';
                        print "Thanks for posting, you will now be redirected <META HTTP-EQUIV = 'Refresh' Content = '2; URL =http://www.delmarvanightlife.com/modules.php?name=gbook'> ";
                }
                        else
                        {
                                echo $code2;
                                echo $code;
                                echo 'You have entered the wrong code. Please <a href="/modules.php?name=gbook&file=addentry">try again</a>.';
                        }
                }
}
?>
However my session code varable is blank.
My online version of the code can be found at http://www.delmarvanightlife.com/module ... dentry.php

Posted: Tue Mar 14, 2006 3:19 pm
by feyd
the Create() method may be failing, or headers may have already been sent thus not allowing the starting of a session. Make sure error_reporting is set to E_ALL and you may find out which is true, if any. :)

data not being put into database

Posted: Thu Mar 16, 2006 12:49 pm
by winn
Thank you for replying so quickly. I was able to work out the issue with the session varables. However now that it is working i have broken the database update. I can't seem to find any errors in the logs. The script works and the varables contain the nfo that was entered. To test it i have put an echo $comment in the success part of the script, just before it redirects to the book. I don't know if it is becuase i have added an extra field to the form, or maybe it is becuase of the mixed environment of " double quotes and ' single quotes. I know it is a bit of code to look through, but if you can find the time and explanation would be great. Thanks again

ps. Below is the line i believe is causeing the problem. It used to work before i added the security image, but now nothing. Is there anyway to make it show an error either on the screen or in the log file.

Code: Select all

$putinguestbook="INSERT INTO gbook(name2, country, mail, homepage, comment, realtime, aim, icq, yim, msn, time,IP) VALUES('$name2','$country','$email','$homepage','$comment','$day','$aim','$icq','$yim','$msn','$timegone','$r')";
     mysql_query($putinguestbook);

Full Code Below

Code: Select all

<?php
   // start PHP session
   session_start();
?>

Code: Select all

<head>
   <style type="text/css">
      form { width: 18em; }
      fieldset { display: block; float: left; }
      legend { font-size: 1.2em; font-weight: bold; color: #000; }
      #security img { float: right; border: 1px solid #000; }
      label, input, #security img { margin: 5px 0; }
      input, #login { float: right; }
      label, #login { clear: both; }
      label { float: left; width: 7em; }
      #login { margin-top: 5px; }
   </style>
</head>

<body>

Code: Select all

<?php
      // check for posted form
      if (isset($_POST['login'])) {
         // see if the code the user typed matched the generated code
         if (strtoupper($_POST['code']) == $_SESSION['code']) {
    $name2=$_POST['name2'];
    $country=$_POST['country'];
    $email=$_POST['email'];
    $homepage=$_POST['homepage'];
    $aim=$_POST['aim'];
    $icq=$_POST['icq'];
    $yim=$_POST['yim'];
    $msn=$_POST['msn'];
    $comment=$_POST['comment'];
    if(!$name2 || !$comment)
    {
      print "<font color='red'>Name or comment not entered, please go back and sign again</font><br>";
    }
   else
    {
     $r=$_SERVER["REMOTE_ADDR"];
     $day=date("D M d, Y H:i:s");
     $timegone=date("U") ; //seconds since Jan 1st, 1970
     $putinguestbook="INSERT INTO gbook(name2, country, mail, homepage, comment, realtime, aim, icq, yim, msn, time,IP) VALUES('$name2','$country','$email','$homepage','$comment','$day','$aim','$icq','$yim','$msn','$timegone','$r')";
     mysql_query($putinguestbook);
echo $comment;
  print "Thanks for posting, you will now be redirected <META HTTP-EQUIV = 'Refresh' Content = '2; URL =http://www.delmarvanightlife.com/modules.php?name=gbook'> ";
    }


         } else {
            echo 'You have entered the wrong code. Please <a href="addentry.php">try again</a>.';
         }
      } else {
   ?>

Code: Select all

<form method='post' action='http://www.delmarvanightlife.com/modules.php?name=gbook&file=addentry' name='form'>
      <fieldset>
 <legend>Guestbook</legend>
<b>Name:</b><br> <input type="text" name="name2" size="40"><br>
     <b>Country:</b><br><input type="text" name="country" size="40"><br>
     <b>Homepage(include http://):</b><br><input type="text" name="homepage" size="40"><br>
     <b>E-mail:</b><br><input type="text" name="email" size="40"><br>
     <b>Aim:</b><br><input type="text" name="aim" size="40"><br>
     <b>ICQ:</b><br><input type="text" name="icq" size="40"><br>
     <b>Yahoo:</b><br><input type="text" name="yim" size="40"><br>
     <b>MSN:</b><br><input type="text" name="msn" size="40"><br>
     <b>Comment:</b><br>
     <textarea rows="6" name="comment" cols="45"></textarea><br>

 <div id="security"><img src="/modules/gbook/security-image.php?width=144" width="144" height="30" alt="Security Image" /></div>
         <label for="code">Security Image:</label><input type="text" name="code" id="code" value="" />
         <input type="submit" name="login" id="login" value="Login" />
      </fieldset>
   </form>

Code: Select all

<?php
      }
   ?>

Code: Select all

</body>
</html>

Posted: Fri Mar 17, 2006 1:23 pm
by winn
Ok i fixed the single and double quote problems. The script is working again, but is still not entering the information in to the database. And i can't seem to generate any error on the mysql side. Any Ideas?


Below is the line that is giving me problems

Code: Select all

$putinguestbook="INSERT INTO gbook(name2, country, mail, homepage, comment, realtime, aim, icq, yim, msn, time,IP) VALUES('$name2','$country','$email','$homepage','$comment','$day','$aim','$icq','$yim','$msn','$timegone','$r')"; 
     mysql_query($putinguestbook);

Posted: Fri Mar 17, 2006 5:10 pm
by feyd
check what mysql_error() has to say.