Page 1 of 1

Session Help

Posted: Wed Feb 14, 2007 2:28 am
by bebensiganteng
feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


Hi Guys, please help me with session 

this the Login page code

Code: Select all

function handleSession($sName,$sEmail,$sPass){
	$getConfig = md5($sName.$sEmail.$sPass);
	$getDate = date("F j, Y, g:i a");
	session_register('getConfig');
	print("<p id='welcome'>Access granted to ".$sName." <a href='app.php'>click</a><br>(".$getDate.")");
};

if($_SERVER['REQUEST_METHOD'] == 'POST'){
	if(empty($name) || empty($email) || empty($pass)) {
		print("<p id='notification'>Please fill all fields</p>");
			
	} else if(ereg("^.+@.+\\..+$",$email)) {
		$loginAccount = md5($name.$email.$pass);
		if($loginAccount == $config){
			handleSession($name,$email,$pass);		
		} else {
			print("<p id='notification'>Invalid Login Account</p>");
		}
	} else {
		print("<p id='notification'>Your email is invalid</p>");
	}
}
This is the linked page ( app.php)

Code: Select all

if($getConfig == $config){
	apps();
} else {
	print("<p id='notification'>You need to <a href='index.php'>login</a> to view this page</a></p>");
}
On the linked page I want the 'if' statement detect my session variable, but it doesn't worked

Please help me guys
Thanks


feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]

Posted: Wed Feb 14, 2007 7:19 am
by blackbeard
On the linked page, do you have session_start(); ?

Posted: Wed Feb 14, 2007 7:49 am
by feyd
Looks like your code assumes register_globals is on and you're apparently using a pretty old version of PHP. Is this true?

Posted: Wed Feb 14, 2007 8:24 am
by bebensiganteng
On the linked page, do you have session_start(); ?
Yes I have.. at the beginning of the page
Looks like your code assumes register_globals is on and you're apparently using a pretty old version of PHP. Is this true?
yes I think I have . could you please explain a little bit more detailed

PS: Sorry I'm still new at php

Posted: Wed Feb 14, 2007 8:35 am
by feyd
Run the following in a new file and tell us the results please.

Code: Select all

<?php

$neg = array('off', 0, false, '', null);
$flags = array(
	'Register Globals' => 'register_globals',
	'Short Tags' => 'short_open_tag',
	'Display Errors' => 'display_errors',
	'Magic Quotes GPC' => 'magic_quotes_gpc',
	'Magic Quotes Runtime' => 'magic_quotes_runtime',
	'Magic Quotes Sybase' => 'magic_quotes_sybase',
);
$ve = phpversion();
$os = PHP_OS;
$er = intval(error_reporting());
foreach ($flags as $n => $v)
{
	$flags[$n] = (in_array(strtolower(ini_get($v)), $neg) ? 'Off' : 'On');
}
$flags['Config file'] = get_cfg_var('cfg_file_path');
if (empty($flags['Config file']))
{
	$flags['Config file'] = '-';
}
$cli = (php_sapi_name() == 'cli');
$eol = "\n";

$gle = get_loaded_extensions();
$rows = array();
$le = '';
$wide = 4;
$j = count($gle);
$pad = $wide - $j % $wide;
$len = max(array_map('strlen', $gle));
$func = create_function('$a', 'return str_pad($a, ' . intval($len) . ');');
$gle = array_map($func, $gle);
for($i = 0; $i < $j; $i += $wide)
{
	$le .= '   ' . implode('   ', array_slice($gle, $i, $wide)) . $eol;
}

$ec = array(
	'E_STRICT' => 2048, 'E_ALL' => 2047, 'E_USER_NOTICE' => 1024,
	'E_USER_WARNING' => 512, 'E_USER_ERROR' => 256, 'E_COMPILE_WARNING' => 128,
	'E_COMPILE_ERROR' => 64, 'E_CORE_WARNING' => 32, 'E_CORE_ERROR' => 16,
	'E_NOTICE' => 8, 'E_PARSE' => 4, 'E_WARNING' => 2, 'E_ERROR' => 1,
);

$e = array();
$t = $er;
foreach ($ec as $n => $v)
{
	if (($t & $v) == $v)
	{
		$e[] = $n;
		$t ^= $v;
	}
}
if (ceil(count($ec) / 2) + 1 < count($e))
{
	$e2 = array();
	foreach ($ec as $n => $v)
	{
		if (!in_array($n, $e) and $n != 'E_ALL')
		{
			$e2[] = $n;
		}
	}
	$er = $er . ' ((E_ALL | E_STRICT) ^ ' . implode(' ^ ', $e2) . '))';
}
else
{
	$er = $er . ' (' . implode(' | ', $e) . ')';
}

if (!$cli)
{
	echo '<html><head><title>quick info</title></head><body><pre>', $eol;
}

echo 'PHP Version: ', $ve, $eol;
echo 'PHP OS: ', $os, $eol;
echo 'Error Reporting: ', $er, $eol;
foreach ($flags as $n => $v)
{
	echo $n, ': ', $v, $eol;
}
echo 'Loaded Extensions:', $eol, $le, $eol;

if (!$cli)
{
	echo '</pre></body></html>', $eol;
}

?>

Posted: Wed Feb 14, 2007 8:39 am
by bebensiganteng
Here you go

Code: Select all

PHP Version: 5.1.2
PHP OS: WINNT
Error Reporting: 2039 ((E_ALL | E_STRICT) ^ E_STRICT ^ E_NOTICE))
Register Globals: On
Short Tags: On
Display Errors: Off
Magic Quotes GPC: On
Magic Quotes Runtime: Off
Magic Quotes Sybase: Off
Config file: C:\WINDOWS\php.ini
Loaded Extensions:
   bcmath           calendar         com_dotnet       ctype         
   date             ftp              iconv            odbc          
   pcre             Reflection       session          libxml        
   standard         tokenizer        zlib             SimpleXML     
   dom              SPL              wddx             xml           
   xmlreader        xmlwriter        apache2handler   PDO           
   bz2              curl             dba              dbase         
   fdf              gd               gettext          mbstring      
   mcrypt           mhash            mime_magic       mysql         
   pgsql            sockets          xmlrpc           xsl           
   SQLite           Zend Optimizer

Posted: Wed Feb 14, 2007 9:01 am
by feyd
Turn off register_globals and short_open_tag directives in your php.ini (found at C:\WINDOWS\php.ini). While you're in there, make error_reporting E_ALL. I'm going to guess this is your personal machine's configuration? If so, turn on display_errors too.

Now that we have that out of the way:
  • Don't use session_register(); use the $_SESSION array instead.
  • Rename $name, $email, $pass and any other fields being submitted to $_POST['name'], $_POST['email'], etc.
  • Your email address regex has flaws. Search the forum for "validateEmailFormat" for an RFC complaint function to validate the address.

Posted: Sun Feb 18, 2007 5:01 am
by bebensiganteng
Hi feyd

Thank you very much, you guys are the masters.. I say if i really want to be like you guys where do I have to start?

Posted: Sun Feb 18, 2007 7:55 am
by feyd
bebensiganteng wrote:Thank you very much, you guys are the masters.. I say if i really want to be like you guys where do I have to start?
I've always found that if one attempts to help others (directly or not) one learns a hell of a lot.