Re: [PHP-DB] Problem Using Sessions. .. .
Shawn Singh wrote: that was very helpful...Thank you. One question I have is that I want to ensure that my admin page cannot get accessed unless a variable that was registered upon a successful login has been passed into the session...what can I do to ensure this? There are several ways to do this. The simplest way is to authenticate once and store a authentication flag in the session. You can set this authentication flag to true if the log-in was sucesfull. On the administration page, you an just access the flag to see if the user is permitted (i.e. logged on). You can do this using the $_SESSION super global, something like this: (pseudo php code) login.php ... if ( authentication sucessfull ) /* username/password matched*/ { $_SESSION['auth'] = true; // redirect to admin page } else { Display login page with error. } ... admin.php ... if ( $_SESSION['auth'] ) { Show administration page. } else { Display login page with error. } ... - NB: Make sure you use Header() redirects BEFORE your scripts prints anything. Otherwise you'll keep getting the warning/error "Warning: Cannot modify header information ..." -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Problem Using Sessions. .
that was very helpful...Thank you. One question I have is that I want to ensure that my admin page cannot get accessed unless a variable that was registered upon a successful login has been passed into the session...what can I do to ensure this? Thank you, Shawn On 5/4/05, Patel, Aman <[EMAIL PROTECTED]> wrote: > From the PHP help page on "session_register()" > > "If your script uses session_register(), it will not work in > environments where the PHP directive register_globals is disabled." > > I'm assuming since you compiled and installed PHP 5.0.4 that your > "register_globals" is disabled. I wouldn't recommend enabling it to fix > this problem. Instead use $_SESSION super global to register session data. > > So instead of: > > session_register("username"); > > try this: > > $_SESSION['username'] = $username; /* TO SET */ > $username = $_SESSION['username']; /* TO GET */ > > Hope this helps, > > Aman > > Shawn Singh wrote: > > Hey All, > > > > I'm fairly new to PHP Programming. I have compiled and installed > > postgres version 8.0.1, and with that compiled postgres support into > > my postgres (I'm using PHP version 5.0.4), and I've compiled support > > for PHP into Apache (version 2.0.53) and all is working (in that I can > > embed PHP into my HTML documents and get the expected results). > > > > Recently I started working on a website in which I would like there to > > be an administration page where the person who is logged in can add > > and delete records. I figured that the best way to do this would be to > > establish a session, (at the login page) then if the user login is > > successful, I would then register the username and password and > > redirect the user to the admin page. I chose not to use cookies, b/c > > everyone may not have cookies enabled on their browser and I didn't > > want that to be a hurdle that a user would have to jump over. > > > > I've written the code but when I try to login to the site I get this > > message: > > > > Warning: Cannot modify header information - headers already sent by > > (output started at /export/home/www/htdocs/login.php:13) in > > /export/home/www/htdocs/login.php on line 25 > > > > Warning: Unknown: Your script possibly relies on a session side-effect > > which existed until PHP 4.2.3. Please be advised that the session > > extension does not consider global variables as a source of data, > > unless register_globals is enabled. You can disable this functionality > > and this warning by setting session.bug_compat_42 or > > session.bug_compat_warn to off, respectively. in Unknown on line 0 > > > > Information I've seen on the web for these types of messages would > > indicate that I don't have a /tmp directory, but such is not the case. > > Other messages have indicated that my session variables are not > > getting written to /tmp, but that is not true either, as I have seen > > them in there...as I see entries such as: > > > > sess_ec2249332b8b29863f161461cf8c1409 > > > > So, I'm guessing that there aren't problems with my /tmp filesystem. > > > > Please excuse the lack of style as I have mainly been trying to hack > > out something, but plan to clean it up later. > > > > My source code for the login page is as follows: > > > > > -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] Problem Using Sessions
Why dont'n you use soma classes from www.phpclasses.com about User Management!! There are great classes in this site!! -Original Message- From: Shawn Singh [mailto:[EMAIL PROTECTED] Sent: MiƩrcoles, 04 de Mayo de 2005 03:14 p.m. To: php-db@lists.php.net Subject: [PHP-DB] Problem Using Sessions Hey All, I'm fairly new to PHP Programming. I have compiled and installed postgres version 8.0.1, and with that compiled postgres support into my postgres (I'm using PHP version 5.0.4), and I've compiled support for PHP into Apache (version 2.0.53) and all is working (in that I can embed PHP into my HTML documents and get the expected results). Recently I started working on a website in which I would like there to be an administration page where the person who is logged in can add and delete records. I figured that the best way to do this would be to establish a session, (at the login page) then if the user login is successful, I would then register the username and password and redirect the user to the admin page. I chose not to use cookies, b/c everyone may not have cookies enabled on their browser and I didn't want that to be a hurdle that a user would have to jump over. I've written the code but when I try to login to the site I get this message: Warning: Cannot modify header information - headers already sent by (output started at /export/home/www/htdocs/login.php:13) in /export/home/www/htdocs/login.php on line 25 Warning: Unknown: Your script possibly relies on a session side-effect which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data, unless register_globals is enabled. You can disable this functionality and this warning by setting session.bug_compat_42 or session.bug_compat_warn to off, respectively. in Unknown on line 0 Information I've seen on the web for these types of messages would indicate that I don't have a /tmp directory, but such is not the case. Other messages have indicated that my session variables are not getting written to /tmp, but that is not true either, as I have seen them in there...as I see entries such as: sess_ec2249332b8b29863f161461cf8c1409 So, I'm guessing that there aren't problems with my /tmp filesystem. Please excuse the lack of style as I have mainly been trying to hack out something, but plan to clean it up later. My source code for the login page is as follows: Joshua Generation Login Page Enter Username: Enter Password: "; if ( $_POST ) { $username = $_POST['username']; $password = $_POST['password']; if ( $username == "test" && $password == "test" ) { global $username, $password; session_register("username"); session_register("password"); echo "Authorized Entry"; header("Location: http://joshua1and8.homelinux.org/admin.php";); } else { echo $username; echo ""; echo $password; echo ""; echo "Login FAILED"; } } echo " "; ?> My source code for the admin page is as follows: Joshua Generation Admin Page Joshua Generation Admin's Corner Name Cell Phone Work Phone Home Phone Email Address "; if ($_POST) { $conn_string = "dbname=joshua_generation user=admin password=admin"; $conn_hndl = pg_connect($conn_string); switch ($_POST['proc']) { case 'add': $name = $_POST['name']; $cphone = $_POST['cphone']; $wphone = $_POST['wphone']; $hphone = $_POST['hphone']; $emailaddr = $_POST['emailaddr']; /* To add a member a name is all that is needed. Based on the name that is entered, the next nameid will be generated by the dbms, and the insert will be done into: NAMES, PNUMBERS, EMAILADDRS, MBRSTATUS based on that number The default MBRSTATUS.status will be ACTIVE */ $ins_names_stmt = "INSERT INTO NAMES VALUES ('nextval('nid'),'"; $ins_names_stmt .= $name; $ins_names_stmt .= "');"; pg_query($ins_names_stmt); $getcurval = "SELECT currval('$nid[0]') FROM NAMES"; $curval = pg_fetch_row(pg_query($getcurval[0])); $ins_pnums_stmt = "INSERT INTO PNUMBERS (nameid, cnumber, wnumber, hnumber) VALUES ('"; $ins_pnums_stmt = $curval[0];
Re: [PHP-DB] Problem Using Sessions
The browser has already sent headers on line 13 of your code- line 25 must be the session_start - it has to come first and be at the very top of your code >>> Shawn Singh <[EMAIL PROTECTED]> 05/04/05 03:13PM >>> Hey All, I'm fairly new to PHP Programming. I have compiled and installed postgres version 8.0.1, and with that compiled postgres support into my postgres (I'm using PHP version 5.0.4), and I've compiled support for PHP into Apache (version 2.0.53) and all is working (in that I can embed PHP into my HTML documents and get the expected results). Recently I started working on a website in which I would like there to be an administration page where the person who is logged in can add and delete records. I figured that the best way to do this would be to establish a session, (at the login page) then if the user login is successful, I would then register the username and password and redirect the user to the admin page. I chose not to use cookies, b/c everyone may not have cookies enabled on their browser and I didn't want that to be a hurdle that a user would have to jump over. I've written the code but when I try to login to the site I get this message: Warning: Cannot modify header information - headers already sent by (output started at /export/home/www/htdocs/login.php:13) in /export/home/www/htdocs/login.php on line 25 Warning: Unknown: Your script possibly relies on a session side-effect which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data, unless register_globals is enabled. You can disable this functionality and this warning by setting session.bug_compat_42 or session.bug_compat_warn to off, respectively. in Unknown on line 0 Information I've seen on the web for these types of messages would indicate that I don't have a /tmp directory, but such is not the case. Other messages have indicated that my session variables are not getting written to /tmp, but that is not true either, as I have seen them in there...as I see entries such as: sess_ec2249332b8b29863f161461cf8c1409 So, I'm guessing that there aren't problems with my /tmp filesystem. Please excuse the lack of style as I have mainly been trying to hack out something, but plan to clean it up later. My source code for the login page is as follows: Joshua Generation Login Page Enter Username: Enter Password: "; if ( $_POST ) { $username = $_POST['username']; $password = $_POST['password']; if ( $username == "test" && $password == "test" ) { global $username, $password; session_register("username"); session_register("password"); echo "Authorized Entry"; header("Location: http://joshua1and8.homelinux.org/admin.php";); } else { echo $username; echo ""; echo $password; echo ""; echo "Login FAILED"; } } echo " "; ?> My source code for the admin page is as follows: Joshua Generation Admin Page Joshua Generation Admin's Corner Name Cell Phone Work Phone Home Phone Email Address "; if ($_POST) { $conn_string = "dbname=joshua_generation user=admin password=admin"; $conn_hndl = pg_connect($conn_string); switch ($_POST['proc']) { case 'add': $name = $_POST['name']; $cphone = $_POST['cphone']; $wphone = $_POST['wphone']; $hphone = $_POST['hphone']; $emailaddr = $_POST['emailaddr']; /* To add a member a name is all that is needed. Based on the name that is entered, the next nameid will be generated by the dbms, and the insert will be done into: NAMES, PNUMBERS, EMAILADDRS, MBRSTATUS based on that number The default MBRSTATUS.status will be ACTIVE */ $ins_names_stmt = "INSERT INTO NAMES VALUES ('nextval('nid'),'"; $ins_names_stmt .= $name; $ins_names_stmt .= "');"; pg_query($ins_names_stmt); $getcurval = "SELECT currval('$nid[0]') FROM NAMES"; $curval = pg_fetch_row(pg_query($getcurval[0])); $ins_pnums_stmt = "INSERT INTO PNUMBERS (nameid, cnumber, wnumber, hnumber) VALUES ('"; $ins_pnums_stmt = $curval[0]; $ins_pnums_stmt .= "','"; $ins_pnums_stmt .= $cphone; $ins_pnums_stmt .= "','"; $ins_pnums_stmt .= $wphone; $ins_pnums_stmt .= "','"; $ins_pnums_stmt .= $hphone; $ins_names_stmt .= "');"; pg_query($ins_names_stmt); $ins_emads_stmt = "INSERT INTO EMAILADDRS (nameid, emailaddr) VALUES ('"; $ins_emads_stmt .= $curval[0]; $ins_pnums_stmt .= "','"; $ins_emads_stmt .= $emailaddr;
Re: [PHP-DB] Problem Using Sessions. .
From the PHP help page on "session_register()" "If your script uses session_register(), it will not work in environments where the PHP directive register_globals is disabled." I'm assuming since you compiled and installed PHP 5.0.4 that your "register_globals" is disabled. I wouldn't recommend enabling it to fix this problem. Instead use $_SESSION super global to register session data. So instead of: session_register("username"); try this: $_SESSION['username'] = $username; /* TO SET */ $username = $_SESSION['username']; /* TO GET */ Hope this helps, Aman Shawn Singh wrote: Hey All, I'm fairly new to PHP Programming. I have compiled and installed postgres version 8.0.1, and with that compiled postgres support into my postgres (I'm using PHP version 5.0.4), and I've compiled support for PHP into Apache (version 2.0.53) and all is working (in that I can embed PHP into my HTML documents and get the expected results). Recently I started working on a website in which I would like there to be an administration page where the person who is logged in can add and delete records. I figured that the best way to do this would be to establish a session, (at the login page) then if the user login is successful, I would then register the username and password and redirect the user to the admin page. I chose not to use cookies, b/c everyone may not have cookies enabled on their browser and I didn't want that to be a hurdle that a user would have to jump over. I've written the code but when I try to login to the site I get this message: Warning: Cannot modify header information - headers already sent by (output started at /export/home/www/htdocs/login.php:13) in /export/home/www/htdocs/login.php on line 25 Warning: Unknown: Your script possibly relies on a session side-effect which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data, unless register_globals is enabled. You can disable this functionality and this warning by setting session.bug_compat_42 or session.bug_compat_warn to off, respectively. in Unknown on line 0 Information I've seen on the web for these types of messages would indicate that I don't have a /tmp directory, but such is not the case. Other messages have indicated that my session variables are not getting written to /tmp, but that is not true either, as I have seen them in there...as I see entries such as: sess_ec2249332b8b29863f161461cf8c1409 So, I'm guessing that there aren't problems with my /tmp filesystem. Please excuse the lack of style as I have mainly been trying to hack out something, but plan to clean it up later. My source code for the login page is as follows: -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Problem Using Sessions
Hey All, I'm fairly new to PHP Programming. I have compiled and installed postgres version 8.0.1, and with that compiled postgres support into my postgres (I'm using PHP version 5.0.4), and I've compiled support for PHP into Apache (version 2.0.53) and all is working (in that I can embed PHP into my HTML documents and get the expected results). Recently I started working on a website in which I would like there to be an administration page where the person who is logged in can add and delete records. I figured that the best way to do this would be to establish a session, (at the login page) then if the user login is successful, I would then register the username and password and redirect the user to the admin page. I chose not to use cookies, b/c everyone may not have cookies enabled on their browser and I didn't want that to be a hurdle that a user would have to jump over. I've written the code but when I try to login to the site I get this message: Warning: Cannot modify header information - headers already sent by (output started at /export/home/www/htdocs/login.php:13) in /export/home/www/htdocs/login.php on line 25 Warning: Unknown: Your script possibly relies on a session side-effect which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data, unless register_globals is enabled. You can disable this functionality and this warning by setting session.bug_compat_42 or session.bug_compat_warn to off, respectively. in Unknown on line 0 Information I've seen on the web for these types of messages would indicate that I don't have a /tmp directory, but such is not the case. Other messages have indicated that my session variables are not getting written to /tmp, but that is not true either, as I have seen them in there...as I see entries such as: sess_ec2249332b8b29863f161461cf8c1409 So, I'm guessing that there aren't problems with my /tmp filesystem. Please excuse the lack of style as I have mainly been trying to hack out something, but plan to clean it up later. My source code for the login page is as follows: Joshua Generation Login Page Enter Username: Enter Password: "; if ( $_POST ) { $username = $_POST['username']; $password = $_POST['password']; if ( $username == "test" && $password == "test" ) { global $username, $password; session_register("username"); session_register("password"); echo "Authorized Entry"; header("Location: http://joshua1and8.homelinux.org/admin.php";); } else { echo $username; echo ""; echo $password; echo ""; echo "Login FAILED"; } } echo " "; ?> My source code for the admin page is as follows: Joshua Generation Admin Page Joshua Generation Admin's Corner Name Cell Phone Work Phone Home Phone Email Address "; if ($_POST) { $conn_string = "dbname=joshua_generation user=admin password=admin"; $conn_hndl = pg_connect($conn_string); switch ($_POST['proc']) { case 'add': $name = $_POST['name']; $cphone = $_POST['cphone']; $wphone = $_POST['wphone']; $hphone = $_POST['hphone']; $emailaddr = $_POST['emailaddr']; /* To add a member a name is all that is needed. Based on the name that is entered, the next nameid will be generated by the dbms, and the insert will be done into: NAMES, PNUMBERS, EMAILADDRS, MBRSTATUS based on that number The default MBRSTATUS.status will be ACTIVE */ $ins_names_stmt = "INSERT INTO NAMES VALUES ('nextval('nid'),'"; $ins_names_stmt .= $name; $ins_names_stmt .= "');"; pg_query($ins_names_stmt); $getcurval = "SELECT currval('$nid[0]') FROM NAMES"; $curval = pg_fetch_row(pg_query($getcurval[0])); $ins_pnums_stmt = "INSERT INTO PNUMBERS (nameid, cnumber, wnumber, hnumber) VALUES ('"; $ins_pnums_stmt = $curval[0]; $ins_pnums_stmt .= "','"; $ins_pnums_stmt .= $cphone; $ins_pnums_stmt .= "','"; $ins_pnums_stmt .= $wphone; $ins_pnums_stmt .= "','"; $ins_pnums_stmt .= $hphone; $ins_names_stmt .= "');"; pg_query($ins_names_stmt); $ins_emads_stmt = "INSERT INTO EMAILADDRS (nameid, emailaddr) VALUES ('"; $ins_emads_stmt .= $curval[0]; $ins_pnums_stmt .= "','"; $ins_emads_stmt .= $emailaddr; $ins_emads_stmt .= "');"; pg_query($ins_emads_stmt); $ins_mbsts_stmt = "INSERT INTO MBRSTATUS (nameid, status) VALUES ('"; $ins_mbsts_stmt .= $curval[0]; $ins_mbsts_stmt .= "',