ajoo

ok my mistake, the actual echo of the query was Select * FROM loginstatus WHERE username = 'yahoo4' AND id = 21. Now that is a valid sql statement i guess. The other 3, yahoo4 21 A are three echo statements displaying id, user & status values of the fields. Ofcourse the table 'loginstatus' exists and snapshot of the last four entries in my last reply was from the 'loginstatus' table. So now why am I getting the Warnings ? Any suggestion , help is welcome. Thanks lots again

by last row i just mean the one having the last or latest id or highest id value or which would be the same as the number of rows in the database. Thanks.

ok I get the following:- Select * FROM loginstatus WHERE username = 'yahoo4' AND id = 21 yahoo4 21 A which is correct !! as can be seen by the last 4 entries of my table loginstatus. 18 yahoo4 X 1374925966 19 yahoo4 X 1374926013 20 yahoo4 X 1374926344 21 yahoo4 A 1374933359 So how can the warnings be removed? Thanks.

hmmm yea sure i can. i will. thanks. I'll revert. Thanks

if only for a cross check. or to get some value from the penultimate row. If i know the last row i can then scan the penultimate row. I hope thats a reason good enuff to elicit an answer. Thanks.

Hi thanks, Sorry if i am bit slow to catch on. But lemme see if i understand this. The warning that i get is Warning: mysqli_fetch_array() expects parameter 1 to be mysqli_result, boolean given in functions.php on line 6". So what you mean is that my query is returning a boolean to mysqli_fetch_array() and hence the warning. Is that a good or a bad thing then? Because the result that I get otherwise is correct. And I am getting this warning in the special case where the table would be NULL when no value has been inserted in it. If this is not good then how can i change this ? Ok here is some more of the code along with the previous one. In fact I use the fact that (!row) (that the row return a NULL or is uninitialized) Any more discussion and any solution is welcome. The code: $con = mysqli_connect($db_host, $db_user, $db_pass, $db); if(mysqli_connect_errno($con)) die('Could not connect: '. mysqli_connect_error()); // $query="Select * FROM $table WHERE username = '".$_POST['username']."' && status = A"; $query = "Select * FROM $table WHERE username = '$user' AND id = $id "; // AND id = '$id' AND $result=mysqli_query($con, $query); $row = mysqli_fetch_array($result,MYSQLI_ASSOC); mysqli_free_result($result); if (!$row) { /* Table is empty - - initialization condition ! v! */ $existingId = "Valid"; // Making the Session Valid bcos at this point the login table is empty mysqli_close($con); return($existingId); // and insert the first values in the table.

Hi, thanks for the reply. Well the values are simply values in a table. The user name and ID coud be null for a new table with no entry or there could be name and id entries in the table like say: id user 1 Jack 2 John 3 David & so on. I don't get an error when i run this code. I just get a warning. Further ID is an integer and user is a varchar. My code runs ok but I wanna do away with the warning. Why is $result a boolean ?. I do have a check for an initial value when the table is empty. but when i got the above warnings my table was not empty and so the values for the user and id existed or exist. I hope this can help. The whole code is heaps long. Looking for anyone to take a longer look and see if something can be found. Thanks all.

Hi all ! another simple mysql query to which i never found any satisfactory answer so far. I have a table with four fields. id is auto generated and increases as the table is filled. So i fill the table and say i have 4 entries in it as shown. id name age class 1 aaa 6 1 2 bbb 6 1 3 ccc 7 2 4 ddd 7 2 Now i wish to add the 5th entry but before that i wish to query the database to find how many records have already been entered so far. So whats the best way to get that using php and mysql. i can count the number of rows or i can check for the last vale of id and from there i can know that the next row would be 5 and so would the id be. pls some appropriate code is what i am looking for. beginning wid connecting to the database. ( WHY? cos sql has a nasty habit of throwing Warnings which are difficult to get over) Thanks loads.

Hi everybody, Please can someone check the snippet of code below and say why it generates a warning as "Warning: mysqli_fetch_array() expects parameter 1 to be mysqli_result, boolean given in functions.php on line 6". Same warning is generated for the next line i.e. line 7. Ofcourse this is only due to the earlier line i.e. line 6. 1. $con = mysqli_connect($db_host, $db_user, $db_pass, $db); 2. if(mysqli_connect_errno($con)) die('Could not connect: '. mysqli_connect_error()); 3. 4. $query = "Select * FROM $table WHERE username = '$user' AND id = $id "; // AND id = '$id' AND 5. $result=mysqli_query($con, $query); 6. $row = mysqli_fetch_array($result,MYSQLI_ASSOC); 7. mysqli_free_result($result); I have checked the usage of mysqli_fetch_array($result,MYSQLI_ASSOC) on google and it seems to be almost the same. The difference was only in the $query which on w3schools examples was as follows $query ="SELECT Lastname,Age FROM Persons ORDER BY Lastname"; Can someone please help. Thanks all

yes I am talking about the 'Duplicate Tab' option in chrome that opens a duplicate of the page in another Tab. So there is no way for php or javascript to detect that a duplicate TAB has been created of an already open page and there is no way to stop or prevent that using PHP or javascript etc. Please confirm. Thanks all.

Hi guys !! hope all of you are good n doing great ! So i have achieved a login system which i think is secure enuff in the sense that it does not allow multiple logins. It takes care of back arrows and stuff like that and so far i tested the system it is just fine as long as the person is trying to login a 2nd time. It prevents that successfully. However once a person is logged in and is on hiot bs secure page and that person uses the right key to create a duplicate page there or for that matter n duplicate pages, he can do so !!!!!!! Now i am besides myself on trying to find a way to prevent that. How can i prevent the logged in user from duplicating his secured page. I have not been able to come up with anything that can check that. Any suggestions ? I most desperately hope that someone has a solution to that one. Awaiting the response of gurus and senior members. Thanks all in advance for their time, effort and help. Ajoo.

Hello Jessica, thanks for the reply. I thought it was ajax cos i thought .$fetch was a command. I am absolutely unfamiliar with ajax but that came into my head and so i wrote that. However i was interested in that line of code because it seems to be checking for session authentication before a button is clicked. That means the code following the if would be executed if ,in this case the session was valid. This was exactly what i was wanting to achieve in a 'user login system" that i am trying to create. I have asked this in another thread started by me named / called " Another login twister". I hope you can help. Thanks loads.

Hi, what you said is absolutely correct. However I just have a questions. 1. Once a session is destroyed, shouldn't the link and page itself become irrelevant? 2. is there a way by which, the hyperlink upon being pressed, should first check if the session is valid and only then move to the next page which in my case is Mypage? So i want the authentication to take place on the securedpage.php instead of going onto the Mypage and checking for it there. Yes i did realise that my page would be directly accessible thru a hyperlink but this was just for the sake of an illustration. In an application that page would check for further authentication. Thanks for all the replies so far. I do hope others would joinin too with their valuable suggestions and ideas. Thanks all !

Hi Fahad, I just came across your snippet question and I think I could use a similar solution. Ofcourse I am trying to find a solution to a login issue. Ithink the $fetch command in your php is an ajax implimentation. Can you please quickly explain how this line of code works. Thats all I want to know. Thanks.

I thought I would illustrate this with a small demo program. I am sure other would have come against something like this and found a way around it. This involves five small files for a login syste. 1. Index.php 2. loginproc1.php 3. securedpage.php 4. loggedout.html. 5. Mypage.html. It does not make use of a database but accepts only one user namely "John" with password - actually password is irrelevant for this illustration but i use 1234. So typing the url "localhost/xampp/sessions/index.php" will open a login form. Once I login using USER as John and password 1234, loginproc1 takes me to securedpage.php if i am not already logged in. Now I open another browser window and as soon as i put in the url "localhost/xampp/sessions/index.php" it immediately goes to the loggedout.html which is displayes and says that since ur already logged in ur being logged out. So i am logged out. But since i am logging in from another tab of the same browser, I am actually logged out of both sessions since both sessions in this case ( on different tabs of the same browser ) are considered as one and the same. At this point I have two pages on the two tabs. secured Page on the 1st tab and loggedout Page on the 2nd tab of my browser and effectively i should be logged out and the sessions ( actually session - since both are one and the same) destroyed. However if you now go to the secured page ( 1st Tab of the broswer) , you can still see the link to MyPage on it, which if clicked on would take us to the contents of Mypage.html even though envoking the the url "localhost/xampp/sessions/index.php" , in the 2nd tab of my browser has effectively destroyed the session. I want to prevent the link to MyPage from working once the session is destroyed. How can this be achieved. SInce I have attached the code files I would be glad if someone can actually do this one here and demonstrate it. Thanks loads to all for any help that i would receive on this one. The code files :- INDEX.PHP <?php //////// INDEX.PHP ///////////// // Inialize session session_start(); // Check, if user is already login, then jump to secured page if (isset($_SESSION['username'])) { echo $_SESSION['username']. "Already Logged in @ index 8"; echo " You are being logged out as you have logged in from another page "; session_destroy(); header('Location: loggedout.html'); exit(); } else { echo " Hi new user ";} ?> <html> <head> <title>PHPMySimpleLogin 0.3</title> </head> <body> <h3>User Login</h3> <table border="0"> <form method="POST" action="loginproc1.php"> <tr><td>Username</td><td>:</td><td><input type="text" name="username" size="20"></td></tr> <tr><td>Password</td><td>:</td><td><input type="password" name="password" size="20"></td></tr> <tr><td> </td><td> </td><td><input type="submit" value="Login"></td></tr> </form> </table> </body> </html> <?php ////// loginproc1.php ////// // Inialize session session_start(); // Include database connection settings include('config.inc'); if (isset($_SESSION['username'])) { echo $_SESSION['username']. "Already Logged in @ index 8"; echo " You are being logged out as you have logged in from another page "; session_destroy(); header('Location: loggedout.html'); exit(); } else { echo " Hi new user ";} $_SESSION['username'] = $_POST['username']; if($_SESSION['username'] == "John") { header('Location: securedpage.php'); exit(); } else { // Jump to login page echo " Can't find you"; //header('Location: index.php'); } ?> SECUREDPAGE.PHP <?php ///// SECUREDPAGE.PHP /////// // Inialize session session_start(); // Check, if username session is NOT set then this page will jump to login page if (!isset($_SESSION['username'])) { header('Location: index.php'); exit(); } else { echo " Welcome". $_SESSION['username']; } ?> <html> <head> <title>Secured Page</title> </head> <body> <p>This is secured page with session: <b><?php echo $_SESSION['username']; ?></b> <br>You can put your restricted information here.</p> <p> You can jump to your page <a href = "mypage.html">MyPage </a> </p> <p><a href="logout.php">Logout</a></p> </body> </html> This is content of ‘securedpage.php’: <? LOGGEDOUT.HTML <html> <head> <title>Loggedout Page</title> </head> <body> <p> <?php echo $_SESSION['username']. ?> "Already Logged in @ index 8"; <p> " You are being logged out as you have logged in from another page "; <p><b><?php echo $_SESSION['username']; ?></b> you are logged out. <br>You cannot put any kind of information now.</p> </body> </html> MYPAGE.HTML <!DOCTYPE html> <html> <head> <title> MyPage </title> </head> <body> <h1>My First Heading</h1> <p>My first paragraph.</p> </body> </html>

Hi guys, I am back with another login twister. Earlier i tried to create a yahoo like login system which ensured that a given user was logged in only on one machine even if that user tried to do a multiple login from same or different machines. So after a great deal of effort and with a lot of support from the forum i decided it would be best to not allow a second , the new login, at all if the user was logged in. So the new login fails saying that the user is already logged in. I am now using a sliding jquery login panel that i picked up from the net and i tried and implement this new logic and guess what ? I ran into another issue. So the panel works fine. I'll put the login procedure in steps; 1. I input the username and password and I login. The initial screen provides the username and password and a login button. Also a registration form for a new login registration. The display shows Guest for user. 2. The user logs in & is greeted by his 'username' that it picks from a database. When the panel is expanded it now opens to a new page ( say PAGE 1) which has two hyperlinks: a) to play a movie and b) to logout. 3. Both work fine. So far so good. 4. Now I run the login page again in a new tab and because an instance of it is already running, it opens on PAGE 1 which has the two hyperlinks a) movie and b) to logout. Since the panel is running sessions and since i am running the two on the two tabs of a browser, the sessions would ensure that the session values are the same for the instances in both tabs. 5. Now I logout from the 2nd (newer) tab. ( actually since there are two instances running on the two tabs of the same browser I can logout of either.) The sessions is destroyed and the logout page is displayed. Since the sessions are destroyed, they must be destroyed from both instances. At this point of time the first instance / tab is still showing the PAGE1 as it should but it is now a dead session. However now when i press the a) option, the hyperlink to a movie, it plays !!!!! WHY should the movie play when the session is destroyed. 6. So in effect, while i am effectively logged out because of a logout command in one of the two tabs of the browser, the hyperlink to the movie in the other tab is still active. which is a great flaw i think. I mean it should not behave like that. So does anyone have any idea why this is happening and how it may be over come?? A bit of code showing that which makes the PAGE 1 <div class="left"> <h1>Members panel</h1> <p>You can put member-only data here</p> <a href="registered.php">View a special member page</a> <p>- or -</p> <a href="?logoff">Log off</a> </div> registered.php actually runs a movie - the a) option - or the user can logoff - the b) option Please HELP, stuck on this one again.

elseif (user has logged in elsewhere){ echo 'you've been booted message'; echo 'you've been booted message'; } //up to here it is pretty much just regular.php // ALREADY PROBLEMETIC. If i am logged in on Tab A and then on Tab B of the same browser, then the above message is shown on Tab B, the current session Tab and not on Tab A session. So the hurdle occurs here. If a way could be achieved to communicate with Tab A from Tab B the problem would have been solved. Both sessions become the same on refresh. It also occurred to me that would it not help to set the session_start in login.php ONLY AFTER first searching for the active sessions? In that case there would be only one session active, the old one, which should be ejected and destroyed before we INSERT the new session wid status 'A' and set that session. I dare say I tried that but could not get it to work. I have actually tried so many things during the day. I spent a whole Sunday on this. lol ! Maybe this can trigger some ideas for you. I am relatively new to php and sessions and the info on sessions is so varied and obfuscated on the net. I am very confused. Maybe a fresh start on a fresh day would do the trick. Still I seek your help and direction, Thanks loads.

When I read your reply above to the I thought that maybe it gave you some clue to dealing with logins on multiple tabs. Thats what i thought I could make out from your reply. I too have this feeling that using session_regenerate_id can somehow help in solving this issue. Can Ajax be used to solve this out ? Another sequence I had in mind was that if on the login page, 1. Check to see if there exists an open session. If no match found then the user has no previous session goto regular.php. 3. If a match is found then an existing session is open so goto page eject_existing_session.php where session is unset & destroyed & a metatag refreshes the page after say 2 seconds and then goes back to the login page to continue with the login. The problem is that in this case when it comes back to the login page it waits again for the user input to login. I also thought that though it can be worked out it was not very elegant. Still looking for more inputs on this. Thanks.

Hi guys, I have been going nuts over this trying to crack the login issue on two tabs of the same browser, getting the 2nd login to kick the user out of the 1st session. I have tried the database thingy, where i used the timestamp. Today I have also gone thru the new mails and discussions by the two active members here as well and tried to implement the session_regenerate_id(true) to invalidate the previous session but to no avail. The problem is that I am unable to find a suitable replacement of this following bit of code in regular.php if ($sessions['status']=='X') { echo 'you were booted'; die('too bad'); } The hurdle is ( even with session_regenerate_id(true)) that the sessions ID of the previous session (say A) also reverts to become the same current session ID (say B)in the new login tab. What i mean is that after a refresh because of the Metatabs, session ID of Tab A = session ID of Tab B. This goes for all $_SESSION variables. Since a code executing is same in both the browsers there is no way that i can think of to check for a unique session in each Tab because the session values have all changed to become the same in both the sessions , equal to those of session in Tab B. I wish I cud put in some screen shots here of the database as well as the tabs but I am unable to add an image to this reply. The database works correct and I have also incorporated a clean up. Each login first checks to see if a previous session is active, removes the entry, unsets the session and then tries to login into a new session but ofcourse and alas it fails there. Please explain if i am missing something and kindly elaborate the use of session_regenerate_Id in this context. Why is session_regenerate_id(true) not destroying the previous session like its says so on many forums on the net. Awaiting your response, Thanks Loads,

Hi david, Firstly Thanks so much on this issue. I have an application that runs an embedded flash movie which runs from start to end. In that embedded movie, there is no way to get back,. However if the user is logged in in more than one tabs / browsers / windows then they can run thru the movie in each of those tabs. So its important that the application is running in only one tabs / browsers / windows. Otherwise there are chances of the application being misused. In case you find something on preventing multiple logins in the same browser tabs then i'll be happy to know it. Thanks again for your help.

This is especially required for an application that proceeds uni-linearly from the beginning to the end, like the example I quoted of a test. Say if the objective type test was to proceed from the beginning to the end with no way to go backwards, then the 'n' open tabs would be a must for subsequent users to also be able to complete the test once each. If the result of the test is not important, but just to go thru it once, then those 'n' open tabs would allow the users go thru the test and thats what i would like to prevent. I hope I said that correct and would be fathomable. (In fact i am actually working on one such uni lateral test that proceeds one way.) Thanks to you all. More discussion is most welcome!

Hi seandisanti, could you please rephrase what you just said because I am not sure I could make out what you intended to say. I have read the reply a number of times and could only partly understand it. Please do rephrase with an example if possible. How can i check for active sessions in the header? Thanks.

Hi david. the reason i wud not want someone to be logged into a website on two or 'n' tabs simultaneously would be to prevent them to use a service which is otherwise intended for only one user. So while some one opens 'n' tabs and may allow n people to use that service and then logout after all have used it. For eg I may have a website that offers objective type tests, intended for one person but which may be misused like this by many persons. Maybe not letting a logged in user login again is a better option after all. Anyways this was a great exercise and I learnt a lot. Still if you find some method of dealing with the tabs I would be happy to hear about that. Thanks loads !

Hi david, Ok After I wrote my reply and then read yours again , I tried the code on two different browsers on the same machine and wow ! it worked. Just like u said. I tried it on chrome and explorer. So please tell me why does it not work on the two different tabs of the same browser? What would I need do to to make it work on the tabs of the same browser. Thanks loads.

Hi david, good morning. I am using google chrome alone and i am using two different tabs to login. I did change the code just a bit. I used unset to unset the id before i destroyed the session. Thats about the only change i made. Yes i am testing only in chrome by using two tabs. Does that have anything to so with this? If you want to I can paste the two files for you to have a look. Thanks.