ajoo

Ok so i'ld like to ask if a user has logged in with his username and password and the server sets a session variable in the database & on every page request on the site, this session variable is checked to see if its still set & a request for and the login status is also stored and checked, where and why is the need for a cookie? each user has his or her own session ID. Would it goof up if more than one person is logged in ? But then all variables are again uniquely identifiable for each user since session ID's are unique for each.

Hi! WelI I identify the client through a login ID & password, and for the duration that the client is logged in I have his Session_ID stored in a session's variable. The session ID is also stored in a database upon each login . The session_ID is destroyed either when the client logs out or if the session is inactive for a certain length of time. I am relatively new to sessions so please bear with me if I ask something stupid. But yes i really wanna figure all this out.

Hi guys !! If ever a guys was confused, I am today, having read sessions and security and realizing nothing is secure with sessions. There is no such thing as absolute security in sessions and login scripts. So today I read about about the common types of attacks - especially session fixing. This is what I could make ( I think I must have understood just about 15% of it ) out and I have some questions accordingly which I'll be glad to have sorted by the Gurus here !! 1. Sessions fixation involves there being a Session_ID stored either as cookie, sent as a URL or as a hidden field. The cookie being the most secure yet prone to maximum tampering. ( ironic - that's what the article said). Not withstanding the other hazards, I would like to question what if i designed a login session using only sessions and not involving any cookies or URL or hidden fields, how secure would that be against session fixation? I hope there's nothing stupid about that statement. I just want to know if that prevents session fixation. I think that's all I want to know for now and will come out with other questions as and when I proceed on this issue and read more. Thanks very much.

That's the place I got it from too. OK Thanks once again. I'll check out the css again and see whats the issue. Will revert again

Thanks Barand, that worked great. It was also getting the null record which i managed to eliminate by adding to the end of the query "AND dues IS NOT NULL"; Now i'll check out the earlier reply from you ( some things work better in code) and get back with the results. You have been awesome help and guide. Thanks loads.

Hi Barand, Thanks for this. I have to check it out yet cos you've used the earlier table. I have studied the code and got the drift though. Still I'll try it out and revert. Meanwhile I have another twist on the previous Query that you solved below: SELECT cv.day_id, cv.dues, cv.last_visit, cv.points FROM clubvisit cv WHERE last_visit > ( SELECT MAX(last_visit) FROM clubvisit --+ WHERE points <> | ( | find the SELECT points as lastpoints --+ | latest date FROM clubvisit | find points | that had a JOIN | value from | point value ( | the record that | not equal to SELECT MAX(last_visit) as last_visit --+ get | matches the | points value FROM clubvisit | latest | latest date in | found in the ) --+ date | the subquery by | latest record as latest USING (last_visit) --+ JOIN on the date --+ ) ) This works great. However what if the MAX(last_visit) had to check for and ensure that the dues on this day was not NULL. If the dues was NULL in the last row ( highest date)then this row had not to be considered in the rest of the query. So i tried to get the latest date as follows:- JOIN ( SELECT MAX(last_visit) as last_visit FROM (SELECT* FROM clubvisit as cv WHERE dues IS NOT NULL) ) as latest USING (last_visit); But this gave an error " #1248 - Every derived table must have its own alias" . even though "SELECT* FROM clubvisit as cv WHERE dues IS NOT NULL" gave me the subset i wanted. So i don;t know how to eliminate this error though I tried. I even tried to use this statement as the first statement in the query and then work with the alias but that gave an error too. So how do i get there now ? Just for clarity if the Table is as below : (1 , 900 , '2012-12-01' , 6), (2 , 700 , '2012-12-04' , 7), (3 , 600 , '2012-12-07' , 5), (4 , 600 , '2012-12-09' , 6), (5 , 600 , '2012-12-10' , 6), (6 , 600 , '2012-12-14' , 6), (7 , NULL, '2012-12-14' , NULL); Then the last_value has to be that of date 14-12-2012 or day_id = 7 and the desired table should be calculated with corresponding point value of 6. The output should be as before :- +--------+------+------------+--------+ | day_id | dues | last_visit | points | +--------+------+------------+--------+ | 4 | 600 | 2012-12-09 | 6 | | 5 | 600 | 2012-12-10 | 6 | | 6 | 600 | 2012-12-14 | 6 | +--------+------+------------+--------+ Thanks !

Hi ! Thanks for attempting Ch0cu3r. The panel is fine if you slide it. Its only when you click on the registration and login buttons a few times ( more so on the registration button) without entering any information in the input fields, the page refreshes and then redraws. Its at that time just before the panel is redrawn correctly, it distorts. The distortion occurs with the curved edge of the panels being redrawn 1. at the wrong location and 2 the curved edge becomes straight, abrupt and sharp. It's actually the elements of the panel being drawn wrongly. The left element of the panel ( the left curve ) being placed at the position of the right curve. I will try and capture a picture of this though I don't think i'll manage cos its so temporary. I am not sure what code I may have changed. Maybe something in the CSS though it seems just fine, I have tried to locate the change without success. Thanks. I hope you'll try it again.

MacGyver is right but Thanks none the less, gives me something else to check and read about.

Hi barand, Thanks for this but i forgot to change the dues values when i changed the table order earlier. So it kind of changed the entire sense of what was needed. So I am just going to put the table back here corrected and which is as follows: Day_ID -- Dues --- Last_Visit --- Points. 1 --------- 900 -------- 1/12 -------- 9 2 --------- 600 -------- 4/12 -------- 6 3 --------- 400 -------- 7/12 -------- 4 4 --------- 500 -------- 9/12 -------- 5 5 --------- 600 -------- 10/12 ------- 6 6 --------- 600 -------- 11/12 ------- 6 7 --------- 600 -------- 13/12 ------- 6 8 --------- 500 -------- 15/12 ------- 5 9 --------- 500 -------- 19/12 ------- 5 Ok so here's the modified table and I have changed the dates to be unique ( I understood that here we should have a date and time format for multiple entries on the same day) just to keep it simple. So now I am looking for the latest value of dues (500) . Then we move back on dates and the next is also 500, so we want that and then we come to dues value of 600 on Day_ID 7. Here the dues have changed. But now I want to know for how many earlier days were the dues 600. So we move back and find that till Day_ID = 5 or till on 10/12 the dues were same and equal to the value 600. That's it. Those are all the values I want. So my output should be : 5 --------- 600 -------- 10/12 ------- 6 6 --------- 600 -------- 11/12 ------- 6 7 --------- 600 -------- 13/12 ------- 6 8 --------- 500 -------- 15/12 ------- 5 9 --------- 500 -------- 19/12 ------- 5 I have checked and rechecked the table. Its correct. Please guide how this may be achieve achieved. Thanks loads !

Thanks you so much !

Hi Noel ! Thanks for the reply. Well as of now I don't have it on a remote server. I am just running localhost and trying things out on a local server. If there is no other way then i'll try and upload it soon and post this again. if there is anything else you can suggest i'll try and do so. Maybe someone else meanwhile might have those resources and would be able to help. Thanks so much.

Hi barand, thanks for the response and yes this data is different from the earlier. I think there is a small mistake in the data in TABLE A ( the one in the previous post) so here's the new table again - TABLE B Day_ID -- Dues --- Last_Visit --- Points. 1 --------- 900 -------- 1/12 -------- 6 2 --------- 700 -------- 4/12 -------- 7 3 --------- 400 -------- 7/12 -------- 4 4 --------- 600 -------- 9/12 -------- 6 5 --------- 600 -------- 10/12 ------- 6 6 --------- 500 -------- 10/12 ------- 5 7 --------- 600 -------- 14/12 ------- 6 8 --------- 500 -------- 14/12 ------- 5 ok so now I think its correct. Yes multiple dates are allowed. However I think that the dates got goofed in the sense that they should have followed order ( Ascending I mean.). Ok but your keen observation has led me to another few questions. 1. I would like to ask that in a system where a person;'s visits to the club are entered serially, is it possible for the table to store them in an un-ordered manner as in TABLE A. 2. Even if the system enters inputs these dates in order, is there any manner that the table may get jumbled on dates (again as in TABLE A). 3. How can the same output be achieved for both the tables. I think if you just do that for me for the earlier TABLE A, I'll try and do the simpler TABLE B one myself. Thanks very much.

Hi Barand ( guru), I am here once again with another query that i wish to form from the same table clubvisits. The table of entries is as below. Day_ID -- Dues --- Last_Visit --- Points. 1 --------- 900 -------- 1/12 -------- 6 2 --------- 700 -------- 4/12 -------- 7 3 --------- 400 -------- 7/12 -------- 4 4 --------- 600 -------- 9/12 -------- 6 5 --------- 600 -------- 10/12 ------- 6 6 --------- 600 -------- 14/12 ------- 6 7 --------- 500 -------- 10/12 ------- 5 8 --------- 500 -------- 14/12 ------- 5 The last time you created a query which checked for last entry value of Dues and the found all the entries for which the dues were same. This time I wish to change that slightly so that it finds the latest dues value (500) and checks for all records with the same dues value as well as all the value of the next dues values. i.e. I want to make a query whose result would be 4 --------- 600 -------- 9/12 -------- 6 5 --------- 600 -------- 10/12 ------- 6 6 --------- 600 -------- 14/12 ------- 6 7 --------- 500 -------- 10/12 ------- 5 8 --------- 500 -------- 14/12 ------- 5. I am able to get 6 --------- 600 -------- 14/12 ------- 6 7 --------- 500 -------- 10/12 ------- 5 8 --------- 500 -------- 14/12 ------- 5. if i change " Where last visit > " to " Where last visit >= " but I am not able to get the rest of the entries for which the dues value = 600. Help sought. Thanks again !

yes that's exactly correct. yes I don't want someone to go to secound.php from anywhere else except the hyperlink so i guess sessions is the best way to ensure it. Maybe You can suggest something else. Thanks

Hi guys, please can someone look into this and provide a solution. if not, I'ld be thankful if someone can at least guide me where to go with this question, any relevant forum where I would be able to elicit some kind of response to this. Thanks you all.

yea hi ! ok so this one file is not an included file. It's a PHP file, say second.php which is invoked by a hyperlink on the main webpage index.php. Now i don't want to give a direct access to it so i asked if something similar like defining a constant and then checking for it in the second.php , once the hyperlink was pressed in index.php, could be used to prevent direct access to this file second.php. I am actually thinking of using sessions to prevent direct accesss to this one - (a hyperlink invoked file). Thanks.

Hey thanks ! yes I am now trying and using the define to define a constant. However what about a file that I have to access using a href defined hyperlink? What's the way to prevent direct access to that file other than what you suggested of putting the files into a folder other than the root. Please suggest something. Thanks !

Hi, searching for this very common question as in subject, I CAME ACROSS THE FOLLOWING QUESTION:- I have a php file which I will be using as exclusively as an include. Therefore I would like to throw an error instead of executing it when it's accessed directly by typing in the URL instead of being included. Basically I need to do a check as follows in the php file: if ( $REQUEST_URL == $URL_OF_CURRENT_PAGE ) die ("Direct access not premitted"); Is there an easy way to do this? AND THIS ANSWER:- The easiest way is to set some variable in the file that calls include, such as $including = true; Then in the file that's being included, check for the variable if (!$including) exit("direct access not permitted"); AND THESE COMMENTS:- 2 This is dangerous if register_globals is on. – jmucchiello Jan 3 '09 at 18:51 11 PHP is dangerous if register_globals is on. – David Precious Jan 3 '09 at 18:56 MY QUESTION IS that please can someone explain why and how this is a dangerous menthod and if it should be used or not. I have actually used this technique, There is a php file which is accessed as a hyperlink from the index file. When I use that link, it gives me an error saying that I cannot access that file directly. So does that mean that this technique won't work on hyperlinked files? If not then what is the best way to ensure that hyprelinked files are not accessed directly? Thanks a lot everyone on the forum.

hi all, I am not sure if this is the best place for my query but I am sure I'll get the solution & the reply. I have attached a small zip file which contains files for a j-query slider login panel. I have not done anything much with it except may be tweak the css files a bit just for learning. However now when i run / load the demo.php in the browser, it works fine but when i press the login and register buttons on the slider panel, the panel distorts before the refresh and the distortion shows just for a second and then it comes back to the right place. I am not able to figure out how to remove this distortion. Can someone quickly unzip the files and try it out and take a look at the problem. Note: the distortion occurs not always but on one or two button presses of the Register button and sometimes with the login button. ( no form fields are to be filled at all) Just press the buttons. Just trying to learn, distort_demo.zip Thanks loads.

hey Thanks ! but guess what I tried and got it too. SELECT count(last_visit) FROM clubvisit cv WHERE last_visit > ( SELECT MAX(last_visit) FROM clubvisit WHERE points <> ( SELECT points as lastpoints FROM clubvisit JOIN ( SELECT MAX(last_visit) as last_visit FROM clubvisit ) as latest USING (last_visit) ) ); So i was also trying it even after posting the query. Thanks loads cos I am learning too with your help.

Hi Barand, I have achieved what i wanted with your help but I just want to confirm if there is a more elegant way to achieve it. So this query that you created initially to solve this issue returns the latest three rows with the points value 6. However if i did not wish to have have these rows listed and instead just wanted to know the count of rows that were returned, can the query be modified to achieve that? That's what I have been trying and thought I had managed but I had not. So i used the result in mysqli_affected_rows and indirectly counted the rows to be three. However I was wondering and trying to achieve the same with count in the query. I am sure it can be done and request you to show me how to do it. Thanks again !

Yup great ! thanks . Thanks loads

Hi Barand, The previous query that you were so kind to help me with, I have altered a little as follows : $sql = "SELECT COUNT(last_visit) as numcount FROM clubvisit WHERE points <> ( SELECT points as lastpoints FROM clubvisit JOIN ( SELECT MAX(last_visit) as last_visit FROM clubvisit ) as latest USING (last_visit) );" It works as desired in myphpAdmin. However now i am using this as $result = mysqli_query($link,$sql) and I am not sure how I may retrieve the value of numcount from this one. kindly guide. Thanks !

Hi, Please can someone suggest if I need to connect to the database again and again if my main program calls subroutines which also need to connect to the SAME database or is there an alternative method by which I don't have to do this again and again. I read somewhere that connecting to the database time and again is a big waste of time resource. I'll also try and illustrate my problem ///////////////////////////// main.php ////////////// <?php mysqli_connect(host, user, pass, db) // makes a connection to a database DB get_field_1(); // a function in another file say functions.php ?> //////////////////// functions.php //////////// <? function get_field_1() { mysqli_connect(host, user, pass, db) mysqli_connect(...) get_field_2(); // calls another fucntion in functions.php return val1; } function get_field_2() { mysqli_connect(host, user, pass, db) mysqli_connect(...) return val2; } ?> //////////////// END /////////////////// Is there a way by which I can avoid calling the following two lines within each function? mysqli_connect(host, user, pass, db) mysqli_connect(...) In fact I would like to call it just once in main and not have to call it again and again. Thanks.

Thanks Guru !! I did manage to find the explanation using the myphpAdmin by taking parts as you have also segregated. So I ran the SQL's and got the results of the portions. I have a few questions on this but i'll first try and read a bit more and hammer them out myself and if I cannot, then i'll come and ask them again. Thanks a lot.