Jump to content

tsangaris

Members
  • Posts

    51
  • Joined

  • Last visited

tsangaris's Achievements

Member

Member (2/5)

0

Reputation

  1. Hi there, I have a simple question to ask: Say i have a PHP script: <?php var_dump($undeclaredVariable); /* The output is NULL */ if($a==$b) { if($c == $d) { $undeclaredVariable = TRUE; } else { $undeclaredVariable = FALSE; } } if($undeclaredVariable == TRUE) { echo 'the undeclared variable is TRUE'; } if($undeclaredVariable == FALSE) { echo 'the undeclared variable is FALSE'; } ?> Reading the PHP Type Comparison Table: $x = null; boolean if($x) = FALSE Using the code above, I see the "the undeclared variable is FALSE", which is OK since it proves the PHP documentation. But as you can see, if $a !=$b then the $undeclaredVarable will not be declared(defined). Is this an "OK" way to work this out? Or should I find a way to declare the variable whatever the case? Thanks in advance, Christos
  2. Thank you both for the answers! It turns out that mac_gyver was right. My previous project was on a VPS server, so all i had to do was to only create a php,ini in the root directory. I followed the same philosophy here and that was problem. So lesson learned: On a shared web server i have to copy php.ini on all folders under root -not only root-. Thanks for the link too. Regards, Christos
  3. Hi there, I have an issue that drives me nuts for some days now. I used php.ini to store the sessions to a folder outside root directory: session.save_path = "/home/castos/SESSIONS" As long as the file i call is in the public_html directory (root), session data are OK. If for any reason i use AJAX to call data from a sub-directory (lets say public_html/ajax/test.php), then SESSION data are no longer there (but the session_id is still the same). If i move the same file inside root (public_html/test.php) and call it using AJAX then it works just fine. I feel that the problem could be inside the configuration of the SESSION in php.ini so i am posting the rest of the session configuration: session.save_handler = files session.use_cookies = 1 session.use_only_cookies = 1 session.name = CUSTSESSID session.cookie_httponly = 1 session.cookie_secure = 1 session.hash_function = sha512 session.hash_bits_per_character = 5 session.auto_start = 0 session.cookie_lifetime = 0 session.cookie_path = "/" session.cookie_domain = session.serialize_handler = php session.gc_probability = 1 session.gc_divisor = 100 session.gc_maxlifetime = 1440; session.referer_check = session.entropy_length = 256 session.entropy_file = "/dev/urandom" session.cache_limiter = nocache session.cache_expire = 180 session.use_trans_sid = 0 Any help will be much appreciated! Thanks!
  4. I have to say that this is not a coding question but is something i would like to hear your opinion: I am building a web service where the user registers and then can have access to this service. During his/her time using the service, the user collects some points according to his/her actions (similar to what Stackoverflow does). Question 1: Do we need to offer both DEACTIVATION and DELETE account? Question 2: In case of DEACTIVATION should i offer an option to re-activate their previous account [with all points gathered so far]? Meaning all their previous data are kept in the database, just change some flags? Is there a best practice for this? Question 3: In case of DELETE account, how do i proceed? Do i delete all database data regading that user? What if a user wants to delete his/her account because he/she gathered a lot of negative points and wants to re-register with the same email just with no negative points? Question 4: Do other services (like Facebook or Google+) delete any data from their databases even if the user wants to delete his/her account? Are there any legal issues? Thanks!
  5. Dear mac_gyver, I am trying to implement what you said and i have to say you have guided me to the right direction! Just a question: Every time userA logs in using REMEMBER ME, the system will create a new token, and insert this token along with userID (and other details) inside the remember_me table in a new row? Lets say that userA logs from Chrome, Safari and Firefox. This will create 3 entries inside remember_me table right? id | userID | token | active | 1 40 abc1 1 --> From Chrome 2 40 abc2 1 --> From Safari 3 40 abc3 1 --> From Firefox At the same time if the userA logs out from Chrome, it will only turn active = 0 to the row created because of logging in from Chrome? So during the logout process i need to check if the cookie is set and then go and find the user with userID == 40 and token == abc1 and only turn active to 0 in that row? Also in the logout script i will need to unset the rememberme cookie in addition to changing the active flag from 1 to 0? Is this the correct way to unset a cookie? setcookie("rememberme", "", time()-10, "/"); id | userID | token | active | 1 40 abc1 0 --> From Chrome 2 40 abc2 1 --> From Safari 3 40 abc3 1 --> From Firefox One last question: As i understand the remember_me table will soon be full with rows that will not longer used for something (i mean the rows where the user logged out when previously used the REMEMBER ME feature). Do i need to remove them from time to time? Thanks (once again) a lot!! Christos
  6. Thank you all for your comments. I am going to implement everything i learned from this and get back to you if any other questions. Thanks for helping! Regards, Christos
  7. I think i get it now. If i use Remember me feature i will create a token, insert the token+userID+logged_in_status inside a table, and at the same time create a COOKIE that will hold the value of that token. At every visit i will access this COOKIE, check the token against the table and login the appropriate user. If no Remember me feature, then i will store the set the login_status = TRUE, and store the loggin_status and userID inside the SESSION (is it OK to store userID inside the SESSION?). At every visit i will check the login_status and if TRUE then i will proceed with the rest of the page. Both methods will then continue by extracting the user data according to the userID. All variables needed to other scripts will be stored inside SESSION variables, and accessed using session_start() at every script requested. Right?
  8. Thank you both for your answers! I really appreciate the feedback! So, long story short, whatever i use (SESSION or COOKIE[for remember me]) i should only store the userID, the login_status[only for SESSION] and a unique token? The login_status will be used to check whether the user is logged in in case i use SESSIONS. As for the COOKIE, i will only need to store the userID and a random generated token that will be unique. After i use the userID and the unique token to check if this is a real user, then i use the userID to extract all user related information and assign them to SESSIONS and move on as i am now? Thanks again!
  9. Yes, the cookie is created after the user's credentials are correct and if the REMEMBER ME checkbox is checked. I will try to explain the way my website is structured so you can help me: a) user puts his credentials to login b) credentials correct: create a SESSION to store user_email, user_hashed_pwd and login_status (boolean TRUE) c) redirecting to main page d) using login_status it checks if the user is logged in then proceeds e) using user_email, hashed_pwd it performs some calculations (like getting the name of the logged in user, etc) f) since i keep these variables inside a SESSION i can use them inside other scripts to perform the same calculations (or others) As you understand all my scripts rely on the SESSION variables. What is the procedure i have to follow when the user clicks REMEMBER ME? Do i bypass SESSIONS and use COOKIE? How do i minimize current code alteration? Do i need to go to each script and call the variables with COOKIE as well (as i do when SESSION is used?)? Can i mix COOKIE with SESSION? For example use COOKIE to get the userID after login procedure, and after using userID to get the email address of the user, pass the email to a SESSION? This SESSION will be used to other scripts that need the email to work.. BTW i am confused, so maybe i get it all wrong! Please correct me where i am wrong!
  10. Hi, I have created a webpage that so far was working using SESSIONS. As soon as the user successfully logs in, i save some variables inside a SESSION array and pass them to the mainpage.php script (or any other script that needs these variables). Now i want to implement "REMEMBER ME" feature. I know that i need to store the variables i want into a COOKIE and then access the cookie to get the variables i want. How do i restructure my code now? In case of not selecting REMEMBER ME: I check to see if a SESSION is set and i use only the SESSION variables? In case of selecting REMEMBER ME: I check to see if a cookie is set and then retrieve the variables from COOKIE array? If thats the case i will need to check every script to check this? Is there an easier way to configure it? Regards, Chris
  11. It turns out that the only thing that is working for me is to use the session_regenerate_id() within refreshSession.php script.. Is there a problem if i regenerate the session of the user each 20 minutes? Will it affect anything? Regards, Chris
  12. Is there a possibility that i have this problem because i changed the session.save_path from the default value(\temp) to another path?
  13. This is the output for each script: login_test.php Session ID: aip20b2ha1qmpvg2pnvk67n5btuh2uvbubfkj7qaoornq8mqmsoffmcmq200t7b4g02vb83nu4bn892rshc7pglcttgfjqa6p01t5l0 Session Data:Array ( [hashed_token] => eb5c2d98795f5cffa55ab0ae7a07cd8158329867a008245fabccdf843280b2dc [logged_in] => 1 [last_access] => 1436452752 ) You have been logged in! test_refresh.php Session ID: aip20b2ha1qmpvg2pnvk67n5btuh2uvbubfkj7qaoornq8mqmsoffmcmq200t7b4g02vb83nu4bn892rshc7pglcttgfjqa6p01t5l0 Session Data:Array ( [hashed_token] => eb5c2d98795f5cffa55ab0ae7a07cd8158329867a008245fabccdf843280b2dc [logged_in] => 1 [last_access] => 1436452755 ) The session has been refreshed! Refreshing the test_refresh.php would not change the session ID (i assume that if the session ID stays the same then the session has not expired). Even if i refresh the test_refresh.php after 20 seconds i still see the same sessionID.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.