Jump to content

tsangaris

Members
 View Profile  See their activity

  • Posts

    51

  • Joined

  • Last visited

 Content Type 

Everything posted by tsangaris

  1. tsangaris
    Hi there, I have a simple question to ask: Say i have a PHP script: <?php var_dump($undeclaredVariable); /* The output is NULL */ if($a==$b) { if($c == $d) { $undeclaredVariable = TRUE; } else { $undeclaredVariable = FALSE; } } if($undeclaredVariable == TRUE) { echo 'the undeclared variable is TRUE'; } if($undeclaredVariable == FALSE) { echo 'the undeclared variable is FALSE'; } ?> Reading the PHP Type Comparison Table: $x = null; boolean if($x) = FALSE Using the code above, I see the "the undeclared variable is FALSE", which is OK since it proves the PHP documentation. But as you can see, if $a !=$b then the $undeclaredVarable will not be declared(defined). Is this an "OK" way to work this out? Or should I find a way to declare the variable whatever the case? Thanks in advance, Christos
  2. tsangaris
    Thank you both for the answers! It turns out that mac_gyver was right. My previous project was on a VPS server, so all i had to do was to only create a php,ini in the root directory. I followed the same philosophy here and that was problem. So lesson learned: On a shared web server i have to copy php.ini on all folders under root -not only root-. Thanks for the link too. Regards, Christos
  3. tsangaris
    Hi there, I have an issue that drives me nuts for some days now. I used php.ini to store the sessions to a folder outside root directory: session.save_path = "/home/castos/SESSIONS" As long as the file i call is in the public_html directory (root), session data are OK. If for any reason i use AJAX to call data from a sub-directory (lets say public_html/ajax/test.php), then SESSION data are no longer there (but the session_id is still the same). If i move the same file inside root (public_html/test.php) and call it using AJAX then it works just fine. I feel that the problem could be inside the configuration of the SESSION in php.ini so i am posting the rest of the session configuration: session.save_handler = files session.use_cookies = 1 session.use_only_cookies = 1 session.name = CUSTSESSID session.cookie_httponly = 1 session.cookie_secure = 1 session.hash_function = sha512 session.hash_bits_per_character = 5 session.auto_start = 0 session.cookie_lifetime = 0 session.cookie_path = "/" session.cookie_domain = session.serialize_handler = php session.gc_probability = 1 session.gc_divisor = 100 session.gc_maxlifetime = 1440; session.referer_check = session.entropy_length = 256 session.entropy_file = "/dev/urandom" session.cache_limiter = nocache session.cache_expire = 180 session.use_trans_sid = 0 Any help will be much appreciated! Thanks!
  4. tsangaris
    I have to say that this is not a coding question but is something i would like to hear your opinion: I am building a web service where the user registers and then can have access to this service. During his/her time using the service, the user collects some points according to his/her actions (similar to what Stackoverflow does). Question 1: Do we need to offer both DEACTIVATION and DELETE account? Question 2: In case of DEACTIVATION should i offer an option to re-activate their previous account [with all points gathered so far]? Meaning all their previous data are kept in the database, just change some flags? Is there a best practice for this? Question 3: In case of DELETE account, how do i proceed? Do i delete all database data regading that user? What if a user wants to delete his/her account because he/she gathered a lot of negative points and wants to re-register with the same email just with no negative points? Question 4: Do other services (like Facebook or Google+) delete any data from their databases even if the user wants to delete his/her account? Are there any legal issues? Thanks!
  5. tsangaris
    You mean during logout process?
  6. tsangaris
    Dear mac_gyver, I am trying to implement what you said and i have to say you have guided me to the right direction! Just a question: Every time userA logs in using REMEMBER ME, the system will create a new token, and insert this token along with userID (and other details) inside the remember_me table in a new row? Lets say that userA logs from Chrome, Safari and Firefox. This will create 3 entries inside remember_me table right? id | userID | token | active | 1 40 abc1 1 --> From Chrome 2 40 abc2 1 --> From Safari 3 40 abc3 1 --> From Firefox At the same time if the userA logs out from Chrome, it will only turn active = 0 to the row created because of logging in from Chrome? So during the logout process i need to check if the cookie is set and then go and find the user with userID == 40 and token == abc1 and only turn active to 0 in that row? Also in the logout script i will need to unset the rememberme cookie in addition to changing the active flag from 1 to 0? Is this the correct way to unset a cookie? setcookie("rememberme", "", time()-10, "/"); id | userID | token | active | 1 40 abc1 0 --> From Chrome 2 40 abc2 1 --> From Safari 3 40 abc3 1 --> From Firefox One last question: As i understand the remember_me table will soon be full with rows that will not longer used for something (i mean the rows where the user logged out when previously used the REMEMBER ME feature). Do i need to remove them from time to time? Thanks (once again) a lot!! Christos
  7. tsangaris
    Thank you all for your comments. I am going to implement everything i learned from this and get back to you if any other questions. Thanks for helping! Regards, Christos
  8. tsangaris
    I think i get it now. If i use Remember me feature i will create a token, insert the token+userID+logged_in_status inside a table, and at the same time create a COOKIE that will hold the value of that token. At every visit i will access this COOKIE, check the token against the table and login the appropriate user. If no Remember me feature, then i will store the set the login_status = TRUE, and store the loggin_status and userID inside the SESSION (is it OK to store userID inside the SESSION?). At every visit i will check the login_status and if TRUE then i will proceed with the rest of the page. Both methods will then continue by extracting the user data according to the userID. All variables needed to other scripts will be stored inside SESSION variables, and accessed using session_start() at every script requested. Right?
  9. tsangaris
    Thank you both for your answers! I really appreciate the feedback! So, long story short, whatever i use (SESSION or COOKIE[for remember me]) i should only store the userID, the login_status[only for SESSION] and a unique token? The login_status will be used to check whether the user is logged in in case i use SESSIONS. As for the COOKIE, i will only need to store the userID and a random generated token that will be unique. After i use the userID and the unique token to check if this is a real user, then i use the userID to extract all user related information and assign them to SESSIONS and move on as i am now? Thanks again!
  10. tsangaris
    Yes, the cookie is created after the user's credentials are correct and if the REMEMBER ME checkbox is checked. I will try to explain the way my website is structured so you can help me: a) user puts his credentials to login b) credentials correct: create a SESSION to store user_email, user_hashed_pwd and login_status (boolean TRUE) c) redirecting to main page d) using login_status it checks if the user is logged in then proceeds e) using user_email, hashed_pwd it performs some calculations (like getting the name of the logged in user, etc) f) since i keep these variables inside a SESSION i can use them inside other scripts to perform the same calculations (or others) As you understand all my scripts rely on the SESSION variables. What is the procedure i have to follow when the user clicks REMEMBER ME? Do i bypass SESSIONS and use COOKIE? How do i minimize current code alteration? Do i need to go to each script and call the variables with COOKIE as well (as i do when SESSION is used?)? Can i mix COOKIE with SESSION? For example use COOKIE to get the userID after login procedure, and after using userID to get the email address of the user, pass the email to a SESSION? This SESSION will be used to other scripts that need the email to work.. BTW i am confused, so maybe i get it all wrong! Please correct me where i am wrong!
  11. tsangaris
    Hi, I have created a webpage that so far was working using SESSIONS. As soon as the user successfully logs in, i save some variables inside a SESSION array and pass them to the mainpage.php script (or any other script that needs these variables). Now i want to implement "REMEMBER ME" feature. I know that i need to store the variables i want into a COOKIE and then access the cookie to get the variables i want. How do i restructure my code now? In case of not selecting REMEMBER ME: I check to see if a SESSION is set and i use only the SESSION variables? In case of selecting REMEMBER ME: I check to see if a cookie is set and then retrieve the variables from COOKIE array? If thats the case i will need to check every script to check this? Is there an easier way to configure it? Regards, Chris
  12. tsangaris
    It turns out that the only thing that is working for me is to use the session_regenerate_id() within refreshSession.php script.. Is there a problem if i regenerate the session of the user each 20 minutes? Will it affect anything? Regards, Chris
  13. tsangaris
    Is there a possibility that i have this problem because i changed the session.save_path from the default value(\temp) to another path?
  14. tsangaris
    This is the output for each script: login_test.php Session ID: aip20b2ha1qmpvg2pnvk67n5btuh2uvbubfkj7qaoornq8mqmsoffmcmq200t7b4g02vb83nu4bn892rshc7pglcttgfjqa6p01t5l0 Session Data:Array ( [hashed_token] => eb5c2d98795f5cffa55ab0ae7a07cd8158329867a008245fabccdf843280b2dc [logged_in] => 1 [last_access] => 1436452752 ) You have been logged in! test_refresh.php Session ID: aip20b2ha1qmpvg2pnvk67n5btuh2uvbubfkj7qaoornq8mqmsoffmcmq200t7b4g02vb83nu4bn892rshc7pglcttgfjqa6p01t5l0 Session Data:Array ( [hashed_token] => eb5c2d98795f5cffa55ab0ae7a07cd8158329867a008245fabccdf843280b2dc [logged_in] => 1 [last_access] => 1436452755 ) The session has been refreshed! Refreshing the test_refresh.php would not change the session ID (i assume that if the session ID stays the same then the session has not expired). Even if i refresh the test_refresh.php after 20 seconds i still see the same sessionID.
  15. tsangaris
  16. tsangaris
    I am recapping here: When the user enters his credentials to the login page form, a $_SESSION['logged_in'] is turned to TRUE [ofcourse if credentials are correct]. While on main page i check if this variable is TRUE and proceed. If not i redirect the user to login page again. So when the gc clears the SESSION, this variable is not equal to TRUE, so the user is redirected to login page. My purpose is to find a way to refresh the SESSION timeout if the user interacts with the webpage (click, mouse movement, etc.). Because right now the SESSION lasts only as long as the session.gc_maxlifetime lasts (24 minutes), regardless of how the user interacts with the website. ps: i dont want to increase the maxlifetime value, i just need a way to refresh it on user's interaction
  17. tsangaris
    It returns bool(true).
  18. tsangaris
    This is the script: <?php ini_set('display_startup_errors',1); ini_set('display_errors',1); error_reporting(-1); session_start(); echo 'test'; ?> Where i supposed to see the error?
  19. tsangaris
    I have used the following code after session_start() inside refreshSession.php: ini_set('display_startup_errors',1); ini_set('display_errors',1); error_reporting(-1); Where should i see the error (if any)? Also "again, what sort of symptom or error are you getting that leads you to believe that the session is not refreshed.": The session.gc_maxlifetime is set to 20 seconds. If i reload the page, that counter should be 0. If 10 seconds pass and then i reload the page, then the counter should again go to zero. But in my case, regardless how many times i reload the page, the session lasts 20 seconds. If i reload the page at the 21st second then the page logs out.
  20. tsangaris
    I have altered the value of session.name inside php.ini from PHPSESSID to CUSTOMSESSID. Do i need to set this before session_start() using session_name('CUSTOMSESSID') as well?
  21. tsangaris
    Maybe i got it wrong at the first place.. What i did to see if the session timeout is refreshing, was to change the value of session.gc_maxlifetime from 1440 to 20 seconds. At the same time i used setInterval() function to send an AJAX request every second to the refreshSession.php. My thinking was that if the AJAX request is refreshing the SESSION every second, and the SESSION is cleaned up every 20 seconds (in other words refreshing frequency > clean up frequency) then the SESSION would never cleaned up by the garbage collection process. It turns out that even if i reload the page using CTRL+R the session is not refreshed.. Whats is wrong? Should be the SESSION refreshed if the user performed some action like refreshing the page?
  22. tsangaris
    I did this. What i see inside REQUEST HEADERS is: Cookie: CUSTOMSESSID: mmadfjdjfdjfiwer239434.... Inside RESPONSE HEADER at the other hand i dont see anything regarding the cookie.
  23. tsangaris
    Thanks for this! I am testing it in a while and i will let you know!
  24. tsangaris
    Done that. i used all possible URLs. With http, https, www., whithout www. Still the same result..
  25. tsangaris
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.