Search the Community
Showing results for tags 'php sessions'.
-
Does anyone have an working example of the php remember me form github.com? Not really sure on the database part of it? https://github.com/gbirke/rememberme Any help would be very thankful.
- 1 reply
-
- php sessions
- php
-
(and 1 more)
Tagged with:
-
Hello, I'm not an php expert. I'm working on some php application and need help regarding php sessions or possibly something else. description application 1: On the apache server I have 1 php application/domain hosted in vhosts environment. Application has some protected pages and bulit in authentication logic, asks for username and password, retrives from mysql ans stores data into sessions. Application is hosted as virtual dir, it has its own domain1.com - This application is working fine, everything is ok. application2: On the same aoache/php server, as a vhost is hosted 2nd application, it has it's own domain2.com. It has the same builtin logic, but I expirience some wierd problems with sessions. Sessions values are lost once I call header("location: some_page.php"); , or if I refresh the same page - so for example once user logs in, if page is refreshed, session value user_id is lost and user is logged out. On every page, i 1st call the same sec_session_start() function, the same i use in Apllication1 which is working fine, but only with altered $session_name = 'sms_sess_sid' variable: function sec_session_start() { $session_name = 'sms_sess_sid'; // Set a custom session name $secure = false; // Set to true if using https. $httponly = true; // This stops javascript being able to access the session id. ini_set('session.use_only_cookies', 1); // Forces sessions to only use cookies. $cookieParams = session_get_cookie_params(); // Gets current cookies params. //session_set_cookie_params($cookieParams["lifetime"], $cookieParams["path"], $cookieParams["domain"], $secure, $httponly); session_set_cookie_params(3600, $cookieParams["path"], $cookieParams["domain"], $secure, $httponly); session_name($session_name); // Sets the session name to the one set above. session_start(); // Start the php session //session_regenerate_id(true); // regenerated the session, delete the old one. session_regenerate_id(); // regenerated the session, delete the old one. } On the start of every other page i call sec_session_start() like this: require_once('functions.php'); sec_session_start(); . In vhost.conf of second application i have added the line: php_value session.cookie_domain ".example-domain2.com" Problem: The problem is that in application2, on page refresh, or when navigating between pages, sessions and session_values are lost. Why is this happening ? Is there something that has to be configured specificly for multi application/domains/vhosts environment. What am I missing here ? Thank You in advanced.
-
Hi guys, I have an issue with SESSIONS in PHP and tried to find out why for 2 days and no success. This is a login page below divided into to login sections, 1- Facebook Login: Logins successfully, captures user data but wouldn't set sessions. 2- Custom Login: loges in fine and but same issue with sessions. It should create a session and redirect users to user folder if session exists, <?php if (isset($_SESSION['login_token']) && isset($_SESSION['account_no'])) {header('Location:../user/index.php');} //if (!isset($_SESSION['login_token']) || !isset($_SESSION['account_no'])) {header('Location:../login/index.php');} ?> <?php include_once('../library/header.php'); ?> <?php require '../library/facebook.php'; /// login // Create our Application instance (replace this with your appId and secret). $facebook = new Facebook(array( 'appId' => '484846211552634', 'secret' => '1ce89585da85f6c8ff877ab175a144fb', )); $user = $facebook->getUser(); if ($user) { try { // Proceed knowing you have a logged in user who's authenticated. $user_profile = $facebook->api('/me'); } catch (FacebookApiException $e) { error_log($e); $user = null; } } // Login or logout url will be needed depending on current user state. if ($user) { $logoutUrl = $facebook->getLogoutUrl(); } else { $loginUrl = $facebook->getLoginUrl(array( 'scope' => 'user_birthday, user_hometown, email,user_location, publish_stream')); } if ($user) { $account_no=mt_rand(); //// check if correct $select=mysql_query("SELECT * FROM users WHERE email='{$user_profile[email]}' AND suspended='1'"); if (mysql_num_rows($select)>=1) { header('Location:../index.php?msg=suspended');} else { $select_account_no=mysql_query("SELECT * FROM users WHERE account_no='$account_no'"); if (mysql_num_rows($select_account_no)==0) { $select_email=mysql_query("SELECT * FROM users WHERE email='{$user_profile[email]}'"); if (mysql_num_rows($select_email)==0) { $account_no=mt_rand(); $login_token=sha1($account_no); $reg_date=date('Y-m-d'); $insert=mysql_query("INSERT INTO users (account_no, first_name, last_name, email, reg_date, city, reg_via, login_token) VALUES ('$account_no','{$user_profile[first_name]}','{$user_profile[last_name]}','{$user_profile[email]}','$reg_date', '{$user_profile[user_hometown]}','1','$login_token')"); $_SESSION['login_token']=$login_token; $_SESSION['account_no']=$account_no; if (mysql_num_rows($select_email)>=1) { $select_my_email=mysql_query("SELECT * FROM users WHERE email='{$user_profile[email]} AND suspended='0''"); while ($row=mysql_fetch_array($select_my_email)) { $myaccount_no=$row['account_no']; $mylogin_token=$row['login_token']; $_SESSION['login_token']=$mylogin_token; $_SESSION['account_no']=$myaccount_no; echo"$myaccount_no"; }}}}} } // This call will always work since we are fetching public data. $naitik = $facebook->api('/naitik'); ?> <?php login(); ?> <div class="box"> <form action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>" class="login" method="post" id="login"> <h1 class='-login-title'>Already have an account</h1> <section class="state-normal section-login"> <label for="email">Email</label> <input type="email" name="email" class="validate[required,custom[email]] text-input"/> </section> <section class="state-normal"> <label for="password">Password</label> <input type="password" name="password" class="validate[required] text-input"/> </section> <p><a href="/recovery" title="Recover your password">Can't remember your password?</a></p> <section class="state-normal"> <input type="checkbox" name="checkbox" id="checkbox1" /> <label for="checkbox1">Remember me</label> </section> <button type="button" onclick="window.location = '../register/'" class="color-blue">Create a new account</button> <button type="submit" class="color-grey" name="login">Login</button> </form> <div class="fb"><h1 class='fb-login-title'>Or login with Facebook</h1> <?php if ($user): ?> <a href="<?php echo $logoutUrl; ?>">Logout</a><?php else: ?><a href="<?php echo $loginUrl; ?>"><img src="../img/facebook-connect.png" alt="Connect using Facebook" width="269" height="56" class="fb-connect-button"/></a><?php endif ?> <p class="text-central">Skip registration using your Facebook Account</p> </div> <?php include_once('../library/footer.php'); ?>
-
this may be a very basic question. I would like to know whether the data which are displayed only to logged in (php session authenticated) users will be crawlable by search engines? for example: there is a page www.domain-name.com/content-listings/ and this page lists some information for user. Non-registered users will view basic information like name and postal address and these should be SEO friendly and crawlable. Registered users (logged in) will view sensitive information such as email_id and phone number which should not be crawlable by search engines. will this be just achieved with sessions or do I need to use javascript and ajax to make email id and phone number protected from crawling and spammers.