Jump to content

Manage Sessions all in one script

Gamerz

By Gamerz
in PHP Coding Help

 Share

Recommended Posts

Gamerz Member

Gamerz

Posted
Posted

How would I manage sessions in one script?

 

Because this is my question:

If I make a script for example, 

<?php
session_start();
if (empty($_SESSION['file']) && $_SESSION['file'] != $_FILES['upload']['name']) {
//file uploader script here

if(upload=successfully)
        $_SESSION['file'] = $_FILES['upload']['name'];
?>

 

And I set an unset, so people can use my upload script again, just not with refresh....how will that work? Wouldn't it just be the same? Because once the upload is successfully, php creates a session, then deletes it...whats the point? Is there anyway I can add session, then delete session with one script?

Link to comment
https://forums.phpfreaks.com/topic/179549-manage-sessions-all-in-one-script/
Share on other sites
Gamerz Member

Gamerz

Posted
  • Author
Posted

Exactly...that's what I was wondering..

 

Reason being is to prevent a user from submitting the form again, and uploading the file again via the refresh button...

 

And my uploader is one script long...so I'm pretty desperate but clueless about getting this done as users from my uploader always accidentally refreshes and submitting the form again, taking up double the space.

-----

keldorn Member

keldorn

Posted
Posted

Exactly...that's what I was wondering..

 

Reason being is to prevent a user from submitting the form again, and uploading the file again via the refresh button...

 

And my uploader is one script long...so I'm pretty desperate but clueless about getting this done as users from my uploader always accidentally refreshes and submitting the form again, taking up double the space.

-----

 

How about this to stop duplicate upload? Some people do accidental hit post twice or refresh.

Use a token in a hidden field of the form,

<input type="hidden" name="token" value="{$token}">

 

also set the same token in a session.

 

Then when they go to your page it generates a token right away for the page, and also has seperate part for handling $_POST.

 

if(!isset($_SESSION['token']){

$_SESSION['token'] = md5($_SERVER['REMOTE_ADDR'] . uniqid()):
$token   = $_SESSION['token'];
}


if($_POST){
if($_SESSION['token'] == $_POST['token']){
   
  // upload stuff
  // + destroy token
  $_SESSION['token'] = false;
  

} else {
$error = "Your session expired, your trying to upload the same thing twice, or you have cookies disabled.";

}
}

 

 

Edit:

Btw if you look at TinyPic.com , they have few hidden fields, one being as I saw

<input type="hidden" name="UPLOAD_IDENTIFIER" id="uid" value="2066058889_1256854974" />

<input type="hidden" name="upk" value="f0bc4e9b0423d1ea994e6b14e46f7e88" />

 

I believe that would the same thing I described. :D

 

keldorn Member

keldorn

Posted
Posted

I tried the code above, but it still lets me upload the file again, without any errors...

 

Just letting you know, my uploader is only one script long...does that work on one scripts?

 

Consider this code. Beware of bugs in the below code; I have only proved it correct, not tried it.

 

 

session_start();
token = false;
if(!isset($_SESSION['token'])){
   
   $token = md5($_SERVER['REMOTE_ADDR'] . uniqid());
   $_SESSION['token'] = $token;
}


  if($_POST){
  
if($_SESSION['token'] == $token){
  // Do upload and validation stuff 


  $_SESSION['token'] = false;
} else {

exit('You cant do that');

}


  }

?>
<html>
<head>
</head>
<body>
<?php if ($_SESSION['token'] != false){ ?>
<form method="post" action="">
<input type="hidden" name="token" value="<?php echo $token; ?>"/>
<input type="file" name="the_file"  size="25" />
<!-- in bytes -->
<input type="hidden" name="MAX_FILE_SIZE" value="500000000" />
</form>
<?php }elseif($_SESSION['token'] == false{ ?>
<p>Congratulations the file was uploaded</p>
<?php } ?>
</body>
</html>

 

 

But really the trouble you will have with code like that is it mixes business logic with presentation logic. It makes it really complicated going in out html with php tags. In smarty I would do something like this.

 

 

 

session_start();
token = false;
$error = false;
$success = false;
if(!isset($_SESSION['token'])){
   
   $token = md5($_SERVER['REMOTE_ADDR'] . uniqid());
   $_SESSION['token'] = $token;  
   $smarty->assign('token',$token);

}


  if($_POST){
  
if($_SESSION['token'] == $token){
  // Do upload and validation stuff + set a success message. (type:string)

   if(!empty($success)){
   $smarty->assign('success',$success);
   $smarty->display('uploadform.tpl');
exit;
   }
  $_SESSION['token'] = false;
} else {

$smarty->assign('error',"Your session expired, but a new was created for you");
$smarty->display('uploadform.tpl');
exit;

}


  }
$smarty->display('uploadform.tpl');

 

Then in the .tpl I would have

 

{if isset($error)}{$error}{/if}
{if !isset($success)}
<form method="post" action="">
<input type="hidden" name="token" value="{$token}"/>
<input type="file" name="the_file"  size="25" />
<!-- in bytes -->
<input type="hidden" name="MAX_FILE_SIZE" value="500000000" />
</form>
{else}
{$success}{/if}

 

Which would show the error and also it would of regenerated the token. So the form actually would be usable again or it would remove the form, and show a success message.

 

 

keldorn Member

keldorn

Posted
Posted

Read the manual, PHP operators

 

=Means to set a variable

==Means to compare

 

So no == false would be wrong, that would be comparing it. You want to set it to false.

The reason why I set variables in the top of script is to avoid E_NOTICE messages about trying to check undefined variables. :)

 

For example,

 

if($success){

}

 

Works fine and dandy if $success is set, however if it not it would generate a E_NOTICE warning. So setting $success = false; in the top of the script avoids that, and will still return false, if there is no success.

 

In your first code,

on this line:

 $_SESSION['token'] = false;

 

Is it supposed to be == false or == "false" or is it correct?

 

And if I'm correct also, do you need to do: if(token == false)) continue?

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.