Gamerz Posted October 29, 2009 Share Posted October 29, 2009 How would I manage sessions in one script? Because this is my question: If I make a script for example, <?php session_start(); if (empty($_SESSION['file']) && $_SESSION['file'] != $_FILES['upload']['name']) { //file uploader script here if(upload=successfully) $_SESSION['file'] = $_FILES['upload']['name']; ?> And I set an unset, so people can use my upload script again, just not with refresh....how will that work? Wouldn't it just be the same? Because once the upload is successfully, php creates a session, then deletes it...whats the point? Is there anyway I can add session, then delete session with one script? Quote Link to comment Share on other sites More sharing options...
Daniel0 Posted October 29, 2009 Share Posted October 29, 2009 Why would you set a session variable and then unset it again in the same request? That kind of defeats the purpose of using sessions. Quote Link to comment Share on other sites More sharing options...
Gamerz Posted October 29, 2009 Author Share Posted October 29, 2009 Exactly...that's what I was wondering.. Reason being is to prevent a user from submitting the form again, and uploading the file again via the refresh button... And my uploader is one script long...so I'm pretty desperate but clueless about getting this done as users from my uploader always accidentally refreshes and submitting the form again, taking up double the space. ----- Quote Link to comment Share on other sites More sharing options...
keldorn Posted October 29, 2009 Share Posted October 29, 2009 Exactly...that's what I was wondering.. Reason being is to prevent a user from submitting the form again, and uploading the file again via the refresh button... And my uploader is one script long...so I'm pretty desperate but clueless about getting this done as users from my uploader always accidentally refreshes and submitting the form again, taking up double the space. ----- How about this to stop duplicate upload? Some people do accidental hit post twice or refresh. Use a token in a hidden field of the form, <input type="hidden" name="token" value="{$token}"> also set the same token in a session. Then when they go to your page it generates a token right away for the page, and also has seperate part for handling $_POST. if(!isset($_SESSION['token']){ $_SESSION['token'] = md5($_SERVER['REMOTE_ADDR'] . uniqid()): $token = $_SESSION['token']; } if($_POST){ if($_SESSION['token'] == $_POST['token']){ // upload stuff // + destroy token $_SESSION['token'] = false; } else { $error = "Your session expired, your trying to upload the same thing twice, or you have cookies disabled."; } } Edit: Btw if you look at TinyPic.com , they have few hidden fields, one being as I saw <input type="hidden" name="UPLOAD_IDENTIFIER" id="uid" value="2066058889_1256854974" /> <input type="hidden" name="upk" value="f0bc4e9b0423d1ea994e6b14e46f7e88" /> I believe that would the same thing I described. Quote Link to comment Share on other sites More sharing options...
Gamerz Posted October 29, 2009 Author Share Posted October 29, 2009 I tried the code above, but it still lets me upload the file again, without any errors... Just letting you know, my uploader is only one script long...does that work on one scripts? Quote Link to comment Share on other sites More sharing options...
Gamerz Posted October 29, 2009 Author Share Posted October 29, 2009 I got the token code to display on source code...BUT it still lets me upload two twice via refresh.. Quote Link to comment Share on other sites More sharing options...
keldorn Posted October 29, 2009 Share Posted October 29, 2009 I tried the code above, but it still lets me upload the file again, without any errors... Just letting you know, my uploader is only one script long...does that work on one scripts? Consider this code. Beware of bugs in the below code; I have only proved it correct, not tried it. session_start(); token = false; if(!isset($_SESSION['token'])){ $token = md5($_SERVER['REMOTE_ADDR'] . uniqid()); $_SESSION['token'] = $token; } if($_POST){ if($_SESSION['token'] == $token){ // Do upload and validation stuff $_SESSION['token'] = false; } else { exit('You cant do that'); } } ?> <html> <head> </head> <body> <?php if ($_SESSION['token'] != false){ ?> <form method="post" action=""> <input type="hidden" name="token" value="<?php echo $token; ?>"/> <input type="file" name="the_file" size="25" /> <!-- in bytes --> <input type="hidden" name="MAX_FILE_SIZE" value="500000000" /> </form> <?php }elseif($_SESSION['token'] == false{ ?> <p>Congratulations the file was uploaded</p> <?php } ?> </body> </html> But really the trouble you will have with code like that is it mixes business logic with presentation logic. It makes it really complicated going in out html with php tags. In smarty I would do something like this. session_start(); token = false; $error = false; $success = false; if(!isset($_SESSION['token'])){ $token = md5($_SERVER['REMOTE_ADDR'] . uniqid()); $_SESSION['token'] = $token; $smarty->assign('token',$token); } if($_POST){ if($_SESSION['token'] == $token){ // Do upload and validation stuff + set a success message. (type:string) if(!empty($success)){ $smarty->assign('success',$success); $smarty->display('uploadform.tpl'); exit; } $_SESSION['token'] = false; } else { $smarty->assign('error',"Your session expired, but a new was created for you"); $smarty->display('uploadform.tpl'); exit; } } $smarty->display('uploadform.tpl'); Then in the .tpl I would have {if isset($error)}{$error}{/if} {if !isset($success)} <form method="post" action=""> <input type="hidden" name="token" value="{$token}"/> <input type="file" name="the_file" size="25" /> <!-- in bytes --> <input type="hidden" name="MAX_FILE_SIZE" value="500000000" /> </form> {else} {$success}{/if} Which would show the error and also it would of regenerated the token. So the form actually would be usable again or it would remove the form, and show a success message. Quote Link to comment Share on other sites More sharing options...
Gamerz Posted October 29, 2009 Author Share Posted October 29, 2009 In your first code, on this line: $_SESSION['token'] = false; Is it supposed to be == false or == "false" or is it correct? And if I'm correct also, do you need to do: if(token == false)) continue? Quote Link to comment Share on other sites More sharing options...
keldorn Posted October 29, 2009 Share Posted October 29, 2009 Read the manual, PHP operators =Means to set a variable ==Means to compare So no == false would be wrong, that would be comparing it. You want to set it to false. The reason why I set variables in the top of script is to avoid E_NOTICE messages about trying to check undefined variables. For example, if($success){ } Works fine and dandy if $success is set, however if it not it would generate a E_NOTICE warning. So setting $success = false; in the top of the script avoids that, and will still return false, if there is no success. In your first code, on this line: $_SESSION['token'] = false; Is it supposed to be == false or == "false" or is it correct? And if I'm correct also, do you need to do: if(token == false)) continue? Quote Link to comment Share on other sites More sharing options...
Gamerz Posted October 29, 2009 Author Share Posted October 29, 2009 Ok, and do I have to do if($token == false)) then die? and where would i put it? Quote Link to comment Share on other sites More sharing options...
Gamerz Posted October 29, 2009 Author Share Posted October 29, 2009 So to sum all what you said...do I have to give an if statement to check if $token is false or not? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.