using sessions

[rdkd1970]

Can you use $_SESSION function differently in another page and it will pick up the other registered variable if it has not been used before.

[AbraCadaver]

Can you use $_SESSION function differently in another page and it will pick up the other registered variable if it has not been used before.

What!?!?

[fugix]

Can you use $_SESSION function differently in another page and it will pick up the other registered variable if it has not been used before.

$_SESSION is a predefined superglobal array, not a function. Also, I don't quite understand what it is that you are trying to ask here. Please be more clear with your question

[rdkd1970]

if (!isset($_SESSION['SESS_ID']) || (trim($_SESSION['SESS_ID']) == '')) { 
  '<a href="http://www.blessedtalk.com">Register Account</a>
    |    
 <a href="http://www.blessedtalk.com/login-form.php">Log In</a>';
   }
$id = "";
$username = "";
$firstname = "";
$lastname = "";	
// ------- ESTABLISH THE PAGE ID ACCORDING TO CONDITIONS ---------

if (isset($_GET['id'])) {
 $id = $_GET['id']; // filter everything but numbers
} else if (isset($_SESSION['SESS_ID'])) {
 $id = $_SESSION['SESS_ID'];
} else {
   '<a href="http://www.blessedtalk.com/login-form.php">Log In</a>';
   
}
if (!isset($_POST['post_type']) || !isset($_POST['post_body']) || !isset($_POST['fsID']) || !isset($_POST['fsTitle']) || !isset($_POST['uid']) || !isset($_POST['upass'])) {
echo "Important variables from the form are missing.";
exit();
}
// Filter all of the common variables
$post_type = $_POST['post_type']; 
$post_body = $_POST['post_body'];
$post_body = nl2br(htmlspecialchars($post_body));
$post_body = mysql_real_escape_string($post_body);
$forum_section_id = preg_replace('#[^0-9]#i', '', $_POST['fsID']); 
$forum_section_title = preg_replace('#[^A-Za-z 0-9]#i', '', $_POST['fsTitle']); 
$member_id = preg_replace('#[^0-9]#i', '', $_POST['uid']); 
$username =  preg_replace('#[^0-9]#i', '', $_GET['username']); 
$member_password = mysql_real_escape_string($_POST['upass']);
// Check the database to be sure that their ID, password, and email session variables all match in the database
$u_id = $member_id;
$sql = mysql_query("SELECT * FROM myMembers WHERE id='$u_id'");
$numRows = mysql_num_rows($sql);
if ($numRows < 1) {
    echo "ERROR: You do not exist in the system";
    exit();
}
// Check the database to be sure that this forum section exists
$sql = mysql_query("SELECT * FROM forum_sections WHERE id='$forum_section_id' AND title='$forum_section_title'");
$numRows = mysql_num_rows($sql);
if ($numRows < 1) {
    echo "ERROR: That forum section does not exist.";
    exit();
}
// Prevent this member from posting more than 30 times in one day
$sql = mysql_query("SELECT id FROM forum_posts WHERE post_author_id='$member_id' AND DATE(date_time) = DATE(NOW()) LIMIT 32");
$numRows = mysql_num_rows($sql);
if ($numRows > 30) {
echo "ERROR: You can post only 30 times per day. Your maximum has been reached.";
    exit();
}
// Add this post to the database now. The query depends on the "post_type" value
// Only if the post_type is "a" ///////////////////////////////////////////////////////////////////////////////////
if ($post_type == "a") {
$post_title = preg_replace('#[^A-za-z0-9 ?!.,]#i', '', $_POST['post_title']);	
if ($post_title == "") { echo "The Topic Title is missing."; exit(); }
if (strlen($post_title) < 10) { echo "Your Topic Title is less than 10 characters."; exit(); }
$sql = mysql_query("INSERT INTO forum_posts (username, post_author_id, date_time, type, section_title, section_id, thread_title, post_body) 
     VALUES('".$username."','".$member_id."',now(),'a','".$forum_section_title."','".$forum_section_id."','".$post_title."','".$post_body."')") or die (mysql_error());
$this_id = mysql_insert_id();
//$sql = mysql_query("UPDATE forum_posts SET otid='$this_id' WHERE id='$this_id'"); 
header("location: view_thread.php?id=$this_id"); 
    exit();
}

 

I am trying to add a forum to this site. So I am grabbing the username from the main file which was set under the html folder and have a forum folder. All my pages have the above isset settings but this one page I need to add to another table the username. It grabs the id from the session but not the username. It worked twice and stopped working.

[rdkd1970]

The line that shows when I use the error codes is which is now $_GET as I have tried it all with no success.

 

$username = $_SESSION[username]

[fugix]

So you are trying to grab the username from either a form or a query string in this line

$username =  preg_replace('#[^0-9]#i', '', $_GET['username']); 

But it is not correctly grabbing the data? Do I understand you correctly

[mikesta707]

Well first thing first, you have to use session_start() when using sessions on a page: http://php.net/manual/en/function.session-start.php

 

I also suggest you read a bit on how session variables work

 

 

[rdkd1970]

that is correct and I am using session_start(); on all my pages

[rdkd1970]

More clearly I am trying to use that line which is not grabbing the username I actually have it now as $_SESSION[username]

[fugix]

Have you tried a print_r($_SESSION) to see what is stored as a session. Also, where do you actually set your $_SESSION['username']

[rdkd1970]

Yes I have tried the print_r and it produced nothing I had the !isset($_SESSION[username]) the isset($_SESSION[username]) nothing is grabbing that username. the table is blank all the other fields are being posted but that one.

[Pikachu2000]

Do you have error_reporting and display_errors set to appropriate values for development? Does session_start exist in that script somewhere before any output is sent to the browser and before attempting to set/use any $SESSION vars? If not, it needs to . . .

[rdkd1970]

All that is set according to what you mentioned that is how I know that it is not getting the variable at first I was not sure why but it pointed to that line in the script. The error reporting

[rdkd1970]

I just re-entered the isset to this and it exited the page in testing.

 

if (!isset($_SESSION['SESS_ID']) || (trim($_SESSION['SESS_ID']) == '') || !isset($_SESSION['username'])) { 
  '<a href="http://index.php">Register Account</a>
    |    
 <a href="login-form.php">Log In</a>';
 exit();
   }

[Pikachu2000]

That code doesn't do anything but exit() if it hits that part of the conditional. There's no echo to send the html to the browser.

[rdkd1970]

I found out the string is empty but I am not sure how to fix it as the username is in the table with a value. I have two tables one is the main one members and the other I am trying to add to. I did a var_dump for the $_SESSION and all but of course the username was present. The username shows empty string.

[fugix]

Where in your code do you set your $_SESSION['username']

[rdkd1970]

Here is my code I called my server company and had them add session_save_path I am not sure if that is the problem but it must be something easy.

this is the parse.php file which willl run when the member has filled out the section in the forum they wish to post.

 

 

php error_reporting(E_ALL); 
ini_set("display_errors", 1);
  session_start(); 
var_dump($_SESSION);
  // Connect to the database 
include_once "../Connection/mysql.php"; 
if (!isset($_SESSION['SESS_ID']) || (trim($_SESSION['SESS_ID']) == '') || !isset($_SESSION['username'])) {
    '<a href="index.php">Register Account</a>
         |   
       <a href="login-form.php">Log In</a>'; 
         } if (isset($_GET['id'])) {
      $id = $_GET['id'];
// filter everything but numbers 
} else if (isset($_SESSION['SESS_ID'])) {
      $id = $_SESSION['SESS_ID'];
} else {
    '<a href="login-form.php">Log In</a>';
     }
$sql = mysql_query("SELECT * FROM myMembers WHERE id='".$_SESSION['SESS_ID']."'");
$numRows = mysql_num_rows($sql); if ($numRows < 1) {
         echo "ERROR: You do not exist in the system";
         exit();
} 
// Be sure all form variables are present to proceed 
if (!isset($_POST['post_type']) || !isset($_POST['post_body']) || !isset($_POST['fsID']) || !isset($_POST['fsTitle']) || !isset($_POST['uid']) || !isset($_POST['upass'])) {
     echo "Important variables from the form are missing.";
     exit();
}
// Filter all of the common variables
$post_type = $_POST['post_type'];
  $post_body = $_POST['post_body'];
$post_body = nl2br(htmlspecialchars($post_body));
$post_body = mysql_real_escape_string($post_body); 
$forum_section_id = preg_replace('#[^0-9]#i', '', $_POST['fsID']);
  $forum_section_title = preg_replace('#[^A-Za-z 0-9]#i', '', $_POST['fsTitle']);
  $member_id = preg_replace('#[^0-9]#i', '', $_POST['uid']);
  $username =  preg_replace('#[^0-9]#i', '', $_SESSION['username']);
  $member_password = mysql_real_escape_string($_POST['upass']);
// Check the database to be sure that this forum section exists
$sql = mysql_query("SELECT * FROM forum_sections WHERE id='$forum_section_id' AND title='$forum_section_title'");
$numRows = mysql_num_rows($sql);
if ($numRows < 1) {
         echo "ERROR: That forum section does not exist.";
         exit();
}
// Prevent this member from posting more than 30 times in one day
$sql = mysql_query("SELECT id FROM forum_posts WHERE post_author_id='$member_id' AND DATE(date_time) = DATE(NOW()) LIMIT 32");
$numRows = mysql_num_rows($sql);
if ($numRows > 30) {
     echo "ERROR: You can post only 30 times per day. Your maximum has been reached.";
     exit();
}

// Add this post to the database now. The query depends on the "post_type" value 
// Only if the post_type is "a" ////////////////////// 
if ($post_type == "a") {
     $post_title = preg_replace('#[^A-za-z0-9 ?!.,]#i', '', $_POST['post_title']);
         if ($post_title == "") {
echo "The Topic Title is missing.";
exit(); 
} 
    if (strlen($post_title) < 10) { 
echo "Your Topic Title is less than 10 characters.";
exit();
}
     $sql = mysql_query("INSERT INTO forum_posts (username, post_author_id, date_time, type, section_title, section_id, thread_title, post_body) 
      VALUES('".$username."','".$member_id."',now(),'a','".$forum_section_title."','".$forum_section_id."','".$post_title."','".$post_body."')") or die (mysql_error());
     $this_id = mysql_insert_id();
     
//$sql = mysql_query("UPDATE forum_posts SET otid='$this_id' WHERE id='$this_id'");
      header("location: view_thread.php?id=$this_id");
      exit();
}  

[rdkd1970]

I am now getting this message and it is not even showing the $_SESSION username.?????

 

array(3) { ["SESS_ID"]=> string(1) "2" ["SESS_FIRST_NAME"]=> string(7) "Michael" ["SESS_LAST_NAME"]=> string(6) "Cooke" } 
Notice: Undefined index: username 

[Pikachu2000]

Apparently, $_SESSION['username'] is unset. You need to track down where the value is supposed to be assigned to $_SESSION['username'] and debug that.

[Drummin]

You mentioned you have session start at the top of each page.  You should only call this one time, probably on the login-form.php page where the user logs in.

[rdkd1970]

I am unsure what you are talking about do you mean check $_SESSION['username'] on all files from the beginning of registration and see where it is not responding.

[Pikachu2000]

You mentioned you have session start at the top of each page.  You should only call this one time, probably on the login-form.php page where the user logs in.

 

session_start() needs to be called before any output is sent to the browser in each and every script that will make use of the $_SESSION array.

[Pikachu2000]

I am unsure what you are talking about do you mean check $_SESSION['username'] on all files from the beginning of registration and see where it is not responding.

 

If that's what it takes to make sure it has a value assigned to it, and to figure out where that value is lost, then yes.

[rdkd1970]

I put the var_dump $_SESSION on pages only shows up on the script I have submitted. I do have the main files under the html file but this one is a forum and I wanted people to view it that are not members like a forum is set up so it is under its own file forum when it goes to the server. I am not sure why it is losing the username session.????