Jump to content

[SOLVED] Persistent session


Azu

Recommended Posts

How can I make $_SESSION[] variables persistent? Meaning if they are set, they will still be set up to.. say.. a week later.

The way they are now, it seems they automatically set themselves to null for no reason whatsoever. So how do I set how long they stay active? Or better yet make it so that they never automatically null themselves unless I tell them to? Please help.. :x


And on a side note, does anyone know why this function
[code]function allhtmlentities($string) {
return preg_replace(
'/([^\x09\x0A\x0D\x20-\x7F]|[\x21-\x2F]|[\x3A-\x40]|[\x5B-\x60])/e'
          , '"&#".ord("$0").";"', $string);}[/code]
Turns ' into \ instead of making it show up as '?

And why doesn't this one
[code]function qs($value){
if(is_array($value))return array_map("qs",$value);
else {
$value=mysql_real_escape_string($value);
$test=hex_str($value);
if (strrpos($test,"'"))die("ERROR'");
if (strrpos($test,'"'))die('ERROR"');
return $value;
}
}
function hex_str($hex){
$string='';
for ($i=0; $i < strlen($hex)-1; $i+=2){
  $string .= chr(hexdec($hex[$i].$hex[$i+1]));
}
return $string;
}[/code]
Escape ' and "? Instead it just passes them on through leaving me wide open to sql injection T_T

PLEASE help :D I'd really appreciate it..

And also how can I get the get? I know that I can use $_GET[somethingspecific] to retrieve the value of somethingspecific, but what I am trying to do is just retrieve whatever is after the ?
So if someone types in http://www.website.com/?asdf then the asdf would be retrieved. Whatever is it would be retrieved and put into a variable. Please can someone tell me how to do this? :D

Sorry if my questions are stupid, I'm very very very very new to PHP.. =/

1 last thing I am trying to figure out how to do, is to make a .php run over and over, every certain amount of seconds, on my website. The file shouldn't be accessible for users to open. It should just run over and over on the website itself once every x seconds. Also, can please tell me how to put waits/sleeps in my PHP?

And why isn't it possible to do PHP redirects after sending an echo? Why do I have to queue up all the text I want to send, and then send it all at once AFTER the PHP redirect?

I want to take a lot of information from my database, which takes a long time, and display each piece of info as soon as it is retrieved, and use a PHP redirect if something happens. Instead, I have to pool up all the data and not display it until after the PHP redirect, or else it won't redirect if the IF is met, it will just give an error saying headers already modified. This is very annoying and results in a page taking a very long time to display any info since it has to wait until it's gathered it ALL. Right now I'm using ob_start(); to pool up the data. Isn't there any way to fix this "header" problem so I all the data doesn't have to be pooled up so that it will never display before the redirect?

And please, don't tell me to use java/flash/activex/cookies or stuff that most people disable to avoid virii/worms/trojans/adware/spyware/malware etc.

:D
Link to comment
Share on other sites

instead of $_SESSION[var]="val"; you'd want

[code]
setcookie($var,$val,$time);
[/code]

cookies are not browser dependant, so you can store any invaluable information there... however... if you know what your doing and can alter cookies... they CAN be insecure...
Link to comment
Share on other sites

Okay thanks.

What should I use for storing valuable information that I don't want people to be able to change? For example the username they are logged in with or their userlevel. Also it won't work if it's something that automatically deletes itself  :-X

Oh and the function I'm using that I said wasn't stopping sql injection? Actually it seems to be stopping that.. but it isn't stopping echo injection.

So someone can set their e-mail to ValidEmail@ValidDomain.com'?><? PHP CODE HERE
And all that code will be ran. This is very bad. Why isn't mysql_real_escape_string stopping it? It is used on the variable before being put into the database, and then again after being read from it. I've also tried addslashes. It makes a slash appear, but doesn't do any good. :(
Link to comment
Share on other sites

what i usually use is a random key, stored in database, and updated ever time the page loads... or just force them to login every time they reopen...

[code]
<?
function randomkeys($length){
$pattern = "1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
for($i=0;$i<$length;$i++) $key .= $pattern{rand(0,62)};
return $key;
}
?>
[/code]

and before puting ANYTHING into a database... use
[code]
<?
function stripalltags($string){
$tam=strlen($string);
$newstring="";
$tag=0;
for($i=0; $i<$tam; $i++){
  if($string{$i} == '<'){
  $tag++;
  continue;
  }
  if($string{$i} == '>'){
  if($tag) $tag--;
  continue;
  }
  if($tag==0) $newstring .= $string{$i};
}
return $newstring;
}
?>
[/code]
Link to comment
Share on other sites

Thank you. That's exactly what I was looking for. :)

How should I identify them to know which user should be using which database entry, though?

Is there a way to identify them by MAC address or something like that? And a way to make an entry expire after a certain amount of time of not being used?
Link to comment
Share on other sites

HA! i wish i could get mac addresses... unfortunatly their not sent along with the headers... :-(

what i do, is set an autoincreasing id on the users(log/password), and have that also put into each database

also, for added security, put a security field in your users and put in (0.0.0.0)
then explode it into $security[];... if that makes any sence...
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.