bigdessert Posted January 6, 2007 Share Posted January 6, 2007 Ok i am a rook here to sessions, but on my first page i havesession_start();$_SESSION['user'] = "test";thats gets passed like thishttp://www.site.com/test/register.php?<?php echo strip_tags(SID);?>so then in the address bar it shows http://www.gastrain.com/test/register.php?PHPSESSID=2L3KJH14KJHDIUY3session part of register.phpsession_cache_expire(1); //ettempting to expire the session after 1 min, dont work though.session_start();if ($_SESSION['user'] = "test"){ do what i want.Basicall i am trying to make it so that only a user with the proper session can see a page. The session is set during a checkout, then passed to the page where the user registers. if i assign the $_SESSION['user'] = "test", then the PHPSESSID= is always the same. So if 1 hour later the user goes to http://www.gastrain.com/test/register.php?PHPSESSID=2L3KJH14KJHDIUY3, they will still have access regardless if the session was set to expire.1. is there a way to make the PHPSESSID= change every time and still be able to verify the user came from the checkout section??2. if thats not possible is there an easier way i can do this?? i would like to use database, but that is not possible.Thanks, Tim Quote Link to comment Share on other sites More sharing options...
HoTDaWg Posted January 6, 2007 Share Posted January 6, 2007 [quote author=bigdessert link=topic=121202.msg497920#msg497920 date=1168056591]1.Basicall i am trying to make it so that only a user with the proper session can see a page. 2. if thats not possible is there an easier way i can do this?? i would like to use database, but that is not possible.[/quote]hi tim,im having some difficulty understanding what it is that you want. i know that:1. You have some kind of user registration form and you would like to register the user, and verify their id, log them in (with sessions), and also log them out...correct?2. You also do not have a database.well if you want i can show you a tutorial that teaches you user authentication, and then once you get that wokring you can come back to the forums and ask for help regarding how to insert data into a [b]text file instead of a mysql database[b]. regarding your first question however, normally, a log-in form with minimum security goes something like this.[code]<?phpif(isset($_SESSION['SESSIONNAME']){echo "Welcome, logged in user";}else{echo "You are not logged in, access denied";?>[/code]help us help you by giving us a much more detailed explanation of what situation your in, what help you are looking for, and what it is that you want.hope this helps,HoTDaWg Quote Link to comment Share on other sites More sharing options...
bigdessert Posted January 6, 2007 Author Share Posted January 6, 2007 ok i guess from the start....a person purchases a certification test. When they purchase that certification test then they get to register with the testing software. the registration happens at site.com/register.php. Now i want to make it so that if a user just types in site.com/register.php from anywhere other than the checkout, then they get a page that says they have no access.I was trying to attemp this with sessions, but i dont know if its going to work. Quote Link to comment Share on other sites More sharing options...
HoTDaWg Posted January 6, 2007 Share Posted January 6, 2007 ohhh i see, well on the page where the person purchases a certification test you can include this:[code]<?phpdefine('inSite',true);?>[/code]and on the register.php page it should begin with:[code]<?phpif(defined['inSite']){echo "You have done this the right way!";//followed by the registration form, etc.}else{echo "hacking attempt, access denied.";exit ();?>[/code]but note you absolutely have to tell the user they have vey little time to go on the register.php page. and also, i dont see how you can do this with sessions, if you really wanna use sessions tell me. im kinda busy right now.HoTDaWg Quote Link to comment Share on other sites More sharing options...
bigdessert Posted January 6, 2007 Author Share Posted January 6, 2007 i getParse error: syntax error, unexpected '[' in /home/gastrain/public_html/test/title.php on line 2also how long does the user have to register?after checkout they are directed right to the registration page and should sign up within 5 mins... Quote Link to comment Share on other sites More sharing options...
HoTDaWg Posted January 6, 2007 Share Posted January 6, 2007 [quote author=bigdessert link=topic=121202.msg497934#msg497934 date=1168058547]i getParse error: syntax error, unexpected '[' in /home/gastrain/public_html/test/title.php on line 2also how long does the user have to register?after checkout they are directed right to the registration page and should sign up within 5 mins...[/quote]you are getting that error, for a reason, would you mind showing me both scripts? Quote Link to comment Share on other sites More sharing options...
bigdessert Posted January 6, 2007 Author Share Posted January 6, 2007 First Page.....then goes through checkout......via paypal...[code]<?php/*################################################# Simple PayPal and PHP Sessions Example # by: PayPal_PatrickO for PayPal, an eBay Company # date: 2/9/2005 # "checkout.php" # # This example illustrates using sessions with # PayPal. ##################################################*/// call session_start() to create a session.//session_start();define('inSite',true);//create a session variable for this example - just to illustrate sessions.//$_SESSION['user'] = "tin";?><form action="https://www.sandbox.paypal.com/cgi-bin/webscr" method="post"><input type="hidden" name="cmd" value="_xclick"><input type="hidden" name="business" value="tim@bigdessert.com"><input type="hidden" name="item_name" value="session example"><input type="hidden" name="amount" value="0.01"><input type="hidden" name="return" value="http://www.gastrain.com/test/title.php"><input type="hidden" name="no_note" value="1"><input type="hidden" name="currency_code" value="USD"><input type="image" src="https://www.paypal.com/en_US/i/btn/x-click-but23.gif" border="0" name="submit" alt="Make payments with PayPal - it's fast, free and secure!"></form>[/code]contents of title.php[code]<?phpif(defined['inSite']){echo "You have done this the right way!";//followed by the registration form, etc.}else{echo "hacking attempt, access denied.";exit ();?>[/code] Quote Link to comment Share on other sites More sharing options...
fert Posted January 6, 2007 Share Posted January 6, 2007 [code]if(defined['inSite'])[/code]should be[code]if(defined('inSite'))[/code] Quote Link to comment Share on other sites More sharing options...
bigdessert Posted January 6, 2007 Author Share Posted January 6, 2007 [quote author=fert link=topic=121202.msg497937#msg497937 date=1168058837][code]if(defined['inSite'])[/code]should be[code]if(defined('inSite'))[/code][/quote]Changing that got me this errorParse error: syntax error, unexpected $end in /home/gastrain/public_html/test/title.php on line 8 Quote Link to comment Share on other sites More sharing options...
bigdessert Posted January 6, 2007 Author Share Posted January 6, 2007 do i need to pass the variable in the url at all?? Quote Link to comment Share on other sites More sharing options...
bigdessert Posted January 6, 2007 Author Share Posted January 6, 2007 alrighty, found the missing } before exit();But its not seeming to passing the info.....it says the hacking message every time. Quote Link to comment Share on other sites More sharing options...
bigdessert Posted January 6, 2007 Author Share Posted January 6, 2007 i cannot seem to get this to work any way. Any ideas??? Quote Link to comment Share on other sites More sharing options...
Asheeown Posted January 6, 2007 Share Posted January 6, 2007 Obviously it's not successfully getting throughtry registering a session by first putting this at the very top of your page or in a page that your going to include:[code]<?phpsession_start();header("Cache-control: private"); ?>[/code]Then register any old session like so[code]$_SESSION['Test'] = "TestVariables";[/code] Quote Link to comment Share on other sites More sharing options...
bigdessert Posted January 6, 2007 Author Share Posted January 6, 2007 to my understanding though, this will create the same encrypted string no matter what computer/time the page is accessed. This meaning that someone could share the address including the hashed session and get access. I think this is why Hotdawg was suggesting <?phpdefine('inSite',true);?>and on the register.php page it should begin with:Code:<?phpif(defined['inSite']){echo "You have done this the right way!";//followed by the registration form, etc.}else{echo "hacking attempt, access denied.";exit ();?> Quote Link to comment Share on other sites More sharing options...
Asheeown Posted January 6, 2007 Share Posted January 6, 2007 if(defined['inSite']){theres your problem:replace with if(defined('inSite')){ Quote Link to comment Share on other sites More sharing options...
bigdessert Posted January 6, 2007 Author Share Posted January 6, 2007 [quote author=Fearsoldier link=topic=121202.msg498425#msg498425 date=1168121946]if(defined['inSite']){theres your problem:replace with if(defined('inSite')){[/quote]I have this, but still does not work.here is my first page:[code]<?phpdefine('inSite',true);header( 'Location: http://www.site.com/test/register.php' );?>[/code]and the second page[code]<?phprequire_once("inc/init.inc.php");if(defined('inSite')){$page_title = $lngstr['page_title_register'];if(getConfigItem(CONFIG_can_register)) { if(isset($_POST['bsubmit'])) { include_once($DOCUMENT_PAGES."register-2.inc.php");} else { include_once($DOCUMENT_PAGES."register-1.inc.php");}} else { $page_title = $lngstr['page_title_signin'];$input_err_msg = $lngstr['err_no_permissions_to_register'];include_once($DOCUMENT_PAGES."signin-1.inc.php");}}else {echo "You are not authorized to view this page";}?>[/code] Quote Link to comment Share on other sites More sharing options...
Asheeown Posted January 6, 2007 Share Posted January 6, 2007 Now what shows on your browser when you load the page an error or the page ignoring the defined var? Quote Link to comment Share on other sites More sharing options...
bigdessert Posted January 6, 2007 Author Share Posted January 6, 2007 this shows every time no matter what i do.You are not authorized to view this page Quote Link to comment Share on other sites More sharing options...
Asheeown Posted January 6, 2007 Share Posted January 6, 2007 [code]<?phprequire_once("inc/init.inc.php");if(isset(defined('inSite'))){ $page_title = $lngstr['page_title_register']; if(getConfigItem(CONFIG_can_register)) { if(isset($_POST['bsubmit'])) { include_once($DOCUMENT_PAGES."register-2.inc.php"); } else { include_once($DOCUMENT_PAGES."register-1.inc.php"); } } else { $page_title = $lngstr['page_title_signin']; $input_err_msg = $lngstr['err_no_permissions_to_register']; include_once($DOCUMENT_PAGES."signin-1.inc.php"); }} else { echo "You are not authorized to view this page";}?>[/code]try that for your second page Quote Link to comment Share on other sites More sharing options...
bigdessert Posted January 6, 2007 Author Share Posted January 6, 2007 Parse error: syntax error, unexpected T_STRING, expecting T_VARIABLE or '$' in /home/gastrain/public_html/test/register.php on line 3when trying that one Quote Link to comment Share on other sites More sharing options...
Asheeown Posted January 7, 2007 Share Posted January 7, 2007 just hold on here im going to run it through and try and figure out what part its getting stuck on and why the define var isnt registering Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.