a few session questions.

[bigdessert]

Ok i am a rook here to sessions, but on my first page i have

session_start();
$_SESSION['user'] = "test";

thats gets passed like this
http://www.site.com/test/register.php?<?php echo strip_tags(SID);?>

so then in the address bar it shows http://www.gastrain.com/test/register.php?PHPSESSID=2L3KJH14KJHDIUY3

session part of register.php

session_cache_expire(1); //ettempting to expire the session after 1 min, dont work though.
session_start();

if ($_SESSION['user'] = "test")
{
do what i want.

Basicall i am trying to make it so that only a user with the proper session can see a page.  The session is set during a checkout, then passed to the page where the user registers.  if i assign the $_SESSION['user'] = "test", then the PHPSESSID= is always the same.  So if 1 hour later the user goes to http://www.gastrain.com/test/register.php?PHPSESSID=2L3KJH14KJHDIUY3, they will still have access regardless if the session was set to expire.

1. is there a way to make the PHPSESSID= change every time and still be able to verify the user came from the checkout section??

2. if thats not possible is there an easier way i can do this?? i would like to use database, but that is not possible.

Thanks, Tim

[HoTDaWg]

[quote author=bigdessert link=topic=121202.msg497920#msg497920 date=1168056591]
1.Basicall i am trying to make it so that only a user with the proper session can see a page.
2. if thats not possible is there an easier way i can do this?? i would like to use database, but that is not possible.
[/quote]
hi tim,
im having some difficulty understanding what it is that you want. i know that:
1. You have some kind of user registration form and you would like to register the user, and verify their id, log them in (with sessions), and also log them out...correct?
2. You also do not have a database.

well if you want i can show you a tutorial that teaches you user authentication, and then once you get that wokring you can come back to the forums and ask for help regarding how to insert data into a [b]text file instead of a mysql database[b]. regarding your first question however, normally, a log-in form with minimum security goes something like this.
[code]
<?php
if(isset($_SESSION['SESSIONNAME']){
echo "Welcome, logged in user";
}else{
echo "You are not logged in, access denied";
?>
[/code]

help us help you by giving us a much more detailed explanation of what situation your in, what help you are looking for, and what it is that you want.

hope this helps,

HoTDaWg

[bigdessert]

ok i guess from the start....a person purchases a certification test.  When they purchase that certification test then they get to register with the testing software.  the registration happens at site.com/register.php.  Now i want to make it so that if a user just types in site.com/register.php from anywhere other than the checkout, then they get a page that says they have no access.

I was trying to attemp this with sessions, but i dont know if its going to work.

[HoTDaWg]

ohhh i see, well on the page where the person purchases a certification test you can include this:
[code]
<?php
define('inSite',true);
?>
[/code]
and on the register.php page it should begin with:
[code]
<?php
if(defined['inSite']){
echo "You have done this the right way!";
//followed by the registration form, etc.
}else{
echo "hacking attempt, access denied.";
exit ();
?>
[/code]
but note you absolutely have to tell the user they have vey little time to go on the register.php page. and also, i dont see how you can do this with sessions, if you really wanna use sessions tell me. im kinda busy right now.

HoTDaWg

[bigdessert]

i get
Parse error: syntax error, unexpected '[' in /home/gastrain/public_html/test/title.php on line 2

also how long does the user have to register?

after checkout they are directed right to the registration page and should sign up within 5 mins...

[HoTDaWg]

[quote author=bigdessert link=topic=121202.msg497934#msg497934 date=1168058547]
i get
Parse error: syntax error, unexpected '[' in /home/gastrain/public_html/test/title.php on line 2

also how long does the user have to register?

after checkout they are directed right to the registration page and should sign up within 5 mins...
[/quote]
you are getting that error, for a reason, would you mind showing me both scripts?

[bigdessert]

First Page.....then goes through checkout......via paypal...
[code]<?php

/*#################################################
  Simple PayPal and PHP Sessions Example          #
  by: PayPal_PatrickO for PayPal, an eBay Company #
  date: 2/9/2005                                  #
  "checkout.php"                                  #
                                                  #
  This example illustrates using sessions with    #
  PayPal.                                        #
#################################################*/
// call session_start() to create a session.
//session_start();

define('inSite',true);

//create a session variable for this example - just to illustrate sessions.
//$_SESSION['user'] = "tin";
?>


<form action="https://www.sandbox.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_xclick">
<input type="hidden" name="business" value="tim@bigdessert.com">
<input type="hidden" name="item_name" value="session example">
<input type="hidden" name="amount" value="0.01">
<input type="hidden" name="return"
  value="http://www.gastrain.com/test/title.php">
<input type="hidden" name="no_note" value="1">
<input type="hidden" name="currency_code" value="USD">
<input type="image" src="https://www.paypal.com/en_US/i/btn/x-click-but23.gif" border="0" name="submit" alt="Make payments with PayPal - it's fast, free and secure!">
</form>[/code]

contents of title.php
[code]<?php
if(defined['inSite']){
echo "You have done this the right way!";
//followed by the registration form, etc.
}else{
echo "hacking attempt, access denied.";
exit ();
?>[/code]

[fert]

[code]
if(defined['inSite'])
[/code]
should be
[code]
if(defined('inSite'))
[/code]

[bigdessert]

[quote author=fert link=topic=121202.msg497937#msg497937 date=1168058837]
[code]
if(defined['inSite'])
[/code]
should be
[code]
if(defined('inSite'))
[/code]
[/quote]

Changing that got me this error

Parse error: syntax error, unexpected $end in /home/gastrain/public_html/test/title.php on line 8

[bigdessert]

do i need to pass the variable in the url at all??

[bigdessert]

alrighty, found the missing } before exit();

But its not seeming to passing the info.....it says the hacking message every time.

[bigdessert]

i cannot seem to get this to work any way.  Any ideas???

[Asheeown]

Obviously it's not successfully getting through

try registering a session by first putting this at the very top of your page or in a page that your going to include:

[code]
<?php
session_start();
header("Cache-control: private");
?>
[/code]
Then register any old session like so
[code]
$_SESSION['Test'] = "TestVariables";
[/code]

[bigdessert]

to my understanding though, this will create the same encrypted string no matter what computer/time the page is accessed.  This meaning that someone could share the address including the hashed session and get access. I think this is why Hotdawg was suggesting

<?php
define('inSite',true);
?>
and on the register.php page it should begin with:

Code:
<?php
if(defined['inSite']){
echo "You have done this the right way!";
//followed by the registration form, etc.
}else{
echo "hacking attempt, access denied.";
exit ();
?>

[Asheeown]

if(defined['inSite']){


theres your problem:
replace with

if(defined('inSite')){

[bigdessert]

[quote author=Fearsoldier link=topic=121202.msg498425#msg498425 date=1168121946]
if(defined['inSite']){


theres your problem:
replace with

if(defined('inSite')){
[/quote]


I have this, but still does not work.

here is my first page:

[code]
<?php
define('inSite',true);
header( 'Location: http://www.site.com/test/register.php' );
?>
[/code]

and the second page
[code]<?php
require_once("inc/init.inc.php");
if(defined('inSite'))
{
$page_title = $lngstr['page_title_register'];
if(getConfigItem(CONFIG_can_register)) {

if(isset($_POST['bsubmit'])) {
include_once($DOCUMENT_PAGES."register-2.inc.php");
} else {
include_once($DOCUMENT_PAGES."register-1.inc.php");
}
} else {

$page_title = $lngstr['page_title_signin'];
$input_err_msg = $lngstr['err_no_permissions_to_register'];
include_once($DOCUMENT_PAGES."signin-1.inc.php");
}
}
else {echo "You are not authorized to view this page";}
?>[/code]

[Asheeown]

Now what shows on your browser when you load the page an error or the page ignoring the defined var?

[bigdessert]

this shows every time no matter what i do.


You are not authorized to view this page

[Asheeown]

[code]
<?php
require_once("inc/init.inc.php");
if(isset(defined('inSite')))
{
$page_title = $lngstr['page_title_register'];
if(getConfigItem(CONFIG_can_register)) {
if(isset($_POST['bsubmit'])) {
include_once($DOCUMENT_PAGES."register-2.inc.php");
} else {
include_once($DOCUMENT_PAGES."register-1.inc.php");
}
} else {
$page_title = $lngstr['page_title_signin'];
$input_err_msg = $lngstr['err_no_permissions_to_register'];
include_once($DOCUMENT_PAGES."signin-1.inc.php");
}
} else {
echo "You are not authorized to view this page";
}
?>
[/code]
try that for your second page

[bigdessert]

Parse error: syntax error, unexpected T_STRING, expecting T_VARIABLE or '$' in /home/gastrain/public_html/test/register.php on line 3
when trying that one

[Asheeown]

just hold on here im going to run it through and try and figure out what part its getting stuck on and why the define var isnt registering