PDA

View Full Version : Arggghh! At Php!



Mingerroo
07-08-03, 15:22
<?php
$tried = 1;

if (isset($SessionActive)) {
$num =1;

} elseif ($action=="login"){

// Database Settings
$mysql_server = "SERVER";
$mysql_username = "USERNAME";
$mysql_password = "PASSWORD";
$db_name = "DATABASE NAME";

// Connect to the MySQL server
$mysql_link = mysql_connect($mysql_server,$mysql_username,$mysql_password) or print "Could not connect to the MySQL server";
// Select the MySQL database
mysql_select_db($db_name, $mysql_link) or print "Could not connect to the MySQL database";

$sql = "SELECT * FROM phpbb_users where Username = '".$Username."' and User_Password = '". md5($Password) ."'";

$result = mysql_query($sql,$mysql_link) or print "<P><B>died during query:</B> $sql</P>";

$num = mysql_num_rows($result);
} else {
$tried = 0;
}

if ($tried == 1) {
if ($num == 1) {
$row = mysql_fetch_array($result, MYSQL_ASSOC);
$expiry_date = time() + 60 * 60;
setcookie("SessionActive",$row["ID"], $expiry_date);
$loginresult = "Logged In";
} else {
$loginresult = "Your Username or Password are incorrect please click back and try again.";
}
print $loginresult;
}else{
?>
<form action="login.php" method=POST name="login">
<table border="0" class="maintxt" width="40%">
<tr style="bottomborder">
<td valign="top" align="left" class="maintxtsm" width="95%"><font color="#000066" size="1" face="Verdana, Arial, Helvetica, sans-serif"><span class="maintxt"><font color="#000000">Username: </font> </td>
<td valign="top" align="left" class="maintxtsm" width="95%"><INPUT TYPE="text" NAME="Username"></td>
</tr>
<tr style="bottomborder">
<td valign="top" align="left" class="maintxtsm" width="95%"><font color="#000066" size="1" face="Verdana, Arial, Helvetica, sans-serif"><span class="maintxt"><font color="#000000">Password: </font> </td>
<td valign="top" align="left" class="maintxtsm" width="95%"><INPUT TYPE="text" NAME="Password"></td>
</tr>
<tr style="bottomborder">
<td valign="top" align="center" class="maintxtsm" width="95%" colspan=2>
<INPUT TYPE="hidden" NAME="action" value="login">
<INPUT TYPE="submit" value="Log In"> </td>
</tr>
</table>
</form>
<?php
}
?>


And yet still if you press the backbutton after logging in it takes you back to the log in screen rather than saying you have already logged in. I just don't understand it. :(

hinch
07-08-03, 15:26
<?php if (!isset($SessionActive)) {
header('Location: login.php');
} else { ?>
display stuff for logged in people here
<?php
} ?>


at the top of your page

Mingerroo
07-08-03, 15:29
Thank you. :D, now to put it to the test :)

[EDIT] You wont believe this, it still doesnt fuckin work. You can log in, and moving around different links will probably be fine (cant be arsed to test it yet). But if I press back it STILL doesnt work and brings up the log in screen. :rolleyes:



<?php
if (!isset($SessionActive)) {
$tried = 1;
if ($action=="login"){
// Database Settings
$mysql_server = "SERVER";
$mysql_username = "USERNAME";
$mysql_password = "PASSWORD";
$db_name = "DB_NAME";
// Connect to the MySQL server
$mysql_link = mysql_connect($mysql_server,$mysql_username,$mysql_password) or print "Could not connect to the MySQL server";
// Select the MySQL database
mysql_select_db($db_name, $mysql_link) or print "Could not connect to the MySQL database";

$sql = "SELECT * FROM phpbb_users where Username = '".$Username."' and User_Password = '". md5($Password) ."'";

$result = mysql_query($sql,$mysql_link) or print "<P><B>died during query:</B> $sql</P>";

$num = mysql_num_rows($result);

if ($num == 1) {
$row = mysql_fetch_array($result, MYSQL_ASSOC);
$expiry_date = time() + 60 * 60;
setcookie("SessionActive",$row["ID"], $expiry_date);
$loginresult = "Logged In";
} else {
$loginresult = "Your Username or Password are incorrect please click back and try again.";
}
print $loginresult;
} else {
echo("
<form action=\"login.php\" method=POST name=\"login\">
<table border=\"0\" class=\"maintxt\" width=\"40%\">
<tr style=\"bottomborder\">
<td valign=\"top\" align=\"left\" class=\"maintxtsm\" width=\"95%\"><font color=\"#000066\" size=\"1\" face=\"Verdana, Arial, Helvetica, sans-serif\"><span class=\"maintxt\"><font color=\"#000000\">Username: </font> </td>
<td valign=\"top\" align=\"left\" class=\"maintxtsm\" width=\"95%\"><INPUT TYPE=\"text\" NAME=\"Username\"></td>
</tr>
<tr style=\"bottomborder\">
<td valign=\"top\" align=\"left\" class=\"maintxtsm\" width=\"95%\"><font color=\"#000066\" size=\"1\" face=\"Verdana, Arial, Helvetica, sans-serif\"><span class=\"maintxt\"><font color=\"#000000\">Password: </font> </td>
<td valign=\"top\" align=\"left\" class=\"maintxtsm\" width=\"95%\"><INPUT TYPE=\"text\" NAME=\"Password\"></td>
</tr>
<tr style=\"bottomborder\">
<td valign=\"top\" align=\"center\" class=\"maintxtsm\" width=\"95%\" colspan=2>
<INPUT TYPE=\"hidden\" NAME=\"action\" value=\"login\">
<INPUT TYPE=\"submit\" value=\"Log In\"> </td>
</tr>
</table>
</form>
");
}
} else { ?>
display stuff for logged in people here
<?php
}
?>

NeoLojik
07-08-03, 16:23
Its Internet Explorer caching the page :(

hinch
07-08-03, 16:37
email me your pages to hinch@furious-angels.com i`ll see if i can fix it for you tonight when i get home im not sure how php handles headers properly (im a ms coder really not a php one) but i can at least have a looksee

Brammers
07-08-03, 16:46
What version of PHP are you using? If you are using 4.1 upwards and have registered globals turned off, the $SessionActive variable is not going to be visable to the script.

It's better to use $_COOKIE['SessionActive'] to access to the cookie.

Edit: Example



if (!isset($SessionActive)) {
$tried = 1;


Change to



if (!isset($_COOKIE['SessionActive'] )) {
$tried = 1;

hinch
07-08-03, 16:58
no its not $cookie_ and $form_ were removed in php well deprecated (not needed anymore)

Brammers
07-08-03, 17:10
Originally posted by hinch
no its not $cookie_ and $form_ were removed in php well deprecated (not needed anymore)

$cookie_ ? I said $_COOKIE (No I'm not shouting) that's how it's normally written for 4.1 to 4.3 (Not looked at 5.0 since it's still beta.

See http://www.php.net/manual/en/features.cookies.php

hinch
07-08-03, 17:16
yeah my bad its still not needed though

Brammers
07-08-03, 17:20
Just spotted that you are not using sessions, so PHP is not sending out the headers to stop IE from caching the page.

There are 2 ways to fix this.

1) On every page add session_start() - quick, dirty and easy hack. and to be honest I would look at using sessions rather than cookies, as your current script is not very secure - I could fake a cookie on my browser and access anyone's ID.

2) Send out the right headers to the browser to stop it caching the pages. Taken from http://uk.php.net/manual/en/function.header.php



<?php
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); // Date in the past
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
// always modified
header("Cache-Control: no-store, no-cache, must-revalidate"); // HTTP/1.1
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache"); // HTTP/1.0
?>


But see point 1 above.

hinch
07-08-03, 17:34
php sessions are just nasty

Brammers
07-08-03, 17:44
Originally posted by hinch
php sessions are just nasty

*shrugs* no worse than ASP IMHO. Suggest you take your arguments to the php.net mailing lists?

hinch
07-08-03, 17:46
not argueing stating pure fact sessions full stop = bad

Brammers
07-08-03, 18:00
Originally posted by hinch
php sessions are just nasty

and....


Originally posted by hinch
not argueing stating pure fact sessions full stop = bad

O_o

Ok since your "pure facts" are one liner's, and nothing constructive, here's your chance to state your "pure facts" why sessions are bad.

hinch
07-08-03, 18:09
sessions are by implementation within the envionment not only insecure but also resource heavy on a per hour basis you get an exponential usage of memory through the server
sessions are not purely server side they also drop a client side cookie the cookies are not deleted on session expiration and are not encrypted unless explicity told to be so (php has no control over client sessin cookie) although these shouldnt be called cookies as such its how theyre mainly referred to.

many hosting company have sessions denied due to the system over heads if you look on these very forums for example it generates a session string it then stores it in a cookie OR passes it as the s= header variable never ever ever calls a fullsession due to insecurities and system over heads imagine running a board like this with 400 constant users on it thats a min of 400 sessions however due to exponentials over a 12 hours period your looking more at about 18000 sessions (yes i know its not the right number i cant remember formula for it over time correctly)

2 articles based on the asp version of sessions are here

http://www.4guysfromrolla.com/webtech/faq/Advanced/faq4.shtml
http://www.4guysfromrolla.com/webtech/092098-2.shtml

and theres php ones all over the fking net since its a language i avoid i dont have links to hand
the long and short of it is that sessions = bad do not ask questions accept it as read and follow suit like a good little web coder :rolleyes:

Ryuben
07-08-03, 18:41
HA ! he told you o_O


shame msot of it went over my head :D :lol: :lol:

d3ik
07-08-03, 19:26
LOL... for someone who doesn't like overhead it's ironic you use MS products like ASP.

Brammers
07-08-03, 19:35
Originally posted by hinch
sessions are by implementation within the envionment not only insecure but also resource heavy on a per hour basis you get an exponential usage of memory through the server
sessions are not purely server side they also drop a client side cookie the cookies are not deleted on session expiration and are not encrypted unless explicity told to be so (php has no control over client sessin cookie) although these shouldnt be called cookies as such its how theyre mainly referred to.


Incorrect usage of sessions can usage memory, yes that's tru for anything. Yes a session does drop a session cookie, which is usally one big long unique number. Correct browser behavior destroys session cookies when then expire or when the browser is closed.

Exponential? I disagree. Say one session has 2 variabled assigned to it. How many variables in total is that? For the Session ID and the 2 variables thats 3. What if we 2 sessions, thats 6 viarables in total, say 10 sessions, that 30 in total - get a graph paper and draw a straight LINEAR line. Also I see no mention of Exponential growth in your references.



many hosting company have sessions denied due to the system over heads if you look on these very forums for example it generates a session string it then stores it in a cookie OR passes it as the s= header variable never ever ever calls a fullsession due to insecurities and system over heads imagine running a board like this with 400 constant users on it thats a min of 400 sessions however due to exponentials over a 12 hours period your looking more at about 18000 sessions (yes i know its not the right number i cant remember formula for it over time correctly)


in the case of s= is a fall back to when session cookies dont work.



2 articles based on the asp version of sessions are here

http://www.4guysfromrolla.com/webtech/faq/Advanced/faq4.shtml
http://www.4guysfromrolla.com/webtech/092098-2.shtml


The articles are a bit propagand-ish, but interesting, and certainly edge to the argument of good usage of session variables, rather than never use sessions.



and theres php ones all over the fking net since its a language i avoid i dont have links to hand
the long and short of it is that sessions = bad do not ask questions accept it as read and follow suit like a good little web coder :rolleyes:

I currently do not accept your arguments, and I'm also I'm a software engineer, it's my job to ask questions, otherwise it would be considered very unprofessional if I didn't. I question coding practices and code, including my own code.

hinch
08-08-03, 01:26
heh fair points true i dont know php enough but then im not a webdeveloper

the official title is "xbox integration director" basically it means i dont code but i know people that do

i stopped coding along time ago (6 years or so) the webstuff i know as a hobby so could never argue against a proper web developer

bring on some c++, c, tcl, and a fuck load of other obscure languages and i`d be fine though :)

theres a graph though linked to one of them articles showing duration of session usage over time vs visitors

t0tt3
08-08-03, 15:33
hahaha read about a school boy that got banned from school,
they heard that he had some experince with PHP and after all drug shit GHB. They didnt ask him about it just kicked him out and made a investigation "or whats called :p" about this scary PHP ;) poor kid :D

So to all dont talk about PHP you can get into danger :eek:

:angel: