Cookies or Sessions

David_McCallum · December 13, 2009, 1:50am

If I have an entry page that requires a username ($username) how do I store that in a Cookie and then retrieve it in a subsequent page - or do I use a Session. My pages are all .PHP

I have read the book(s) but it is not that clear! Idiots guide please.

David

dynamo mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

MIKEBR_FW · December 13, 2009, 11:07am

There are various methods to do this, generally a username would be
stored in a database and used with a password, then this could be used
with a session time so the user would be logged out if there was no
activity after a certain period, it could also be checked if the user
was an active user etc. etc. I have written a very simple method for
checking a username saved in a php variable and then storing this in a
session, one that could be used where it is not critical information,
otherwise there would need to be a password and have it stored
encrypted.

This is not an ‘idiots guide’ as requested, to be honest I remember
having some problems when I first needed sessions and I think that was
because I was confusing cookies and sessions then reading several
different examples which where making it even more confusing. I
finally found some simple example of a session which I then understood
then added to that myself for my needs, anyway here are a couple of
links to how to use sessions:

http://www.weberdev.com/get_example-4349.html

What follows is not as simple as the above although it might show you
how to expand things a little, I find it best to keep the code out of
Freeway and then just bring it in with includes when needed, so…
you could do this writing 3 or 4 small php scripts:

login.php
logout.php
logincheck.php

loginaccess.php // Used to replace a database query

All these php file paths in the following code are written as in the
same folder as the pages using them, this is not advised but is done
just for ease, you should change that and alter your paths etc. to
suite where you have them stored and the names they are called. Your
login page should have a means of showing the contents of a variable
called $error if it has been set and is not empty, something like the
following:

<?php
if (isset($error) and $error) {
	echo $error;
}
?>

OK now onto the rest…

(Contents loginaccess.php)
The file that contains the username, this would generally be a
database query but as you asked for using a username and to try and
keep things simple I just stuck it in a variable. Any time this is
needed the following code in the files will pull this file in so no
need to include this to any of the web pages.

<?php
$access_user = 'letmeinplease';
?>

This bit of code should be included at the top of the login page
(before for example) but included only if someone has attempted
a login so it could be added with a small section of code such as:

<?php
// This bit of code works on the asumption of the submit buttin being  
called submit
// and the username being called username
if ($_POST['submit'] && $_POST['username']) {
	include_once ('login.php');
} else if ($_GET['logout']==1) {
	include_once ('logout.php');
}
?>

(Contents login.php)
Will be pulled in if somene tries to login.

<?php
session_start();
header ("Cache-control: private");
$error = '';

// It is strongly advised to also run the username through a function  
to clean
// any chars or code that may be maliciously used, this has not been  
done here
// and would be done to suite the method of username/password storage.
$username_session	= stripslashes($_POST['username']);

// Check the username against where is has been stored (Generally a  
database)
// has it been stored crypted? if it has then the same cryption should  
be used
// on the entered username before the query is made
// For these purposes we just use a password stored in a variable.

// Get the password
include_once ('loginaccess.php');

if ($username_session == $access_user) {

	session_register('username');
         $_SESSION['username_session'] = $access_user;
	// Set a session expire time if preferred
	session_register('expires');
	$_SESSION['expires'] = (time() + 3600);

	header('Location: ./privatepage.php');
	exit;

} else {
	 session_destroy();
	// Set any user error here
	$error = 'The username is not correct';
}
?>

(Contents logincheck.php)

This should be pulled in using an include at the top of any page that
needs to have the username access, if not used access will be given
without any username access being present in the session.

<?php
ob_start();
session_start();

// Time now
$currenttime = time();

// Get the password
include_once ('loginaccess.php');

$username_session = $_SESSION['username_session']; // Login
$expires_session = $_SESSION['expires']; // Session time

if($currenttime > $expires_session) {

	session_unset();
	session_destroy(); // Destroy the session
	$error = 'Your session has expired, you need to login again';
	include ("./login.php");
	exit;

} else if($access_user == $username_session) { // if the user is OK  
for the page let them continue
	// If there is a time limition to access then renew it here
	// $_SESSION['expires'] = ($currenttime + 3600);
	ob_end_flush();
} else {
	session_unset();
	session_destroy(); // Destroy the session
	$error = 'Your session is not valid';
	include ("./login.php");
	exit;
}
?>

(Contents logout.php)
This will be included in the login page if the variable $logout is
availabe and has a value so you could have a ‘Logout’ link on the
pages where a username is needed for access but give the ‘Logout’ link
a url of ‘login.php?logout=1’ to the end of the URL.

<?php
session_start();
empty($_SESSION['username_session']);
empty($_SESSION['expires']);

session_unset ();							
session_destroy();

$error = urlencode('You have logged out');
?>

It probably seems complicated but once you get the code into the files  
and see it there I think you will hopefully see it a little clearer,  
let me know if it works (Not tested) and if not then get back to me.

HTH
Mike

On Dec 13, 2009, at 2:50 AM, DeltaDave wrote:

> If I have an entry page that requires a username ($username) how do  
> I store that in a Cookie and then retrieve it in a subsequent page -  
> or do I use a Session. My pages are all .PHP
>
> I have read the book(s) but it is not that clear! Idiots guide please.
>
> David
>
> _______________________________________________
> dynamo mailing list
> email@hidden
> Update your subscriptions at:
> http://freewaytalk.net/person/options


_______________________________________________
dynamo mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

MIKEBR_FW · December 13, 2009, 11:22am

If you are using the web page for this then sorry, not sure what has
happened with the code blocks and text, seems the tildes are getting
confused with something else.

dynamo mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

David_McCallum · December 13, 2009, 12:06pm

Thanks for this Mike yes it does look daunting. I will digest and have a go. These pages are not written in FW at all - all hand coded (not by me I might add) - I have been given the task of trying to add some functionality that wasn’t there before.

Sadly the originator of the code has gone to a better place and it has been left to me to take over so any help I get is gratefully received.

David

dynamo mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

MIKEBR_FW · December 13, 2009, 12:16pm

Look at the links, they show how to use sessions in a very simple way.

I thought it might help to advance a little on how you implement the
code ‘which you could add directly in the Freeway pages’ but I
personally find it a lot more organised and easier to alter or update
if the code is kept off the Freeway pages.

Even if the Freeway pages have been written and you have the Freeway
file there should be little or no changes needed apart from the code
to include the php files… apart from the little bit of code to
include the scripts and show any error.

When you have it done and have any issues then let me know and I will
take a look.

On Dec 13, 2009, at 1:06 PM, DeltaDave wrote:

Thanks for this Mike yes it does look daunting. I will digest and
have a go. These pages are not written in FW at all - all hand coded
(not by me I might add) - I have been given the task of trying to
add some functionality that wasn’t there before.

Sadly the originator of the code has gone to a better place and it
has been left to me to take over so any help I get is gratefully
received.

David

dynamo mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

dynamo mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

MIKEBR_FW · December 13, 2009, 12:20pm

Sorry I see you say they are not written in Freeway, that shouldn’t be
an issue either, just add the include code and it will work the same.

Mike

On Dec 13, 2009, at 1:16 PM, Mike B wrote:

Look at the links, they show how to use sessions in a very simple way.

I thought it might help to advance a little on how you implement the
code ‘which you could add directly in the Freeway pages’ but I
personally find it a lot more organised and easier to alter or
update if the code is kept off the Freeway pages.

Even if the Freeway pages have been written and you have the Freeway
file there should be little or no changes needed apart from the code
to include the php files… apart from the little bit of code to
include the scripts and show any error.

When you have it done and have any issues then let me know and I
will take a look.

On Dec 13, 2009, at 1:06 PM, DeltaDave wrote:

Thanks for this Mike yes it does look daunting. I will digest and
have a go. These pages are not written in FW at all - all hand
coded (not by me I might add) - I have been given the task of
trying to add some functionality that wasn’t there before.

Sadly the originator of the code has gone to a better place and it
has been left to me to take over so any help I get is gratefully
received.

David

dynamo mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

dynamo mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

dynamo mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

David_McCallum · December 14, 2009, 12:44am

OK Mike I have looked at those links and it appears that the session is being created OK. This is the existing code on the page that checks the validity of the login

<?
$username = $_POST['username'];
$password = $_POST['password'];

if ($username=="")
{
header("location: entry.php");
exit();
}
if ($password=="")
{
header("location: entry.php");
exit();
}
include("php-lib/connect_inc.php");
$username=strtolower($username);
$password=strtolower($password);
$password=md5($password);
$TableName="personnel";
$Query="SELECT * FROM $TableName WHERE username='$username' and password='$password'  ";
$Result=mysql_db_query ($DBName, $Query, $Link);
$num=mysql_num_rows($Result);
if ($num==0)
{
header("location: entry.php");
exit();
}
else
{
// session_start();
session_register('valid');
$valid="kK-iopsey7";
$_SESSION['username']=$username;
}
include("control.php");
?>

As you can see the session is started a bit differently from the first example you pointed me to. This is the bit that is confusing to me

// session_start();
session_register('valid');
$valid="kK-iopsey7";
$_SESSION['username']=$username;
}

What is the significance of “kk-iopsey7”

One of the reasons that I am looking at this is because in a subsequent page the following code is supposed to generate an email when a user enters a particular section - but the email that is generated does not include the username.

<?
include("php-lib/header_admin.php");
include("php-lib/header_cli.php");
include("php-lib/connect_inc.php");

$TableName="clients";

if (($username=="lang_ia") || ($username=="mccallum_ir") || ($username=="wyndcentre"))
{
}
else
{
$date=date("jS F Y");
mail("email@hidden", "renfunds", "$username entered the $TableName area of renfunds - $date.");
mail("email@hidden", "renfunds", "$username entered the $TableName area of renfunds - $date.");
}

The header_admin.php contains the following session checking code:

<?
session_start();
$valid = $_SESSION['valid'];
if ($valid !="kK-iopsey7") 
{ 
header("location: entry.php");
exit(); 
}

If I am reading this correctly (and I may not be) then if the user is one of these

if (($username=="lang_ia") || ($username=="mccallum_ir") || ($username=="wyndcentre"))

Then nothing should happen but if a different user enters then it should generate the email with the username, date and area entered. But what we do get whether it is one of those 3 users or not is the email with the date and area entered but no username ie " entered the clients area of Renfunds - 14th December 2009."

I am sure that this is so obvious to you but just a bit over my head.

David

dynamo mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

Joe2 · December 14, 2009, 10:20am

Don’t mean to throw a spanner in the works, but you could look at the new HTML 5 local storage stuff:

This will only work on he latest and greatest browsers, of course.

Joe

On 14 Dec 2009, at 00:44, DeltaDave wrote:

OK Mike I have looked at those links and it appears that the session is being created OK. This is the existing code on the page that checks the validity of the login
<?
$username = $_POST['username'];
$password = $_POST['password'];

if ($username=="")
{
header("location: entry.php");
exit();
}
if ($password=="")
{
header("location: entry.php");
exit();
}
include("php-lib/connect_inc.php");
$username=strtolower($username);
$password=strtolower($password);
$password=md5($password);
$TableName="personnel";
$Query="SELECT * FROM $TableName WHERE username='$username' and password='$password'  ";
$Result=mysql_db_query ($DBName, $Query, $Link);
$num=mysql_num_rows($Result);
if ($num==0)
{
header("location: entry.php");
exit();
}
else
{
// session_start();
session_register('valid');
$valid="kK-iopsey7";
$_SESSION['username']=$username;
}
include("control.php");
?>
As you can see the session is started a bit differently from the first example you pointed me to. This is the bit that is confusing to me
// session_start();
session_register('valid');
$valid="kK-iopsey7";
$_SESSION['username']=$username;
}
What is the significance of “kk-iopsey7”

One of the reasons that I am looking at this is because in a subsequent page the following code is supposed to generate an email when a user enters a particular section - but the email that is generated does not include the username.
<?
include("php-lib/header_admin.php");
include("php-lib/header_cli.php");
include("php-lib/connect_inc.php");

$TableName="clients";

if (($username=="lang_ia") || ($username=="mccallum_ir") || ($username=="wyndcentre"))
{
}
else
{
$date=date("jS F Y");
mail("email@hidden", "renfunds", "$username entered the $TableName area of renfunds - $date.");
mail("email@hidden", "renfunds", "$username entered the $TableName area of renfunds - $date.");
}
The header_admin.php contains the following session checking code:
<?
session_start();
$valid = $_SESSION['valid'];
if ($valid !="kK-iopsey7") 
{ 
header("location: entry.php");
exit(); 
}
If I am reading this correctly (and I may not be) then if the user is one of these
if (($username=="lang_ia") || ($username=="mccallum_ir") || ($username=="wyndcentre"))
Then nothing should happen but if a different user enters then it should generate the email with the username, date and area entered. But what we do get whether it is one of those 3 users or not is the email with the date and area entered but no username ie " entered the clients area of Renfunds - 14th December 2009."

I am sure that this is so obvious to you but just a bit over my head.

David

dynamo mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

dynamo mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

MIKEBR_FW · December 14, 2009, 11:22am

Dave, this is a bit rushed as I am shooting out, but hopefully it will
help you:

<?
$username = $_POST['username'];
$password = $_POST['password'];

// If $username is empty divert user to the entry.php file/page
if ($username=="")
{
header("location: entry.php");
exit();
}
// If $password is empty divert user to the entry.php file/page
if ($password=="")
{
header("location: entry.php");
exit();
}
// Include the database connection script... I would guess.
include("php-lib/connect_inc.php");

// Make the user entered username and password to lowercase... why? it  
is better security
// to make the user enter these exactly as they are, uppercase and  
lowercase if that!
$username=strtolower($username);
$password=strtolower($password);
// Encrypt the user entered password
$password=md5($password);
// Make the database query
$TableName="personnel";
$Query="SELECT * FROM $TableName WHERE username='$username' and  
password='$password'  ";
$Result=mysql_db_query ($DBName, $Query, $Link);
$num=mysql_num_rows($Result);
/* If there is an entry of username and password then $num will show  
more than o
This is not the best what to do this, there is no real checks here,  
personally there is
of username and password cleaning could be done here, also personally  
I think it is better to
check the username only for matches then match the password on the  
query results */
if ($num==0)
{
// If no matching entry in the database then divert user to the  
entry.php file/page
header("location: entry.php");
exit();
}
else
{
// The session_start() should have the comments removed
// session_start();
session_register('valid');
$valid="kK-iopsey7";
$_SESSION['username']=$username;
}
include("control.php");
?>

As you can see the session is started a bit differently from the first
example you pointed me to. This is the bit that is confusing to me
// I have seen session_start() not used but I myself have problems if
it is not used, don’t know why it is commented out.

// session_start();
session_register('valid');
$valid="kK-iopsey7";
$_SESSION['username']=$username;
}

What is the significance of “kk-iopsey7”
/* I generally set an active variable in the session and check it plus
the user id and username. The session value of ‘valid’ is not being
set in the session so maybe it is used in some other script after the
session is set, otherwise it is not doing anything. The code looks
like it has been edited by someone, order is wrong and there is a
closing curly brace that would be a problem. On reading further down
it seems the session value of ‘valid’ is needed so change the last bit
of code above that sets the session to: */

session_start();
$valid="kK-iopsey7";
session_register('valid');
$_SESSION['valid']=$valid;
$_SESSION['username']=$username;

One of the reasons that I am looking at this is because in a
subsequent page the following code is supposed to generate an email
when a user enters a particular section - but the email that is
generated does not include the username.

/* Not sure how you get to the ‘subsequent page’ but you need to have
access to the variable values there, to get then from the session you
should use the following which would get the $username value you need
for the email but if $username is anything else than “lang_ia”,
“mccallum_ir” or “wyndcentre” you will get that other value in the
email message, * as you ask, and you are right * if it * was * one of
those three values you won’t get any email */

session_start();
$username = $_SESSION['username'];

<?
// Include the following files
include("php-lib/header_admin.php");
include("php-lib/header_cli.php");
include("php-lib/connect_inc.php");

$TableName="clients";

// Check the value of $username, if not as checked then emails are  
sent and will show the value of $username
//  if other than that checked, that includes even if it is empty.

if ($username=="lang_ia" || $username=="mccallum_ir" ||  
$username=="wyndcentre") {
	// No email sent
} else {
	// Get the date and send the emails when the value of $username is  
different than above
	$date=date("jS F Y");
	mail("email@hidden", "renfunds", "$username entered the  
$TableName area of renfunds - $date.");
	mail("email@hidden", "renfunds", "$username entered the  
$TableName area of renfunds - $date.");
}

BTW, The above email could be sent using the two addresses with a
comma separator, or as I have shown below: setting them to a variable
and then use that variable as the ‘to’ value. Sometimes I find doing
things like this makes code less confusing to read at times… but
that might be me

$send_to = 'email@hidden,email@hidden';
mail($send_to, "renfunds", "$username entered the $TableName area of  
renfunds - $date.");

<?
// Get the value of $valid from the session
session_start();
$valid = $_SESSION['valid'];
// Check the value of $valid and divert to entry.php if it is the  
value shown below.
if ($valid !="kK-iopsey7") {
	header("location: entry.php");
	exit();
}

Does this help answer things?

On a side note I have found using ‘username’ and ‘password’ on some
servers to conflict with the same value used elsewhere on the account,
I have no idea how that happend or might happen apart from the same
variable being used and made global in some part of the server system
code or applications that use php, since that time I never use
‘username’ or ‘password’ but use my own versions of them e.g.
something like ‘dd_username’ and ‘dd_password’

HTH
Mike

dynamo mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

MIKEBR_FW · December 14, 2009, 11:29am

Sorry Dave, the following:

session_start();
$valid="kK-iopsey7";
session_register('valid');
$_SESSION['valid']=$valid;
$_SESSION['username']=$username;

should be:

session_start();
$valid="kK-iopsey7";
session_register('valid');
$_SESSION['valid']=$valid;
session_register('username');
$_SESSION['username']=$username;

Gotta go…
Mike

dynamo mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

David_McCallum · December 14, 2009, 7:35pm

Thanks Mike - really appreciate your time on this.

I will have a fiddle about and test it locally on MAMP

I assume that if I want an email sent, no matter who the user, then I can just add the lines

$send_to = 'email@hidden,email@hidden';
mail($send_to, "renfunds", "$username entered the $TableName area of
renfunds - $date.");

In after

if (($username=="lang_ia") || ($username=="mccallum_ir") || ($username=="wyndcentre"))
{

David

dynamo mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

MIKEBR_FW · December 14, 2009, 7:46pm

You can add the email address code anywhere you want, but obviously if
you only want it when a statement returns true then you should place
it after the check, so yes, if you wanted it to run ‘send emails’ only
if $username was equal to ‘lang_ia’, ‘mccallum_ir’ or ‘wyndcentre’
then you just place it after an ‘if’ statement to check that:

if ($username=="lang_ia" || $username=="mccallum_ir" ||  
$username=="wyndcentre") {
     $send_to = 'email@hidden,email@hidden';
     mail($send_to, "renfunds", "$username entered the $TableName area  
of renfunds - $date.");
} else {
     // The email will not be sent
}

Mike

On Dec 14, 2009, at 8:35 PM, DeltaDave wrote:

Thanks Mike - really appreciate your time on this.

I will have a fiddle about and test it locally on MAMP

I assume that if I want an email sent, no matter who the user, then
I can just add the lines
$send_to = 'email@hidden,email@hidden';
mail($send_to, "renfunds", "$username entered the $TableName area of
renfunds - $date.");
In after
if (($username=="lang_ia") || ($username=="mccallum_ir") ||  
($username=="wyndcentre"))
{
David

dynamo mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

dynamo mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

David_McCallum · December 15, 2009, 1:49am

Thanks again Mike

I am working on this and so far so good - will keep you posted

David

dynamo mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

David_McCallum · December 15, 2009, 6:57pm

Joe Said

Don’t mean to throw a spanner in the works, but you could look at the new HTML 5 local storage stuff:

Breaking Out The Edges of The Browser ◆ 24 ways

This will only work on he latest and greatest browsers, of course.

Thanks for this Joe but unfortunately the volunteers accessing this site are using not quite so up-to-date kit.

David

dynamo mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

David_McCallum · December 15, 2009, 7:38pm

Mike I seem to have got into a circular argument that I cant fathom

I am using this

session_start();
$valid="kK-iopsey7";
session_register('valid');
$_SESSION['valid']=$valid;
session_register('username');
$_SESSION['username']=$username;

Which works fine on the page that then has

$date=date("H:i jS F Y");
if (($username=="mccallum_da") || ($username=="mccallum_ir") || ($username=="wyndcentre"))
{
print("Welcome back $username it is $date.");
}
else.......

But there is a link from this page to go to the next page which has

<?
ini_set('display_errors',1);
error_reporting(E_ALL);
include("php-lib/header_admin.php");
include("php-lib/header_cli.php");
include("php-lib/connect_inc.php");

$TableName="clients";
if (($username=="mccallum_da") || ($username=="mccallum_ir") || ($username=="wyndcentre"))
{
print("Hello $username welcome to $TableName.");
}
else......

I have added the error display in there and it is giving me: Notice: Undefined variable: username in…

In this page should I have something like

$username=['username'];

I thought that the Session would bring the defined variable with it to the subsequent pages.

David

dynamo mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

waltd · December 15, 2009, 7:58pm

If your server is set to modern security settings, then none of the
session variables will be brought into the global scope until you
deliberately extract them. One safe way to get a particular value out
of the session is as follows:

session_start()
if (isset($_SESSION['username'])){
	$username = $_SESSION['username'];
}else{
	die('Go away, you're not registered');
}

You might be expecting the old, bad behavior of “Auto-Globals”, where
PHP used to automatically expand every form of a variable into the
global scope as soon as the script loaded, which could lead to all
sorts of badness in the form of:

yourserver.com/admin.php?superuser=true

…giving the attacker extra privileges.

You only ever call session_start() once per page, and once you have
called it, you can access any of the session variables (if they exist)
by name using the $_SESSION super-global array. This array is present
at any level of your application, even within functions, without the
need to declare it with the global keyword.

Walter

On Dec 15, 2009, at 2:38 PM, DeltaDave wrote:

Mike I seem to have got into a circular argument that I cant fathom

I am using this
session_start();
$valid="kK-iopsey7";
session_register('valid');
$_SESSION['valid']=$valid;
session_register('username');
$_SESSION['username']=$username;
Which works fine on the page that then has
$date=date("H:i jS F Y");
if (($username=="mccallum_da") || ($username=="mccallum_ir") ||  
($username=="wyndcentre"))
{
print("Welcome back $username it is $date.");
}
else.......
But there is a link from this page to go to the next page which has
<?
ini_set('display_errors',1);
error_reporting(E_ALL);
include("php-lib/header_admin.php");
include("php-lib/header_cli.php");
include("php-lib/connect_inc.php");

$TableName="clients";
if (($username=="mccallum_da") || ($username=="mccallum_ir") ||  
($username=="wyndcentre"))
{
print("Hello $username welcome to $TableName.");
}
else......
I have added the error display in there and it is giving me: Notice:
Undefined variable: username in…

In this page should I have something like
$username=['username'];
I thought that the Session would bring the defined variable with it
to the subsequent pages.

David

dynamo mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

dynamo mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

MIKEBR_FW · December 15, 2009, 8:24pm

Just to add to Walter’s comments… what you are getting is a notice
not an error, you can change the error_reporting setting in your
php.ini file although it is considered better programming practice to
stop this from happening at the outset, the code that Walter showed
should stop this notice.

In future if you want to avoid these notices (if your php.ini file is
set to show them) then just check if the variable exists, if it
doesn’t then give it an empty string value.

You can also use:
error_reporting(E_ALL ^ E_NOTICE);

at the top of your file which should stop these notices.

On Dec 15, 2009, at 8:38 PM, DeltaDave wrote:

Mike I seem to have got into a circular argument that I cant fathom

I am using this
session_start();
$valid="kK-iopsey7";
session_register('valid');
$_SESSION['valid']=$valid;
session_register('username');
$_SESSION['username']=$username;
Which works fine on the page that then has
$date=date("H:i jS F Y");
if (($username=="mccallum_da") || ($username=="mccallum_ir") ||  
($username=="wyndcentre"))
{
print("Welcome back $username it is $date.");
}
else.......
But there is a link from this page to go to the next page which has
<?
ini_set('display_errors',1);
error_reporting(E_ALL);
include("php-lib/header_admin.php");
include("php-lib/header_cli.php");
include("php-lib/connect_inc.php");

$TableName="clients";
if (($username=="mccallum_da") || ($username=="mccallum_ir") ||  
($username=="wyndcentre"))
{
print("Hello $username welcome to $TableName.");
}
else......
I have added the error display in there and it is giving me: Notice:
Undefined variable: username in…

In this page should I have something like
$username=['username'];
I thought that the Session would bring the defined variable with it
to the subsequent pages.

David

dynamo mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

dynamo mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

David_McCallum · December 15, 2009, 11:33pm

Thanks again to you both - with your assistance I am now getting the email notifications that I was hoping for.

I am still working through this but I am getting closer to the big switch over (over christmas hols) when the site will be run from it new host with register_globals: off when before they were on.

I am sure there will be more little problems but I am feeling more confident about the whole thing.

Thanks again.

D

dynamo mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

David_McCallum · December 20, 2009, 11:43pm

OK I am getting there but what I am trying to do is output the $username that is currently being displayed as the full name of the user which is stored in the table as firstname and surname

What I currently have is

{
print("Welcome back $username");
}

Instead I think I want something like

{
$Query="SELECT * FROM $TableName WHERE username='$username'";
$Result=mysql_db_query ('firstname'=$firstname, 'surname'=$surname);
print("Welcome back $firstname."&nbsp".$surname");
}

But of course it doesn’t work.

Please point me in the right direction - I know this is pretty basic but I have brain freeze to go with our wintry weather.

David

dynamo mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

MIKEBR_FW · December 21, 2009, 9:14am

Dave,
There are different ways to get information from a database but what
you are trying wouldn’t work because your code would not do
anything are you not getting any errors from it? anyway…

I think the best thing to do is to get a book like PHP and MySQL Web
Development, ISBN 0-672-32525-X, there are several mistakes you are
making that would say you should read something on php and MySql.

You can’t write query string like you have, the ‘=’ and the ‘,’ are
outside the string for example:

‘firstname’=$firstname, ‘surname’=$surname

nor can you write a string like:

“Welcome back $firstname.”&nbsp".$surname"

you need to use a ‘.’ to join two php strings or you might get away
with “Welcome back $firstname&nbsp$surname” but I personally would use
'Welcome back ’ . $firstname . ‘&nbsp’ . $surname; or 'Welcome back
’ . $firstname . ’ ’ . $surname;

If your query string was right then it wouldn’t do anything anyway as
you are not making the query properly, not sure what you where using
as a guide on this but change to something else… the book above is
money well spent.

The following line is passing a query string to a variable
$Query=“SELECT * FROM $TableName WHERE username=‘$username’”;

The following line using the query string in making a query to the
database, so in the this case there is no connection between your
query string and what you are using to make the query:

$Result=mysql_db_query (‘firstname’=$firstname, ‘surname’=$surname);

Try using the following code:

This is by no means complete but it adds a little checking for failing
gracefully, you would need to add some security relative to how secure
you want your database and the pages to be that are being accessed
from giving entry to someone.

if ($TableName && $username) {

     // Make the database connect here
     // NOTE: You need to place the include to your connection code or  
make the connection here

     // Set the query string to a PHP variable
     $Query = "SELECT * FROM " . $TableName . "WHERE username='" .  
$username . "'";
     // Perform query
     $Result = @mysql_query($Query) or die ($Query, __LINE__,  
mysql_error());

     $num_rows = @mysql_num_rows($Result);

     if ($num_rows==1) { // Are there any matches

         $row = mysql_fetch_array($the_rslt);

         $surname		   = stripslashes($row['surname']);
         $firstname		   = stripslashes($row['firstname']);

         print("Welcome back " . $firstname . "&nbsp" . $surname);
     } else {
         print("No user listed");
     }

    // Close the connection: mysql_close(Could have the conection  
here, depends on how you make the connection).
     mysql_close();
} else {
     print("No TableName or username");
}

HTH

On Dec 21, 2009, at 12:43 AM, DeltaDave wrote:

OK I am getting there but what I am trying to do is output the
$username that is currently being displayed as the full name of the
user which is stored in the table as firstname and surname

What I currently have is
{
print("Welcome back $username");
}
Instead I think I want something like
{
$Query="SELECT * FROM $TableName WHERE username='$username'";
$Result=mysql_db_query ('firstname'=$firstname, 'surname'=$surname);
print("Welcome back $firstname."&nbsp".$surname");
}
But of course it doesn’t work.

Please point me in the right direction - I know this is pretty basic
but I have brain freeze to go with our wintry weather.

David

dynamo mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

dynamo mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options