SitePoint Sponsor

User Tag List

Page 1 of 11 12345 ... LastLast
Results 1 to 25 of 295

Hybrid View

  1. #1
    SitePoint Zealot
    Join Date
    Jan 2002
    Location
    london
    Posts
    110
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Managing Users with PHP Sessions and MySQL

    hi folks

    i read kevin yank's article Managing Users with PHP Sessions and MySQL, it is very interesting but i have one problem.

    kevin says to use a php.ini file to include certain bits of code. i have spoken with my hosting company and they say they dont allow me access to the php.ini file on the server but i can create an .htaccess file. is there a way to achieve the same results using .htaccess instead?

    thanks

    A
    give me all your lentils

  2. #2
    SitePoint Evangelist galt's Avatar
    Join Date
    Apr 2002
    Posts
    461
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Several comments here recently about this. Try a search on htaccess.

  3. #3
    SitePoint Addict itsource's Avatar
    Join Date
    Jun 2001
    Location
    Thailand
    Posts
    369
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You don't need to edit php.ini file.

    for include file, use can paste include file in the same directory of your php file and use

    include "/home/yourpath/include.inc.php";
    I live in Thailand. My English grammar not well.

  4. #4
    SitePoint Zealot
    Join Date
    Jan 2002
    Location
    london
    Posts
    110
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi guys, thanks for your replies,

    itsource: the reason i was asking was because kevin seems to suggest that putting the include files in your web directory is not secure in the event that php stops working on the server....

    In either case, you can choose to put your include files in the same directory as the file(s) that use them, or place them in the appointed directory. The latter choice is a safer for files containing sensitive information like passwords, because if the PHP support in your Web server ever fails, the information in PHP files not stored below your server's Web root directory will not be exposed to prying eyes.
    give me all your lentils

  5. #5
    SitePoint Author Kevin Yank's Avatar
    Join Date
    Apr 2000
    Location
    Melbourne, Australia
    Posts
    2,571
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Lentildal,

    Your hosting company is right -- you can modify PHP's include directory setting (normally configured in php.ini) with an .htaccess file in your site's root directory.

    Just create a text file called .htaccess in the root directory of your site that contains one line like the following:
    Code:
    php_value include_path .:/path/to/includes
    where /path/to/includes is the full path to the directory outside your Web root where you want to store your PHP include files.

    Of course, with a reputable hosting company it's fairly unlikely that they'll ever break PHP support and expose your scripts to the world, but you can never be too careful.
    Kevin Yank
    CTO, sitepoint.com
    I wrote: Simply JavaScript | BYO PHP/MySQL | Tech Times | Editize
    Baby’s got back—a hard back, that is: The Ultimate CSS Reference

  6. #6
    SitePoint Zealot
    Join Date
    Mar 2003
    Location
    Canada
    Posts
    108
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    database occurred

    Hiya all

    with this arcticle using the code provided , two thing's have happend to
    i get and error message saying (database is down ) or after i fill out the form and sumit it go to a pop and say a database error occurred in the processing of you submission.If persists contact etc....

    one part of the code i',m not clear on is for the .db file
    function dbConnect($db="")

    and the other part is with .signup

    // Process signup submission
    dbConnect('sessions); what must I place instead of sessions can it just be a name of a current db on the server example: members
    and does this need to be changed in other file for accesscontrol?

    also i do not have access to my php.ini because it on my webhost server

    so in the signup file

    do make the path changes to this part of the code:

    include("common.php");
    include("db.php");

    Example:

    include("host/public/php/common.php");
    include("host/public/php/db.php");

    whould any of the changes help with my error messesges

  7. #7
    SitePoint Author Kevin Yank's Avatar
    Join Date
    Apr 2000
    Location
    Melbourne, Australia
    Posts
    2,571
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    You need to change the dbConnect('sessions') line so that it contains the name of the database you want to use on your MySQL server. So if you store all the tables related to access control on your site in a database called 'members', then change the line to say dbConnect('members').

    Since accesscontrol.php is the only file that calls dbConnect(), that's the only place you need to make this change.

    I doubt you'll need to change the include() calls, as long as the files are in the same directory as accesscontrol.php on your server. If they were causing problems, you'd be seeing error messages about them.
    Kevin Yank
    CTO, sitepoint.com
    I wrote: Simply JavaScript | BYO PHP/MySQL | Tech Times | Editize
    Baby’s got back—a hard back, that is: The Ultimate CSS Reference

  8. #8
    SitePoint Zealot
    Join Date
    Mar 2003
    Location
    Canada
    Posts
    108
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    about the dbConnect('sessions') line

    can this line be but this way
    example:from the accesscontrol.php
    dbConnect('members_mysite_jp') since it's with my webhost
    thats how they tell me to right the path

    also would i need to do this
    for the .db
    example: function dbConnect($db="members_mysite_jp") {

    here the example from my host
    Creating a database
    You can create a maximum of 2 databases if you own a SILVER or higher package. This option allows you to create an entirely new, empty database.

    To create a database, click on the Databases tab from the "Database Manager" page. Select the "Create" option from the "Select" list and choose Database from the second list. Enter the name of the database you want to create and click the "Build SQL Query" button. The detail of SQL query will be displayed at the bottom of the page. After reviewing the detail of SQL query click the "Run SQL Query" button to complete the operation. The results of operation will be displayed at the bottom of the page.

    Your user name is appended to the end of every database name. The Total maximum length is 64 characters long and any "." (dot) or "-" (dash) in the database name is automatically converted to "_" (underscore).

    For example if you choose "customers" as your database name and your domain is mycar.com, the complete database name will be:

    customers_mycar_com

    example 2 from host
    Connecting to your database
    In order to connect to the database you have created, you need the following arguments to include in your application/script:

    MySQL server name (hostname): megasqlservers.com

    Database user name: dbm.yourdomain

    example: dbm.mycar.com

    Password: The password will be the same as your Database Manager password.

    Database name: It will be the complete name of database as outlined in

    man kevin thanks for the first reply sorry for the long thread i'm a new but working hard haahah which new book of your would you recomend ?

  9. #9
    SitePoint Author Kevin Yank's Avatar
    Join Date
    Apr 2000
    Location
    Melbourne, Australia
    Posts
    2,571
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by deuce777
    can this line be but this way
    example:from the accesscontrol.php
    dbConnect('members_mysite_jp') since it's with my webhost
    thats how they tell me to right the path
    That will work just fine, yes.
    also would i need to do this
    for the .db
    example: function dbConnect($db="members_mysite_jp") {
    NO! The whole point of providing the database name when you call dbConnect() is so that you don't need to specify it in the db.php file! The code:
    Code:
    function dbConnect($db="") {
    means "create a function named dbConnect that takes a single parameter and stores it in the variable $db. If no value is given for the parameter when the function is called, give it a value of "" (the empty string). You do need to provide your database server's hostname, username and password at the top of db.php, but that's it!
    man kevin thanks for the first reply sorry for the long thread i'm a new but working hard haahah which new book of your would you recomend ?
    I'd recommend the 2nd edition of my "Build Your Own Database Driven Website using PHP and MySQL".
    Kevin Yank
    CTO, sitepoint.com
    I wrote: Simply JavaScript | BYO PHP/MySQL | Tech Times | Editize
    Baby’s got back—a hard back, that is: The Ultimate CSS Reference

  10. #10
    SitePoint Zealot
    Join Date
    Mar 2003
    Location
    Canada
    Posts
    108
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Thumbs up need help to display user sign up info back to the user

    hi kevin and other that can help

    is there a way for me to display back to the user there sign in imformation once the logged (kinda like it does on the protect page when a user login and is greeted with there user name?

    I want to display the user name address,company extra, on a page in the member area, so they can veiw there profile,

    could you give me sample line that would work ?

    also I want to add a form so the user can edit there contact info or password themselves once the have logged in

    can i use the same form as my sign-up with a few changes that allow that allow them to edit and or delete to enter the new content?

    here's and example :

    $sql = new CDBMySQL("localhost", "username", "password", "dbname");
    $sql -> Query ("SELECT fullname, userid FROM profiles");
    while ($sql -> ReadRow()) {
    echo $sql -> RowData["userid"] . ", ";
    echo $sql -> RowData["fullname"] . "<br>";
    }

    would this display what i want? i just found this one

    here my sample of my sign up input
    $sql = "INSERT INTO profiles
    SET userid = '$newid',
    password = PASSWORD('$newpass'),
    fullname = '$newname',
    email = '$newemail',
    notes = '$newnotes',
    txtCompanyName = '$txtCompanyName',
    txtTitle = '$txtTitle',
    txtAddress1 = '$txtAddress1',
    txtAddress2 = '$txtAddress2',
    txtCity = '$txtCity',
    ddmStateProvince = '$ddmStateProvince'";

    now i want to display this content back to them after the sign up
    so they can only view there own info and edit if the information has changed
    Last edited by deuce777; Apr 9, 2003 at 13:51.

  11. #11
    SitePoint Member Derfel Cadarn's Avatar
    Join Date
    Mar 2003
    Location
    Berlin
    Posts
    13
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by deuce777
    is there a way for me to display back to the user there sign in imformation once the logged (kinda like it does on the protect page when a user login and is greeted with there user name?
    Of course!
    Quote Originally Posted by deuce777
    can i use the same form as my sign-up with a few changes that allow that allow them to edit and or delete to enter the new content?
    ?
    I tried the same thing, but in my experience it results in one large file. I've split it: on my members-pages I've included a button "View/edit my profile", which links to a member-page where the MySQL-things are located.
    Quote Originally Posted by deuce777
    while ($sql -> ReadRow()) {
    echo $sql -> RowData["userid"] . ", ";
    echo $sql -> RowData["fullname"] . "<br>";
    }
    ?
    I'm not sure wether that would do the thing, My sollution was as follows:

    <?php
    include("mem_accesscontrol.php");
    /*
    * Name: ~guest.php
    * Author: Ad Verdaasdonk
    * Created on: 09.03.2003 15:28:06
    */

    $css="../css/mem_form.css";
    include(
    "mem_header.php");
    include(
    "mem_navbar.php");

    blahblah
    /* Connecting, selecting database */
    $link = mysql_connect("host", "db", "pw")or die("Could not connect");
    // print "Connected successfully";
    mysql_select_db("memb") or die("Could not select database");

    blahblah
    $query = "SELECT $field FROM $db WHERE userid='$uid'";
    $result = mysql_query($query) or die("Query failed");
    /* Printing results in HTML */
    print "<form action='mem_update.php' method='post'>";
    print
    "<input type='hidden' name='uid' value='".$uid."'>";
    print
    "<input type='hidden' name='db' value='".$db."'>";
    while (
    $line = mysql_fetch_array($result, MYSQL_ASSOC)) {
    foreach (
    $line as $key=>$elem) {

    blahblah
    print "<tr><td width='90'>".$veldnaam["$key"]."/td>";
    print
    "<td width='200'>$elem</td>";
    print
    "<td width='150'><input type='text' name='$key' size='30' maxlength='50' value='$elem'></td></tr>";
    print
    "<input type='reset' value=' Cancel '> &nbsp;&nbsp;";
    print
    "<input type='submit' value=' Submit ' name='submit2'></center></td></tr>";
    print
    "</table></center>";
    print
    "</form>";

    **************
    Actually I've cut a few things out, but the principle should be clear, I hope. B.t.w.: I don't get this PHP-tag-thing to work correctly, I must be doing something wrong. Sorry. If someone could let me know how I should use them, please let me know! Thanx

    ------------------------------------------
    "In a forum no one can here you cry"
    ------------------------------------------

  12. #12
    SitePoint Zealot
    Join Date
    Mar 2003
    Location
    Canada
    Posts
    108
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    How can I allow my user to update the profile once there logged in, by using a form does and any one have a sample on how to do this with Kevien artical?

  13. #13
    SitePoint Zealot
    Join Date
    Mar 2003
    Location
    Canada
    Posts
    108
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Uploads for user to veiw

    Hi Help with this?
    What I am trying to do is extent kevin script, I already have a upload the user can use to send me files, what i want to do is be able to place pdf? for example in there table so when the log in and go to the profile page on the site, the can veiw there file i place only for that user? Can this be done does any one have any ideas? would be a big help

    1: how can i upload the pdf"s to the table?

    2: how can i make so they can only view there files? and so others can't veiw there file's

    3. can this be done with kevin's accesscontrol?

    4. would it be better to place the file on my server and not in the database, yet this only give the permission to the right person, I only want them to view the file that it.

    if any one can help start me of on this would be a biggy thanks

  14. #14
    SitePoint Enthusiast
    Join Date
    Sep 2003
    Location
    maine
    Posts
    60
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    blank screen

    Hi Kevin,
    Great article. I've read it a few times now, and read through all 9 pages of this thread, and I still can't quite figure out what I've got wrong.
    When I signup a new user, my dbase is updated, the email works, etc.
    But then when I go to protectedpage.php, and log in, it takes me to a blank screen. Once it said "site database is unavailable" but the other times its just a blank screen.
    If I enter false login info, I still get the Access Denied page. I've pasted my accesscontrol.php below. Any ideas?
    Thanks.

    Code:
    <?php // accesscontrol.php
    include_once 'common.php';
    include_once 'db.php';
    
    session_start();
    
    $uid = isset($_POST['uid']) ? $_POST['uid'] : $_SESSION['uid'];
    $pwd = isset($_POST['pwd']) ? $_POST['pwd'] : $_SESSION['pwd'];
    
    if(!isset($uid)) {
      ?>
      <!DOCTYPE html PUBLIC "-//W3C/DTD XHTML 1.0 Transitional//EN"
        "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
      <html xmlns="http://www.w3.org/1999/xhtml">
      <head>
        <title> Please Log In for Access </title>
        <meta http-equiv="Content-Type"
          content="text/html; charset=iso-8859-1" />
      </head>
      <body>
      <h1> Login Required </h1>
      <p>You must log in to access this area of the site. If you are
         not a registered user, <a href="signup.php">click here</a>
         to sign up for instant access!</p>
      <p><form method="post" action="<?=$_SERVER['PHP_SELF']?>">
        User ID: <input type="text" name="uid" size="8" /><br />
        Password: <input type="password" name="pwd" SIZE="8" /><br />
        <input type="submit" value="Log in" />
      </form></p>
      </body>
      </html>
      <?php
      exit;
    }
    
    $_SESSION['uid'] = $uid;
    $_SESSION['pwd'] = $pwd;
    
    dbConnect("dbase");
    $sql = "SELECT * FROM user WHERE
            userid = '$uid' AND password = PASSWORD('$pwd')";
    $result = mysql_query($sql);
    if (!$result) {
      error('A database error occurred while checking your '.
            'login details.\\nIf this error persists, please '.
            'contact you@example.com.');
    }
    
    if (mysql_num_rows($result) == 0) {
      unset($_SESSION['uid']);
      unset($_SESSION['pwd']);
      ?>
      <!DOCTYPE html PUBLIC "-//W3C/DTD XHTML 1.0 Transitional//EN"
        "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
      <html xmlns="http://www.w3.org/1999/xhtml">
      <head>
        <title> Access Denied </title>
        <meta http-equiv="Content-Type"
          content="text/html; charset=iso-8859-1" />
      </head>
      <body>
      <h1> Access Denied </h1>
      <p>Your user ID or password is incorrect, or you are not a
         registered user on this site. To try logging in again, click
         <a href="<?=$_SERVER['PHP_SELF']?>">here</a>. To register for instant
         access, click <a href="signup.php">here</a>.</p>
      </body>
      </html>
      <?php
      exit;
    }
    
    $username = mysql_result($result,0,'fullname');
    ?>

  15. #15
    SitePoint Zealot
    Join Date
    May 2004
    Location
    Chicago
    Posts
    135
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Smile How will the code not be visible to the browser

    Quote Originally Posted by Kevin Yank
    Lentildal,

    Your hosting company is right -- you can modify PHP's include directory setting (normally configured in php.ini) with an .htaccess file in your site's root directory.

    Just create a text file called .htaccess in the root directory of your site that contains one line like the following:
    Code:
    php_value include_path .:/path/to/includes
    where /path/to/includes is the full path to the directory outside your Web root where you want to store your PHP include files.

    Of course, with a reputable hosting company it's fairly unlikely that they'll ever break PHP support and expose your scripts to the world, but you can never be too careful.
    11/11-How would this avoid someone seeing my code if the server was not working ?
    Last edited by Kevin Yank; Nov 11, 2004 at 23:17. Reason: Whoops -- unedited.

  16. #16
    SitePoint Author Kevin Yank's Avatar
    Join Date
    Apr 2000
    Location
    Melbourne, Australia
    Posts
    2,571
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by LemonHead
    11/11-How would this avoid someone seeing my code if the server was not working ?
    Because the sensitive code files are stored outside the Web root, they cannot be requested directly by a Web browser. So if PHP support fails, the files cannot be accessed over the Web and therefore cannot be compromised.
    Kevin Yank
    CTO, sitepoint.com
    I wrote: Simply JavaScript | BYO PHP/MySQL | Tech Times | Editize
    Baby’s got back—a hard back, that is: The Ultimate CSS Reference

  17. #17
    SitePoint Zealot
    Join Date
    May 2004
    Location
    Chicago
    Posts
    135
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Thumbs up Include Path

    Thanks Kevin. I bought the book "Database Driven Website" and I was doing really well until I hit Chapter 10 and includes. Since I use a web hosting company I was not sure what to do so I'm glad this forum is available for questions such as mine.

    LH
    Chicago,IL

  18. #18
    SitePoint Member
    Join Date
    Nov 2004
    Location
    wisconsin
    Posts
    1
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I have two sites using sessions to allow people to login. Each site uses the same session script and both are on the same server. If I log into one site, regardless if I logout, I cannot use the same browser window and immediately login into the second site without getting this error:

    Warning: session_register(): open(/tmp/sess_7171b3966735744f252403889edc7c9a, O_RDWR) failed: Permission denied (13) in /home/accountname/public_html/admin/login.php on line 2

    If I use a different window, I can login without any problems.

    Does anyone know why I have to use a new window and if there is a fix to this behavior? Or do I even want to fix it... is this a security issue?

    Thanks,
    David

  19. #19
    SitePoint Enthusiast
    Join Date
    Dec 2004
    Location
    wisconsin
    Posts
    45
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Kevin Yank
    Lentildal,

    Your hosting company is right -- you can modify PHP's include directory setting (normally configured in php.ini) with an .htaccess file in your site's root directory.

    Just create a text file called .htaccess in the root directory of your site that contains one line like the following:
    Code:
    php_value include_path .:/path/to/includes
    where /path/to/includes is the full path to the directory outside your Web root where you want to store your PHP include files.

    Of course, with a reputable hosting company it's fairly unlikely that they'll ever break PHP support and expose your scripts to the world, but you can never be too careful.
    So does this mean that you can modify settings in the php.ini file with an .htaccess file? If so does this mean that I can set a higher max file upload size limit within the .htaccess file, and if so what would the code look like to do so?

  20. #20
    SitePoint Enthusiast
    Join Date
    Jan 2005
    Location
    France
    Posts
    59
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I would just like to bump this thread up to say thanks.

    Thanks Kevin.

    Anyone know the best way to get a logout?



    Thanks all.

  21. #21
    SitePoint Zealot
    Join Date
    Mar 2003
    Location
    Canada
    Posts
    108
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    User redirect after accesscontrol check at login for current users

    Hello:

    could some help with , a redirect page, I have 2000 users signed up, for an account on my site, I have added a new field to my db table, which I want the already signed-up user to populate this new manatory field once they signed to fill in this form to get there new content, after fill it out then be direct to the protected page. Then all new users would just then fill out the new field from the sign up form,

    so how would I check the db and redirect if this field is empty? then they would be direct to a form to fill out this new data.

    would it be possible to use the accesscontrol with a elseif after it checks for there password and uid?

    any help would rock

  22. #22
    SitePoint Zealot
    Join Date
    Jan 2002
    Location
    london
    Posts
    110
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    hey kevin, thanks for replying

    dont i need to be able to open the php.ini file and paste in my php scripts to use it?

    my host said they wouldnt allow me access to the php.ini file.

    btw - thought your article was v. good

    thanks

    L
    give me all your lentils

  23. #23
    SitePoint Evangelist galt's Avatar
    Join Date
    Apr 2002
    Posts
    461
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Is there something wrong with the Sitepoint forums? I seem to remember this whole thread from two days ago. almost verbatim. It's deja vu all over again. Was I hallucinating? I wonder if I know what Saturday's Lotto numbers are going to be?

  24. #24
    SitePoint Author Kevin Yank's Avatar
    Join Date
    Apr 2000
    Location
    Melbourne, Australia
    Posts
    2,571
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    L,

    You don't need to put any code in your php.ini file, no. What gave you the impression that you did?
    Kevin Yank
    CTO, sitepoint.com
    I wrote: Simply JavaScript | BYO PHP/MySQL | Tech Times | Editize
    Baby’s got back—a hard back, that is: The Ultimate CSS Reference

  25. #25
    SitePoint Zealot
    Join Date
    Jan 2002
    Location
    london
    Posts
    110
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    er....where do i put the include files then?

    lets take "db.php" for example, with all my database details, which directory do i put that in?

    also a little further into the article you talk about changing the following options:

    session.save_handler = files
    session.save_path = C:\WINDOWS\TEMP
    session.use_cookies = 1

    do these not reside within the php.ini file?

    thanks, sorry if im being a bit simple.

    Lentil
    give me all your lentils


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •