freelanceprogrammers.org Forum Index » PHP
Hi friends, can you help. Session and print out data
Joined: 28 May 2005
Posts: 2
Hi friends, can you help. Session and print out data
Hi friends,can you help me. i have 2 problem in php scripting.
1.when i use session and i want to redirect user to another page.
----------------------------------------------------------------
this script is part of "check_user.php".
$HTTP_SESSION_VARS["cust_id"]=$rec_cust[0];
$HTTP_SESSION_VARS["cust_nm"]=$rec_cust[1];
$HTTP_SESSION_VARS["passwd"]=$rec_cust[2];
session_register("cust_id");
#Redirect customer to book page
echo "<meta http-equiv=`refresh` content=`0;url=../show_buku.php`>";
and in another page i check the session, why the variable of current
session is alway say empty.
this script is part of "show_buku.php".
i check a session like this :
<?php
if(isset($HTTP_SESSION_VARS["cust_id"]))
{
#display page, if user had been login
........
........
}else
{
session_destroy();
echo "Sorry,You are not login yet.";
}
but the result of check the session is alway display :
.....
Sorry,You are not login yet.
--------------------------------------------------------------------
2.how to print out money with digit grouping in php. like this sample :
$money=10000;
input : $money or can take from MySQL record table;
the output that i want is 10.000;
.......+---------------------+
| Price of Book |
+---------------------+
|10.000 |
note : the script that i want is using php script no in MySQL Query
Language.
Thanks for your help.
Joined: 18 Jun 2005
Posts: 4
Hi friends, can you help. Session and print out data
On 6/18/05, deffleo <deffleo@...> wrote:
> Hi friends,can you help me. i have 2 problem in php scripting.
>
> 1.when i use session and i want to redirect user to another page.
...
add the following at the beginning of each PHP file:
//-- <code> --
if (!session_id() ) { session_start(); }
//-- </code> --
> --------------------------------------------------------------------
> 2.how to print out money with digit grouping in php. like this sample :
>
> $money=10000;
>
Check http://php.net/number_format
Also, check about locale
(BTW, I`m new to this group and this is my first message, so hello all! )
--
Juan Pablo Gil R.
Director OnFocus - de la Idea al Bit
http://www.onfocus.cl/
Joined: 04 Jun 2005
Posts: 4
Hi friends, can you help. Session and print out data
On Sat, Jun 18, 2005 at 08:48:01AM -0400, Juan Pablo Gil wrote:
> On 6/18/05, deffleo <deffleo@...> wrote:
> > Hi friends,can you help me. i have 2 problem in php scripting.
> >
> > 1.when i use session and i want to redirect user to another page.
>
> ...
>
> add the following at the beginning of each PHP file:
>
> //-- <code> --
> if (!session_id() ) { session_start(); }
> //-- </code> --
What about this one
(http://de3.php.net/manual/de/function.session-id.php#49873):
--- snip ---
Try this code snippet, from a book by a security expert who says this
is more secure to place on every page:
session_start();
$_SESSION[`name`] = "YourSession";
if (!isset($_SESSION[`initiated`]))
{
session_regenerate_id();
$_SESSION[`initiated`] = true;
}
--- snip ---
Cheers,
Martin
Joined: 18 Jun 2005
Posts: 4
Hi friends, can you help. Session and print out data
On 6/19/05, Martin Samesch <martin.samesch@...> wrote:
> --- snip ---
> Try this code snippet, from a book by a security expert who says this
> is more secure to place on every page:
>
> session_start();
> $_SESSION[`name`] = "YourSession";
>
> if (!isset($_SESSION[`initiated`]))
> {
> session_regenerate_id();
> $_SESSION[`initiated`] = true;
> }
> --- snip ---
Many thanks Martin!
Starting with you hint, I found this site, I guess it`s the book you
said: http://phpsec.org/projects/guide/4.html
In simplistic words, it says that a session_id could be hijacked by
some mechanism and rely only on that isn`t a secure choice. So, if you
need an extra bit of security it`s recommended to implement a more
slighlty sofisticated script like the one you sent above.
Anyway, the really simple line I sent is still correct, but not as
secure as the second option.
But now... I`ll add those lines to many projects I have already running :)
--
Juan Pablo Gil R.
Director OnFocus - de la Idea al Bit
http://www.onfocus.cl/
Joined: 04 Jun 2005
Posts: 4
Hi friends, can you help. Session and print out data
On Sun, Jun 19, 2005 at 08:23:48AM -0400, Juan Pablo Gil wrote:
> On 6/19/05, Martin Samesch <martin.samesch@...> wrote:
> > --- snip ---
> > Try this code snippet, from a book by a security expert who says this
> > is more secure to place on every page:
> >
> > session_start();
> > $_SESSION[`name`] = "YourSession";
> >
> > if (!isset($_SESSION[`initiated`]))
> > {
> > session_regenerate_id();
> > $_SESSION[`initiated`] = true;
> > }
> > --- snip ---
>
>
> Many thanks Martin!
>
> Starting with you hint, I found this site, I guess it`s the book you
> said: http://phpsec.org/projects/guide/4.html
Hey, great site! I hadn`t known it (is this correct english? ;-).
My "hint" rather was a question. ;-)
Many more thanks to you.
> [...]
> Anyway, the really simple line I sent is still correct, but not as
> secure as the second option.
>
> But now... I`ll add those lines to many projects I have already running :)
Metoo ;-)
Cheers,
Martin
Joined: 20 Jun 2005
Posts: 2
Hi friends, can you help. Session and print out data
Please try this code :
session_start();
$_SESSION["cust_id"]=$rec_cust[0];
$_SESSION["cust_nm"]=$rec_cust[1];
$_SESSION["cust_nm"]=$rec_cust[2];
And in another page you want to access this session variable use this code
session_start(); //this code must appear before any output to html
<?php
> if(isset($cust_id))
> {
> #display page, if user had been login
> ........
> ........
> }else
> {
> session_destroy();
> echo "Sorry,You are not login yet.";
> }
----- Original Message -----
From: "deffleo" <deffleo@...>
To: <php-objects@yahoogroups.com>
Sent: Saturday, June 18, 2005 19:39
Subject: [php-objects] Hi friends, can you help. Session and print out data
> Hi friends,can you help me. i have 2 problem in php scripting.
>
> 1.when i use session and i want to redirect user to another page.
> ----------------------------------------------------------------
> this script is part of "check_user.php".
>
> $HTTP_SESSION_VARS["cust_id"]=$rec_cust[0];
> $HTTP_SESSION_VARS["cust_nm"]=$rec_cust[1];
> $HTTP_SESSION_VARS["passwd"]=$rec_cust[2];
> session_register("cust_id");
>
> #Redirect customer to book page
> echo "<meta http-equiv=`refresh` content=`0;url=../show_buku.php`>";
>
> and in another page i check the session, why the variable of current
> session is alway say empty.
>
> this script is part of "show_buku.php".
> i check a session like this :
> <?php
> if(isset($HTTP_SESSION_VARS["cust_id"]))
> {
> #display page, if user had been login
> ........
> ........
> }else
> {
> session_destroy();
> echo "Sorry,You are not login yet.";
> }
>
> but the result of check the session is alway display :
>
> .....
> Sorry,You are not login yet.
>
> --------------------------------------------------------------------
> 2.how to print out money with digit grouping in php. like this sample :
>
> $money=10000;
>
> input : $money or can take from MySQL record table;
> the output that i want is 10.000;
>
> .......+---------------------+
> | Price of Book |
> +---------------------+
> |10.000 |
>
> note : the script that i want is using php script no in MySQL Query
> Language.
>
> Thanks for your help.
>
>
>
>
> PHP Data object relational mapping generator -
http://www.meta-language.net/
> Yahoo! Groups Links
>
>
>
>
>
>
>
Joined: 20 Jun 2005
Posts: 1
Hi friends, can you help. Session and print out data
henri <henri@...> 写道:
Please try this code :
session_start();
$_SESSION["cust_id"]=$rec_cust[0];
$_SESSION["cust_nm"]=$rec_cust[1];
$_SESSION["cust_nm"]=$rec_cust[2];
And in another page you want to access this session variable use this code
session_start(); //this code must appear before any output to html
<?php
> if(isset($cust_id))
> {
> #display page, if user had been login
> ........
> ........
> }else
> {
> session_destroy();
> echo "Sorry,You are not login yet.";
> }
----- Original Message -----
From: "deffleo" <deffleo@...>
To: <php-objects@yahoogroups.com>
Sent: Saturday, June 18, 2005 19:39
Subject: [php-objects] Hi friends, can you help. Session and print out data
> Hi friends,can you help me. i have 2 problem in php scripting.
>
> 1.when i use session and i want to redirect user to another page.
> ----------------------------------------------------------------
>i always like this:
<?php
ob_start();
session_start();
$cust_id=$rec_cust[0];
$cust_nm=$rec_cust[1];
$cust_nm=$rec_cust[2];
session_register("cust_id");
session_register("cust_nm");
session_register("cust_nm");
?>
And in another page you want to access this session variable use this code
<?php
ob_start;
session_start();
if(isset($_SESSION["cust_id"]))
> {
> #display page, if user had been login
> ........
> ........
> }
else
> {
> session_destroy();
> echo "Sorry,You are not login yet.";
> }
?>
you can try this. :-)
> --------------------------------------------------------------------
> 2.how to print out money with digit grouping in php. like this sample :
>
> $money=10000;
>
> input : $money or can take from MySQL record table;
> the output that i want is 10.000;
>
> .......+---------------------+
> | Price of Book |
> +---------------------+
> |10.000 |
>
> note : the script that i want is using php script no in MySQL Query
> Language.
>
> Thanks for your help.
>
>
>
>
> PHP Data object relational mapping generator -
http://www.meta-language.net/
> Yahoo! Groups Links
>
>
>
>
>
>
>
PHP Data object relational mapping generator - http://www.meta-language.net/
---------------------------------
Yahoo! Groups Links
To visit your group on the web, go to:
http://groups.yahoo.com/group/php-objects/
To unsubscribe from this group, send an email to:
php-objects-unsubscribe@yahoogroups.com
Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.
---------------------------------
DO YOU YAHOO!?
雅虎免费G邮箱-中国第一绝无垃圾邮件骚扰超大邮箱
[Non-text portions of this message have been removed]
Joined: 18 Jun 2005
Posts: 4
Hi friends, can you help. Session and print out data
On 6/19/05, henri <henri@...> wrote:
> Please try this code :
> session_start();
> $_SESSION["cust_id"]=$rec_cust[0];
> $_SESSION["cust_nm"]=$rec_cust[1];
> $_SESSION["cust_nm"]=$rec_cust[2];
>
> And in another page you want to access this session variable use this code
> session_start(); //this code must appear before any output to html
> <?php
> > if(isset($cust_id))
> > {
> > #display page, if user had been login
> > ........
> > ........
> > }else
> > {
> > session_destroy();
> > echo "Sorry,You are not login yet.";
> > }
>
Hello Henri. Your code assumes that register_globals is set "on"
(otherwise $cust_id would have no value). But in such case,
$cust_id === $_SESSION[`cust_id`] === $_GET[`cust_id`]
so you could easily break the system just by adding that parameter in the URL:
http://example.com/another_page.php?cust_id=1
It`s safer to always use the long form of variables, even if
register_globals are on, i.e, $_SESSION[`varname`] instead of
$varname.
--
Juan Pablo Gil R.
Director OnFocus - de la Idea al Bit
http://www.onfocus.cl/
All times are GMT
Page 1 of 1
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Freelace Website Designer - Customer web design and software building.
China Wholesale - Electronics Products
Character Studio - Tutorials and Help
China Wholesale - Electronics Products
Character Studio - Tutorials and Help