I'm Learning But Stumped... Session Help

A beginner who has learned much the past few weeks but needs a bit of

  • (3 Pages)
  • +
  • 1
  • 2
  • 3

32 Replies - 1875 Views - Last Post: 17 December 2008 - 02:39 AM Rate Topic: -----

#16 RayRayAngel  Icon User is offline

  • New D.I.C Head
  • member icon

Reputation: 1
  • View blog
  • Posts: 39
  • Joined: 15-December 08

Re: I'm Learning But Stumped... Session Help

Posted 16 December 2008 - 04:05 AM

Valek I'm pretty sure you are right now that I am looking at it. Sadly Facebook won't let me see what the errors are. It just spits out PHP ERROR. They really need to get it together and allow me to see the issue.

On another note I shouldn't be allowed to write code with no sleep ;)
Was This Post Helpful? 0
  • +
  • -

#17 danny_kay1710  Icon User is offline

  • D.I.C Regular
  • member icon

Reputation: 29
  • View blog
  • Posts: 359
  • Joined: 27-April 08

Re: I'm Learning But Stumped... Session Help

Posted 16 December 2008 - 04:57 AM

Although it may to be too late now for future reference to do sessions in PHP you need to add the line
session_start();



This line must be above the <html> tag i believe (not 100% sure) so i would try to add this at the top of your page.

Then you can store variables by using
$_SESSION['varName']='varText';



Then you could store all the details of who is logged in here to save you some database space and query time. Remember tho sessions can be spoofed so I would store enough to revalidate the user as a valid login.

Something you may want to play around with is storing the username in a session any maybe the password md5 hash if these don't match with the database don't keep them logged in etc.

And for a session as previously mentioned it lasts until the browser is closed, so you wouldn't need to worry about time outs.

This post has been edited by danny_kay1710: 16 December 2008 - 04:59 AM

Was This Post Helpful? 0
  • +
  • -

#18 alexander7567  Icon User is offline

  • New D.I.C Head

Reputation: 1
  • View blog
  • Posts: 21
  • Joined: 26-November 08

Re: I'm Learning But Stumped... Session Help

Posted 16 December 2008 - 08:13 AM

wait.. they can be spoofed? oh crap lol. can you show me how to make a random string of numbers so i can use this to authenticate the session.. I have been working on security on my websites, and i didn't even kno it could be spoofed!


{new post}
never mind, i got it! jus for anybody else that needs to kno.. its

int rand  ( int $min  , int $max  )



guess i will be rewriting my login pages on my day off school haha

This post has been edited by alexander7567: 16 December 2008 - 08:14 AM

Was This Post Helpful? 1
  • +
  • -

#19 danny_kay1710  Icon User is offline

  • D.I.C Regular
  • member icon

Reputation: 29
  • View blog
  • Posts: 359
  • Joined: 27-April 08

Re: I'm Learning But Stumped... Session Help

Posted 16 December 2008 - 08:59 AM

Yes sessions can be hacked.

And their data is viewable with Firefox and possibly other browsers. Although I am not a web security expert I wouldn't worry too much as long as passwords are stored as an md5 hash.

But since you have something above you could store a random string of numbers in the DB and obviously if the sessions doesn't match with this then something is wrong.Then it's how often do you update it.

It's simple enough to encrypt passwords as well just use md5(string_to_encrypt); - i say encrypt it's technically a hash cos you won't be able to reverse it back to a password from a hash.

EDIT: I haven't had a proper look at this but maybe it could help - it looked good to me at first http://www.sitepoint...ssion-security/

This post has been edited by danny_kay1710: 16 December 2008 - 09:01 AM

Was This Post Helpful? 1
  • +
  • -

#20 RayRayAngel  Icon User is offline

  • New D.I.C Head
  • member icon

Reputation: 1
  • View blog
  • Posts: 39
  • Joined: 15-December 08

Re: I'm Learning But Stumped... Session Help

Posted 16 December 2008 - 02:26 PM

Interesting bits on session security. Really valuable information. I was thinking about sessions for the actual game play and can see now that encryption will be required to keep things fair if I do go that route.
Was This Post Helpful? 0
  • +
  • -

#21 Valek  Icon User is offline

  • The Real Skynet
  • member icon

Reputation: 543
  • View blog
  • Posts: 1,713
  • Joined: 08-November 08

Re: I'm Learning But Stumped... Session Help

Posted 16 December 2008 - 03:48 PM

For an extra layer of security, try generating a random number and getting the md5 hash of it, using it as a session ID of sorts. The md5 hash will make it harder for someone to study your session IDs and predict what they might be. Or making a script of some sort to "count" through them until it finds a hit.
Was This Post Helpful? 0
  • +
  • -

#22 RayRayAngel  Icon User is offline

  • New D.I.C Head
  • member icon

Reputation: 1
  • View blog
  • Posts: 39
  • Joined: 15-December 08

Re: I'm Learning But Stumped... Session Help

Posted 16 December 2008 - 04:18 PM

Excellent advice that I will look at once I get past the initial problem of still not being able to get the math working properly. I've done 300 revisions and decided to just give up. 300 times is just 2 many for me to try right now.
Was This Post Helpful? 0
  • +
  • -

#23 alexander7567  Icon User is offline

  • New D.I.C Head

Reputation: 1
  • View blog
  • Posts: 21
  • Joined: 26-November 08

Re: I'm Learning But Stumped... Session Help

Posted 16 December 2008 - 04:34 PM

sadly i have no encryption or hashes or anything like that. i can go to the sql server and see all the passwords and everything. The main security i have been working on is sql injection and things like that. So i guess i have a whole lot more to do!

you cant give up! u have a good idea goin..
Was This Post Helpful? 0
  • +
  • -

#24 RayRayAngel  Icon User is offline

  • New D.I.C Head
  • member icon

Reputation: 1
  • View blog
  • Posts: 39
  • Joined: 15-December 08

Re: I'm Learning But Stumped... Session Help

Posted 16 December 2008 - 04:36 PM

I need a break from it LOL. I've been working on it nearly nonstop for two weeks. Of course a break will most likely only mean watching a few episodes of Family Guy and then taking another crack at it LOL
Was This Post Helpful? 0
  • +
  • -

#25 RayRayAngel  Icon User is offline

  • New D.I.C Head
  • member icon

Reputation: 1
  • View blog
  • Posts: 39
  • Joined: 15-December 08

Re: I'm Learning But Stumped... Session Help

Posted 16 December 2008 - 05:24 PM

Here is the code I am having trouble with... I'm downloading the trial of NuSphere PHPED to see if it can help me any.

$con = mysql_connect("$db_ip","$db_user","$db_pass");
if (!$con)
  {
  die('Error Fetching Units: ' . mysql_error());
  }

mysql_select_db("$db_name", $con);

$result = mysql_query("SELECT * FROM Users
WHERE UserID='$user'");

while($row = mysql_fetch_array($result))
  {
  $original_login = $row['Login'];
  $without_bonus = $row['Units'];
  $bonus_value = $row['Bonus'];
  }
// Fetch Original Units

$current_time = time();
// Fetch Current Time

$new_time = $current_time-$original_login;
// Do The Math

echo "Current:";
print $current_time;
echo "<br />";
echo "Original:";
print $original_login;
echo "<br />";
echo "New Time:";
print $new_time;
echo "<br />";
// Test Variables

if ($original_login == 0){
 mysql_query("UPDATE Users SET Login = '$current_time' WHERE UserID='$user'");
 echo "Sorry. Setting a value and starting the timer now.";
 }
else{
 echo "";
 }
// What to do on first time.

if ($newtime>=14400){
 echo "Over 4 Hours! Bonus Awarded!";
 $with_bonus = $without_bonus+$bonus_value;
 mysql_query("UPDATE Users SET Units = '$with_bonus' WHERE UserID='$user'");
 mysql_query("UPDATE Users SET Login = '$current_time' WHERE UserID='$user'");
 }
elseif ($newtime<14400) {
 echo "Nothing Awarded. Under 4 Hours.";
 } 
else {
 echo "I FAIL AT PHP. I can't keep this most basic section working. Give up already. It has been over 301 revisions.";
 }
// What To Do Hours



The math is correct and it shows a value bigger then 14400 but it always says its not bigger then that. Hoping this program will help as it seems to be recommended on this site extensively.
Was This Post Helpful? 0
  • +
  • -

#26 CTphpnwb  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 3100
  • View blog
  • Posts: 10,889
  • Joined: 08-August 08

Re: I'm Learning But Stumped... Session Help

Posted 16 December 2008 - 05:31 PM

$newtime != $new_time

$newtime has not been set, and is therefore null, which is less than anything else.
Was This Post Helpful? 0
  • +
  • -

#27 RayRayAngel  Icon User is offline

  • New D.I.C Head
  • member icon

Reputation: 1
  • View blog
  • Posts: 39
  • Joined: 15-December 08

Re: I'm Learning But Stumped... Session Help

Posted 16 December 2008 - 05:35 PM

Wow thats twice I've done that. Here is a question for everyone... what is a good way to keep all of my variables straight? I keep having this issue.
Was This Post Helpful? 0
  • +
  • -

#28 Valek  Icon User is offline

  • The Real Skynet
  • member icon

Reputation: 543
  • View blog
  • Posts: 1,713
  • Joined: 08-November 08

Re: I'm Learning But Stumped... Session Help

Posted 16 December 2008 - 05:46 PM

Well, I know more than a couple of programmers who outline their programs before they write them. Part of this is straightening out variable names. Perhaps that would be useful for you.
Was This Post Helpful? 0
  • +
  • -

#29 CTphpnwb  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 3100
  • View blog
  • Posts: 10,889
  • Joined: 08-August 08

Re: I'm Learning But Stumped... Session Help

Posted 16 December 2008 - 06:03 PM

I think this is one of the many reasons for using OOP. If you use classes, your variables are generally confined to within the class, and you can declare them at the beginning. Then it's just a matter of copy/pasting the variables to where you need them.
$x = new some_object;
$x->some_variable="some value";
class some_object
	{
	var $some_variable;
	var $another_variable;
	function somefunction()
		{
		some code...
		}
	}


It may seem more complicated, but it helps to reduce the number of variables and keep them together where you're less likely to confuse them.
Was This Post Helpful? 0
  • +
  • -

#30 RayRayAngel  Icon User is offline

  • New D.I.C Head
  • member icon

Reputation: 1
  • View blog
  • Posts: 39
  • Joined: 15-December 08

Re: I'm Learning But Stumped... Session Help

Posted 16 December 2008 - 08:07 PM

Hmm I think writing out each variable and what it does in a separate file would be pretty helpful. Then when I need to use a variable I can just find it in the file and keep everything straight. I'm not familiar with the OOP concept but I will do some reading.
Was This Post Helpful? 0
  • +
  • -

  • (3 Pages)
  • +
  • 1
  • 2
  • 3