Programming Tools
 
Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
 
User Name:
Password:
Remember me
 



Go Back   Dev Articles Community ForumsProgrammingProgramming Tools

Reply
Add This Thread To:
  Del.icio.us   Digg   Google   Spurl   Blink   Furl   Simpy   Y! MyWeb 
Thread Tools Search this Thread Display Modes
 
Unread Dev Articles Community Forums Sponsor:
  #31  
Old March 27th, 2003, 10:39 AM
Mary Mary is offline
Registered User
Dev Articles Newbie (0 - 499 posts)
 
Join Date: Mar 2003
Posts: 59 Mary User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 1 h 5 m 17 sec
Reputation Power: 0
About Ben's articles! I just have a brief review on his article. It is really great. But I think I have to get down to the basic, step by step so I can have a firm concept in creating auth issue. It would be easy for us to follow if we have some sample files like Wareseeker mentioned on his thread. Please make us some samples Joe!

Best regards,
Mary

Reply With Quote
  #32  
Old March 27th, 2003, 02:13 PM
jpenn jpenn is offline
Contributing User
Dev Articles Newbie (0 - 499 posts)
 
Join Date: Oct 2002
Location: Washington, DC
Posts: 317 jpenn User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 2 m 3 sec
Reputation Power: 17
Quote:
war>>
Hello Joe!

Could you please create some sample files how to use the object.session.php file. It would be easy for us to follow and learn from your code. Thanks.

Quote:
mary>>
It would be easy for us to follow if we have some sample files like Wareseeker mentioned on his thread. Please make us some samples Joe!


Well, it simple. Nothing changes from your normal sessions - syntax, functions, etc.. You would use the sessions exactly like you would would the default sessions provided by PHP. The main difference is that the package stores your session data in a DB instead of flat files - which in the end will equals a more efficient and secure session architecture.

So, once you download the package, the only thing you will have to do is execute the sql in the sql file to make your table in the DB, and open up the config file and add your DB connection params and you are set.

Now, the only thing that differs is the starting of the session - instead of using this ->
PHP Code:
 session_start(); 



In your page, you obviously have to include the 2 files, and then start the session ->
PHP Code:
include_once( 'config_file.php' );
incldue_once'object_file.php' );
new 
session(); 


that it, you session is started (or resumed from previous session) and using the DB to store the data.


PS: I think I put that info above in the .pdf file in the package - that should give you the usage of the package...
__________________
~ Joe Penn

We work for free to help make this a valuable resource on the internet. Do you appreciate the help - did we provide help that will help you prosper and help that has contributed to sharpening your current skill set?

Show your appreciation and purchase something from our Amazon Wishlist's - it's simple and a great way to say thank you.




Reply With Quote
  #33  
Old April 1st, 2003, 01:48 PM
wareseeker wareseeker is offline
Contributing User
Dev Articles Newbie (0 - 499 posts)
 
Join Date: Dec 2002
Posts: 71 wareseeker User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 15 m 7 sec
Reputation Power: 16
I am so stupid. I cannot do it. Please help Joe! Or maybe Mary might have something coming up...

Reply With Quote
  #34  
Old April 1st, 2003, 06:05 PM
jpenn jpenn is offline
Contributing User
Dev Articles Newbie (0 - 499 posts)
 
Join Date: Oct 2002
Location: Washington, DC
Posts: 317 jpenn User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 2 m 3 sec
Reputation Power: 17
Can't do what?

Reply With Quote
  #35  
Old April 1st, 2003, 11:04 PM
wareseeker wareseeker is offline
Contributing User
Dev Articles Newbie (0 - 499 posts)
 
Join Date: Dec 2002
Posts: 71 wareseeker User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 15 m 7 sec
Reputation Power: 16
Unhappy

I don't know how to use your package codes . I just don't know how to create other files based on your codes. I am frustrated of learing PHP. Please guide me a way.... Joe!

Reply With Quote
  #36  
Old April 24th, 2003, 07:23 PM
treycarroll treycarroll is offline
Registered User
Dev Articles Newbie (0 - 499 posts)
 
Join Date: Feb 2003
Location: TEXAS
Posts: 3 treycarroll User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 0
Please make criticisms constructive

I am somewhat frustrated with the way this thread has wound up. I invested hours studying the original code and more hours in correcting and altering it. I included helpful comments and did my best to allow others to benefit from my own struggle to learn the topic. It seems clear that jpenn is an advanced programmer, but his commentary on this thread has only served to tease the other members now that the links to the packages have been pulled. The only thing left now is the original article's code and my revised code which are apparently crappy because of the inherently weak architecture. And I'm just as ignorant about why that is as I was when I started out.

In regard to the other posts:

Mary and wareseeker ask for too much. They seemed to be saying "explain it to me". This isn't fair to jpenn, nor does it respect his time. Nobody has time to answer questions like that. I think his frustration comes across in the "explain what?" reply. I'd be frustrated too.

I didn't reply because I didn't know the answer to their cookie questions or they were too vague. My motto is this: I'll help you learn to 'fish', but I won't 'fish' for you.

Finally: to wareseeker. I write code for a living. It really ticks me off when people steal other people's hard work. I'm never going to willingly help somebody who's screen name is wareseeker. I'm barely scraping by right now and I'm still managing to pay for every tool I purchase to become a better programmer. It's painful, but it can be done. It's called integrity- look into it.

Reply With Quote
  #37  
Old April 27th, 2003, 12:49 AM
jpenn jpenn is offline
Contributing User
Dev Articles Newbie (0 - 499 posts)
 
Join Date: Oct 2002
Location: Washington, DC
Posts: 317 jpenn User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 2 m 3 sec
Reputation Power: 17
Quote:
but his commentary on this thread has only served to tease the other members now that the links to the packages have been pulled

treycarroll - sorry about pulling the links, I am not one to keep stuff hanging in my sig. The package is still available for download -> click here for page.

Sorry about that - and sorry for the late reply on your post...

Reply With Quote
  #38  
Old April 27th, 2003, 09:27 PM
wareseeker wareseeker is offline
Contributing User
Dev Articles Newbie (0 - 499 posts)
 
Join Date: Dec 2002
Posts: 71 wareseeker User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 15 m 7 sec
Reputation Power: 16
To: treycarroll, you are so mean, you blamed me for everythings. I think you are wrong I got it figured out since my last post It was three weeks ago. I stopped asking jpenn cause I knew how to do it and I was waiting for someone that might had the the same question as I had and would be willing to explain it to them. you should know that people are changing their sig frequently and you should know that this package is just a backing up for the wrong original article. It is not my fault due to asking to many questions.

Quote:
It really ticks me off when people steal other people's hard work. I'm never going to willingly help somebody who's screen name is wareseeker.


You better look at yourself, man. How many posts of yours that help others? You are the one who has intention to steal someone's work. You just sit in the back read and sneak others questions and answers and now you don't have what you want then youre starting to criticise others. If you just want to download jpenn's code why didn't you ask? youre not right. Thats all I would say to you what ever your nick is.

Reply With Quote
  #39  
Old May 12th, 2003, 08:25 AM
harvey_r01 harvey_r01 is offline
Contributing User
Dev Articles Newbie (0 - 499 posts)
 
Join Date: Jan 2003
Location: Bournemouth
Posts: 37 harvey_r01 User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 16
Hi Ya Folks,

Just a quickie for all u PHP Pros...
I keep getting the following error every time the function expire() calls destroy, well i've renamed it to destroy_sess() but same difference...

Fatal error: Call to undefined function: destory_sess() in sess.php on line 149

I have included my sess.php file, but am really stuck on this one, i will be very grateful for any advice...

Cheers All,

Harvey

PHP Code:
<?php // sess.php - All the functions to administer sessions

include("common.php");
include(
"db.php");

dbConnect();

// $host = "localhost";
// $user = "cheshire";
// $pass = "cheekies";
// $db = "BUDatabase";

// $dbc = mysql_connect($host,$user,$pass) or die("Cannot establish a connection to the database.");
// mysql_select_db($db,$dbc);

class session {

    var 
$key;
    var 
$timeout;

// start() will initialize the session by generating the session key or ID
function start($timeout "") {

    
// create an array with all the letters of the alphabet
    
$letters range("a","z");
    
// declare the $key variable
    
$key "";

    
// generate our sessions key formatted such as #a#aa#
    
for($i 0$i 6$i++) {
        if((
$i == 0) || ($i == 2) || ($i == 5))
            
$key .= rand(0,9);
        if((
$i == 1) || ($i == 3) || ($i == 4))
            
$key .= $letters[rand(0,25)];
    }

    
// store the sessions key in a method of the class
    
$this->key $key;

    
// perform a conditional to test if the user defined the timeout and if not store the default value.
    
if($timeout == "")
        
$this->timeout 7200// five minutes
    
else
        
$this->timeout $timeout;

    return 
0;
}

// this function will kill the session
function destroy_sess($key="") {

    if (!isset(
$key))  {
      
$key="";
    }
    
// fetch the user key from cookie
    
$this->key $_COOKIE["sess_key"];

    
// delete session from database
    
$query mysql_query("DELETE FROM sessions WHERE sess_key = '" $this->key "'") or die("query failed - line 59");

    
// remove cookie from the user's computer
    
$delete setcookie("sess_key" $this->keytime()-3600);

    if (
$query && $delete) {
        
header("Location: [url]http://www.dynamicwebprojects.co.uk/HTML/search.placement.php[/url]");
        exit;
    }
    return 
0;

}

function 
checkAcc($uname,$pwd) {
    
$sql "SELECT * FROM smstaff WHERE staffuname='" $uname "' AND password='" md5($pwd) . "'";
    
$result mysql_query($sql);
    if (!
$result) {
      
error("login404","sess.php - Line 73");
    }
    if (
mysql_num_rows($result) == 0) {
      
error("login404","sess.php - Line 73");
      
destroy_sess();
      exit;
    }
}

// this function will register a value to session. (only one value, see replace() to update the value)
function register($val) {

    
// if key is not generated run start()
    
if($this->key == "")
        
$this->start();

    
$insert mysql_query("INSERT INTO sessions (sess_key, val, ip, sec_expire, stamp_expire, access) VALUES ('" $this->key"', '" addslashes($val) . "' , '" $_SERVER["REMOTE_ADDR"] . "' , " $this->timeout "," . (time() + $this->timeout) . "," time() .");");

    
// set the cookie that will store the session key
    
setcookie("sess_key",$this->key,time()+3600);

}

function 
read() {

    
// set $sess_val global - the variable of the session value.
    
global $sess_val;

    
// if the cookie doesn't exisit send them back to the login screen.
    
if(!$_COOKIE["sess_key"]) {
        
header("Location: stafflogin.php");
        echo 
"Cannot Find Cookie - line 104";
        exit;
    }

    
// fetch the session key from the cookie.
    
$this->key $_COOKIE["sess_key"];

    
// fetch the session value
    
$query mysql_query("SELECT val FROM sessions WHERE sess_key = '" $this->key "'") or die("query failed - line 97");

    if(
mysql_num_rows($query) == 0) {
        
header("Location: stafflogin.php");
        echo 
"0 Values in query - line 100";
        exit;
    }

    
$fetch mysql_fetch_array($query);

    
// store the session value to $sess_val
    
$sess_val stripslashes($fetch["val"]);

    
// test if session has reached the expiration point
    
$this->expire();

    
// this code will only run if expire() returned falsed - we update the last access point to now.
    
$update mysql_query("UPDATE sessions SET access = " time() . " WHERE sess_key = '" $this->key "'") or die("query failed - line 114");

}

// this function will test if the user has been inactive for the defined timeout
function expire() {

    
// fetch the last access and expirations from the database
    
$query mysql_query("SELECT access, sec_expire, stamp_expire FROM sessions WHERE sess_key = '" $this->key "'") or die("query failed - line 114");
    
$fetch mysql_fetch_array($query);

    
$access $fetch["access"];
    
$expire $fetch["sec_expire"];
    
$timeout $fetch["stamp_expire"];

    
// test if session is expired based on defined timeout
    
if (($timeout $access) <= ($expire $expire)) {
        
$this->destory_sess();
        
//die("Your session has expired.  Please re-login.");
    
}
}

// this function will update the session value
function replace($val) {

    
// fetch the user key from cookie
    
$this->key $_COOKIE["sess_key"];

    
// update the database with the new value
    
$query mysql_query("UPDATE sessions SET val = '" $val "' WHERE sess_key = '" $this->key) or die("query failed - line 77");
}
}
?>

Reply With Quote
  #40  
Old June 3rd, 2003, 09:42 PM
crash4o4 crash4o4 is offline
Registered User
Dev Articles Newbie (0 - 499 posts)
 
Join Date: Jun 2003
Posts: 2 crash4o4 User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 0
Quote:
Originally posted by Mary
I have the same problem as Wareseeker had. All my codes uploaded into remote server(hosting service). When I tried to test the code by running my computer at home the cookie did not establish but it installed data into db.
And I tried on every computers at shool It worked perfectly but a small problem that when I logged out it did not redirect to the login.php instead of a blank white page.
Do you think that the browser did not create a cookie becuase I have Apache, PHP , and MySQL installed in my Win XP?
Does anyone or the Author of this article know the problem? Please help us. Greatly appreciate.

Regards,
Mary


First off, would like to say, thank you Brian Rosner for writting this article, it is a starting point for anyone interested in learning the basic of sessions.

Now for those people having problems with cookies, for someone reason there is two things that cause this, one is using IIS or apache in windows, you get the error cause your from the same ip/subnet and it takes that into account and gives you a error.

The best thing for testing is finding a free php host, I know there is a bunch and most offer free mysql database, or take into account to learn unix or linux which is way better to use for testing purpose.

I hope my little 2 cent advise helped out someone.

Reply With Quote
  #41  
Old June 5th, 2003, 11:32 AM
crash4o4 crash4o4 is offline
Registered User
Dev Articles Newbie (0 - 499 posts)
 
Join Date: Jun 2003
Posts: 2 crash4o4 User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 0
I was playing around with it and don't like how the session key is 6 numbers and char so I made it do 14 , here is the code.

// start() will initialize the session by generating the session key or ID
function start($timeout = "") {

// create an array with all the letters of the alphabet
$letters = range("a","z");


// generate our session's key formatted such as #a#aa#
for($i = 0; $i < 15; $i++)
{
if(($i == 0) || ($i == 2) || ($i == 5) || ($i == 7) || ($i == 9) || ($i == 11) || ($i == 13) )
$key .= rand(0,9);
if(($i == 1) || ($i == 3) || ($i == 4) || ($i == 8) || ($i == 10) || ($i == 12) || ($i == 14) )
$key .= $letters[rand(0,25)];
}

// store the session's key in a method of the class
$this->key = $key;
echo "$key";
// perform a conditional to test if the user defined the timeout and if not store the default value.
if($timeout == "")
$this->timeout = 300; // five minutes
else
$this->timeout = $timeout;
return 0;
}//end of function start


basically you can make the key as big as you want, to this you need to just change this values.

for($i = 0; $i < 15; $i++) << change the 15 to how high you wana go. so if you wanted to make a key 32 long, you would change the 15 to 33.

than

if(($i == 0) || ($i == 2) || ($i == 5) || ($i == 7) || ($i == 9) || ($i == 11) || ($i == 13) )
$key .= rand(0,9);
if(($i == 1) || ($i == 3) || ($i == 4) || ($i == 8) || ($i == 10) || ($i == 12) || ($i == 14) )
$key .= $letters[rand(0,25)];
}

in here you would add in both lines || ($i = num) on both lines , so the top would hold odd and on the bottem even numbers. by default the top and bottem went up to 5, so it looked like this

if(($i == 0) || ($i == 2) || ($i == 5) << this is from the top.

if(($i == 1) || ($i == 3) || ($i == 4) << bottem,

the line read this for($i = 0; $i < 6; $i++) << your saying in this line the key is less than 6 so the would be 5 char and numbers long.

I hope this helps someone.

Reply With Quote
  #42  
Old June 11th, 2003, 10:01 PM
Brian Rosner Brian Rosner is offline
Contributing User
Dev Articles Newbie (0 - 499 posts)
 
Join Date: Jul 2002
Location: Denver, CO
Posts: 34 Brian Rosner User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 17
Send a message via ICQ to Brian Rosner Send a message via AIM to Brian Rosner Send a message via Yahoo to Brian Rosner
Wow, never realized this was here haha. Ok, the article I wrote last July is now really outdated and since then I continue to find errors I made. I have also made many more sessions since then and are much better. I plan on writing a revised article to really clear everything up. Sorry for the inconvience.

Reply With Quote
  #43  
Old July 2nd, 2003, 12:22 PM
modem modem is offline
Registered User
Dev Articles Newbie (0 - 499 posts)
 
Join Date: Jan 2003
Posts: 1 modem User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 0
I just thought I would post regarding the custom session article which I thought explained everything very well.

Although as I try to use/modify the code presented I am having difficulty even getting it to work, even after using treycarrol's modified code. I am new to sessions, but have been coding PHP for some time now, but if anyone could provide help it'd be much appreciated.

The first error I get is in relation to using $_POST['login'] on the login.php file.

Notice: Undefined index: login in C:\Webshare\modemnet\betasite.modemnet.net\test\lo gin.php on line 5

Also when using trecarrol's code I do get more undefined index errors as if they are not being defined anywhere. Any solution?

Reply With Quote
  #44  
Old October 1st, 2004, 06:37 PM
drawmack drawmack is offline
Registered User
Dev Articles Newbie (0 - 499 posts)
 
Join Date: Oct 2004
Posts: 2 drawmack User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 0
jpenn the package is no longer available on your website and what you using the built in functions for designing your own session management is exactly what I was looking for.

To anyone considering using the code in this article I would say do not touch it with a ten foot pole. The security holes will turn your site into security swiss cheese. On top of that it doesn't create generic session management as a class implementation should it can only be applied to one specific type of session management.

Reply With Quote
  #45  
Old October 1st, 2004, 07:21 PM
drawmack drawmack is offline
Registered User
Dev Articles Newbie (0 - 499 posts)
 
Join Date: Oct 2004
Posts: 2 drawmack User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 0
Update - a good article on the topic of session handling using a database can be found at - http://www.zend.com/zend/spotlight/code-gallery-wade8.php

Reply With Quote
  #46  
Old July 30th, 2005, 07:02 PM
codebowl codebowl is offline
Registered User
Dev Articles Newbie (0 - 499 posts)
 
Join Date: Jul 2005
Posts: 1 codebowl User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 4 m 52 sec
Reputation Power: 0
I think this article is pointless.

1 - the database schema differs from what the script requires
2 - why write your won session handling when php allows you to store it's session data into the database anyway
3 - if you echo $this->key you will see that the key changes from page to page...

http://www.developertutorials.com/tutorials/php/saving-php-session-data-database-050711/page3.html

that's the proper way to do database session handling. Creating your own session handling isnt meant for most people, mainly only large scale applications should ever use this method.

Reply With Quote
  #47  
Old February 21st, 2006, 12:52 AM
vivek jain vivek jain is offline
Registered User
Dev Articles Newbie (0 - 499 posts)
 
Join Date: Feb 2006
Posts: 1 vivek jain User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 21 m 25 sec
Reputation Power: 0
password expiration time(90 days)

hi ppl..

plz tell me the logic for:

1. Password Length to be a minimum of 8 characters
2. Password History
3. Pre-expired password
4. Password Expiration Time ( 90 Days )

I am a fresher and need to prepare an understanding doc for the above mentioned.
plz reply asap

thanks

Reply With Quote
Reply

Viewing: Dev Articles Community ForumsProgrammingProgramming Tools > Article Discussion: Developing Custom PHP Sessions


Developer Shed Advertisers and Affiliates


Thread Tools  Search this Thread 
Search this Thread:

Advanced Search
Display Modes  Rate This Thread 
Rate This Thread:


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
View Your Warnings | New Posts | Latest News | Latest Threads | Shoutbox
Forum Jump

Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
  
 


Powered by: vBulletin Version 3.0.5
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.

© 2003-2018 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap