SESSION broked

[aram]

The code in Post #16 looks like it will do the job.

can you tell me how to fix it?

[thescientist]

isnt it the same?

session_start();if (!(isset($_SESSION['kurdish']) && $_SESSION['kurdish'] != '')) {header ("Location:login.php");}$user=$_SESSION['kurdish'];?>

no. exit is a big difference than not having exit. like SM pointed out, code could still get executed. you could prevent this by doing

if (!(isset($_SESSION['kurdish']) && $_SESSION['kurdish'] != '')) {header ("Location:login.php");}else{  //rest of the code in the page};

[aram]

no. exit is a big difference than not having exit. like SM pointed out, code could still get executed. you could prevent this by doing

if (!(isset($_SESSION['kurdish']) && $_SESSION['kurdish'] != '')) {header ("Location:login.php");}else{  //rest of the code in the page};

ok i know what you mean and thats possible, but one question is this session can be broken?

[justsomeguy]

Where is this undefined variable? can you tell me?

In the first query on the login page.

is it stronger? or its the same because if its the same why do i have to change it?

It's not "stronger", it's the same. So you can either use 2 conditions in your if statement and then negate the whole thing, or use the empty function. It's not "stronger", it's shorter and easier to read. You don't have to change anything if you don't want to.

is this session can be broken?

What do you mean?

[aram]

In the first query on the login page.It's not "stronger", it's the same. So you can either use 2 conditions in your if statement and then negate the whole thing, or use the empty function. It's not "stronger", it's shorter and easier to read. You don't have to change anything if you don't want to.What do you mean?

i mean can he hack it? can he log in with another username? im to confused! when he edit an article there is no name while my codes adds the name of the editor automatically when he edit it. i mean this SESSION is for making a wall before those he dont have the username and password but can he break it?

[jeffman]

If it is used correctly, session is very secure. The only way to break it is to pretend to be someone else. In that case, it sounds like the authorized user's name would be posted, not nothing.Something is going wrong in your logic somewhere. I still think you should post more code.

[aram]

If it is used correctly, session is very secure. The only way to break it is to pretend to be someone else. In that case, it sounds like the authorized user's name would be posted, not nothing.Something is going wrong in your logic somewhere. I still think you should post more code.

i dont have any problem to send my codes but i think i sent those that involved with the problem and i dont know what to send. what do you want to send exactly?

[justsomeguy]

Adding the code in posts 24 or 27 would help. The session doesn't matter if you're still going to execute the rest of the code on the page regardless of whether or not they're logged in.

[thescientist]

In the first query on the login page.

I believe he is referring to this variable

$rekewt

[aram]

Adding the code in posts 24 or 27 would help. The session doesn't matter if you're still going to execute the rest of the code on the page regardless of whether or not they're logged in.

you mean eather the user loges in or not the code after the session execute? but if session was false or equals to none its redirects him to the log in page

[aram]

I believe he is referring to this variable

$rekewt

no thats my bad i have typed it wrong sorry i fixed it, but this adds the ip and the time to the database of any user who logs in

[aram]

but can be this the problem in 5th line when im getting the username from SESSION for adding writers name when he adds the article?

session_start();if (!(isset($_SESSION['kurdish']) && $_SESSION['kurdish'] != '')) {header ("Location:login.php");}$user=$_SESSION['kurdish'];?>

i mean this

$user=$_SESSION['kurdish'];

[ShadowMage]

you mean eather the user loges in or not the code after the session execute? but if session was false or equals to none its redirects him to the log in page

You apparently didn't read what I wrote in post 24....

Any code following a header() call will still be executed. So if this was accessed through a bookmark or something and the user hasn't logged in before, the script could still make changes to the database.

The only code in that if block is the header redirect. So if the session doesn't validate (it isn't set), then you tell PHP to send the header when it is finished running. Since there is more code after the if block, the script continues executing and sends the header when it's done.The code scientist posted in post 27 moves all of your code into the same if structure, essentially making two blocks of code, only one of which will be executed. If the session validates, it will run the code in the else block and never send the header. If the session does not validate, it will tell PHP to send the header, and since there is no more code to be executed (since it's in the else block) the script ends and sends the header.Bottom line is, the header function does not halt script execution.

[aram]

You apparently didn't read what I wrote in post 24....The only code in that if block is the header redirect. So if the session doesn't validate (it isn't set), then you tell PHP to send the header when it is finished running. Since there is more code after the if block, the script continues executing and sends the header when it's done.The code scientist posted in post 27 moves all of your code into the same if structure, essentially making two blocks of code, only one of which will be executed. If the session validates, it will run the code in the else block and never send the header. If the session does not validate, it will tell PHP to send the header, and since there is no more code to be executed (since it's in the else block) the script ends and sends the header.Bottom line is, the header function does not halt script execution.

Sorry bro actually i read it carefully more than one times i appreciate your says thank you for your help, but what i cant understand and im confused about how it can be executed the rest of the while the header sends him back to the login page because its the first code that runs, but is there a way to off session i think thats the only way to execute the arest code thats what it came to my mind right now, you are right i have to do it and i will but if you could help me understant how he can pass the header? many thanks

[justsomeguy]

but what i cant understand and im confused about how it can be executed the rest of the while the header sends him back to the login page because its the first code that runs

All the header functions does is send a header to the browser. The browser does not act on the response from the server until the connection ends. The connection does not end until PHP stops running. Therefore, the browser will not redirect until PHP stops. Sending a header does not stop PHP, it only sends a header. He's not "passing the header", his browser got the header and it's sitting there waiting until PHP finishes and the connection with the server ends. If you want to test it, try this script:

<?phpheader('Location: http://www.google.com');sleep(10);?>

When you load that page you will see it pause for 10 seconds, and then redirect. It sends the header first, but then it sleeps for 10 seconds before it stops and the connection closes. The browser waits for that to happen before redirecting. If it worked like you think it does then it would redirect immediately instead of waiting for 10 seconds.

[ShadowMage]

Sorry bro actually i read it carefully more than one times i appreciate your says thank you for your help, but what i cant understand and im confused about how it can be executed the rest of the while the header sends him back to the login page because its the first code that runs, but is there a way to off session i think thats the only way to execute the arest code thats what it came to my mind right now, you are right i have to do it and i will but if you could help me understant how he can pass the header? many thanks

Because the headers aren't actually sent until the entire script is finished executing (or until output is sent, like when you echo something). When you call the header function, you are only adding headers to "stack" if you will. This "stack" of headers is held in memory until the script is done or until output is sent. Once the script is finished or you've sent output, then this "stack" of headers is sent.EDIT: Ok, maybe my explanation is a little off. Refer to JSG's response above....

[aram]

Because the headers aren't actually sent until the entire script is finished executing (or until output is sent, like when you echo something). When you call the header function, you are only adding headers to "stack" if you will. This "stack" of headers is held in memory until the script is done or until output is sent. Once the script is finished or you've sent output, then this "stack" of headers is sent.EDIT: Ok, maybe my explanation is a little off. Refer to JSG's response above....

Thank you very much for your time both of your comments helped me yours and JSG's you are great and im very thankfull fro all of you who tried to help i think this forum is best forum i have ever loged in because there is to many good peoples like you and JSG's and thescientist and Deirdre's Dad. post Today, 06:04 PMPost #2