Category Archives: PHP

PHP session

Posted on by
Reply

Use both Session and cookie to keep security for the website
$_COOKIE[session_name()]
the session name is stored as cookie, other variables are stored as session var

auth.php

<?php
session_set_cookie_params(7200,’/’,”,true);
session_start();
if($_SESSION[‘auth’]!=’xxx’){
session_destroy();
header(“Location: ./login.php\n\n”);
exit;
}else{
//check fingerprint
$fp = $_SERVER[“HTTP_USER_AGENT”];
$fp .= $_SERVER[“REMOTE_ADDR”];

$fp = md5($fp);
if($_SESSION[‘par’] != $fp){
header(“Location: ./login.php\n\n”);
exit;
}
}
?>

login.php
check if ID, pass are matched with those in db….then

session_start();
$_SESSION[‘user_id’] = $uid;
$_SESSION[‘grp_id’] = $gid;
$_SESSION[‘auth’] = 1;

$fp = $_SERVER[“HTTP_USER_AGENT”];
$fp .= $_SERVER[“REMOTE_ADDR”];
$_SESSION[‘remote’] = md5($fp);
header(“Location: ./index.php”);

logout.php

session_set_cookie_params(7200,’/’,”,true);
session_start();
$_SESSION = array();
if(isset($_COOKIE[session_name()])){
$params = session_get_cookie_params();
setcookie(session_name(), ”, time()-3600,
$params[“path”], $params[“domain”],
$params[“secure”], $params[“httponly”]
);
}
session_destroy();
header(“Location: ./login.php\n\n”);
exit;

session_destroy() destroy the session, and cookie will be deleted as setting the cookie lifetime as a time past

MySQL interface — PHP

Posted on by
Reply

Connect and Close connection to DB

$DB_HOST = “localhost”;

$DB_NAME = “mysql”;

$DB_USER = “mysql”;

$DB_PASS = “password”;

function conn_db(){

global $DB_HOST;

global $DB_USER;

global $DB_PASS;

global $DB_NAME;

if(!($conn = mysql_connect($DB_HOST, $DB_USER, $DB_PASS))) {

echo “Failed to connect DB”;

echo mysql_error($conn);

die;

}

if(!(mysql_select_db($DB_NAME))) {

echo “Failed to select DB”;

echo mysql_error($conn);

die;

}

return $conn;

}

function close_db($conn){

mysql_close($conn);

}

$conn = conn_db();

$sql = “select * from users where date>’20081001′ order by id”;

if (!($rs=mysql_query($sql))) {

echo mysql_error($conn);

die;

}

while ($row = mysql_fetch_array($rs)) {

echo “$row[0] $row[1]\n”;

}

problem in search

Posted on by
Reply

problem when search for “V&R”
V%26amp%3BR
%26 -> &
%3B -> ;
%26amp%3B -> &amp;

Solution: change & to encoded code in query sent to html
Add:
$srch_name=eregi_replace(“&amp;”,”%26amp%3B”,$srch_name);
before the following code
if($srch_name !=”){ $req.=”&name=$srch_name”; }
if($srch_site !=”){ $req.=”&site=$srch_site”; }

missing ; before statement

Posted on by
Reply

To check Javascript error, use Firefox Web Developer Addon

Tool -> Error Console

Got javascript error as “missing ; before statement” although there was no missing “;”

Finally found the reason is that the javascript function used number at the beginning, like

2way_func = function(){ …..}