On Thu, May 18, 2006 9:23 pm, Mark Sargent wrote:
> <?php
> setcookie('username', 'Joe', time()+60);
Because Microsoft engineers are incapable of reading and following a
spec correctly, you will have to supply a "path" along with that
time-out. The best default path to use is "/"
You can have no time-out and no path, or both, but not just time-out.
> session_start();
> $_SESSION['authuser']=1;
> ?>
> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
> <html>
> <head>
> <meta content="text/html; charset=UTF-8" http-equiv="content-type">
For REAL browsers, you should send the content-type with a charset in
the headers as well.
Only something goofy like IE is going to ignore the headers and look
at a META tag instead.
Again, MS doesn't follow specs. Surprise.
To be super-pedantic, it's also probably better to use:
<meta ... />
so the tag closes itself in the new-school XHTML CSS blah blah blah
buzzword way.
> <title>Movie 1</title>
> </head>
> <body>
> <?php
> $favMovie=urlencode("Life Of Brian");
> echo "<a
> href='http://localhost/moviesite.php?favMovie=$favMovie'>";
Errr.
localhost is going to end up being THEIR localhost, which is, like,
their own computer where the browser is, which is very very very
unlikely to have your moviesite.php script on it, if you see what I
mean...
Unless YOU are running this on your own desktop or something.
And even then, you probably should use $_SERVER['PHP_SELF'] or
something instead of localhost, because if you move this script to a
freshly-installed Windows box, they don't actually set up localhost as
127.0.0.1 in some versions of Windows -- You have to dig around in
god-knows-which-directory to find the hosts.sam file (.sam is for
sample) and then copy it and edit it and then re-boot (cuz it's
Windows) to get localhost defined.
Did I mention that MS engineers don't follow specs?
> echo "Click here to see information about my favourite movie!";
> echo "</a>";
> ?>
> </body>
> </html>
>
>
> which points to this page,
Well, you WANT it to point to that page, but it probably doesn't, as
noted above...
> <?php
> session_start;
You kinda need the function call here with () and everything.
Otherwise, what happens is:
#1. PHP "sees" an undefined constant, and assumes you meant:
'session_start';
#2. PHP issues an E_NOTICE error, but your default error_reporting in
php.ini is probably set to E_ALL ~ E_NOTICE which is *BAD* but there
it is, the old default.
#3. So this statement turns into a rather goofy non-operational
statement that does NOTHING but is, in fact, accepted as a valid PHP
staement, for reasons beyond my ken:
'session_start';
is valid syntax.
God only knows *WHY* it's valid, mind, but it's valid.
> //Check the user has logged in with a valid password
> if ($_SESSION['authuser']!=1) {
> echo "Sorry, you're not authorized to access this page";
> exit();
> }
> ?>
> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
> <html>
> <head>
> <meta content="text/html; charset=UTF-8" http-equiv="content-type">
> <title>My Movie Site - <?php echo $_REQUEST['favMovie'] ?></title>
You really SHOULD clean that variable.
You are wide open for a cross-site scripting attack:
http://phpsec.org/
> </head>
> <body>
> <?php
> echo "Welcome to our site, ";
> echo $_COOKIE['username'];
Ditto.
> echo "! <br>";
> echo "My favourite movie is ";
> echo $_REQUEST['favMovie'];
Again.
> echo "<br>";
> $movieRate=5;
> echo "My movie rating for this movie is: ";
> echo $movieRate;
> ?>
> </body>
> </html>
>
> But, I get the error message as if the session is not set,
>
> Sorry, you're not authorized to access this page
>
> but it is set, statically, in the 1st code. I have /my_temp_dir set as
> session.save_path,
>
> session.save_path = "/my_temp_dir"
>
> and have set user/group to htdocs and given permission for htdocs to
> write to /my_temp_dir,
>
> [ozboy@mumspc my_temp_dir]$ ls -al /my_temp_dir
> total 24
> drwxr-xr-x 2 htdocs htdocs 4096 May 19 12:08 .
> drwxr-xr-x 24 root root 4096 May 19 12:04 ..
> -rw------- 1 htdocs htdocs 13 May 19 12:08
> sess_69e7ffdaf855da229f4b067668b0f89d
>
> and it has a session file there as you can see. Is my code wrong,
> perhaps? I'm following Beginning PHP, Apache, MySQL Web Development.
> Cheers.
Also, you should realize that your setcookie isn't really doing much
but send an extra cookie to the browser, which will ANNOY those of us
who monitor cookies before accepting them -- It's just as easy to
store $_SESSION['username'] and use that instead, relying on the PHP
Cookie for the session to work for you, instead of managing your own
Cookie on top of the PHP session cookie.
For homework, you have to change your php.ini file from E_ALL ~
E_NOTICE to just plain E_ALL :-)
You'll be better off in the long run, even if it seems picuyane in the
short run.
--
Like Music?
http://l-i-e.com/artists.htm
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
