Jump to content
Larry Ullman's Book Forums

All Activity

This stream auto-updates     

  1. Last week
  2. Yeah, I can appreciate the frustration. For what it's worth--and I mean this in a helpful way--it does seem sometimes that you're trying things to see if they work without really thinking through the implications or full ramifications of the change. That's going to be problematic. It's not uncommon as people are learning, but it's not ideal. I have found--especially while writing books--that verbally explaining to myself what the code does often illuminates the problem. Search for "rubber duck debugging"! So in this particular situation, the behavior you're seeing has nothing to do with the session_start() line and everything to do with how browsers behave. The URL http://localhost:8888/cart.php?action=add&sku=C11 adds that item to the cart. Every time you go to that URL it's going to add that item to the cart. This includes clicking the back button, which is you telling the browser to revisit that page. The back button is not going to send you to http://localhost:8888/cart.php because that's not the previous page/URL. There are two obvious ways to change this behavior: 1. Have cart.php redirect the browser to http://localhost:8888/cart.php´╗┐ after updating the cart. This way the URL http://localhost:8888/cart.php?action=add&sku=C11 is never part of the browser history. This is the route I'd take. Keep in mind cart.php can only do a redirection upon a change or else you'll create an infinite loop. 2. Make cart updates be POST requests instead of GET. This is easier but unseemly. Now going back a step, if you think about what session_start() does, you'll see it's not the cause of the problem. session_start() only starts a session. It's required to have shopping cart functionality but there's absolutely nothing in session_start() that's going to affect the shopping cart contents at all.
  3. Hi Larry, I've got to say, I'm slowly losing patience with what I am trying to do. I have tried everything, and when I think I have solved it, the solved problem generates a new error! In the 'config.inc.php' file, the session_start() method is proving to be a problem. If I comment it out, then the login status is lost, when I go from page to page, which is not what I want. If I include it, the login stats works fine, but everytime I go back to the cart page from the checkout page by clicking the page back button, the url: http://localhost:8888/cart.php?action=add&sku=C11 is generated again, and whatever product is in the shopping cart, is increment by one, so if I have 1 item in the shopping cart, by clicking the back button from the checkout page, which takes me back to the cart page, the above url is sent back, and another item is added, so i would now have 2 items, which is not what I want. I want the same number of items to be in the shopping cart. So by clicking the browser back button from the checkout page, the url I should and want to get is: http://localhost:8888/cart.php and not the first url. This would mean that no extra items would be added in the shopping cart. I have tried everything possible, but I have literally run out of ideas. Qu: Can you please help me resolve the above problems please, because I'm really tired and fresh out of ideas. regards
  4. Conventionally, I make every page call session_start() once by invoking that line in a common file included by every page. This could be a configuration file or a dedicated file for handling session activity.
  5. Hi Larry, To avoid the error: 'Cannot change session id when session is active.' when trying to navigating to the checkout page, you suggested I make every page call session_start() once? How would I make every page call session_start() once? I tried to use: if( session_id($uid)) { session_start(); } but the above method loses login status when I try to navigate to any random pages, just after I log in. regards
  6. Earlier
  7. Larry, before I saw your reply, I kinda found a way around the error message 'Cannot change session id when session is active' . when I navigate to the checkout page. What I did is put in the checkout page around the problematic line: if(!isset($_SESSION) { session_id($uid); ................................... } So this worked perfectly because the code session_id($uid); would only execute if no session had started. So now I can leave the session_start() method in the configuration file without any conflict when the checkout page is run. Please let me know if my above logic makes sense. regards
  8. Right, if you're using session_destroy() it's going to destroy the session, which is not what you want. What you want is for every page to call session_start() once. If all pages include the configuration file, that should suffice.
  9. I'm not quite following what you're saying. In point 1 you say the cart is HTTP and the checkout is HTTPS. In point 2 you say they are all HTTP. Could you clarify what the reality is where you're seeing this behavior?
  10. Hi Larry, I think I have managed to sort out the problem regarding the the login status being lost when I go to the checkout page. Basically, I implemented the login functionality from the 1st project into the ecommerce site. Now in the config file for the 1st project, it contains the session_start() methhod. This starts the session and tracks logged in users. Now when I go to the checkout page, an error is generated on the following line: session_id(uid); The error says: 'Cannot change session id when session is active.' So because the session has already been started in the configuration file(from the 1st project), when it reaches the statement 'session_id(uid)' in the checkout page, an error is generated because the session is not supposed to be active at that point, but it is, because it's been started in the configuration file to track logged in users. To get around this error, I inserted a session_destroy() method in the checkout page just before session_id(uid); ie: session_destroy(); session_id(uid); and making it the first statement also in the checkout page in the else clause. } else { session_destroy(); session_start(); $uid = session_id This solves the problem, and I can now click on the checkout page without the error, 'Cannot change session id when session is active.' being generated. But the implication now is that, because session_destroy() destroys the session, the user's status is also affected, and hence the user being logged off. In regards to the 1st project, a session_start() method needs to be inserted in the configuration file in order to be available to all the pages, and to track the logged in user. But this is the line that is conflicting with the checkout page and generating an error, hence the session_destroy() being implemented to solve the problem. So I'm in a catch 22 situation now. The session_destroy() method solves one problem, but creates another, ie logs out the user. Qu 1: What solution can I implement to solve the above problem which will allow me to go to the checkout page without losing the login status, whilst allowing the session_start() method in the configuration file to track the logged in users? I find that when I comment out the session_destroy() methods in the checkout page and leave the session_start() method in the configuration file. I now navigate to the checkout page, and then by clicking the back button to go back to the cart page, this inadvertently increments the items in the shopping cart by 1. This is because the url: http://localhost:8888/cart.php?action=add&sku=C11 is being generated each time I go from the checkout page back to the cart page, I think!! Qu 2: What could I do to avoid this issue, so that the items in the shopping cart will remain constant and not be incremented each time I go from the checkout page back to the cart page? regards
  11. Hi Larry, The logged in status is lost when I press the back button to return from the checkout page to the cart page. 1) The cart page doesn't begin with https(but the checkout page begins with https), the cart page is just a normal http page I believe. So wouldn't the problem still exist, because I can't turn the cart page from http to https when it's supposed to be a normal http page. 2) I removed all the https and replaced them with http(for testing purposes), so I shouldn't be having the problem of losing status because I'm going from http to http, for the time being. Qu 1: If my above logic is correct, how would I resolve the issue of not losing the logged in status by travelling from the cart(http page) to checkout page(https page)? regards
  12. You're probably losing the logged in status b/c you're going back and forth from HTTP to HTTPS. If it's all HTTPS you probably won't have that problem. As for remaining logged in, it depends upon whether you're using cookies or sessions but it's just a matter of extending the duration of whichever accordingly.
  13. Hi Larry, I have managed to find a way to integrate your login form from the 1st section, with the ecommerce site in the second section, which seems to work ok, but there is a slight problem. Everytime I log in, then add items to the cart, then go to the chekcout page, if I decide I don't want to make a purchase at that point, and want to go back and browse more items, I am suddenly logged off. So basically, after logging in, everytime I go to the checkout page from the cart page, and then press the back link to go back to the carts page, I am automatically logged off, then I have to log back in again. So the current session and user credentials gets destroyed everytime I go to the checkout page, and I am then logged off. My question is: Qu 1: Is there a way that I can remain logged in after going to the checkout page, and then clicking the back button to go back to the cart page? Qu 2: Is there a way that I can remain logged in say for 15 minutes with no activity, and then automatically log out if the user hasn't reacted after 15 minutes? regards
  14. Hi Larry, I managed to solve the problem. The problem is when I integrate your login form with the ecommerce site, there is a conflict of code.
  15. Off the top of my head and given the information provided I can't think of an obviously easier way. There's a lot to be said for "this works"!
  16. This may be related to your PHP version. What version are you using?
  17. The key to figuring this out is remember that if multiple radio buttons have the same name, only one can be checked. So just write your code to create the proper names based upon the restriction you want to put in place.
  18. I post the original code from the book. But here's the code that I'm using, how I modify it in: <?php // This pages retrieves and shows a PDF. // This script is created in Chapter 5. // Require the configuration before any PHP code as the configuration controls error reporting: require('./includes/config.inc.php'); // The config file also starts the session. // Require the database connection: require(MYSQL); // Assume invalid info: $valid = false; // Validate the PDF ID: if (isset($_GET['id']) && (strlen($_GET['id']) === 63) && (substr($_GET['id'], 0, 1) !== '.') ) { // Identify the file: $file = PDFS_DIR . $_GET['id']; // Check that the PDF exists and is a file: if (file_exists ($file) && (is_file($file)) ) { // Get the info: $q = 'SELECT id, title, description, file_name FROM pdfs WHERE tmp_name="' . escape_data($_GET['id'], $dbc) . '"'; $r = mysqli_query($dbc, $q); if (mysqli_num_rows($r) === 1) { // OK! // Fetch the info: $row = mysqli_fetch_array($r, MYSQLI_ASSOC); // Indicate that the file reference is fine: $valid = true; // Only display the PDF to a user whose account is active: if (isset($_SESSION['user_not_expired'])) { // Bonus material! Referenced in Chapter 5. // Record this visit to the history table: // $q = "INSERT INTO history (user_id, type, pdf_id) VALUES ({$_SESSION['user_id']}, 'pdf', {$row['id']})"; // $r = mysqli_query($dbc, $q); // Send the content information: $info = getimagesize($file); header("content-type: {$info['mime']}"); header('Content-Disposition:inline;filename="' . $row['file_name'] . '"'); $fs = filesize($file); header("Content-Length:$fs\n"); // Send the file: readfile ($file); exit(); } else { // Inactive account! // Display an HTML page instead: $page_title = $row['title']; include('./includes/header.html'); echo "<h1>$page_title</h1>"; // Change the message based upon the user's status: if (isset($_SESSION['user_id'])) { echo '<div class="alert"><h4>Expired Account</h4>Thank you for your interest in this content, but your account is no longer current. Please <a href="renew.php">renew your account</a> in order to access this file.</div>'; } else { // Not logged in. echo '<div class="alert">Thank you for your interest in this content. You must be logged in as a registered user to access this file.</div>'; } // Complete the page: echo '<div>' . htmlspecialchars($row['description']) . '</div>'; include('./includes/footer.html'); } // End of user IF-ELSE. } // End of mysqli_num_rows() IF. } // End of file_exists() IF. } // End of $_GET['id'] IF. // If something didn't work... if (!$valid) { $page_title = 'Error!'; include('./includes/header.html'); echo '<div class="alert alert-danger">This page has been accessed in error.</div>'; include('./includes/footer.html'); } ?>
  19. You don't say how it's not working but my guess is the problem is b/c you're hard-coding the PDF application type in there. The content-type header indicates to the browser what type of file to expect. If you say to expect a PDF but send a Word doc, that's not going to work.
  20. I tried to make the script works with different file type but I'm still having trouble to make it work. I only not to view pdf file, but also images, other files like psd type of file photoshop, microsoft office type files as well. Here's the script that I'm having problem with below, only pdf would work. <?php // This pages retrieves and shows a PDF. // This script is created in Chapter 5. // Require the configuration before any PHP code as the configuration controls error reporting: require('./includes/config.inc.php'); // The config file also starts the session. // Require the database connection: require(MYSQL); // Assume invalid info: $valid = false; // Validate the PDF ID: if (isset($_GET['id']) && (strlen($_GET['id']) === 63) && (substr($_GET['id'], 0, 1) !== '.') ) { // Identify the file: $file = PDFS_DIR . $_GET['id']; // Check that the PDF exists and is a file: if (file_exists ($file) && (is_file($file)) ) { // Get the info: $q = 'SELECT id, title, description, file_name FROM pdfs WHERE tmp_name="' . escape_data($_GET['id'], $dbc) . '"'; $r = mysqli_query($dbc, $q); if (mysqli_num_rows($r) === 1) { // OK! // Fetch the info: $row = mysqli_fetch_array($r, MYSQLI_ASSOC); // Indicate that the file reference is fine: $valid = true; // Only display the PDF to a user whose account is active: if (isset($_SESSION['user_not_expired'])) { // Bonus material! Referenced in Chapter 5. // Record this visit to the history table: // $q = "INSERT INTO history (user_id, type, pdf_id) VALUES ({$_SESSION['user_id']}, 'pdf', {$row['id']})"; // $r = mysqli_query($dbc, $q); // Send the content information: header('Content-type:application/pdf'); header('Content-Disposition:inline;filename="' . $row['file_name'] . '"'); $fs = filesize($file); header("Content-Length:$fs\n"); // Send the file: readfile ($file); exit(); } else { // Inactive account! // Display an HTML page instead: $page_title = $row['title']; include('./includes/header.html'); echo "<h1>$page_title</h1>"; // Change the message based upon the user's status: if (isset($_SESSION['user_id'])) { echo '<div class="alert"><h4>Expired Account</h4>Thank you for your interest in this content, but your account is no longer current. Please <a href="renew.php">renew your account</a> in order to access this file.</div>'; } else { // Not logged in. echo '<div class="alert">Thank you for your interest in this content. You must be logged in as a registered user to access this file.</div>'; } // Complete the page: echo '<div>' . htmlspecialchars($row['description']) . '</div>'; include('./includes/footer.html'); } // End of user IF-ELSE. } // End of mysqli_num_rows() IF. } // End of file_exists() IF. } // End of $_GET['id'] IF. // If something didn't work... if (!$valid) { $page_title = 'Error!'; include('./includes/header.html'); echo '<div class="alert alert-danger">This page has been accessed in error.</div>'; include('./includes/footer.html'); } ?>
  21. Dear larry, I was wondering that is it possible that single PHP script contains 2 or more MYSQLi_STMT objects?.
  22. Hi HartleySan, Actually in three separate div common 1 to 20 data retrieve from database so all three div have same 1 to 20 data . my moto in all three div same data so all row also same in three div . So if first row select in first div then same first row hidden of other two div . So user if select one data then user can't select same data in other two box . its help to restriction to select same data in different different div
  23. Thanku HartleySan . Brother can you explain with example
  24. Hi Larry, It seems it might have been a cache problem. I deleted the cache for my firefox browser. When I click the link in the 'cart' page to go to the 'checkout' page, I get an error saying: 'Cannot change session id when session is active Array' It is referring to the checkout.php page, and the line that is giving me the error is: // Use the existing user ID: session_id($uid); So I think by emptying the cache, I somehow deleted the cookies etc. Qu: Do you know how i would solve the above problem? regards
  1. Load more activity
×
×
  • Create New...