Pozdrav korisniče,

Za pun pristup forumu odaberi jedno od ova dva dugmeta:

Login with Facebook Sign In with Google Sign In with OpenID Sign In with Twitter
Prijava Registracija

Kategorije

In this Discussion

Ovaj web site se ne trudi biti kompatibilnim sa Internet Explorer web preglednikom. Sve se u njemu vidi, ali za puni dojam preporučamo neki pošteni web preglednik poput Safarija, Firefoxa ili Google Chromea.

Top Posters

Članovi (6489)

  • fatossi
  • SvenJTD
  • t_i_n_a
  • eagleone
  • take31
  • thefunkmaster
  • Purger155
  • pax0707
  • dnbstudio
  • gleutar
  • dannyded
  • tr00pa
  • antevekic
  • tkotikrivkristijan
  • berta
  • edifreak
  • Xerox
  • Antonio
  • Nothing
  • LC120black

Tko je online (3)

Uključeno je povezivanje korisničkih računa na glavnom sajtu i forumu. Ukoliko vidite ovu poruku i ne možete se logirati na forum potrebno je za pristup koristiti podatke s kojima ste se registrirali na glavni site. Ukoliko se još niste registrirali na glavnom sajtu potrebno se ponovo registrirati, a sustav će vas pri prvom logiranju prijaviti na vaš forumski account. Probleme i dojmove možete napisati ovdje ili poslati mail na mac.korisnik@mackorisnik.com
Browseri mi ne žele otvorit PHP fileove
  • Vote Up0Vote Down john_stjohn_st
    Posts: 1061
    Imam problem. I to prilično čudan.

    Instalirao MAMP na Snow Leopardu, apache radi, mysql radi. Napravim index.php u Texteditu i nikako ga ne mogu otvorit ni u jednom browseru (safari, flock, opera). Idem na Get info, pa open with i ne prihvaća nijedan browser kao aplikaciju koja bi mogla otvorit takav file. Idem na file open i opet isto, zasivljen i "ne otvoriv u browseru".

    WTF?!
    Post edited by Unknown User at 2010-06-04 16:46:01
  • 32 Komentara sorted by
  • Vote Up1Vote Down strijastrija
    Posts: 586
    Kao prvo bilo bi dobro da iskljucis "Register globals" u php.ini, a to znaci da ako neke podatke saljes preko forme sa post method, onda na stranici na koju ih saljes na mozes pozvati sa $username, vec treba korisiti $_POST['username']. Neznam kako ti to uopce radi jer cini mi se da je ta funkcionalnost ionako ukinuta u PHP 5.

    Mozda ti i skripta radi, nisam detaljno proucio, ali koliko vidim password bi trebao u bazi biti encryptan sa md5 metodom, znaci ako ti je password npr. mackorisnik, onda ne moze u bazi biti tako zapisan vec mora biti 3a28d1f326a0ef9110ed9fe260044d98. -> http://www.adamek.biz/md5-generator.php

    Provjeri ovo za password prvo, pa onda dalje ;)

    Uci PHP, pa kad uspijes napraviti neki app, onda obavezno pogledaj neki framework. Ja preporucam Codeigniter ;)
    Post edited by Unknown User at 1999-11-30 00:00:00
  • Vote Up1Vote Down fichoficho
    Posts: 7487
    Pa vidis da ima $pass = md5($_POST['password']); dakle kriptira password u md5 prije provjeravanja u bazi, samo je s globalsima bio problem valjda.
    Post edited by Unknown User at 1999-11-30 00:00:00
  • Vote Up0Vote Down netvisnetvis
    Posts: 24
    A otkada to web browseri znaju izvršavati PHP?
    PHP se treba izvršiti na web poslužitelju (npr. apache), a kao rezultat se dobije HTML koji su web browseri u stanju prikazati.
    Post edited by Unknown User at 1999-11-30 00:00:00
  • Vote Up0Vote Down fichoficho
    Posts: 7487
    :mrgreen:

    @john_st: moras ubacit php fileove koje zelis otvorit u root folder MAMPa (nemam pojma koji je to, potrazi malo u dokmentaciji/helpu/di vec) i onda ih iz browsera otvorit preko adrese tipa http://localhost/file.php
    Post edited by Unknown User at 1999-11-30 00:00:00
  • Vote Up0Vote Down john_stjohn_st
    Posts: 1061
    osjećam se ko dijete iz onog vica kojem mama s dvije ruke daje neki ogromni disk i kaže "evo ti keks" :D :D :D
    Post edited by Unknown User at 1999-11-30 00:00:00
  • Vote Up0Vote Down ecvis17ecvis17
    Posts: 1275
    fora thread :P
    Post edited by Unknown User at 1999-11-30 00:00:00
  • Vote Up0Vote Down Clark KentClark Kent
    Posts: 437
    Najbanalnije: jesi li omogućia php na svom macu?
    znači u finder-u cmd+shift+G , upiši /etc/apache2 , otvori httpd.conf sa nekin text editoron (textWrangler npr.) , odskrolaj do 114 linije koda di piše
    #LoadModule php5_module libexec/apache2/libphp5.so
    i makni ovaj # sa početka tako da dobiješ
    LoadModule php5_module libexec/apache2/libphp5.so
    Sejvaj to, pitat će te za password, ukucaj password i to je to! Php bi triba sad lokalno radit
    Post edited by Unknown User at 1999-11-30 00:00:00
  • Vote Up0Vote Down Clark KentClark Kent
    Posts: 437
    A moraš startat i apache iz System Preferences/Internet & Network pa Sharing pa omogući Web Sharing. Ako to dvoje napraviš tribalo bi radit sve sa .php ekstenzijon:-D
    Post edited by Unknown User at 1999-11-30 00:00:00
  • Vote Up0Vote Down fichoficho
    Posts: 7487
    Pa instalirao je covjek MAMP, valjda on sve automatski podesi.
    Post edited by Unknown User at 1999-11-30 00:00:00
  • Vote Up0Vote Down Clark KentClark Kent
    Posts: 437
    Iskreno, nisan ni zna šta je mamp, tek san sad pogleda:-D. Ali ne vidin baš smisao kad osx ima lipo ugrađen apache i php, a mysql se instalira za 2 min. Ja san napravia ovako kako san napisa i radi ko sat. Al sad me vuče da provan taj MAMP, izgleda mi fancy:-D
    Post edited by Unknown User at 1999-11-30 00:00:00
  • Vote Up0Vote Down ecvis17ecvis17
    Posts: 1275
    Covjek je instalirao MAMP ... dakle nikakvi terminali mu ne trebaju.
    Poanta je da imaš svoj "virtualni server" no nije cijeli komp vserver vec imas direktorij koji sluzi za to. Takodjer se datotekama i šristupa kao na serveru ... dakle nema desni klik >> open with >> tvoj browser ... nego ukuzaj path u browser.
    Takodjer u MAMP >> preferences >> Apache >> Unesi path /Users/toj_user/Sites ... i onda ti je to fio root servera i tu bacaj php datoteke.
    MAMP >> preferences >> Ports ako nije uneseno ovako unesi za apache port vrijednost 80 a za mySql 3306 ... ili klikni na Set to default ... :)
    Također provjeri da imaš isključen "web sharing" u sharing preferencesima kako bi to sve radilo.

    I to je to onda pises u browser http://localhost/index.php + enter i voila
    poz
    Post edited by Unknown User at 1999-11-30 00:00:00
  • Vote Up0Vote Down ecvis17ecvis17
    Posts: 1275
    "Clark Kent" said:
    Al sad me vuče da provan taj MAMP, izgleda mi fancy:-D

    A cuj neće ti bit niš fancy samo je još lakše podesiti pokretanje. Meni je ok dashboard widget of MAMPa ... za startanje i gasenje servera.
    Osim toga ... same shit

    EIDT: Osim možda sto s njim dobijes PhPMyAdmin instaliran?! To nema mac po defaultu.
    Post edited by Unknown User at 1999-11-30 00:00:00
  • Vote Up0Vote Down strijastrija
    Posts: 586
    Zato MAMP Pro ima dosta zgodnih opcija ;)
    Post edited by Unknown User at 1999-11-30 00:00:00
  • Vote Up0Vote Down john_stjohn_st
    Posts: 1061
    Kako sam prilično nov u PHPu (mada to jako vješto skrivam :D) to sam preuzeo s interneta kod za logiranje korisnika na stranicu.

    Imam bazu s tablicom Users u kojoj je smješten korisnik koji smije pristupiti stranici. Tu je njegov username i password. Ako pokušam unijeti krive podatke u login formu uredno me izbaci i vrati ponovno na nju, ali problem je što mi ne prepoznaje pravog korisnika i ne vodi me na welcome.php nego me opet vraća na index.php :(

    Stoga vas molim za pomoć.

    index.php izgleda ovako:
    <html>
    <body>
    <h1>Dobar dan!</h1> <br>
    <form action="login.php" method="post">
    	Username: <input type="text" name="username" size="20">
    	Password: <input type="text" name="password" size="20">
    	<input type="submit" value="Prijava" name="login">
    </form>
    </body>
    </html>


    login.php izgleda ovako: 
    <?PHP 
    	//check that the user is calling the page from the login form and not accessing it directly 
    	//and redirect back to the login form if necessary 
    	if (!isset($username) || !isset($password)) 
    	{ 
    		header( "Location: index.php" ); 
    	} 
    	//check that the form fields are not empty, and redirect back to the login page if they are 
    	elseif (empty($username) || empty($password)) 
    	{ 
    		header( "Location: index.php" ); 
    	} 
    	else
    	{ 
    	
    		//convert the field values to simple variables 
    		
    		//add slashes to the username and md5() the password 
    		$user = addslashes($_POST['username']); 
    		$pass = md5($_POST['password']); 
    		
    		//set the database connection variables 
    		
    		$dbHost = "localhost"; 
    		$dbUser = "dbuser"; 
    		$dbPass = "dbpass"; 
    		$dbDatabase = "dbname"; 
    		
    		//connet to the database 
    		
    		$db = mysql_connect("$dbHost", "$dbUser", "$dbPass") or die ("Error connecting to database."); 
    		
    		mysql_select_db("$dbDatabase", $db) or die ("Couldn't select the database."); 
    		
    		$result=mysql_query("select * from Users where username='$user' AND password='$pass'", $db); 
    		
    		//check that at least one row was returned 
    		
    		$rowCheck = mysql_num_rows($result); 
    		if($rowCheck > 0){ 
    		while($row = mysql_fetch_array($result))
    		{ 
    		
    		  //start the session and register a variable 
    		
    		  session_start(); 
    		  session_register('username'); 
    		
    		  //we will redirect the user to another page where we will make sure they're logged in 
    		  header( "Location: welcome.php" ); 
    		
    		  } 
    	
    		} 
    	  	else 
    	  	{ 
    	
    		  	//if nothing is returned by the query, unsuccessful login code goes here... 
    	
    			header( "Location: index.php" ); 
    		} 
    	} 
    ?>

    welcome.php izgleda ovako: 
    <?php 

    	//start the session 
    	session_start(); 
    	
    	//check to make sure the session variable is registered 
    	if(session_is_registered('username'))
    	{	
    		echo "bravo!";
    	}
    	else 
    	{ 

    		//the session variable isn't registered, send them back to the login page 
    		header( "Location: index.php" ); 
    	} 
    ?>

    <html>
    <head>

    </head>

    <body>
    <h1>Logiran si!!</h1>
    </body>
    </html>


    P.S. ne znam dal da ovo stoji u ovom topicu ili da se stavi u novi, pa prepuštam moderatoru da to odabere ;)
    Post edited by Unknown User at 1999-11-30 00:00:00
  • Vote Up0Vote Down john_stjohn_st
    Posts: 1061
    Provjerio sam sada u php.ini od oba PHP-a koja su došla s MAMPom i oba su po defaultu imala isključeno "Register globals"

    Kao što je Ficho primijetio, šaljem enkriptirano sa md5, međutim, probao sam u bazu staviti i md5 vrijednost i običnu vrijednost pa isključiti md5 enkripciju u login.php ali svejedno isti rezultat. nikako da valjani user dođe do welcome.php
    Post edited by Unknown User at 1999-11-30 00:00:00
  • Vote Up0Vote Down fichoficho
    Posts: 7487
    Pa promijeni svuda $username u $_POST['username'] i isto tako s passwordom. Bez register_globals ti nece podaci iz forme bit u $ime_varijable nego iskljucivo u $_METODA['ime_varijable'] (metoda moze bit get i post).
    Post edited by Unknown User at 1999-11-30 00:00:00
  • Vote Up0Vote Down john_stjohn_st
    Posts: 1061
    Promijenio svuda i opet ista pjesma. Evo tih "novih" php fileova

    login.php
    <?PHP 
       //check that the user is calling the page from the login form and not accessing it directly 
       //and redirect back to the login form if necessary 
       if (!isset($_POST['username']) || !isset($_POST['password'])) 
       { 
          header( "Location: index.php" ); 
       } 
       //check that the form fields are not empty, and redirect back to the login page if they are 
       elseif (empty($_POST['username']) || empty($_POST['password'])) 
       { 
          header( "Location: index.php" ); 
       } 
       else
       { 
       
          //convert the field values to simple variables 
          
          //add slashes to the username and md5() the password 
          $user = addslashes($_POST['username']); 
          $pass = md5($_POST['password']); 
          
          //set the database connection variables 
          
          $dbHost = "localhost"; 
          $dbUser = "dbuser"; 
          $dbPass = "dbpass"; 
          $dbDatabase = "dbname"; 
          
          //connet to the database 
          
          $db = mysql_connect("$dbHost", "$dbUser", "$dbPass") or die ("Error connecting to database."); 
          
          mysql_select_db("$dbDatabase", $db) or die ("Couldn't select the database."); 
          
          $result=mysql_query("select * from Users where username='$user' AND password='$pass'", $db); 
          
          //check that at least one row was returned 
          
          $rowCheck = mysql_num_rows($result); 
          if($rowCheck > 0){ 
          while($row = mysql_fetch_array($result))
          { 
          
            //start the session and register a variable 
          
            session_start(); 
            session_register($_POST['username']); 
          
            //we will redirect the user to another page where we will make sure they're logged in 
            header( "Location: welcome.php" ); 
          
            } 
       
          } 
            else 
            { 
       
               //if nothing is returned by the query, unsuccessful login code goes here... 
       
             header( "Location: index.php" ); 
          } 
       } 
    ?>


    welcome.php
    <?php 

       //start the session 
       session_start(); 
       
       //check to make sure the session variable is registered 
       if(session_is_registered($_POST['username']))
       {   
          echo "bravo!";
       }
       else 
       { 

          //the session variable isn't registered, send them back to the login page 
          header( "Location: index.php" ); 
       } 
    ?>

    <html>
    <head>

    </head>

    <body>
    <h1>Logiran si!!</h1>
    </body>
    </html>

    :cry:
    Post edited by Unknown User at 1999-11-30 00:00:00
  • Vote Up0Vote Down strijastrija
    Posts: 586
    Ubaci ovo u login.php za svaki slucaj:
    error_reporting(2047);
    ini_set("display_errors",1);

    Mozda imas neku gresku, nisam sada provjeravao. I da zakomentiraj sve header() pozive, da ne radi redirekciju.
    Ako nema greske onda jednostavno ides jednu po jednu varijablu ispisati. Npr. ispod kad postavis $user i $pass:
    echo $user, '<br/>';
    echo $pass, '<br>';

    I probaj rucno usporediti dal ti to odgovara vrijednosti u bazi.
    Post edited by Unknown User at 1999-11-30 00:00:00
  • Vote Up0Vote Down john_stjohn_st
    Posts: 1061
    Mislim da sam izolirao problem, ali tek sada mi ništa nije jasno.

    Dakle imam bazu Baza i tablicu Users u kojoj je samo jedan redak
    UID = 1, username = john, password = 5f4dcc3b5aa765d61d8327deb882cf99

    (taj md5 je md5 od riječi password :D)

    E sada, nakon querya sam pokušao ovo: 
    echo 'abc', $result['password'], '<br>';


    međutim, ispiše samo abc i opali novi red. dakle, ne nalazi ovaj gore md5 nigdje u tablici, a ručno sam ga preko phpmyadmina ubacio! :evil:
    Post edited by Unknown User at 1999-11-30 00:00:00
  • Vote Up0Vote Down strijastrija
    Posts: 586
    Napravi ovako:
    $query = "select * from Users where username='$user' AND password='$pass'";
    echo $query;


    I napisi sto ti se ispise.
    Post edited by Unknown User at 1999-11-30 00:00:00
  • Vote Up0Vote Down john_stjohn_st
    Posts: 1061
    Ako unesem krivog usera, npr username = 1 i password = 1 tada ispiše ovo:

    1
    c4ca4238a0b923820dcc509a6f75849b
    Resource id #3

    Ako unesem pravog usera (john, password) onda ispiše ovo:

    john
    5f4dcc3b5aa765d61d8327deb882cf99
    Resource id #2

    s tim da sam promijenio tvoj prijedlog 
    echo $query;

    za 
    echo $result;

    jer mi je ispisivao doslovno sadržaj upita a ne rezultat njegova izvršavanja

    evo login.php-a
    <?PHP 
       error_reporting(2047);
    	ini_set("display_errors",1);
       //check that the user is calling the page from the login form and not accessing it directly 
       //and redirect back to the login form if necessary 
       if (!isset($_POST['username']) || !isset($_POST['password'])) 
       { 
         // header( "Location: index.php" ); 
       } 
       //check that the form fields are not empty, and redirect back to the login page if they are 
       elseif (empty($_POST['username']) || empty($_POST['password'])) 
       { 
        //  header( "Location: index.php" ); 
       } 
       else
       { 
       
          //convert the field values to simple variables 
          
          //add slashes to the username and md5() the password 
          $user = addslashes($_POST['username']); 
          echo $user, '<br/>';

          $pass = md5($_POST['password']); 
          echo $pass, '<br>';

          //set the database connection variables 
          
          $dbHost = "localhost"; 
          $dbUser = "root"; 
          $dbPass = "root"; 
          $dbDatabase = "Strukture"; 
          
          //connet to the database 
          
          $db = mysql_connect("$dbHost", "$dbUser", "$dbPass") or die ("Error connecting to database."); 
          
          mysql_select_db("$dbDatabase", $db) or die ("Couldn't select the database."); 
          
          $query = "select * from korisnici where username='$user' AND password='$pass'";
          
          $result=mysql_query($query, $db); 
           
           echo $result;

        
          //check that at least one row was returned 
          
          $rowCheck = mysql_num_rows($result); 
          if($rowCheck > 0){ 
          while($row = mysql_fetch_array($result))
          {   

            //start the session and register a variable 
          
            session_start(); 
            session_register($_POST['username']); 
          
            //we will redirect the user to another page where we will make sure they're logged in 
            // header( "Location: welcome.php" ); 
          
            } 
       
          } 
            else 
            { 
       
               //if nothing is returned by the query, unsuccessful login code goes here... 
       
           //  header( "Location: index.php" ); 
          } 
       } 
    ?>
    Post edited by Unknown User at 1999-11-30 00:00:00
  • Vote Up0Vote Down strijastrija
    Posts: 586
    Pa i htio sam da ispise query, ne rezultat, kad ti rezultat nije ok ;)
    Post edited by Unknown User at 1999-11-30 00:00:00
  • Vote Up0Vote Down john_stjohn_st
    Posts: 1061
    ahaaaa :D

    nisam te shvatio. evo što ispiše za korisnika 123 sa lozinkom 123

    select * from Users where username='123' AND password='202cb962ac59075b964b07152d234b70'
    Post edited by Unknown User at 1999-11-30 00:00:00
  • Vote Up0Vote Down strijastrija
    Posts: 586
    E pa sad te podatke koje vidis u queryu rucno usporedi s onim sto je u bazi :)
    Post edited by Unknown User at 1999-11-30 00:00:00
  • Vote Up0Vote Down larnalarna
    Posts: 13
    Mislim da bi trebao zamijeniti 
    session_register($_POST['username']);

    sa
    $_SESSION['username'] = $_POST['username'];


    Pa poslije u welcome.php checkirati $_SESSION['username'].
    Post edited by Unknown User at 1999-11-30 00:00:00
  • Vote Up0Vote Down john_stjohn_st
    Posts: 1061
    @strija - provjerio sam, i slaže se kad unesem pravog korisnika, ali svejedno ne radi redirect na welcome.php.

    @larna - modificirao sam prema tvojim uputama i nije bilo promjene. međutim, onda sam modificirao u login.php ovako: 
    $_SESSION['username'] = $user;

    i u welcome.php ovako
    if($_SESSION['username'] = "john")


    i opet ne radi, no ako sam ukucam welcome.php tada mi prolazi i kao logiran sam.

    baš me ovo sve frustrira. tako "jednostavna" i banalna stvar mi ne radi a bez toga se ne mogu mrdnit dalje, a ima toga još što trebam napravit!! :cry:
    Post edited by Unknown User at 1999-11-30 00:00:00
  • Vote Up0Vote Down john_stjohn_st
    Posts: 1061
    uspio sam!! nakon suza i znoja, uspio sam!!

    ako vas zanima rješenje, postat ću. nisam htio odmah jer sam dovoljno "zagadio" ovaj topic sa mojim kodovima :D
    Post edited by Unknown User at 1999-11-30 00:00:00
  • Vote Up0Vote Down strijastrija
    Posts: 586
    Postaj, bas me zanima gdje je bila greska ;)
    Post edited by Unknown User at 1999-11-30 00:00:00
  • Vote Up0Vote Down john_stjohn_st
    Posts: 1061
    index.php 
    <html>
    	<body>
    		
    		<h1>Niste logirani!!!</h1>
    		<form name="form1" method="post" action="login.php">
    			Username: <input name="myusername" type="text"><br>
    			Password: <input name="mypassword" type="password"><br>
    			<input type="submit" name="Submit" value="Login">
    		</form>
    	</body>
    </html>


    login.php
    <?php 
    	session_start();
    	ob_start();
    	$host = "localhost";
    	$username = "root";
    	$password = "root";
    	$db_name = "baza";
    	$db_tbl = "korisnici";
    	
    	// spoji se na server i odaberi bazu
    	mysql_connect("$host", "$username", "$password") or die ("ne mogu se spojit na mysql");
    	mysql_select_db("$db_name") or die ("ne mogu odabrat bazu");
    	
    	// definirajmo username i password korisnika koji se spaja na stranicu
    	$myusername = $_POST['myusername'];
    	$mypassword = $_POST['mypassword'];
    	
    	// zastita od MySQL injekcije
    	$myusername = stripslashes($myusername);
    	$mypassword = stripslashes($mypassword);
    	$myusername = mysql_real_escape_string($myusername);
    	$mypassword = mysql_real_escape_string($mypassword);
    	
    		
    	$sql = "SELECT * FROM $db_tbl WHERE username = '$myusername' AND password = '$mypassword'";
    	$result = mysql_query($sql);
    	
    	// pobrojimo pronadene retke
    	$count = mysql_num_rows($result);
    	
    	// ako se rezultati slazu sa unesenim podacima broj redaka mora biti 1
    	if ($count == 1)
    	{
    		// registrirajmo korisnicke podatke i preusmjerimo na welcome.php
    		$_SESSION['myusername'] = $myusername;
    		header("location:welcome.php");
    	}
    	else
    	{
    		echo "<h1>Pogresni podaci...</h1>";
    		echo "<p><a href=\"index.php\">Pokusajte ponovno...</a></p>";
    	}
    	ob_end_flush();
    ?>


    logout.php
    <?php 
    	session_start();
    	if($_SESSION['myusername']) == "john")	
    	{
    		session_unset();
    		session_destroy();
    	}
    	
    	// šalji opet na logiranje
    	header("location:index.php");
    ?>


    welcome.php
    <?php 

    	//start the session 
    	session_start(); 
    	
    	//check to make sure the session variable is registered 
    	if($_SESSION['username'] != "john")
    	{	
    		//the session variable isn't registered, send them back to the login page 
    		header( "Location: index.php" ); 
    	} 
    ?>
    <html>
    	<body>
    		<h2>Aleluja!</h2>
    		<br>
    		<p>za odjebaus klikni <a href="logout.php">ovdje</a></p>
    	</body>
    </html>
    Post edited by Unknown User at 1999-11-30 00:00:00
  • Vote Up0Vote Down strijastrija
    Posts: 586
    Ne vidim bas sto si drugacije napravio, ali ovo definitivno ne bi smjelo ostati :)
    if($_SESSION['myusername']) == "john")
    Post edited by Unknown User at 1999-11-30 00:00:00
  • Vote Up0Vote Down john_stjohn_st
    Posts: 1061
    par linija koda je drugačije, a jedna od njih je ta da se na početku login.php stavio session_start() :D

    a to sam stavio jer sam ja jedini korisnik koji će koristit. glupo ili? šta da stavim umjesto toga?
    Post edited by Unknown User at 1999-11-30 00:00:00
  • Vote Up0Vote Down strijastrija
    Posts: 586
    E da, session_start() je onda sigurno bio problem, posto ne mozes citati vrijednosti session varijabli ako ne pokrenes session. Previse koristim frameworkove da sam i zaboravio osnove PHP-a ;)
    Za provjeru loggedin je inace najbolje korisiti neki hashed key. Znaci da svaki korisnik u bazi ima npr. nesto ovako:
    $user_key = sha1(time());


    To onda zapises u bazu pod recimo kolonom user_key. I onda kad se user logira, stavis taj key u session i mozda user id, a ne username. I na svakoj stranici bi trebao provjeriti da li je taj key u sessionu isti onaj u bazi za tog usera s tim id-om.

    Zvuci malo komplicirano, ali u stvari je dosta simple.

    I ako hoces jos pojacati security dodas i neki salt, pa mozes encryptati cookie, i zapisivati session podatke u bazu umjesto u cookie ;)
    A to sve automatski dobijes s neki od postojecih frameworkova.

    I preporucio bi ti da odmah pocnes raditi objektno ako se mislis malo ozbiljnije baviti php-om.

    pozz
    Post edited by Unknown User at 1999-11-30 00:00:00
Komentiraj