dcsimg
www.webdeveloper.com
Results 1 to 10 of 10

Thread: [RESOLVED] PHP Session Variables

  1. #1
    Join Date
    Jun 2017
    Posts
    18

    resolved [RESOLVED] PHP Session Variables

    I'm trying to obtain a session_variable from my listener PHP file to use in my confirmation PHP file. However, when I run the code, I get the "Undefined index: id in confirm.php" error. I cannot figure out what's wrong.

    listener.php:
    PHP Code:
    <?php
    header
    ("HTTP/1.1 200 OK");

    /*code
    code*/

    session_start();
    $_SESSION['id'] = $_POST['payer_id'];
    header('Location: confirm.php');
    ?>
    confirm.php:
    PHP Code:
    <?php
    session_start
    ();
    ?>
    HTML Code:
    <!DOCTYPE html>
    <p>Thank you for your purchase!</p>
    </html>
    PHP Code:
    <?php
    session_id 
    $_SESSION['id'];
    ?>

  2. #2
    Join Date
    Aug 2004
    Location
    Ankh-Morpork
    Posts
    22,146
    Not sure why, but I've found that sometimes header() redirects can sort of interrupt things. Try this:
    PHP Code:
    <?php
    header
    ("HTTP/1.1 200 OK");

    /*code
    code*/

    session_start();
    $_SESSION['id'] = $_POST['payer_id'];
    session_write_close();  // <-----
    header('Location: confirm.php');
    ?>
    "Well done....Consciousness to sarcasm in five seconds!" ~ Terry Pratchett, Night Watch

    How to Ask Questions the Smart Way (not affiliated with this site, but well worth reading)

    My Blog
    cwrBlog: simple, no-database PHP blogging framework

  3. #3
    Join Date
    Jun 2017
    Posts
    18
    Nope. It didn't work. I've tried everything. I think it may just have something to do with what I'm actually doing in my "listener.php" file.

    session_start();
    header("HTTP/1.1 200 OK");

    //Step 1
    $raw_post_data = file_get_contents('php://input');

    //Step 2
    $raw_post_array = explode('&', $raw_post_data);

    //Step 3
    $myPost = array();
    foreach ($raw_post_array as $keyval) {
    $keyval = explode ('=', $keyval);
    if (count($keyval) == 2)
    {
    $myPost[$keyval[0]] = rawurldecode($keyval[1]);
    }
    }

    //Step 4
    $req = 'cmd=_notify-validate';
    if (function_exists('get_magic_quotes_gpc')) {
    $get_magic_quotes_exists = true;
    }
    foreach ($myPost as $key => $value) {

    if ($get_magic_quotes_exists == true && get_magic_quotes_gpc() == 1) {
    $value = urlencode(stripslashes($value));
    } else {
    $value = urlencode($value);
    }

    $value = str_replace('%2B', '+', $value);
    $req .= "&$key=$value";
    }

    $ch = curl_init('https://ipnpb.sandbox.paypal.com/cgi-bin/webscr');
    curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
    curl_setopt($ch, CURLOPT_POST, 1);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $req);
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
    curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
    curl_setopt($ch, CURLOPT_FORBID_REUSE, 1);
    curl_setopt($ch, CURLOPT_HTTPHEADER, array('Connection: Close'));

    if ( !($res = curl_exec($ch)) )
    {
    error_log("Got " . curl_error($ch) . " when processing IPN data", 3, "error.txt");
    curl_close($ch);
    exit;
    }

    curl_close($ch);

    if (strcmp ($res, "VERIFIED") == 0)
    {
    if($_POST['payment_status'] == 'Completed')
    {
    $_SESSION['id'] = $_POST['payer_id'];
    file_put_contents("conf.txt", $_SESSION['id']);
    header('Location: https://confirm.php');

    }
    }

  4. #4
    Join Date
    Jul 2013
    Location
    Voorheesville NY USA
    Posts
    1,827
    1 - the first thing I would do is var_dump the $_SESSION array and see what indices ARE set.

    2 - Since magic quotes have been gone for several versions now, why not remove all that associated code?
    JG
    PS - If you're posting here you should be using:

    error_reporting(E_ALL);
    ini_set('display_errors', '1');


    at the top of ALL php code while you develop it!

  5. #5
    Join Date
    Aug 2004
    Location
    Ankh-Morpork
    Posts
    22,146
    Do you have all errors/warnings/notices turned on? If not, I'd suggest turning them on, either in your PHP config or at a per-script level.

    If you don't want to do that for some reason, then main thing that I'm initially thinking of is detecting if headers have already been sent before you do any session-related stuff. You could add this check before any call to session_start():
    PHP Code:
    if(headers_sent()) {
        die(
    "Uh-oh: headers already sent!");

    Another possible gotcha is if you hit the different endpoints with different sub-domains (including "www." versus no sub-domain), in which case you may want to set the cookie domain explicitly, either in your overall config (better) or per-script:
    PHP Code:
    <?php
    session_set_cookie_params
    (60*60*24'/''.example.com'); // note leading dot
    session_start();
    "Well done....Consciousness to sarcasm in five seconds!" ~ Terry Pratchett, Night Watch

    How to Ask Questions the Smart Way (not affiliated with this site, but well worth reading)

    My Blog
    cwrBlog: simple, no-database PHP blogging framework

  6. #6
    Join Date
    Jul 2013
    Location
    Voorheesville NY USA
    Posts
    1,827
    Quote Originally Posted by henryreviews123 View Post
    Nothing more to say, UP
    What the H... does that mean?

    You've been given two separate responses with suggestions and this is your response?

    I'll say good bye now.
    JG
    PS - If you're posting here you should be using:

    error_reporting(E_ALL);
    ini_set('display_errors', '1');


    at the top of ALL php code while you develop it!

  7. #7
    Join Date
    Aug 2004
    Location
    Ankh-Morpork
    Posts
    22,146
    Quote Originally Posted by ginerjm View Post
    What the H... does that mean?

    You've been given two separate responses with suggestions and this is your response?

    I'll say good bye now.
    That was not from the OP. I assume I was being up-voted. (The stackoverflow syndrome)
    "Well done....Consciousness to sarcasm in five seconds!" ~ Terry Pratchett, Night Watch

    How to Ask Questions the Smart Way (not affiliated with this site, but well worth reading)

    My Blog
    cwrBlog: simple, no-database PHP blogging framework

  8. #8
    Join Date
    Jun 2017
    Posts
    18
    Thank you all for your help. Two questions that are potential problems for me that I formulated via research:

    1. Does my issue have to do with the fact that I'm sending headers twice in the same file (listener.php)? If not, then...

    2. Besides the file_get_contents() function that I'm invoking before the second header is sent (which apparently is output and producing output before a header call is a no-no, so I'll get rid of that), is there any other place in my code where it seems I would be producing output? I can't see it.

  9. #9
    Join Date
    Jun 2017
    Posts
    18
    If the answer to my first question is "yes", then I have to find a different way to get information securely from one page to the next (database probably?); I need that first header [(header("HTTP/1.1 200 OK")] because that's an important component for the listener file.

  10. #10
    Join Date
    Jun 2017
    Posts
    18
    Never mind folks! I found another solution that works fine... there's security issues but I'm sure they'll be fixable. Again, thank you all for all your help!

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles