Beginner php session/user access question

Similar Messages

• How to invalidate old sessions when new user access appl  on same machine

  hi all,
  I am using Mozilla browser to access my web application.User one access my application using his credentials .but i left that browser open.after that I am opening the another Mozilla window and accessing my application using different credentials ex:user2 credentials .user 2 also can access my application.but when i open the first browser ..am automatically getting second user session.how can we avoid this problem.
  Application is using session identifier(jSessionID) as the URL parameter for session management.
  is it possible to invalidate the old session when new user access on same machine.
  thanks,
  Vishnu

  VishnuReddy wrote:
  hi all,
  I am using Mozilla browser to access my web application.User one access my application using his credentials .but i left that browser open.after that I am opening the another Mozilla window and accessing my application using different credentials ex:user2 credentials .user 2 also can access my application.but when i open the first browser ..am automatically getting second user session.how can we avoid this problem.That shouldn't occur. Either you explained it the wrong way (or I interpreted it the wrong way), or there's huge bug in your login/logout logic. After opening another window inside the same session, you should still be logged in as the first user.

• Exam 1Z0-007 and questions from Controlling User Access

  Hi,
  I am preparing for exam 1Z0-007 and going to give this exam in two weeks. I like to confirm if "Controlling User Access" topic is part of this exam 1Z0-007? I have checked on Oracle website and this topic is not a part if this exam anymore unless they add it later.
  Has anyone recently given this exam and were there any questions related to "Controlling User Access" or user Privileges?
  Thanks

  user10878991 wrote:
  Hi,
  I am preparing for exam 1Z0-007 and going to give this exam in two weeks. I like to confirm if "Controlling User Access" topic is part of this exam 1Z0-007? I have checked on Oracle website and this topic is not a part if this exam anymore unless they add it later.
  Has anyone recently given this exam and were there any questions related to "Controlling User Access" or user Privileges?
  ThanksI recommend people are very very very careful in answering this question as it could be very easy to breach one's certification candidate agreement.
  Rgds - bigdelboy.
  Edited by: bigdelboy on 27-Dec-2009 04:26
  It is certainly true the topic you mentioned is in ISBN: 007-219537-1 printed in 2001.
  It is also apparent, unless bigdelboy's eyeball is deceiving him, the topic does not appear in [http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=41&p_org_id=28&lang=US&p_exam_id=1Z0_007] which is authorative.
  I have not followed these things that closely until recently, however this will not be the only example of an OraclePress/Sybex book being left behind because of errata/topic updates etc. These often occur when the exams are update for new releases, eg from 10gR1 to 10gR2; or for when the exam moves from beta to production (sometimes these books are prepared and even pulbished while exam is in beta). In your case I suspect the change quite probably have occured when the exam moved from 9gR1 to 9gR2 or to better accomodate the WDP programme. The exam may also be influenced by the content of Oracle training courses that are being taught and from time to time these will be chaged for a variety of reasons.
  How you handle it is up to you ..... you may:
  - ignore these topics. IMHO you are always entitled to complain if questions asked did not sigificantly match the published topics and you feel this caused you to fail. (I assume the remedy would be a retake voucher). You can hit a comment button on the question and also a comment button the the end of the exam. This is a sort of negative approproach.
  - Go over these topics. If your're serious about Oracle you really need to understand this anyway. See it as an opportunity. A few hours revision ought tosee you able to answer 50% of he topics. This is a positive approach. And this if how certification study ought to be .... sometimes it good to investigate a non examined topic that is interesting.

• Logging user access with IP..?

  I want oto add some user logging for my site and since it requires authentication I believe most of the heavy lifting has already been completed. I'm hoping someone can give me some direction as to how to incorporate the pieces I need into what I have already existing.
  Currently I believe the following is the php for granting access on my site:
  <?php
  if (!isset($_SESSION)) {
    session_start();
  $MM_authorizedUsers = "";
  $MM_donotCheckaccess = "true";
  // *** Restrict Access To Page: Grant or deny access to this page
  function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) {
    // For security, start by assuming the visitor is NOT authorized.
    $isValid = False;
    // When a visitor has logged into this site, the Session variable MM_Username set equal to their username.
    // Therefore, we know that a user is NOT logged in if that Session variable is blank.
    if (!empty($UserName)) {
      // Besides being logged in, you may restrict access to only certain users based on an ID established when they login.
      // Parse the strings into arrays.
      $arrUsers = Explode(",", $strUsers);
      $arrGroups = Explode(",", $strGroups);
      if (in_array($UserName, $arrUsers)) {
        $isValid = true;
      // Or, you may restrict access to only certain users based on their username.
      if (in_array($UserGroup, $arrGroups)) {
        $isValid = true;
      if (($strUsers == "") && true) {
        $isValid = true;
    return $isValid;
  $MM_restrictGoTo = "../logon.php";
  if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {  
    $MM_qsChar = "?";
    $MM_referrer = $_SERVER['PHP_SELF'];
    if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
    if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0)
    $MM_referrer .= "?" . $QUERY_STRING;
    $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
    header("Location: ". $MM_restrictGoTo);
    exit;
  ?>
  I believe some of the pieces I'm missing are the IP address for the user and the sql needed for the INSERT into mySQL which I believe are as follows:
  $ip_address = $_SERVER["REMOTE_ADDR"];
         $sql = "INSERT INTO  user_tracking
                (username, ip_address)
                VALUES ('MM_Username', '$ip_address')";
  mysql_query($sql, $maxdbconn) or die(mysql_error());       'Is this the command for executing the SQL???
  My problem is I'm still green and don't understand the php routine well enough to be able to plug in these pieces and whether I'm missing something else so I'm hoping someone can help shed some light.
  Thanks.
  A JM,

  I found the original page and again I realize that I was missing some original code, I realize it makes it tough to follow - my appologies. I tested this source below and all is back to normal.
  So, back to trying to add the user to the tracking DB.
  I think the pieces I'm missing are as follows- not sure though...????
      //SQL string for user logged in
      $insertSQL = "INSERT INTO user_tracking (username, ip_address) VALUES ('maxadmin', '192.168.1.100')";
      mysql_select_db($database_maxdbconn, $maxdbconn);
      $Result1 = mysql_query($insertSQL, $maxdbconn) or die(mysql_error());
  However, when I add the lines before ( header("Location: " . $MM_redirectLoginSuccess ); )  I get an error message in Dreamweaver, "The Server Behavior panel cannot determine whether "Log In User" or "Log In User" is applied to your page. Please select Edit Server Behaviors and change one of the two behaviors to ensure that each is uniquely identifiable."
  A JM,
  <?php require_once('Connections/maxdbconn.php'); ?>
  <?php
  if (!function_exists("GetSQLValueString")) {
  function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
    if (PHP_VERSION < 6) {
      $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
    $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
    switch ($theType) {
      case "text":
        $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
        break;   
      case "long":
      case "int":
        $theValue = ($theValue != "") ? intval($theValue) : "NULL";
        break;
      case "double":
        $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
        break;
      case "date":
        $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
        break;
      case "defined":
        $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
        break;
    return $theValue;
  ?>
  <?php
  // *** Validate request to login to this site.
  if (!isset($_SESSION)) {
    session_start();
  $loginFormAction = $_SERVER['PHP_SELF'];
  if (isset($_GET['accesscheck'])) {
    $_SESSION['PrevUrl'] = $_GET['accesscheck'];
  if (isset($_POST['username'])) {
    $loginUsername=$_POST['username'];
    $password=$_POST['password'];
    $MM_fldUserAuthorization = "";
    $MM_redirectLoginSuccess = "dbpages/claimroot.php";
    $MM_redirectLoginFailed = "failedlogin.html";
    $MM_redirecttoReferrer = false;
    mysql_select_db($database_maxdbconn, $maxdbconn);
    $LoginRS__query=sprintf("SELECT username, password FROM users WHERE username=%s AND password=%s",
      GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text"));
    $LoginRS = mysql_query($LoginRS__query, $maxdbconn) or die(mysql_error());
    $loginFoundUser = mysql_num_rows($LoginRS);
    if ($loginFoundUser) {
       $loginStrGroup = "";
      //declare two session variables and assign them
      $_SESSION['MM_Username'] = $loginUsername;
      $_SESSION['MM_UserGroup'] = $loginStrGroup;         
      if (isset($_SESSION['PrevUrl']) && false) {
        $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];   
      header("Location: " . $MM_redirectLoginSuccess );
    else {
      header("Location: ". $MM_redirectLoginFailed );
  ?>

• OT: ending PHP sessions

  is there a way to run a script when a PHP session
  ends/closes? To do
  some cleanup?

  Alexander Ross wrote:
  > Yes ... but I'd like it saved ONLY for the duration of
  the user's
  > session. These images are being saved server-side, not
  on teh client's
  > machine
  That begs the question of why save the image in the first
  place.
  However, there are two approaches you can take:
  1. Ask the user to log out and use unlink() to remove the
  saved image as
  part of the logout process.
  2. Set up a scheduled task (cron job on a linux server) to
  delete all
  images that are more than two hours old, and run it once
  every 24 hours.
  Even if you do the first, you would probably need to
  implement the
  second one too, because you can't rely on everyone logging
  out.
  David Powers, Adobe Community Expert
  Author, "Foundation PHP for Dreamweaver 8" (friends of ED)
  Author, "PHP Solutions" (friends of ED)
  http://foundationphp.com/

• Multiple simutaneously logged in users accessing AFP home directories?

  Hi,
  Many of our problems are described in this guy's blog:
  http://alblue.blogspot.com/2006/08/rantmac-migrating-from-afp-to-nfs.html
  The basic capability we want is to have multiple simultaneously logged in users to have access to their AFP mounted home directory, which is configured in a sane, out-of-the box setup using WGM and Server Admin.
  Multiple user access could take the form of FUS (fast user switching), or simply allowing a user to SSH into a machine that another user is already logged into and expect to be able to manipulate the contents of her home directory.
  From my extensive searches, I have no reason to believe this is currently possible with 10.4 Server and AFP.
  (here's the official word from apple: http://docs.info.apple.com/article.html?artnum=25581)
  I've read that using NFS home directories will work, though.
  I want to believe that Apple has a solution for this by now (it's been almost a year since we first had difficulty), or at least a sanctioned workaround. If Apple doesn't have one, maybe someone else has come up with something clever. I find it hard to believe that more people haven't wanted this capability! (not being able to easily search the discussion boards doesn't help, though...)
  Thanks for your help!
  Adam

  Parallels Issue. Track at http://forum.parallels.com/showthread.php?p=135585

• How to trace an user access

  Even if I've got no DBA permission (for example I don't see the v$session table), have I got any way to trace the users accessing the DB? How can I do? I was told about trace but can someone tell me more? I'd like to know the user accessing the DB and the operation that he's launching. Is it possible?
  Thanks!

  Anything is possible if you have the correct privileges. But then you probably don't have those privileges, and probably for a reason, as you probably also don't have the DBA role for a reason.
  If you are to enable trace in a different session, you would need execute access on an Oracle provided package, which differs by version, and of course you assume Oracle never changes, and there is only one version out there: yours.
  For a DBA it would be the easiest to grant you the select_catalog_role and the execute_catalog_role.
  But then again one would ask why you think you should spy on him, and why you don't cooperate with him and/or try to convince him.
  Sybrand Bakker
  Senior Oracle DBA

• Multiple users accessing entity bean with same PK

  Hi,
  Some body please clarify the below issue.
  (EJB 1.1, WAS3.5)
  I have two app servers and two clones each clone is running in each app server.
  Stateful session bean access Entity beans to update/read record in the database.
  According to my requirement multiple users can access the same entity data (same primary key). Suppose user A created a Stateful session bean SB1 and the SB1 created Entity1 with PK1, this is happening at clone1.
  User B accessed the site and the request went to Clone2 and a new SB2 created, but the SB2 need to access the database with Same PK1.
  For the above situation, I guess container can not create a new Entity bean with PK1 because EB with PK1 is already there and it tries to allocate same EB1 with SB2, so if two requests are concurrent do the SB2 wait to get the handle of the EB1?
  Is there any way to create two Entity beans with same Primary Key at the same time but in different clone?
  Thanks,
  Sagar

  Hi,
  The concurrency level has to be set at the level of database and the database will take care of consistency & integrity of the data. So specity the concurrency level on the database connection in each appserver.

• Cross Domain User Access for Sharepoint 2013 site collection

  Hi All,
  We have three Domains , one is for client machines and  AD user access purpose and second one is production environment (only some of developers has access to this domain) and third one is SharePoint environment (Because External users needs to
  access my SharePoint sites) .
  now we need to access SharePoint site collections from my another two domain user accounts with out creating user account from SharePoint domain , how to enable this access?
  please advise.
  Thanks in Advance,
  Mani L

  Hi Mani,
  You're asking this question in the wrong forum, this forum is meant for suggestions and feedback on the forums themselves, not product support.
  I recommend reposting your question in the SharePoint forums here (or you can request that a moderator move this thread for you):
  http://social.technet.microsoft.com/Forums/en-us/home?category=sharepoint&filter=alltypes&sort=lastpostdesc
  Good luck.
  Don't retire TechNet! -
  (Don't give up yet - 12,950+ strong and growing)

• How can know which user accessing specific form in ERP application

  Hi,
  In our organization we have ERP application that is developed based on Orace forms and reports 10g.
  My question is how can i know which user accessing specific form in ERP application based on their login.
  Please do the needful.
  Regards,
  M. Satish

  What I infer from your statements now, significantly different from your OP, is that you do not have any logging mechanism and now want to introduce logging with minimum effort.
  If that is the case you can add the logging code in your Menu(s), before the CALL_FORM/NEW_FORM. Fewer object(s) to modify, but roughly the same lines of code get added.
  Regards,

• Non Domain User Access to Report Server

  HI Team,
  I am Back with another question. These days i am working on SSRS web services as a part of that i need to provide user access to non domain users to the report manager which is residing in a virtual machine and also when i use the report service web service
  URL it is asking for virtual machine's windows credentials and as per my client's requirement i should not be prompted with VM'S windows credentials.
  Also, we are providing end users with a login page and this login page is connected to a separate User's database  in the VM and how to register these non domain users in the report server database
  and also reort manager. please help me out of this issue. 
  Thank you.

  Hi NB515,
  In Reporting Services, if we connect to Report Manager out of domain, then we need provide a domain username and password can we access to it. If you want to skip this step, you can configure anonymous access for the report server. However,anonymous access
  is not recommended as it may give direct access to your report server or report projects to any one who know the URL of your Reporting Services. But in case you still want to try it, you can refer to the link below to see it:
  http://blog.quasarinc.com/ssrs/sql-server-reporting-services-2012-anonymous-access/
  If you have any questions, please feel free to ask.
  Regards,
  Charlie Liao
  TechNet Community Support

• Allowing users access to SQL Server 2014 analysis server cubes

  I am using SQL Server 2014 analysis server and have created a number of cubes. These all function as expected however it seems that only windows users who are in an
  administrator group can get access. All other users are denied access with the very vague error of 'Communication error'.
  If I then add that user to our administrators group within the windows domain they instantly get access. I have defined roles for each cube (within analysis services) and then added both individuals (i.e. their windows domain user id) as well as their windows
  domain groups to these roles but they still cannot get access - just get the error 'Communication error'.
  I am using ADOMD on the client side which I know works because users in the administrators group can see the data. I have granted cube permissions using Management studio however no matter what front end we use (either our own App or EXCEL) if the user in
  question is NOT in the administrator group in the domain they cannot get access to any of the cubes.
  Any help anyone can provide would be much appreciated. 

  Hamishr,
  According to your description, you want to grant the access permission to cube for the users who are not belong to Administrator group, right?
  By default, no one except a Server Administrator or Database Administrator has permission to query cubes in a database. Cube access by a non-administrator requires membership in a role created for the database containing the cube. Membership is supported
  for Windows user or group accounts, defined in either Active Directory or on the local computer. So in your scenario, please ensure the steps to grant permission are correct, you can refer to the link below check it.
  http://msdn.microsoft.com/en-in/library/ms174799.aspx
  Regards,
  Charlie Liao
  TechNet Community Support

• Using SSDs to limit user access to hosts

  I have a question about limiting user access to a host using SSDs. Is there any reason I should not do the following?:
  In the profile for the ldap client, myhost:
  serviceSearchDescriptor: passwd: ou=People,dc=example,dc=com?sub(|(host=myhost)(host=production)(host=ALL))
  Then in the users account:
  dn: uid=juser, ou=People,dc=example,dc=com
  host: myhost <---------------------------------------------------------------
  loginShell: /bin/ksh
  gecos: Joe User
  cn: juser
  uidNumber: 5555
  gidNumber: 5555
  homeDirectory: /export/home/juser
  objectClass: posixAccount
  objectClass: shadowAccount
  objectClass: account
  objectClass: top
  uid: juser
  etc
  I can add a single host, an environment (production), or all hosts for admins by editing user account. It seems to work fine in testing. I just don't want to get blind-sided by some glitch later. I am using Solaris 8,9, and 10 native clients and SunONE 5.2 DS with TLS.

  Thanks Gary. I sent you an email before I posted here. I wasn't sure if this is where you "hang out". :)
  I was thinking after posting here that I might want to do it with shadow instead of passwd so that permissions of files still showed the owner instead of id even if the owner were not allow to login. A somewhat rare situation, but it happens.

• OAS 10.1.2.0.2 - How configure PHP with database access

  I Installed OAS 10.1.2.0.2 on SuSe 9.3.
  I put in $ORACLE_HOME/Apache/Apache/htdocs a php pages for test if this OAS versión supported php.
  The test is ok, this versión support PHP, but not are configured to PHP with database access.
  My question is: How I configure this OAS 10.1.2.0.2 to use PHP with database access?
  I need install all PHP although my php pages is running (without database access) ??? or I only need configure database access?

  How I compile my PHP with --with-oci8??                                                                                                                                                                                                                           

• Anonymous user access site central admin?

  Anonymous user access site  central admin?

  Hi,
  you need to adjust the context, check this
  http://blogs.msdn.com/b/sowmyancs/archive/2008/08/14/spsecurity-runwithelevatedprivileges-an-important-point-while-using-it-in-web-context.aspx
  http://sharepoint.stackexchange.com/questions/46194/sharepoint-2010-runwithelevatedprivileges-throws-exception
  SPSecurity.RunWithElevatedPrivileges(delegate()
  using (SPSite elevatedSite = new SPSite(SPContext.Current.Site.Id))
  using (SPWeb elevatedWeb = elevatedSite.OpenWeb(SPContext.Current.Web.Id))
  // Perform administrative actions by using the elevated site and web objects.
  // elevatedWeb.CurrentUser.LoginName gives SHAREPOINTsystem
  Kind Regards,
  John Naguib
  Senior Consultant
  John Naguib Blog
  John Naguib Twitter
  Please remember to mark this as answered if it helped you