Hiding Session Id

**kabooms** · 12.07.09, 05:42

Originally posted by kiLLeR-eyEd_14 View Post

that's very easy, but b4 u make it, ur webhost must support the php mail() function..I've done coding it in my site a month ago..

yah bro killer eyed i will buy a 1year webhosting this coming 23 or 24 of july here at makati medyo mahal pero cguro okey naman bka may ma offer ka n mura n webhost jan al0ng manila kita tau i paid u cash or bank? Ok lng bro na pa copy naman ng register password send by email need q kc para iwas pasaway na wapper.. The code work like an angel i try in my wamp server .Thankz...

**robzky** · 12.07.09, 09:40

Originally posted by kiLLeR-eyEd_14 View Post

on every page or file.,to know if session really starts and set.,else return ses expire..

-Ive Got it.. thanks Killer-eyed..

**kiLLeR-eyEd_14** · 12.07.09, 12:47

Originally posted by kabooms View Post

yah bro killer eyed i will buy a 1year webhosting this coming 23 or 24 of july here at makati medyo mahal pero cguro okey naman bka may ma offer ka n mura n webhost jan al0ng manila kita tau i paid u cash or bank? Ok lng bro na pa copy naman ng register password send by email need q kc para iwas pasaway na wapper.. The code work like an angel i try in my wamp server .Thankz...

pgka2alam q mer0n na t0pic nyan dto.,search mu na lng..

**~~kazzin~~** · 16.07.09, 10:26

Originally posted by kiLLeR-eyEd_14 View Post

This is what i've done successfully..
In core.php put this

session_start();
$sid = $_SESSION['sid'];

on top or bottom then in login.php find

$sid = md5($did);

and change it to

$_SESSION['sid'] = md5($did);
$sid = $_SESSION['sid'];

observe it..After defining $_SESSION['sid'] as an md5($did) then define $sid as $_SESSION['sid'] so that it means $sid = $_SESSION['sid'] while the value of $_SESSION['sid'] = md5($sid);
then on every page, you don't need to put something 'cause the session_start() and $sid = $_SESSION['sid'] is already in core.php and core.php is already included on every page..You just need to remove all $sid = $_GET['sid'] and all &sid=$sid..To display if not logged in or session expired i made this code

if(($action != "") && ($action!="terms") && ($action!="gviewfrm") && ($action!="gviewcat") && ($action!="gviewtpc") && ($action!="gforumindx"))
{
$uid = getuid_sid($sid);
if((empty($_SESSION['sid']) OR (!isset($_SESSION['sid'])))
{
put here your codes for ses expire
}
}

then to destroy session, put this on top or bottom of the msg successfully logged out,

unset($_SESSION['sid']);
$_SESSION = array();
session_destroy();

plz help me to add this code in action=logout

PHP Code:


unset($_SESSION['sid']);

$_SESSION = array();

session_destroy();

one problm is there m successfully login bt i cant c owner cp also delete option of shout in main page y ownercp option is hide plz fix dis prblm

**~~kazzin~~** · 16.07.09, 10:43

guest can enter the site if ryt url hummingbird feeder tube urs classic at ursite.com
there is nothing show ur session id expire also this code show error parse error { sign creating prblm

PHP Code:


if(($action != "") && ($action!="terms") && ($action!="gviewfrm") && ($action!="gviewcat") && ($action!="gviewtpc") && ($action!="gforumindx"))

{

$uid = getuid_sid($sid);

if((empty($_SESSION['sid']) OR (!isset($_SESSION['sid'])))

{

put here your codes for ses expire

} 

}

**kiLLeR-eyEd_14** · 17.07.09, 01:14

Originally posted by kazzin View Post

plz help me to add this code in action=logout

PHP Code:


unset($_SESSION['sid']);

$_SESSION = array();

session_destroy();

one problm is there m successfully login bt i cant c owner cp also delete option of shout in main page y ownercp option is hide plz fix dis prblm

try using the function isowner($uid) c0z that's also my pr0b and i s0lved it by using that

**shad0w** · 22.07.09, 09:53

Why do you need to make session protection for lavalair ?? You can make

PHP Code:


$browser[0] = select browser from ..._users;

$nowbrowser = getbrowser();

if ($browser[0]!==$nowbrowser)

{

LOGOUT USER

}

The same thing can be made for IP too ..

**i0nutzxp** · 22.07.09, 18:06

Originally posted by shad0w View Post

Why do you need to make session protection for lavalair ?? You can make

PHP Code:


$browser[0] = select browser from ..._users;

$nowbrowser = getbrowser();

if ($browser[0]!==$nowbrowser)

{

LOGOUT USER

}

The same thing can be made for IP too ..

its a not god idea

**kiLLeR-eyEd_14** · 22.07.09, 23:00

Originally posted by kazzin View Post

guest can enter the site if ryt url hummingbird feeder tube urs classic at ursite.com
there is nothing show ur session id expire also this code show error parse error { sign creating prblm

PHP Code:


if(($action != "") && ($action!="terms") && ($action!="gviewfrm") && ($action!="gviewcat") && ($action!="gviewtpc") && ($action!="gforumindx"))

{

$uid = getuid_sid($sid);

if((empty($_SESSION['sid']) OR (!isset($_SESSION['sid'])))

{

put here your codes for ses expire

} 

}

add islogged($sid)==false OR $uid==0 then ses expire

**shad0w** · 24.07.09, 07:04

Why to modify the whole script when you can make ip/browser protection ....

**metulj** · 24.07.09, 19:03

Originally posted by shad0w View Post

Why to modify the whole script when you can make ip/browser protection ....

because....
for example..
i(and many others as well !)
can change IP AND browser faster than you can ban them !

**shad0w** · 26.07.09, 09:59

Originally posted by metulj View Post

because....
for example..
i(and many others as well !)
can change IP AND browser faster than you can ban them !

And what if the `hacker` change IP and browser ? They can not use other users session :D ...

**CreativityKills** · 26.07.09, 15:40

I dnt think u undastand wot we're saying. Okay to illustrate, use mobile.aolsearch.com to log into a site dat uses dat method of ip/brwsr session validation, tel me if u get past login page or 2pages afta login. You'd get logged out. Why? They change their ip randomly. So does other network providers. They dnt usually use static ips. Therefore it may work 4 u cuz ur network uses static ip bt i can assure ur stubborn ass dat u'l get ppl leaving ur site so fast cuz they r gettn logged owt. But hey u can put ur ads in ur "your session has expired" page so ur visitors can c it often ROFL.

**something else** · 26.07.09, 16:03

but it doesnt work eg: here is a snapshot of 1 of shadows staff members screens:
thats why best not to use sessions in urls

Attached Files

**i0nutzxp** · 26.07.09, 16:27

Originally posted by something else View Post

but it doesnt work eg: here is a snapshot of 1 of shadows staff members screens:
thats why best not to use sessions in urls

from where u have that print?:O its a RO chat

Hiding Session Id

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment