I'm trying to make a site completely dynamical with php and a mysql database. On that site, you have a news section, code section, etc. and I can upload files and change the content of the different sections in my admin pannel. I'm useing sessions for the login, and I have a few problems with my scripts:
[list=1]
I change he content of the sections with a textarea and then put it in my database. In that textarea, I write the contenet in HTML (so I put the HTML code in my database) But when I enter a link, php puts the PHPSESSID behind every link I type. I don't want this. What can I do?
note: in the form, I pass the PHPSESSID as hidden like this:<input type=\"hidden\" name=\"PHPSESSID\" value=$PHPSESSID>
ex: when I type <a href=www.codingforums.com>CodingForums</a>
he will make this out of it:<a href=www.codingforums.com?PHPSESSID=122c8e67ba1874a6118e9dafc816a19f>CodingForums</a>
when I brows my admin pannel with links (not forms), he'll put the PHPSESSID in the browser bar. how can I keep the PHPSESSID hidden from the user?
The session "cookies" are stored on my server. for that, it needs a tmp directory in the directory where my loginscript is. Can't I put it somewhere on a general place? I don't think it deletes those cookies, because even when I'm not logged in, I have files in that tmp directory. Shouldn't they be deleted when the user loggs off, or when he leaves the site?
Like I said, I'm puting HTML in that textarea for output on my site, what if I want to use normal text. like when I press enter, he'll go to a newline. Like these forums, I press enter in this textarea and I get a newline after I pressed the submit button
[/list=1]

Thanks for reading all my questions. (I know it's alot, but I'm just learning :( )

--Maes

For the session, check your phpinfo() for --enable-trans-sid at the top, or session.use_trans_sid = 1 in the session section. If that is set to one the server would pass the session id transparently through the url (on any page after the one the session is instantiated on).

You could try

ini_set(session.use_trans_sid,"1");

in your scripts (untested)
Note: The session tmp folder should be absolutely at root eg /tmp/ and not tmp/

For the newlines either

echo nl2br($txt);
or
echo str_replace('
','<br />',$txt);

should do.

Thanks Ökii,


My session.use_trans_sid is allready on 1 (local and master value, whatever that may be) and I couldn't find enable-trans-sid.


>>Note: The session tmp folder should be absolutely at root eg /tmp/ and not tmp/

this is what I have in my phpinfo():

Local Value Master Value
session.cookie_path ./ ./
session.save_path ./tmp ./tmp

I assume this is wrong:confused:
should it be ../tmp/ or is there a way to put the session files outside my htdocs?

About the newline, hat makes sence to me. (I haven't tested it)


thx

--maes

In a file system, there are a few special symbols. They are

.
..
/
. means look in the current directory
.. means look in the parent directory
/ means start from the root directory

The root directory (in UNIX) is the same as c:\ in windows. (Well not exactly, but for the sake of simplicity we'll go with that for now)

so, if your in the directory
/usr/local/www/html/myfolder
. = /usr/local/www/html/myfolder
.. = /usr/local/www/html
and
/ = /

in Windows you might be in
c:\apache\bin\htdocs\myfolder
so
. = C:\apache\bin\htdocs\myfolder
.. = c:\apache\bin\htdocs
/ would be c:\

so, when your session.cookie_path and session.save_path are set to ./ and ./tmp, your actually telling the server to save the information in the current directory (or a tmp off the current directory) directory.

You should changes these to / and /tmp respectively. That will tell the server to go all the way back to the root and save the files there (or look in the tmp directory and save the files there)

I hope this makes sense.

Right now with these paths set to ./, if your in the /usr/local/www/html/myfolder thats where the files will be saved, on the other hand if you set it to / the files will go there.

Thx bcarl314,
that works :thumbsup: