Support » Fixing WordPress » WP session handling

  • Resolved dennishall

    (@dennishall)


    Hi:

    I have two forms in my site and I rely on sessions being maintained because my second form updates the mysql record that the first form inserted.

    Outside WP, these work fine, but inside WP I get 2 records in my DB where each contains the information from the form that it processed.
    My objective is to have the first form insert a record and the second form update the same record.

    I’m using PHP sessions in this and have not found a clear answer or a working correction to this issue of WP not supporting PHP sessions.

    Has anyone found a working solution to this?

    Best Regards,
    dennishall

Viewing 13 replies - 1 through 13 (of 13 total)
  • How are you updating the database? at what point, as it is probably safer to use add_action ('init', ...) and do the necessary updating within that function.

    Thread Starter dennishall

    (@dennishall)

    Thanks for the reply Rich…

    I’ve looked at add_action() and am not able to associate the function with my sessions issue.

    I’m writing to the DB using include files in my headers.

    Here is the full specs of what I’m doing.
    My URL is as follows:
    http://wordpress.products-and-services.ca
    ROI Register “/roi-register/” is where the user registers to use the form.
    The ROI Register form action calls its processor “/form-pre/” which contains the following:

    <?
    include 'wp-config.php';
    session_start();
    $_SESSION['name'] = $_POST['name'];
    $_SESSION['email'] = $_POST['email'];
    $_SESSION['company'] = $_POST['company'];
    $_SESSION['phone'] = $_POST['phone'];
    mysql_query("INSERT INTO wp_roi('name','email','company','phone') VALUES ('$_POST[name]','$_POST[email]','$_POST[company]','$_POST[phone]')")
    	or die(mysql_error());
    mysql_close();
    header ("location: http://wordpress.products-and-services.ca/roi_form.php");
    ?>
    <html>
    <head>
    <meta http-equiv="content-type" content="text/html; charset=UTF-8">
    </head>
    <body>
    The roi form will pop up.
    </body>
    </html>

    I then have the WP Super Popup plugin that applies a lighbox to the /form-pre/ page and includes the roi_form.php file in its contents.
    The roi_form.php file contains the following PHP code as its first lines:

    <?
    session_start();
    $_SESSION['name'] = $_POST['name'];
    $_SESSION['email'] = $_POST['email'];
    $_SESSION['company'] = $_POST['company'];
    $_SESSION['phone'] = $_POST['phone'];
    ?>

    This form also calls roi_insert.php when the user clicks the Show Results button (all other page actions do not communicate further).
    Here is the code for roi_insert.php:

    <?
    include ('wp-config.php');
    session_start();
    $_POST['email'] = $_SESSION['email'];
    echo $_POST['email'];
    echo $_SESSION['email'];
    mysql_query("UPDATE wp_roi SET software='$_POST[software]', patients='$_POST[patients]', reimbursement='$_POST[reimbursement]', rejection='$_POST[rejection]' WHERE email='$_POST[email]'")
    	or die(mysql_error());
    mysql_close();
    sleep(30);
    ?>

    Finally, the results (if you follow through this form stuff) can be seen after 30seconds in the RIO Report page of the site.
    Atlernatively, you can close and reopen the browser to get to the report results faster.

    As you will see, teh results will be written in 2 records, the UPDATE query cannot find the email session var in the $post.

    erm is that your actual code?

    Thread Starter dennishall

    (@dennishall)

    Hi Rich…

    This is only the session handling and DB part of the code.
    The HTML portion of the registration form is not posted as it is just a form and the roi form is over 350 lines (not the best thing to post).

    This is a WP install I use to develop on and this is my first attempt at creating this form in WP.

    The session handing is the issue, as all this works perfectly outside WP.

    Any assistance would be highly valued.

    Well I asked because the code you have posted is very insecure.

    This is the code I use to start a session, but I’m not saying it is correct, just that it does work.

    add_action('init','eshopsession',1);
    if (!function_exists('eshopsession')) {
    	function eshopsession(){
    	 	if(!session_id()){
    	    	session_start();
        	}
        }
    }

    I would suggest you also look at sanitising your values before using them in a query.

    Thread Starter dennishall

    (@dennishall)

    Thanks Rich…

    I know that my queries at this time are subject to injection and are insecure.

    However, given the issue I have been having, I needed to keep this to the most basic.

    I’ll wrap my code into a function and try your code above. I greatly appreciace the help and will look further into the add_action function of WP.
    To try to comply with WP standards as closely as possible, would you also suggest I try using $wpdb function?

    yes, it will make things so much easier, especially in securing the values.

    Thread Starter dennishall

    (@dennishall)

    Hi Rich…

    After hours of messing around (hacking at this point), I’ve combed for various session solutions, mashing them where i could, and now have the following code in their perspective files:

    My template functions.php contains a new function as follows:

    function session_manager(){
    	if (!session_id()){
    		session_start();
    		}
    	$_SESSION['email'] = $_POST['email'];
    	}

    My WP page /reg-form/ posts to roi_form.php on submit.
    roi_form.php has the following code block:

    include 'wp-config.php';
    add_action('init', 'session_manager');
    mysql_query("INSERT INTO wp_roi(<code>name</code>,<code>email</code>,<code>company</code>,<code>phone</code>) VALUES ('$_POST[name]','$_POST[email]','$_POST[company]','$_POST[phone]')")
    	or die(mysql_error());
    mysql_close();

    The code block above does post to MySQL.
    My roi_form.php calls roi_insert.php on submit which contains the following code block:

    include 'wp-config.php';
    include 'TEMPLATEPATH . /functions.php';
    add_action('init', 'session_manager');
    mysql_query("UPDATE wp_roi SET software='$_POST[software]', patients='$_POST[patients]', reimbursement='$_POST[reimbursement]', rejection='$_POST[rejection]' WHERE email='$_POST[email]'")
    	or die(mysql_error());
    mysql_close();
    sleep(30);

    This does not post to MySQL when used with /roi-reg/ but will post a seperate record if I run it directly.
    So, in short, no difference.

    I have not gotten to the point where I’m using $wpdb, sanitizing, or exscaping yet as my focus before continuing is to even get this to do a basic function of updating.

    I tried using your code block adaptively, but only revieved errors regarding add_action.

    I’ve exhausted my knowledge at this point and am running in circles.

    It would be a huge contribution to ALL those people looking for WP session solutions if you could take my code above and just post something that works – as I see it, all those forums and blogs that say it works have yet to actually show s real-world example.

    I you can do this, I’ll publish a real world example identifying you as the source.

    If you need all my complete files including my creat table script, let me know and I’ll post a link to a zip file containing everything.

    Best Regards,
    dennishall

    Hmm it’s difficult to help because you are mixing non WordPress with WordPress.

    Are you writing this as a plugin? or adding it to a themes function file, or?

    I use another action added onto init to process my form submissions.

    Thread Starter dennishall

    (@dennishall)

    Hi Rich…
    At this point just dealing with sessions in WP.

    I work with php sessions all the time and have never had such a tough time. I appreciate WP but am supprised this has not been a higher priority.

    I’ve posted my zip file to the following URL:
    http://wordpress.products-and-services.ca/roi.zip

    In the zip file, the folder structure is maintained and the file can be extracted to the WP root (example: the same place my zip file is now). Be aware, if you try this on your site, rename you themes functions.php file first.

    You will notice a few new lines I’ve done since my last post.

    Maybe seeing the bigger picture will help you to help me sort this out. Later, I could think of turning this into a plugin (as it also has an admin panel called roi_report.php).

    I do also want to publish this information as it really seems sparse and never seems to work from what I’ve tried with other developers solutions.

    If you are able to assist here, it would be awsome.

    Best Regards,
    dennishall

    I wouldn’t be able to go through that, sorry.

    I’d suggest making it as a plugin, and you will then be able to use all of the available functionality within WordPress.

    Thread Starter dennishall

    (@dennishall)

    Thanks anyhow Rich…

    I’m beginning this plugin venture now.

    I’ve been reading that javascript is not allowed to run in WP (I’ve installed 3.0.4 on my host). I’ve also seen work-arounds to this.

    What’s the real story?

    For this test, I’m sticking with the 2010 default theme and plan to place all the js files for this roi form set into either my theme dir or the plugins/roi_calculator/ dir.

    Keeping the files together in the plugin dir is my preference, however, given the work-arounds I’ve seen, I question running js in my plugin dir.

    Can you provide me some insight?

    Thanks for your valued assistance to date.
    dennishall

    You can use javascript, front and back.

    You can have your javascript files whereever, look at using wp_enquque_script, Function Reference/wp enqueue script

Viewing 13 replies - 1 through 13 (of 13 total)
  • The topic ‘WP session handling’ is closed to new replies.