Do I need a cookie?

[firecat318]

On my website, users have the option to have a profile and edit it with appropriate information.

 

I just use sessions to keep my users log in from page to page. This is the basic layout of it, on the login page, I have this..

 

PHP Code:

 

<?
include("connection.php");

$username = $_POST['username'];
$password = $_POST['password'];

$query = "SELECT * FROM users WHERE username='$username' AND password='$password'";

$result = mysql_query($query);

if(mysql_num_rows($result) != 1) {
    echo "<font color=red><b>Wrong Credentials!</b></font><br>";
    echo "<a href=forgot.php class=forgot>forgot your password?<br></a>";
    die("<a href=index.php class=forgot>try again</a>");
} else {

    $_SESSION['username'] = "$username";
}
?>

 

Then, on the top of every single page, I put this.

 

PHP Code:
<?
session_start();
$session = $_SESSION['username'];
include("connection.php");
?>

 

But I have a problem. Whenever a user edits his/her profile, it logs you out right after. This is my edit.php page, (the jist of it)

 

PHP Code:

 

<?
session_start();
$session = $_SESSION['username'];
include("connection.php");
$query = mysql_query("SELECT `id` FROM `users` WHERE `username` = '$session'");
$id = mysql_result($query, 0);
    echo "$id";
?>

<b>Edit your profile:</b><br><br><br>
<font color=red>Favorite Quote:</font>
<form action=" <? $_SERVER['PHP_SELF']; ?> " method="POST">
<textarea cols="40" rows="10" name="favorites">
</textarea><br>
<input type="submit" name="quote" value="Update">
</form>

<?

$quote = $_POST['favorites'];

$sql = mysql_query("UPDATE `users` SET `quote` = '$quote' WHERE `username` = '$session'");
echo "Thank you for updating your profile!";
if(!$sql) {
     die(mysql_error());
}
?>

 

Then my main profile.php page is this.

 

PHP Code:
<?
session_start();
$session = $_SESSION['username'];
include("connection.php");
?>

<html><head><TITLE>Page</TITLE>
<link rel="stylesheet" type="text/css" href="../style.css" />
<meta name="description" content="Blah blah" />
</head>

<body bgcolor="#E5E5E5">

<?    
if($session) {

$username = mysql_real_escape_string($_GET['user']);

$query = "SELECT * FROM `users` WHERE `username` = '$session'";
$result = mysql_query($query);
$row = mysql_fetch_assoc($result);

$sql = mysql_query("SELECT `quote` FROM `users` WHERE `username` = '$session'");
$quote = mysql_result($sql, 0);

?>

<div id="header">
    <table><tr><td align="left"><table>
        <tr><td width="220px" height="26" id="welcome">
        <a href="/"><img src="../images/logo.gif"></a></td></tr> 
    </table>
        </td><td align="center">
        <table>
        <tr><td align="center"><a href="features.php" id="top_links" class="top">features</a></td><td><b>|</b></td>
        <td align="center"><a href="forum" id="top_links" class="top">forums</a></td><td><b>|</b></td>
        
        <?
        if($session) {
        $query = mysql_query("SELECT `username` FROM `users` WHERE `username` = '$session'");
        $row = mysql_fetch_assoc($query);

        echo "<td align='center'><a href='profile/?user={$row['username']}' id='top_links' class='top'>profile</a></td><td><b>|</b></td>";
         } else { 
        ?>
        <td align="center"><a href="register.php" id="top_links" class="top">register</a></td><td><b>|</b></td>
        <? } ?>
        <td align="center"><a href="music.php" id="top_links" class="top">music</a></td><td>
        <tr><td align="center"><a href="featured.php" id="top_links" class="top">featured</a></td><td><b>|</b></td>
        <td align="center"><a href="subscribe.php" id="top_links" class="top">subscribe</a></td><td><b>|</b></td>
        <td align="center"><a href="feedback.php" id="top_links" class="top">feedback</a></td><td><b>|</b></td>
        <td align="center"><a href="contact.php" id="top_links" class="top">contact</a></td></tr>
        </td>
    </table>
    
    <td align="right"><table>
        <tr><td colspan="2" align="center"><font size="-1">Profile Username Search</font></td>
        <td colspan="2"align="center"><img src="/images/searchicon.gif" width="25px" height="20px" alt="search"></td></tr>
        <tr><td colspan="2" ><input type="text" name="msearch" size="20"></td>
        <td colspan="2" ><input type="submit" name="submit" value="Find" class="register" title="Search for a profile"></td></tr></table>
        </td>
        
        <?
        if($session) {
        ?>
        
        <td align="right">
        <a href="logout.php" class="forgot">Logout</a>
        </td>
        
        <?
        } 
        ?>
        
    </table>    
</div> <br />
<?
if($session) {
include("header.php");
}
?>

 

Can anybody help me figure out, that whenever you get done editing your profile, and go back to the profile page, it logs you out? Do I need to setup a cookie or something similar?

[woobarb]

Not that i've been all through your code, but starting a session sets a session cookie, you get the value of it using:

$sid = session_id();

[firecat318]

But how would I stop it from logging out whenever I leave the profile page?  Keep in mind, it never logs out navigating through all the other pages, but only on the /profile/ part of the site.

[revraz]

Your code is confusing.  Why do you have so many IF ($session) statements?  I would rethink your logic a bit and clean up the flow.

 

 

[firecat318]

Because if they are login I want to show extra stuff, or else leave it out.

[revraz]

I understand that, but you can do it all under one IF statement and not multiple.