DEVILofDARKNESS Posted June 27, 2009 Share Posted June 27, 2009 Okay I had made a php script to check if a user is valid. I include it in every page, except the homepage,login and register ofcourse, but I found out that $userid and $nationid, don't contain a value, altough I'm not redirected to the loginpage... Can somebody please say what I've done wrong? checkuserid.php <?php if(isset($_SESSION['userid'])){ $userid = $_SESSION['userid']; if(isset($_SESSION['nationid'])){ $nationid = $_SESSION['nationid']; }elseif(isset($_GET['nationid'])){ $nationid = $_GET['nationid']; }else{ $query = "SELECT nation_id FROM users WHERE user_id = '$userid'"; $result = mysql_query($query); list($nationid) = mysql_fetch_row($result); } }else{ header('location:./login.php'); } ?> Quote Link to comment Share on other sites More sharing options...
ldougherty Posted June 27, 2009 Share Posted June 27, 2009 What makes you positive you have no values? I mean if you take out all of the nationid stuff you will see clearly that you should be redirected if the session userid is not set. <?php if(isset($_SESSION['userid'])){ $userid = $_SESSION['userid']; }else{ header('location:./login.php'); } ?> Try running this before your script to see what session variables are actually set. <?php session_start(); Print_r ($_SESSION); ?> Quote Link to comment Share on other sites More sharing options...
DEVILofDARKNESS Posted June 27, 2009 Author Share Posted June 27, 2009 array([userid] => 19 .... So the userid is set, the nationid isn't, but why won't the script give the $userid to the page if I include checkuserid.php in that page? Quote Link to comment Share on other sites More sharing options...
DEVILofDARKNESS Posted June 28, 2009 Author Share Posted June 28, 2009 should I make a function of it? functions.php <?php function checkuserid(){ if(isset($_SESSION['userid'])){ $userid = $_SESSION['userid']; if(isset($_SESSION['nationid'])){ $nationid = $_SESSION['nationid']; }elseif(isset($_GET['nationid'])){ $nationid = $_GET['nationid']; }else{ $query = "SELECT nation_id FROM users WHERE user_id = '$userid'"; $result = mysql_query($query); list($nationid) = mysql_fetch_row($result); } }else{ header('location:./login.php'); } } ?> Quote Link to comment Share on other sites More sharing options...
DEVILofDARKNESS Posted June 28, 2009 Author Share Posted June 28, 2009 Okay the function didn't work at all , but I saw somewhere this: <?php session_start(); require_once 'config.php'; // our database settings $conn = mysql_connect($dbhost,$dbuser,$dbpass) or die('Error connecting to mysql'); mysql_select_db($dbname); $query = sprintf("SELECT id FROM users WHERE UPPER(username) = UPPER('%s')", mysql_real_escape_string($_SESSION['username'])); $result = mysql_query($query); list($userID) = mysql_fetch_row($result); if(!$userID) { // not logged in! header('Location: login.php'); ?> Why would this work(and it does), but the script I made doesn't? The script I wrote even don't have to connect to the database so its faster. <?php if(isset($_SESSION['userid'])){ $userid = $_SESSION['userid']; $query = "SELECT nation_id FROM users WHERE user_id = '$userid'"; $result = mysql_query($query); list($nationid) = mysql_fetch_row($result); }else{ header('location:./login.php'); } ?> I really don't get why I'm not redirected. If I use print_r($_SESSION), I get the right userid, but if I just print $_SESSION['userid'] it contains nothing!? Quote Link to comment Share on other sites More sharing options...
DEVILofDARKNESS Posted June 29, 2009 Author Share Posted June 29, 2009 Is there really nobody? Quote Link to comment Share on other sites More sharing options...
DEVILofDARKNESS Posted June 29, 2009 Author Share Posted June 29, 2009 ? Quote Link to comment Share on other sites More sharing options...
aggrav8d Posted June 29, 2009 Share Posted June 29, 2009 if you're making a mysql_query then you have to connect to the database. if you're getting null or 0 from mysql_query it's probably because the query is failing but you're not seeing the error message. Quote Link to comment Share on other sites More sharing options...
DEVILofDARKNESS Posted June 29, 2009 Author Share Posted June 29, 2009 You mean I just should include my config file in the checkuserid.php script? Quote Link to comment Share on other sites More sharing options...
DEVILofDARKNESS Posted June 30, 2009 Author Share Posted June 30, 2009 Doesn't work either... Quote Link to comment Share on other sites More sharing options...
premiso Posted June 30, 2009 Share Posted June 30, 2009 Where are you setting the initial session variable? Are you sure it is being set properly, like it is not in an if statement that never gets ran? Also, where are you using $userid at, that it is not working. If it is inside of a function or class, it will not work because it has not been set as global. Quote Link to comment Share on other sites More sharing options...
DEVILofDARKNESS Posted June 30, 2009 Author Share Posted June 30, 2009 What do you mean with my initial session variable? $userid became a session from the login, and it is not in a function or a class its just in an other script I included. Quote Link to comment Share on other sites More sharing options...
DEVILofDARKNESS Posted June 30, 2009 Author Share Posted June 30, 2009 I checked some things and It's verry weird: If I login $_SESSION['userid'] is declared, and I'm auto redirected towards Overview.php, I printed the sessions and It gave me the right userid and nationid, but if i go to attack.php (manually in the browser) I use the same checkuserid.php script but tje userid and nationid aren't displayed?! Quote Link to comment Share on other sites More sharing options...
premiso Posted June 30, 2009 Share Posted June 30, 2009 What do you mean with my initial session variable? Are you sure it is being set properly when the user logs in? Somewhere along the way $_SESSION['userid'] is not being set, or got corrupted some how. Also, are you calling session_start before the checkuserid script somewhere? (Just figured I would verify that as well). As both sets of code, I do not see that. Which would cause you an issue if it is not. Quote Link to comment Share on other sites More sharing options...
DEVILofDARKNESS Posted June 30, 2009 Author Share Posted June 30, 2009 See In the login script the folowing lines is written: $_SESSION['userid'] = $id; header('location:./overview.php'); I echo'd $userid using the checkuserid.php on the overview.php page and I got the right userid! I did the same on attack.php but that didn't work... checkuserid.php <?php session_start(); require_once './config.php'; if(isset($_SESSION['userid'])){ $userid = $_SESSION['userid']; $query = "SELECT nation_id FROM users WHERE user_id = '$userid'"; $result = mysql_query($query); list($nationid) = mysql_fetch_row($result); }else{ header('location:./login.php'); } ?> attack.php <?php session_start(); require_once './config.php'; require_once './checkuserid.php'; //checkuserid(); ?> <html> <head> <title>ATTACK!</title> </head> <body> <form action='' method='post'> <table border='1' height='100%' width='100%'> <tr> <td> <table border='0' height='100%' width='100%'> <!-- Central Part --> <tr> <td> <table border='0' height='100%' width='100%'> <tr><td colspan='2'>Step 1: Choose Your Target <?php echo $userid . $nationid; ?></td></tr> </table> </td> </tr> <tr> <td> <table border='0' height='100%' width='100%'> <?php $query = "SELECT * FROM regions WHERE (in_use = 'No') And (nation_id != '$nationid')"; $result = mysql_query($query); while($NYAR = mysql_fetch_array($result)){ // NYAR Not Your Active Regions echo "<tr><td>" . $NYAR['region_name'] . "</td><td><input type='radio' name='radioNYAR' value='" . $NYAR['region_id'] . "'></td></tr>"; } ?> </table> </td> </tr> <tr> <td> <table border='0' height='100%' width='100%'> <tr><td colspan='2'>Step 2: Choose Your Weapon(s)</td></tr> </table> </td> </tr> <tr> <td> <table border='0' height='100%' width='100%'> <?php /* CoRTable = Civilian or Ruler Table: Civilians: user_weapons Rulers: nation_weapons CoRIdName: Civilian: user_id Ruler: nation_id CoRId; The Id from the user or nation YW: YourWeapons */ $query = "SELECT * FROM " . $CoRTable . " INNER JOIN weapons ON " . $CoRTable . ".weapon_id = weapons.weapon_id WHERE " . $CoRIdName . " = '" . $CoRId . "'"; $result = mysql_query($query); while($YW = mysql_fetch_array($result)){ echo "<tr><td>" . $YW['weapon_name'] . "</td><td><input type='checkbox' name='checkYW' value='" . $YW['weapon_id'] . "'></td></tr>"; } ?> </table> </td> </tr> <tr> <td> <table border='0' height='100%' width='100%'> <tr><td colspan='2'>Step 3: FIRE!</td></tr> </table> </td> </tr> <tr> <td> <table border='0' height='100%' width='100%'> <tr><td colspan='2'><input type='submit' name='submit' value='FIRE!'></td></tr> </table> </td> </tr> </table> </td> </tr> </table> </form> </body> </html> Quote Link to comment Share on other sites More sharing options...
DEVILofDARKNESS Posted July 2, 2009 Author Share Posted July 2, 2009 Can somebody check this please? Quote Link to comment Share on other sites More sharing options...
DEVILofDARKNESS Posted July 2, 2009 Author Share Posted July 2, 2009 I really can't see why the userid isn't given to the page :'( Quote Link to comment Share on other sites More sharing options...
DEVILofDARKNESS Posted July 3, 2009 Author Share Posted July 3, 2009 would it be the checkuserid.php script or would it be something with the sessions? Quote Link to comment Share on other sites More sharing options...
cs.punk Posted July 5, 2009 Share Posted July 5, 2009 I think the problem lyes in your login page (or not calling "session_start();" )... Anyway I wrote a thing for you (took some time, but hey I was boReD)... This 'script' needs a database table of which has 3 columns (user_id, nation_id, password) which you should create beforehand... index.php <?php echo "<h1>This is the homepage right?</h1>"; echo "<br/><a href='login.php'>Login</a>"; echo "<br/><a href='protected.php'>Protected Page</a>"; echo "<br/><a href='logout.php'>Logout</a>"; ?> mysqli_con.php (Remember to change the values) <?php $dbhost = "localhost"; $dbuser = "root"; $dbpass = ""; $dbname = "thedatabase"; ?> login.php <?php session_start(); include "mysqli_con.php"; $mysqli_con = mysqli_connect ("$dbhost","$dbuser","$dbpass","$dbname") or die; if (isset($_POST['user_id']) && isset($_POST['password'])) {$user_id = mysqli_real_escape_string($mysqli_con, strip_tags($_POST['user_id'])); $password = mysqli_real_escape_string($mysqli_con, strip_tags($_POST['password'])); if (is_numeric($user_id)) {} else {die ("User_id is not a number"); } $sql_s_users = "SELECT * FROM users WHERE user_id='$user_id'"; $mq_s_users = mysqli_query($mysqli_con, $sql_s_users) or die ("Query failed!"); $users_result = mysqli_fetch_assoc($mq_s_users); if ($password == $users_result['password']) {$_SESSION['user_id'] = $user_id; $_SESSION['nation_id'] = $users_result['nation_id']; echo "Logged in!"; } else {echo "incorret"; } } ?> <?php if (isset($_SESSION['user_id'])) {echo "Sorry your already logged in"; } else {echo "<h1>This is the login page right?</h1> <form action='{$_SERVER['PHP_SELF']}' method='POST'> Your user ID? <input type='text' name='user_id' /> Your password? <input type='text' name='password' /> <input type='submit' value='Login'/> </form>"; } ?> checkuserid.php <?php if(isset($_SESSION['user_id'])) {$user_id = $_SESSION['user_id']; if(isset($_SESSION['nationi_d'])) {$nation_id = $_SESSION['nation_id']; } } else {header('Location: /login.php'); } ?> protected.php <?php session_start(); include "checkuserid.php"; print_r ($_SESSION); echo "<br/>If you have gotten so far, it should be solved...!"; ?> logout.php <?php session_start(); include "checkuserid.php"; if (isset($user_id)) {session_destroy(); unset ($_SESSION); echo "Logged out "; } else {echo "Your not logged in! Oi! ;O "; } ?> Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.