kenrbnsn Posted February 18, 2007 Share Posted February 18, 2007 That means that your code that sets the session variable "$_SESSION['userid']" is not working for some reason. Put echo statements in that routine to see where it is breaking. Ken Quote Link to comment Share on other sites More sharing options...
forumnz Posted February 18, 2007 Author Share Posted February 18, 2007 Where? In the login? Quote Link to comment Share on other sites More sharing options...
kenrbnsn Posted February 18, 2007 Share Posted February 18, 2007 Where ever you set the session variable. It's your code, you should know where you are attempting to store values. Ken Quote Link to comment Share on other sites More sharing options...
forumnz Posted February 18, 2007 Author Share Posted February 18, 2007 I had a little help with this login as well and it was a while ago so im not totally up with it. Here it is if you wouldn't mind having a look please? Quote Link to comment Share on other sites More sharing options...
JasonLewis Posted February 18, 2007 Share Posted February 18, 2007 this part here is storing the userid session variable. if($row[active] == "1"){ $found = "1"; $_SESSION['userid'] = $row[id]; $_SESSION['userid'] = $row[id]; }else{ echo "Account has not been activated - Check Your Email"; } you seem to be setting it twice, both the same. try echoing out $row['id'] then exit(); the script and see if it is getting anything. Quote Link to comment Share on other sites More sharing options...
kenrbnsn Posted February 18, 2007 Share Posted February 18, 2007 I took a look at the login.php script and found many coding irregularities. Here's my modified login.php script: <?php session_start(); /// connect to database if (!isset($_POST['username']) || (isset($_POST['username']) && $_POST['username'] == '') || !isset($_POST['password']) || (isset($_POST['password']) && $_POST['password'] == '')) { header ('location: error.php?li=Please+enter+valid+details'); exit(); } require("config.php"); $con=mysql_connect($mysql_hst,$mysql_us,$mysql_ps) or die('Could not connect: ' . mysql_error() . '<br /><br />Check your config file or contact your server support team.'); /// select DB $seldb = mysql_select_db($mysql_db, $con) or die ('Could not connect to the database you specified. Make sure it exists and is correctly named within config.php'); $password = base64_encode($_POST[password]); $username = str_replace(' ','/space/',mysql_real_escape_string(strtolower($_POST[username]))); $_SESSION['username'] = $username; $_SESSION['password'] = $password; /// if exists $q = "select * from memebers where `username` = '" . $username . "' and `password` = '" . $password . "'"; $ifexists = mysql_query($q) or die("Problem with the query:<pre>$q</pre><br>" . mysql_error()); if (mysql_num_rows($ifexists) == 0) { header ('location: error.php?li=Please+enter+valid+details'); exit(); } $row = mysql_fetch_assoc($ifexists); ///check active if ($row['active'] == '1') { $_SESSION['userid'] = $row['id']; header('location: index.php'); exit(); } else { header ('location: error.php?li=Please+enter+valid+details'); exit(); } ?> Some of the changes I made: I moved the check to see if a username and password were entered to the very beginning of the script, right after the session_start() statement. You had redundant DB selections and connections which I removed. I process the username and password and then store them in the $_SESSION array Since there should only be one username with a particular password, I modified the MySQL query to look for only that row. If no rows are returned, exit to the error script. If the row is found, check the "active" flag. I changed all of the "<META>" tags to header() function calls See if this code helps. Ken Quote Link to comment Share on other sites More sharing options...
forumnz Posted February 18, 2007 Author Share Posted February 18, 2007 I took a look at the login.php script and found many coding irregularities. Here's my modified login.php script: <?php session_start(); /// connect to database if (!isset($_POST['username']) || (isset($_POST['username']) && $_POST['username'] == '') || !isset($_POST['password']) || (isset($_POST['password']) && $_POST['password'] == '')) { header ('location: error.php?li=Please+enter+valid+details'); exit(); } require("config.php"); $con=mysql_connect($mysql_hst,$mysql_us,$mysql_ps) or die('Could not connect: ' . mysql_error() . '<br /><br />Check your config file or contact your server support team.'); /// select DB $seldb = mysql_select_db($mysql_db, $con) or die ('Could not connect to the database you specified. Make sure it exists and is correctly named within config.php'); $password = base64_encode($_POST[password]); $username = str_replace(' ','/space/',mysql_real_escape_string(strtolower($_POST[username]))); $_SESSION['username'] = $username; $_SESSION['password'] = $password; /// if exists $q = "select * from memebers where `username` = '" . $username . "' and `password` = '" . $password . "'"; $ifexists = mysql_query($q) or die("Problem with the query:<pre>$q</pre><br>" . mysql_error()); if (mysql_num_rows($ifexists) == 0) { header ('location: error.php?li=Please+enter+valid+details'); exit(); } $row = mysql_fetch_assoc($ifexists); ///check active if ($row['active'] == '1') { $_SESSION['userid'] = $row['id']; header('location: index.php'); exit(); } else { header ('location: error.php?li=Please+enter+valid+details'); exit(); } ?> Some of the changes I made: I moved the check to see if a username and password were entered to the very beginning of the script, right after the session_start() statement. You had redundant DB selections and connections which I removed. I process the username and password and then store them in the $_SESSION array Since there should only be one username with a particular password, I modified the MySQL query to look for only that row. If no rows are returned, exit to the error script. If the row is found, check the "active" flag. I changed all of the "<META>" tags to header() function calls See if this code helps. Ken I tried that and this error came up: Problem with the query: SELECT * FROM memebers WHERE `username` = 'admin1122' and `password` = 'YWRtaW4=' Table 'test.memebers' doesn't exist Quote Link to comment Share on other sites More sharing options...
kenrbnsn Posted February 18, 2007 Share Posted February 18, 2007 I misspelled "members". It should be <?php $q = "select * from members where `username` = '" . $username . "' and `password` = '" . $password . "'"; ?> Ken Quote Link to comment Share on other sites More sharing options...
forumnz Posted February 18, 2007 Author Share Posted February 18, 2007 Ok I corrected that but now.... Warning: Cannot modify header information - headers already sent by (output started at /usr/local/psa/home/vhosts/designervision.co.nz/httpdocs/clients/config.php:15) in /usr/local/psa/home/vhosts/designervision.co.nz/httpdocs/clients/login.php on line 30 Quote Link to comment Share on other sites More sharing options...
JasonLewis Posted February 18, 2007 Share Posted February 18, 2007 there is a sticky at the top of the board. here is a work-around: top of page: ob_start(); bottom of page: ob_end_flush(); Quote Link to comment Share on other sites More sharing options...
kenrbnsn Posted February 18, 2007 Share Posted February 18, 2007 In the file "config.php" are you writing anything to the screen on line 15? Ken Quote Link to comment Share on other sites More sharing options...
forumnz Posted February 18, 2007 Author Share Posted February 18, 2007 Awesome - the login works again! Now, how can I fix the other problem? No kenrbnsn just white space. Quote Link to comment Share on other sites More sharing options...
kenrbnsn Posted February 18, 2007 Share Posted February 18, 2007 White space counts as output. Do you still have the other problem? Ken Quote Link to comment Share on other sites More sharing options...
forumnz Posted February 18, 2007 Author Share Posted February 18, 2007 I have deleted the white space. Yes I still have the other problem - it wont display certain images based on whether that image has been set to 0 or 1 in the database. It still says these: Array ( [username] => admin1122 [password] => YWRtaW4= [userid] => ) You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1 Quote Link to comment Share on other sites More sharing options...
kenrbnsn Posted February 18, 2007 Share Posted February 18, 2007 That means that the $_SESSION['userid'] still is not being set. In the login.php, change: <?php if ($row['active'] == '1') { $_SESSION['userid'] = $row['id']; header('location: index.php'); exit(); ?> to <?php if ($row['active'] == '1') { echo '<pre>' . print_r($row,true) . '</pre>'; $_SESSION['userid'] = $row['id']; // header('location: index.php'); exit(); ?> This will dump the $row array and exit. Please post what is printed. Ken Quote Link to comment Share on other sites More sharing options...
forumnz Posted February 18, 2007 Author Share Posted February 18, 2007 Hey thanks this is printed Array ( [userid] => 4 [username] => admin1122 [password] => YWRtaW4= [active] => 1 [stg1] => 1 [stg2] => 0 [stg3] => 0 [stg4] => 1 [stg5] => 1 ) Quote Link to comment Share on other sites More sharing options...
kenrbnsn Posted February 18, 2007 Share Posted February 18, 2007 There's the problem. You are storing "$row['id']" in the session variable, but that doesn't exist, so nothing is being put in the session variable. Change the line: <?php $_SESSION['userid'] = $row['id']; ?> to <?php $_SESSION['userid'] = $row['userid']; ?> Take out the echo and remove the "//" comment characters. Ken Quote Link to comment Share on other sites More sharing options...
forumnz Posted February 18, 2007 Author Share Posted February 18, 2007 Ok now for my little speech... Ken and everyone else who has helped, I'd just like to thank you all very much for your help. I have the code right, now. Very much appreciated and keep up the good work!! Sam. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.