Jump to content

[SOLVED] What wrong with this? User ID seems to wreck it...


forumnz

Recommended Posts

  • Replies 92
  • Created
  • Last Reply

this part here is storing the userid session variable.

 

if($row[active] == "1"){
$found = "1";
$_SESSION['userid'] = $row[id];
$_SESSION['userid'] = $row[id];
}else{
echo "Account has not been activated - Check Your Email";
}

 

you seem to be setting it twice, both the same. try echoing out $row['id'] then exit(); the script and see if it is getting anything.

Link to comment
Share on other sites

I took a look at the login.php script and found many coding irregularities. Here's my modified login.php script:

<?php
session_start(); 
/// connect to database
if (!isset($_POST['username']) || (isset($_POST['username']) && $_POST['username'] == '') || 
 !isset($_POST['password']) || (isset($_POST['password']) && $_POST['password'] == '')) {
header ('location: error.php?li=Please+enter+valid+details');
exit();
}
require("config.php");

$con=mysql_connect($mysql_hst,$mysql_us,$mysql_ps) or die('Could not connect: ' . mysql_error() . '<br /><br />Check your config file or contact your server support team.');
  
/// select DB
$seldb = mysql_select_db($mysql_db, $con) or die ('Could not connect to the database you specified. Make sure it exists and is correctly named within config.php');
$password = base64_encode($_POST[password]);
$username = str_replace(' ','/space/',mysql_real_escape_string(strtolower($_POST[username])));
$_SESSION['username'] = $username;
$_SESSION['password'] = $password;
/// if exists
$q = "select * from memebers where `username` = '" . $username . "' and `password` = '" . $password . "'";
$ifexists = mysql_query($q) or die("Problem with the query:<pre>$q</pre><br>" . mysql_error());
if (mysql_num_rows($ifexists) == 0) {
header ('location: error.php?li=Please+enter+valid+details');
exit();
}
$row = mysql_fetch_assoc($ifexists);
  ///check active
if ($row['active'] == '1') {
$_SESSION['userid'] = $row['id'];
header('location: index.php');
exit();
} else {
header ('location: error.php?li=Please+enter+valid+details');
exit();
}
?>

 

Some of the changes I made:

  • I moved the check to see if a username and password were entered to the very beginning of the script, right after the session_start() statement.
  • You had redundant DB selections and connections which I removed.
  • I process the username and password and then store them in the $_SESSION array
  • Since there should only be one username with a particular password, I modified the MySQL query to look for only that row. If no rows are returned, exit to the error script. If the row is found, check the "active" flag.
  • I changed all of the "<META>" tags to header() function calls

 

See if this code helps.

 

Ken

Link to comment
Share on other sites

I took a look at the login.php script and found many coding irregularities. Here's my modified login.php script:

<?php
session_start(); 
/// connect to database
if (!isset($_POST['username']) || (isset($_POST['username']) && $_POST['username'] == '') || 
 !isset($_POST['password']) || (isset($_POST['password']) && $_POST['password'] == '')) {
header ('location: error.php?li=Please+enter+valid+details');
exit();
}
require("config.php");

$con=mysql_connect($mysql_hst,$mysql_us,$mysql_ps) or die('Could not connect: ' . mysql_error() . '<br /><br />Check your config file or contact your server support team.');
  
/// select DB
$seldb = mysql_select_db($mysql_db, $con) or die ('Could not connect to the database you specified. Make sure it exists and is correctly named within config.php');
$password = base64_encode($_POST[password]);
$username = str_replace(' ','/space/',mysql_real_escape_string(strtolower($_POST[username])));
$_SESSION['username'] = $username;
$_SESSION['password'] = $password;
/// if exists
$q = "select * from memebers where `username` = '" . $username . "' and `password` = '" . $password . "'";
$ifexists = mysql_query($q) or die("Problem with the query:<pre>$q</pre><br>" . mysql_error());
if (mysql_num_rows($ifexists) == 0) {
header ('location: error.php?li=Please+enter+valid+details');
exit();
}
$row = mysql_fetch_assoc($ifexists);
  ///check active
if ($row['active'] == '1') {
$_SESSION['userid'] = $row['id'];
header('location: index.php');
exit();
} else {
header ('location: error.php?li=Please+enter+valid+details');
exit();
}
?>

 

Some of the changes I made:

  • I moved the check to see if a username and password were entered to the very beginning of the script, right after the session_start() statement.
  • You had redundant DB selections and connections which I removed.
  • I process the username and password and then store them in the $_SESSION array
  • Since there should only be one username with a particular password, I modified the MySQL query to look for only that row. If no rows are returned, exit to the error script. If the row is found, check the "active" flag.
  • I changed all of the "<META>" tags to header() function calls

 

See if this code helps.

 

Ken

 

I tried that and this error came up:

Problem with the query:

SELECT * FROM memebers WHERE `username` = 'admin1122' and `password` = 'YWRtaW4='


Table 'test.memebers' doesn't exist

Link to comment
Share on other sites

Ok I corrected that but now....

 

Warning: Cannot modify header information - headers already sent by (output started at /usr/local/psa/home/vhosts/designervision.co.nz/httpdocs/clients/config.php:15) in /usr/local/psa/home/vhosts/designervision.co.nz/httpdocs/clients/login.php on line 30

Link to comment
Share on other sites

I have deleted the white space.

 

Yes I still have the other problem - it wont display certain images based on whether that image has been set to 0 or 1 in the database. It still says these:

 

Array
(
    [username] => admin1122
    [password] => YWRtaW4=
    [userid] => 
)

 

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

Link to comment
Share on other sites

That means that the $_SESSION['userid'] still is not being set.

 

In the login.php, change:

<?php
if ($row['active'] == '1') {
$_SESSION['userid'] = $row['id'];
header('location: index.php');
exit();
?>

to

<?php
if ($row['active'] == '1') {
        echo '<pre>' . print_r($row,true) . '</pre>';
$_SESSION['userid'] = $row['id'];
//	header('location: index.php');
exit();
?>

This will dump the $row array and exit. Please post what is printed.

 

Ken

Link to comment
Share on other sites

There's the problem.

 

You are storing "$row['id']" in the session variable, but that doesn't exist, so nothing is being put in the session variable.

 

Change the line:

<?php
$_SESSION['userid'] = $row['id'];
?>

to

<?php
$_SESSION['userid'] = $row['userid'];
?>

 

Take out the echo and remove the "//" comment characters.

 

Ken

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.