OilSheikh Posted May 29, 2007 Share Posted May 29, 2007 This is a MY ACCOUNTS page which is accessible to members after they Login. <?php session_start(); if(!session_is_registered(usern)) { header("location:home.php"); } include("menu.php"); include("SQL.php"); $sql = mysql_query("SELECT * FROM customer WHERE username = '$_SESSION[usern]'") or die(mysql_error()); $rows=mysql_fetch_array($sql); ?> <html> <head> <title>Your Account</title> <link rel="stylesheet" href="styler.css"> </head> <body> <br><br><br> <h1>MY ACCOUNT</h1> <br> <h3>Welcome to Your Account Area , <font size="5" color = blue><?php print $_SESSION[usern] ?> </font></h3> <br> <table border="0" width="101%" cellspacing="0" id="table1" bordercolorlight="#0066FF" height="130" cellpadding="0"> <tr> <td height="27" colspan="2"> <a href="acc.php"><img border="0" src="det2.jpg"></a> <a href="orders.php"> <img border="0" src="ord.jpg"></a> <a href="returns.php"> <img border="0" src="ret.jpg"></a></td> </tr> <tr> <td width="148" height="27"></td> <td width="593"> </td> </tr> <tr> <td width="148" height="27">Customer ID</td> <td width="593"> <? printf ("%04d", $rows['custid']); ?></td> </tr> <tr> <td width="148" height="27">First Name</td> <td height="27" width="593"> <? echo $rows['Firstname']; ?> </td> </tr> <tr> <td width="148" height="23">Surname</td> <td height="23" width="593"><? echo $rows['Surname']; ?></td> </tr> <tr> <td width="148" height="27">Delivery Address</td> <td width="593" height="27"><? echo $rows['address']; ?> * </td> </tr> <tr> <td width="148" height="26">Post Code</td> <td width="593" height="26"><? echo $rows['postcode']; ?> * </td> </tr> <tr> <td width="148" height="27">E-mail Address</td> <td width="593"><? echo $rows['email']; ?> * </td> </tr> </table> <br> <br> <a href="change.php"><img border="0" src="change.jpg"></a> <br><br> </p> </body> <?php include("base.php"); ?> </html> Thing is, it works when on my PC ( XAMPP ) . But, when I upload it to my website at 110mb.com , it looks like this Can someone help me fix this discrepancy. ??? Quote Link to comment Share on other sites More sharing options...
Wildbug Posted May 29, 2007 Share Posted May 29, 2007 It's a little hard to tell from this. The first thing I would check is the SQL connectivity. Have you made the necessary changes to log in to your host's SQL? You should also be checking for errors while you're debugging a new site. Turn error_reporting(E_ALL) on, check for mysql_errno() and mysql_error() after interactions with the database. You'll probably need to do at least this much to debug your problem. Quote Link to comment Share on other sites More sharing options...
kenrbnsn Posted May 29, 2007 Share Posted May 29, 2007 Do not use the function "session_is_registered()". It is obsolete. Use explicit sets and tests of session variables: Instead of <?php if(!session_is_registered(usern)) ?> use <?php if (isset($_SESSION['usern'])) ?> Somewhere in code you're not showing you probably have something like: <?php session_register(usern); ?> Replace that with something like <?php $_SESSION['usern'] = $usern; // or how ever you set the value ?> Ken Quote Link to comment Share on other sites More sharing options...
OilSheikh Posted May 29, 2007 Author Share Posted May 29, 2007 Wildbug, the SQL connectivity is OK and permissions, etc. have been set. kenrbnsn , I replaced the session codes that you asked me to but, there's still no change. You were right about : <?php session_register(usern); ?> I had it in my login.php file. $check = mysql_query("SELECT * FROM customer WHERE username = '$usern' AND password = '$encryptedpass' ") or die(mysql_error()); $check2 = mysql_num_rows($check); if ($check2 == 1) { session_register("usern"); session_register("passw"); header("location:acc.php"); } else ........ I changed that. But, still no luck. I noticed one thing : session_start(); if (isset($_SESSION['usern'])) { header("location:home.php"); } works OK on my website BUT doesn't work and just takes me to home.php on my PC. The site is up at http://expresspc.110mb.com/home.php Use test username and password : jack , 1234 Quote Link to comment Share on other sites More sharing options...
OilSheikh Posted May 29, 2007 Author Share Posted May 29, 2007 I have another file accessible from MY ACCOUNT area > RETURNS >returns.php. That works. It uses similar code : session_start(); if (isset($_SESSION['usern'])) { header("location:home.php"); } include("menu.php"); include("SQL.php"); $sql = mysql_query("SELECT * FROM returns WHERE username = '$_SESSION[usern]'") or die(mysql_error()); . . . <?php while($rows=mysql_fetch_array($sql)){ ?> <tr> <td><? printf ("%04d", $rows['returnno']);?></td> <td><? echo $rows['orderno']; ?></td> <td><? echo $rows['productid']; ?></td> <td><? echo $rows['status']; ?></td> </tr> Quote Link to comment Share on other sites More sharing options...
OilSheikh Posted May 29, 2007 Author Share Posted May 29, 2007 Update, whole site is caving in! I can access Returns page without being logged in !!! Quote Link to comment Share on other sites More sharing options...
Wildbug Posted May 29, 2007 Share Posted May 29, 2007 Didn't you want (notice the "!"): session_start(); if (!isset($_SESSION['usern'])) { header("Location: http://expresspc.110mb.com/home.php"); // Also this should be absolute according to HTTP 1.1 exit; } Quote Link to comment Share on other sites More sharing options...
OilSheikh Posted May 29, 2007 Author Share Posted May 29, 2007 I did use the ' ! ' , Wildbug. But, that was worse as it kept returning me to the homepage and on the top, it always said LOG IN. i.e. session didn't start. Quote Link to comment Share on other sites More sharing options...
Wildbug Posted May 29, 2007 Share Posted May 29, 2007 But shouldn't it be a negation? The way I'm reading your code is "if 'usern' doesn't exist in this session, send user to the homepage." That would entail the use of the "!". If you want your script to work regardless of register_globals' date=' you need to instead use the $_SESSION array as $_SESSION entries are automatically registered. If your script uses session_register(), it will not work in environments where the PHP directive register_globals is disabled.[/quote'] That might explain why your site isn't working on the new host while it did on your own computer. Instead of using session_register(), try using $_SESSION['uname'] = $uname; Quote Link to comment Share on other sites More sharing options...
OilSheikh Posted May 29, 2007 Author Share Posted May 29, 2007 Done that. Back to square One. Nothing's changed. Quote Link to comment Share on other sites More sharing options...
OilSheikh Posted May 29, 2007 Author Share Posted May 29, 2007 So, everyone is clueless? Damn.. I hate PHP Quote Link to comment Share on other sites More sharing options...
Wildbug Posted May 29, 2007 Share Posted May 29, 2007 Did you put "error_reporting(E_ALL);" at the top of your script so we can see if there are any errors or notices? Quote Link to comment Share on other sites More sharing options...
per1os Posted May 29, 2007 Share Posted May 29, 2007 Give us more information about the new server. Mainly does it allow the <? tag, if not than that could be the problem as newer versions of PHP require the use of <?php tags instead of <? Also I would do a simple sessions test to make sure that sessions do work on the new server. Something like: //page1.php <?php session_start(); if (!isset($_SESSION['test'])) { $_SESSION['test'] = "Test"; echo '<a href="page1.php?next=1">Next</a>'; }else { echo 'The session was started and test = ' . $_SESSION['test'] . ' YAY!'; echo '<br />Now lets the tags!<Br /><br />'; ?> This is outside the php tags, test = (without php) <? echo $_SESSION['test']; ?> OR test = (with php) <?php echo $_SESSION['test']; ?> <?php } ?> See what comes of it. Quote Link to comment Share on other sites More sharing options...
OilSheikh Posted May 29, 2007 Author Share Posted May 29, 2007 frost110, I tried your code and this is what I got NEXT and then The session was started and test = Test YAY! Now lets the tags! This is outside the php tags, test = (without php) Test OR test = (with php) Test http://expresspc.110mb.com/page1.php Quote Link to comment Share on other sites More sharing options...
per1os Posted May 29, 2007 Share Posted May 29, 2007 Did you put "error_reporting(E_ALL);" at the top of your script so we can see if there are any errors or notices? Try that and see if an error pops up, also try this: <?php $sql = mysql_query("SELECT * FROM customer WHERE username = '" . $_SESSION['usern'] . "'") or die(mysql_error()); $rows=mysql_fetch_assoc($sql) or die(mysql_error()); See what comes from it, maybe the server is setup that mysql_fetch_array only returns an array without an associative index. This will make sure that the array returned is associative. Quote Link to comment Share on other sites More sharing options...
OilSheikh Posted May 29, 2007 Author Share Posted May 29, 2007 Since $_SESSION ... didn't change things and even screwed up things ( users can go directly to MY ACCOUNT AREA without logging in) , I went back to using session_register. frost and Wildbug, after using error_reporting(E_ALL); , I get : Notice: Use of undefined constant usern - assumed 'usern' in /www/110mb.com/e/x/p/r/e/s/s/p/expresspc/htdocs/acc.php on line 6 Notice: Use of undefined constant usern - assumed 'usern' in /www/110mb.com/e/x/p/r/e/s/s/p/expresspc/htdocs/acc.php on line 31 And frost110, after using the last code you asked me to apply, I get erm... NOTHING! Just blank space. http://expresspc.110mb.com/page2.php Quote Link to comment Share on other sites More sharing options...
trq Posted May 29, 2007 Share Posted May 29, 2007 Can we see your current code? Quote Link to comment Share on other sites More sharing options...
OilSheikh Posted May 29, 2007 Author Share Posted May 29, 2007 Ok, systematically, ... LOGIN.PHP > ACC.PHP ( this is the problem is ) SQL.PHP ( connects to database) LOGIN.PHP <?php ob_start(); include("menu.php"); include("SQL.php"); ######### CHECKS THAT FIELDS ARE NOT EMPTY ########## if (isset($_POST ['submit'])) { $usern = $_POST['username']; $passw = $_POST['pass']; $encryptedpass = md5($_POST['pass']); if (!$usern | !$passw) { die ('<br><br><br><font face="Verdana" size="4" color = red>ERROR: Please make sure that all Information is provided.</font> <br><br> <input type="button" value=" Retry " onClick="history.go(-1)"> '); } ######### CHECKS IF username AND CORRESPONDING password EVEN EXIST ! ########## $check = mysql_query("SELECT * FROM customer WHERE username = '$usern' AND password = '$encryptedpass' ") or die(mysql_error()); $check2 = mysql_num_rows($check); if ($check2 == 1) { session_register("usern"); session_register("passw"); header("location:acc.php"); } else if ($check2 == 0) { die ('<br><br><br><font face="Verdana" size="4" color = red>ERROR : The Username and/or Password you have entered does not exist. <br><br>If you are a New User, please <a href = "register.php"><u>Register</u></a> first. </font> <br><br> <input type="button" value=" Retry " onClick="history.go(-1)">'); } } else { ob_end_flush(); ?> <html> <head> <title>Login to your Account or Register for a new Account</title> <link rel="stylesheet" href="styler.css"> </head> <body> <br><br><br> <h2>Please Log in to view Your Account<br><br></h2> <h3> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> <table border="0" width="101%" cellspacing="1" id="table1" bordercolorlight="#0066FF" height="75"> <tr> <td width="106" height="48">Username</td> <td height="48" width="259"> <input type = "text" name = "username" size="34" maxlength ="7" style = "color:blue"></td> <td height="48" width="32"> </td> <td height="95" rowspan="2">Are you a New User ? Please Register.</td> </tr> <tr> <td width="106" height="47">Password</td> <td height="47" width="259"> <input type = "password" name = "pass" size="34" maxlength = "7" style = "color:blue"></td> <td height="47" width="32"> </td> </tr> <tr> <td width="106"> </td> <td width="259"> </td> <td width="32"> </td> <td> </td> </tr> <tr> <td width="106"> </td> <td width="259"> <p align="center"> <input type = "submit" name = "submit" value = "" style="background : url(login.jpg); width:107px; height:25px; "> </td> <td width="32"> </td> <td> <a href="register.php"> <img border="0" src="reg.jpg" width="101" height="20"></a></td> </tr> <tr> <td width="106"> </td> <td width="259"> </td> <td width="32"> </td> <td> </td> </tr> <tr> <td width="365" colspan="2"><font size="2">Forgotten your Password? <span style="background-color: #FFFFFF"> <a href="recover.php">Recover your password</a>.</span></font></td> <td width="32"> </td> <td> </td> </tr> </table> </form> </h3> <?php include("base.php"); ?> </body> </html> <?php } ?> ACC.PHP <?php error_reporting(E_ALL); session_start(); if(!session_is_registered(usern)) { header("location:home.php"); } include("SQL.php"); include("menu.php"); $sql = mysql_query("SELECT * FROM customer WHERE username = '" . $_SESSION['usern'] . "'") or die(mysql_error()); $rows=mysql_fetch_assoc($sql) or die(mysql_error()); ?> <html> <head> <title>Your Account</title> <link rel="stylesheet" href="styler.css"> </head> <body> <br><br><br> <h1>MY ACCOUNT</h1> <br> <h3>Welcome to Your Account Area , <font size="5" color = blue><?php print $_SESSION[usern] ?> </font></h3> <br> <table border="0" width="101%" cellspacing="0" id="table1" bordercolorlight="#0066FF" height="130" cellpadding="0"> <tr> <td height="27" colspan="2"> <a href="acc.php"><img border="0" src="det2.jpg"></a> <a href="orders.php"> <img border="0" src="ord.jpg"></a> <a href="returns.php"> <img border="0" src="ret.jpg"></a></td> </tr> <tr> <td width="148" height="27"></td> <td width="593"> </td> </tr> <tr> <td width="148" height="27">Customer ID</td> <td width="593"> <? printf ("%04d", $rows['custid']); ?></td> </tr> <tr> <td width="148" height="27">First Name</td> <td height="27" width="593"> <? echo $rows['Firstname']; ?> </td> </tr> <tr> <td width="148" height="23">Surname</td> <td height="23" width="593"><? echo $rows['Surname']; ?></td> </tr> <tr> <td width="148" height="27">Delivery Address</td> <td width="593" height="27"><? echo $rows['address']; ?> * </td> </tr> <tr> <td width="148" height="26">Post Code</td> <td width="593" height="26"><? echo $rows['postcode']; ?> * </td> </tr> <tr> <td width="148" height="27">E-mail Address</td> <td width="593"><? echo $rows['email']; ?> * </td> </tr> </table> <br> <br> <a href="change.php"><img border="0" src="change.jpg"></a> <br><br> </p> </body> <?php include("base.php"); ?> </html> SQL.PHP <head> <title>Connector</title> </head> <body> <?php mysql_connect ("localhost", "expresspc_***" , "***") or die (mysql_error()); mysql_select_db("expresspc_sql") or die (mysql_error()); ?> </body> </html> Go to http://expresspc.110mb.com/home.php and use username - mona and password - 1234 at Login page to check things out. Quote Link to comment Share on other sites More sharing options...
per1os Posted May 29, 2007 Share Posted May 29, 2007 Your problem lies within the ob_start. Session data and the ob functions do not work very well with each other. Also, get rid of the HTML data in the sql.php not needed at all and will cause problems for you. Quote Link to comment Share on other sites More sharing options...
Wildbug Posted May 29, 2007 Share Posted May 29, 2007 The "undefined constant" error is because of using $_SESSION[uname] instead of $_SESSION['uname']. You can (and must) leave the quotes off when using it inside double quotes, but outside you need to use quotes. I was going to mention that before, but I don't think it will affect your code much, however, it is good practice. frost's code won't produce any output (unless there's an error) -- you'll need to print something from $rows. Quote Link to comment Share on other sites More sharing options...
OilSheikh Posted May 29, 2007 Author Share Posted May 29, 2007 I just thought of something, there is an pay feature on 110mb.com ( $1 only !) to turn Register_Globals ON . At the moment, I haven;t purchased that ... so it's OFF. Could this be the reason? Quote Link to comment Share on other sites More sharing options...
kenrbnsn Posted May 29, 2007 Share Posted May 29, 2007 You do not want register_globals enabled. Ken Quote Link to comment Share on other sites More sharing options...
per1os Posted May 29, 2007 Share Posted May 29, 2007 No, you want register_globals OFF. It is a huge security problem if it is ON. Quote Link to comment Share on other sites More sharing options...
OilSheikh Posted May 29, 2007 Author Share Posted May 29, 2007 Got rid off the HTML in SQL.PHP Removed ob 's but then 2 errors popped up about Header information already being sent .. blah blah .. Put them back. Wildbug, I put single quotes in relevant places where session was used. Good thing is, the undefined blah blah.. error has gone. Bad thing is, I still can't get to see what I wanted in the first place. Quote Link to comment Share on other sites More sharing options...
OilSheikh Posted May 29, 2007 Author Share Posted May 29, 2007 If I use the code that Frost suggested : <?php include("SQL.php"); $sql = mysql_query("SELECT * FROM customer WHERE username = '" . $_SESSION[usern] . "' ") or die(mysql_error()); $rows=mysql_fetch_assoc($sql) or die(mysql_error()); echo $rows['Firstname']; ?> ... I still get nothing ! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.