scs Posted April 11, 2006 Share Posted April 11, 2006 When a user logs in he/she can send/recive messages to/from other users. Well when I was testing sending a message I had many problems. One was what ever user I pick for sending the message to became the user who sent the message. And two the user I was sending a message to became the user loged in with out any verifcation. The current users name is stored in a session variable. $_SESSION['username']. I know that when I login that the username is correct because the home page displays "Welcome " . $_SESSION['username']. Here is some of my code to better understand how my message/login system works. [code] //Login session variables created //$row is the database results $_SESSION['username'] = $row['username']; $_SESSION['email'] = $row['email']; $_SESSION['type'] = $row['type']; //This variable is only created if user is admin //Message sending to user $username = $_POST['username']; $subject = $_POST['subject']; $meesage = $_POST['message']; $conn = @mysql_connect("", "", "") or die("Couldn't connect to database. In file: " . __file__ . " On line: " . __line__ . "<br /><br /><b>Mysql Error:</b><br />Error id: " . @mysql_errno() . "<br />Error Message: " . @mysql_error()); $db = @mysql_select_db("", $conn) or die("Couldn't select database. In file: " . __file__ . " On line: " . __line__ . "<br /><br /><b>Mysql Error:</b><br />Error id: " . @mysql_errno() . "<br />Error Message: " . @mysql_error()); $sql = "SELECT username FROM users WHERE username = '$username'"; $result = @mysql_query($sql, $conn) or die("Couldn't submit query to database. In file: " . __file__ . " On line: " . __line__ . "<br /><br /><b>Mysql Error:</b><br />Error id: " . @mysql_errno() . "<br />Error Message: " . @mysql_error()); $num = @mysql_num_rows($result); if ($num = 0) { ?> <form id="new" name="new" method="post" action="messages.php?a=new"> <span id="warning"><?php echo $username; ?> does not exContent for id "name" Goes Herest in the database. Please try again or select a user from the registered users in the database.</span><br /> <label>User Name<input name="username" type="text" maxlength="25" /></label><br /> <label>Subject<input name="subject" type="text" id="subject" /> </label><br /> <label>Message (HTML accepted)<br /><textarea name="message" cols="75" rows="20" wrap="off"><?php echo $message; ?></textarea></label><br /> <input name="send" type="submit" id="send" value="Send" /> <input name="cancel" type="button" id="cancel" value="Cancel" onclick="javascript:document.location.href='messages.php';" /> </form> <?php @mysql_close(); } else if ($num = 1) { $sql = "INSERT INTO messages (username_from, username_to, message_subject, message_body, message_to_admin, message_from_admin, message_read) values('" . $_SESSION['username'] . "', '$username', '$subject', '$message', 'NO', 'NO', 'NO');"; if ($result = @mysql_query($sql, $conn) or die("Couldn't submit query to database. In file: " . __file__ . " On line: " . __line__ . "<br /><br /><b>Mysql Error:</b><br />Error id: " . @mysql_errno() . "<br />Error Message: " . @mysql_error())) { echo 'Meesage sent. <a href="main.php">Click here to go back to home</a>'; ..........etc [/code] When this( echo 'Meesage sent. <a href="main.php">Click here to go back to home</a>';) is displayed it means there was no errors in sending message. So I click on the link to continue. Then the user I sent the message to becomes the user loged. (admin or not) And when I view the message sent the user I sent it to is the user it says it's from. As you see in my code above the user I'm sending the message to $_POST['username'] some how became the user loged in $_SESSION['username']. If someone knows whats going on I really need to know. Second problem. When a user logs in I have a table that holds who is online. (The users are held in one row because I tryed doing the same thing but writing to a file and it didn't work.) Before updating online users was fine. Then all of a sudden the row is empty when a user is loged on. Here is my code for loging in a user and refreshing the user list. Login user to userlist table: [code]//Add user to online users list function loginUser($username) { $current_time = time(); $conn = @mysql_connect("", "", "") or die("Couldn't connect to database. In file: " . __file__ . " On line: " . __line__ . "<br /><br /><b>Mysql Error:</b><br />Error id: " . @mysql_errno() . "<br />Error Message: " . @mysql_error()); $db = @mysql_select_db("", $conn) or die("Couldn't select database. In file: " . __file__ . " On line: " . __line__ . "<br /><br /><b>Mysql Error:</b><br />Error id: " . @mysql_errno() . "<br />Error Message: " . @mysql_error()); $sql = "SELECT data FROM userlist WHERE id = 1;"; $result = @mysql_query($sql, $conn) or die("Couldn't submit query to database. In file: " . __file__ . " On line: " . __line__ . "<br /><br /><b>Mysql Error:</b><br />Error id: " . @mysql_errno() . "<br />Error Message: " . @mysql_error()); $row = @mysql_fetch_array($result); $usersinfo = explode(",", $row['data']); for ($i = 0; $i < sizeof($usersinfo); $i++) { $userdata = explode("|", $usersinfo[$i]); if ($username == $userdata[0]) { refreshSession($username); return true; break; } else { if ($row['data'] == "") { $data = "$username|$current_time"; } else { $data = $row['data'] . ",$username|$current_time"; } } } if ($row['data'] != $data) { $sql = "UPDATE userlist SET data = '" . $row['data'] . "' WHERE id = 1;"; $result = @mysql_query($sql, $conn) or die("Couldn't submit query to database. In file: " . __file__ . " On line: " . __line__ . "<br /><br /><b>Mysql Error:</b><br />Error id: " . @mysql_errno() . "<br />Error Message: " . @mysql_error()); @mysql_close(); return true; } else { @mysql_close(); return false; } } //Refresh users in online user list table function updateUserTable($username) { $current_time = time(); $expiry_time = $current_time - 3600; $conn = @mysql_connect("", "", "") or die("Couldn't connect to database. In file: " . __file__ . " On line: " . __line__ . "<br /><br /><b>Mysql Error:</b><br />Error id: " . @mysql_errno() . "<br />Error Message: " . @mysql_error()); $db = @mysql_select_db("", $conn) or die("Couldn't select database. In file: " . __file__ . " On line: " . __line__ . "<br /><br /><b>Mysql Error:</b><br />Error id: " . @mysql_errno() . "<br />Error Message: " . @mysql_error()); $sql = "SELECT data FROM userlist WHERE id = 1;"; $result = @mysql_query($sql, $conn) or die("Couldn't submit query to database. In file: " . __file__ . " On line: " . __line__ . "<br /><br /><b>Mysql Error:</b><br />Error id: " . @mysql_errno() . "<br />Error Message: " . @mysql_error()); $row = @mysql_fetch_array($result); //divide users into array $usersinfo = explode(",", $row['data']); //weed out old users $j = 0; for ($i = 0; $i < sizeof($usersinfo); $i++) { $userdata = explode("|", $usersinfo[$i]); if ($userdata[0] == $username) { if ($j <= 1) { $userfinal[] = $userdata[0] . "|" . $current_time; $j++; } } else { if (!($userdata[1] < $expiry_time)) { $userfinal[] = $usersinfo[$i]; } } } $userfinal = implode(",", $userfinal); $conn = @mysql_connect("", "", "") or die("Couldn't connect to database. In file: " . __file__ . " On line: " . __line__ . "<br /><br /><b>Mysql Error:</b><br />Error id: " . @mysql_errno() . "<br />Error Message: " . @mysql_error()); $db = @mysql_select_db("", $conn) or die("Couldn't select database. In file: " . __file__ . " On line: " . __line__ . "<br /><br /><b>Mysql Error:</b><br />Error id: " . @mysql_errno() . "<br />Error Message: " . @mysql_error()); $sql = "UPDATE userlist SET data = '$userfinal' WHERE id = 1;"; $result = @mysql_query($sql, $conn) or die("Couldn't submit query to database. In file: " . __file__ . " On line: " . __line__ . "<br /><br /><b>Mysql Error:</b><br />Error id: " . @mysql_errno() . "<br />Error Message: " . @mysql_error()); return true; } [/code] I don't think it's a problem with the php code. Some how the mysql table isn't being updated. Plus I get no errors! Quote Link to comment Share on other sites More sharing options...
scs Posted April 13, 2006 Author Share Posted April 13, 2006 I really need help with this problem. For the first question. Is it posible that $_POST['username'] could become $_SESSION['username']? If so should I just change the post var so it doesn't change the session var? Quote Link to comment Share on other sites More sharing options...
echoninja Posted April 13, 2006 Share Posted April 13, 2006 $_SESSION['username'] = $row['username']; $_SESSION['email'] = $row['email'];is from the sender right? well for that simply register $session_user with the session when they login and do a db query for their personal data like email and register them. that way you can just use $session_whatever instead of drawing them each time and causing problemscould be the cure, could not, its still some good advice for ya ;) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.