scs Posted April 11, 2006 Share Posted April 11, 2006 When a user logs in he/she can send/recive messages to/from other users. Well when I was testing sending a message I had many problems. One was what ever user I pick for sending the message to became the user who sent the message. And two the user I was sending a message to became the user loged in with out any verifcation. The current users name is stored in a session variable. $_SESSION['username']. I know that when I login that the username is correct because the home page displays "Welcome " . $_SESSION['username']. Here is some of my code to better understand how my message/login system works. [code] //Login session variables created //$row is the database results $_SESSION['username'] = $row['username']; $_SESSION['email'] = $row['email']; $_SESSION['type'] = $row['type']; //This variable is only created if user is admin //Message sending to user $username = $_POST['username']; $subject = $_POST['subject']; $meesage = $_POST['message']; $conn = @mysql_connect("", "", "") or die("Couldn't connect to database. In file: " . __file__ . " On line: " . __line__ . "<br /><br /><b>Mysql Error:</b><br />Error id: " . @mysql_errno() . "<br />Error Message: " . @mysql_error()); $db = @mysql_select_db("", $conn) or die("Couldn't select database. In file: " . __file__ . " On line: " . __line__ . "<br /><br /><b>Mysql Error:</b><br />Error id: " . @mysql_errno() . "<br />Error Message: " . @mysql_error()); $sql = "SELECT username FROM users WHERE username = '$username'"; $result = @mysql_query($sql, $conn) or die("Couldn't submit query to database. In file: " . __file__ . " On line: " . __line__ . "<br /><br /><b>Mysql Error:</b><br />Error id: " . @mysql_errno() . "<br />Error Message: " . @mysql_error()); $num = @mysql_num_rows($result); if ($num = 0) { ?> <form id="new" name="new" method="post" action="messages.php?a=new"> <span id="warning"><?php echo $username; ?> does not exContent for id "name" Goes Herest in the database. Please try again or select a user from the registered users in the database.</span><br /> <label>User Name<input name="username" type="text" maxlength="25" /></label><br /> <label>Subject<input name="subject" type="text" id="subject" /> </label><br /> <label>Message (HTML accepted)<br /><textarea name="message" cols="75" rows="20" wrap="off"><?php echo $message; ?></textarea></label><br /> <input name="send" type="submit" id="send" value="Send" /> <input name="cancel" type="button" id="cancel" value="Cancel" onclick="javascript:document.location.href='messages.php';" /> </form> <?php @mysql_close(); } else if ($num = 1) { $sql = "INSERT INTO messages (username_from, username_to, message_subject, message_body, message_to_admin, message_from_admin, message_read) values('" . $_SESSION['username'] . "', '$username', '$subject', '$message', 'NO', 'NO', 'NO');"; if ($result = @mysql_query($sql, $conn) or die("Couldn't submit query to database. In file: " . __file__ . " On line: " . __line__ . "<br /><br /><b>Mysql Error:</b><br />Error id: " . @mysql_errno() . "<br />Error Message: " . @mysql_error())) { echo 'Meesage sent. <a href="main.php">Click here to go back to home</a>'; ..........etc [/code] When this( echo 'Meesage sent. <a href="main.php">Click here to go back to home</a>';) is displayed it means there was no errors in sending message. So I click on the link to continue. Then the user I sent the message to becomes the user loged. (admin or not) And when I view the message sent the user I sent it to is the user it says it's from. As you see in my code above the user I'm sending the message to $_POST['username'] some how became the user loged in $_SESSION['username']. If someone knows whats going on I really need to know. Second problem. When a user logs in I have a table that holds who is online. (The users are held in one row because I tryed doing the same thing but writing to a file and it didn't work.) Before updating online users was fine. Then all of a sudden the row is empty when a user is loged on. Here is my code for loging in a user and refreshing the user list. Login user to userlist table: [code]//Add user to online users list function loginUser($username) { $current_time = time(); $conn = @mysql_connect("", "", "") or die("Couldn't connect to database. In file: " . __file__ . " On line: " . __line__ . "<br /><br /><b>Mysql Error:</b><br />Error id: " . @mysql_errno() . "<br />Error Message: " . @mysql_error()); $db = @mysql_select_db("", $conn) or die("Couldn't select database. In file: " . __file__ . " On line: " . __line__ . "<br /><br /><b>Mysql Error:</b><br />Error id: " . @mysql_errno() . "<br />Error Message: " . @mysql_error()); $sql = "SELECT data FROM userlist WHERE id = 1;"; $result = @mysql_query($sql, $conn) or die("Couldn't submit query to database. In file: " . __file__ . " On line: " . __line__ . "<br /><br /><b>Mysql Error:</b><br />Error id: " . @mysql_errno() . "<br />Error Message: " . @mysql_error()); $row = @mysql_fetch_array($result); $usersinfo = explode(",", $row['data']); for ($i = 0; $i < sizeof($usersinfo); $i++) { $userdata = explode("|", $usersinfo[$i]); if ($username == $userdata[0]) { refreshSession($username); return true; break; } else { if ($row['data'] == "") { $data = "$username|$current_time"; } else { $data = $row['data'] . ",$username|$current_time"; } } } if ($row['data'] != $data) { $sql = "UPDATE userlist SET data = '" . $row['data'] . "' WHERE id = 1;"; $result = @mysql_query($sql, $conn) or die("Couldn't submit query to database. In file: " . __file__ . " On line: " . __line__ . "<br /><br /><b>Mysql Error:</b><br />Error id: " . @mysql_errno() . "<br />Error Message: " . @mysql_error()); @mysql_close(); return true; } else { @mysql_close(); return false; } } //Refresh users in online user list table function updateUserTable($username) { $current_time = time(); $expiry_time = $current_time - 3600; $conn = @mysql_connect("", "", "") or die("Couldn't connect to database. In file: " . __file__ . " On line: " . __line__ . "<br /><br /><b>Mysql Error:</b><br />Error id: " . @mysql_errno() . "<br />Error Message: " . @mysql_error()); $db = @mysql_select_db("", $conn) or die("Couldn't select database. In file: " . __file__ . " On line: " . __line__ . "<br /><br /><b>Mysql Error:</b><br />Error id: " . @mysql_errno() . "<br />Error Message: " . @mysql_error()); $sql = "SELECT data FROM userlist WHERE id = 1;"; $result = @mysql_query($sql, $conn) or die("Couldn't submit query to database. In file: " . __file__ . " On line: " . __line__ . "<br /><br /><b>Mysql Error:</b><br />Error id: " . @mysql_errno() . "<br />Error Message: " . @mysql_error()); $row = @mysql_fetch_array($result); //divide users into array $usersinfo = explode(",", $row['data']); //weed out old users $j = 0; for ($i = 0; $i < sizeof($usersinfo); $i++) { $userdata = explode("|", $usersinfo[$i]); if ($userdata[0] == $username) { if ($j <= 1) { $userfinal[] = $userdata[0] . "|" . $current_time; $j++; } } else { if (!($userdata[1] < $expiry_time)) { $userfinal[] = $usersinfo[$i]; } } } $userfinal = implode(",", $userfinal); $conn = @mysql_connect("", "", "") or die("Couldn't connect to database. In file: " . __file__ . " On line: " . __line__ . "<br /><br /><b>Mysql Error:</b><br />Error id: " . @mysql_errno() . "<br />Error Message: " . @mysql_error()); $db = @mysql_select_db("", $conn) or die("Couldn't select database. In file: " . __file__ . " On line: " . __line__ . "<br /><br /><b>Mysql Error:</b><br />Error id: " . @mysql_errno() . "<br />Error Message: " . @mysql_error()); $sql = "UPDATE userlist SET data = '$userfinal' WHERE id = 1;"; $result = @mysql_query($sql, $conn) or die("Couldn't submit query to database. In file: " . __file__ . " On line: " . __line__ . "<br /><br /><b>Mysql Error:</b><br />Error id: " . @mysql_errno() . "<br />Error Message: " . @mysql_error()); return true; } [/code] I don't think it's a problem with the php code. Some how the mysql table isn't being updated. Plus I get no errors! Link to comment https://forums.phpfreaks.com/topic/7134-loginmessage-problem/ Share on other sites More sharing options...
scs Posted April 13, 2006 Author Share Posted April 13, 2006 I really need help with this problem. For the first question. Is it posible that $_POST['username'] could become $_SESSION['username']? If so should I just change the post var so it doesn't change the session var? Link to comment https://forums.phpfreaks.com/topic/7134-loginmessage-problem/#findComment-26446 Share on other sites More sharing options...
echoninja Posted April 13, 2006 Share Posted April 13, 2006 $_SESSION['username'] = $row['username']; $_SESSION['email'] = $row['email'];is from the sender right? well for that simply register $session_user with the session when they login and do a db query for their personal data like email and register them. that way you can just use $session_whatever instead of drawing them each time and causing problemscould be the cure, could not, its still some good advice for ya ;) Link to comment https://forums.phpfreaks.com/topic/7134-loginmessage-problem/#findComment-26452 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.