Jump to content


Photo

login/message problem


  • Please log in to reply
2 replies to this topic

#1 scs

scs
  • Members
  • PipPipPip
  • Advanced Member
  • 86 posts
  • LocationUSA

Posted 11 April 2006 - 07:35 PM

When a user logs in he/she can send/recive messages to/from other users. Well when I was testing sending a message I had many problems. One was what ever user I pick for sending the message to became the user who sent the message. And two the user I was sending a message to became the user loged in with out any verifcation. The current users name is stored in a session variable. $_SESSION['username']. I know that when I login that the username is correct because the home page displays "Welcome " . $_SESSION['username']. Here is some of my code to better understand how my message/login system works.

 //Login session variables created
  //$row is the database results
  $_SESSION['username'] = $row['username'];
  $_SESSION['email'] = $row['email'];
  $_SESSION['type'] = $row['type']; //This variable is only created if user is admin
  
  
  
  //Message sending to user
  $username = $_POST['username'];
  $subject = $_POST['subject'];
  $meesage = $_POST['message'];
              
             $conn = @mysql_connect("", "", "") or die("Couldn't connect to database. In file: " . __file__ . " On line: " . __line__ . "<br /><br /><b>Mysql Error:</b><br />Error id: " . @mysql_errno() . "<br />Error Message: " . @mysql_error());
             $db = @mysql_select_db("", $conn) or die("Couldn't select database. In file: " . __file__ . " On line: " . __line__ . "<br /><br /><b>Mysql Error:</b><br />Error id: " . @mysql_errno() . "<br />Error Message: " . @mysql_error());
              $sql = "SELECT username FROM users WHERE username = '$username'";
             $result = @mysql_query($sql, $conn) or die("Couldn't submit query to database. In file: " . __file__ . " On line: " . __line__ . "<br /><br /><b>Mysql Error:</b><br />Error id: " . @mysql_errno() . "<br />Error Message: " . @mysql_error());
              $num = @mysql_num_rows($result);
              
              if ($num = 0) {
  ?>
        <form id="new" name="new" method="post" action="messages.php?a=new">
         <span id="warning"><?php echo $username; ?> does not exContent for  id "name" Goes Herest in the database. Please try again or select a user from the registered users in the database.</span><br />
         <label>User Name<input name="username" type="text" maxlength="25" /></label><br />
         <label>Subject<input name="subject" type="text" id="subject" /> </label><br />
         <label>Message (HTML accepted)<br /><textarea name="message" cols="75" rows="20"  wrap="off"><?php echo $message; ?></textarea></label><br />
          <input name="send" type="submit" id="send" value="Send" />
         <input name="cancel" type="button" id="cancel" value="Cancel" onclick="javascript:document.location.href='messages.php';" />
        </form>
  <?php
                  @mysql_close();
              } else if ($num = 1) {
                 $sql = "INSERT INTO messages (username_from, username_to, message_subject, message_body, message_to_admin, message_from_admin, message_read) values('" . $_SESSION['username'] . "', '$username', '$subject', '$message', 'NO', 'NO', 'NO');";
                 if ($result = @mysql_query($sql, $conn) or die("Couldn't submit query to database. In file: " . __file__ . " On line: " . __line__ . "<br /><br /><b>Mysql Error:</b><br />Error id: " . @mysql_errno() . "<br />Error Message: " . @mysql_error())) {
                     echo 'Meesage sent. <a href="main.php">Click here to go back to home</a>';
                     ..........etc
  

When this( echo 'Meesage sent. <a href="main.php">Click here to go back to home</a>';) is displayed it means there was no errors in sending message. So I click on the link to continue. Then the user I sent the message to becomes the user loged. (admin or not) And when I view the message sent the user I sent it to is the user it says it's from. As you see in my code above the user I'm sending the message to $_POST['username'] some how became the user loged in $_SESSION['username']. If someone knows whats going on I really need to know.


Second problem.
When a user logs in I have a table that holds who is online. (The users are held in one row because I tryed doing the same thing but writing to a file and it didn't work.) Before updating online users was fine. Then all of a sudden the row is empty when a user is loged on. Here is my code for loging in a user and refreshing the user list.

Login user to userlist table:
//Add user to online users list
  function loginUser($username) {  
            
      $current_time = time();  
     $conn = @mysql_connect("", "", "") or die("Couldn't connect to database. In file: " . __file__ . " On line: " . __line__ . "<br /><br /><b>Mysql Error:</b><br />Error id: " . @mysql_errno() . "<br />Error Message: " . @mysql_error()); 
     $db = @mysql_select_db("", $conn) or die("Couldn't select database. In file: " . __file__ . " On line: " . __line__ . "<br /><br /><b>Mysql Error:</b><br />Error id: " . @mysql_errno() . "<br />Error Message: " . @mysql_error()); 
      $sql = "SELECT data FROM userlist WHERE id = 1;";  
     $result = @mysql_query($sql, $conn) or die("Couldn't submit query to database. In file: " . __file__ . " On line: " . __line__ . "<br /><br /><b>Mysql Error:</b><br />Error id: " . @mysql_errno() . "<br />Error Message: " . @mysql_error()); 
      $row = @mysql_fetch_array($result);  
            
      $usersinfo = explode(",", $row['data']);  
            
      for ($i = 0; $i < sizeof($usersinfo); $i++) {  
          $userdata = explode("|", $usersinfo[$i]);  
          if ($username == $userdata[0]) {  
              refreshSession($username);  
                                return true;  
              break;  
          } else {  
              if ($row['data'] == "") {  
                  $data = "$username|$current_time";  
              } else {  
                 $data = $row['data'] . ",$username|$current_time"; 
              }  
          }  
      }  
            
                if ($row['data'] != $data) {  
          $sql = "UPDATE userlist SET data = '" . $row['data'] . "' WHERE id = 1;";  
         $result = @mysql_query($sql, $conn) or die("Couldn't submit query to database. In file: " . __file__ . " On line: " . __line__ . "<br /><br /><b>Mysql Error:</b><br />Error id: " . @mysql_errno() . "<br />Error Message: " . @mysql_error()); 
          @mysql_close();  
          return true;      
      } else {  
          @mysql_close();  
          return false;  
      }  
  }  
    
    
//Refresh users in online user list table  
        function updateUserTable($username) {  
            
      $current_time = time();  
      $expiry_time = $current_time - 3600;  
            
     $conn = @mysql_connect("", "", "") or die("Couldn't connect to database. In file: " . __file__ . " On line: " . __line__ . "<br /><br /><b>Mysql Error:</b><br />Error id: " . @mysql_errno() . "<br />Error Message: " . @mysql_error()); 
     $db = @mysql_select_db("", $conn) or die("Couldn't select database. In file: " . __file__ . " On line: " . __line__ . "<br /><br /><b>Mysql Error:</b><br />Error id: " . @mysql_errno() . "<br />Error Message: " . @mysql_error()); 
      $sql = "SELECT data FROM userlist WHERE id = 1;";  
     $result = @mysql_query($sql, $conn) or die("Couldn't submit query to database. In file: " . __file__ . " On line: " . __line__ . "<br /><br /><b>Mysql Error:</b><br />Error id: " . @mysql_errno() . "<br />Error Message: " . @mysql_error()); 
      $row = @mysql_fetch_array($result);  
            
      //divide users into array  
      $usersinfo = explode(",", $row['data']);  
            
      //weed out old users  
      $j = 0;  
      for ($i = 0; $i < sizeof($usersinfo); $i++) {  
          $userdata = explode("|", $usersinfo[$i]);  
          if ($userdata[0] == $username) {  
              if ($j <= 1) {  
                 $userfinal[] = $userdata[0] . "|" . $current_time; 
                  $j++;  
              }  
          } else {  
                                if (!($userdata[1] < $expiry_time)) {  
                  $userfinal[] = $usersinfo[$i];  
              }  
          }  
      }  
            
      $userfinal = implode(",", $userfinal);  
            
     $conn = @mysql_connect("", "", "") or die("Couldn't connect to database. In file: " . __file__ . " On line: " . __line__ . "<br /><br /><b>Mysql Error:</b><br />Error id: " . @mysql_errno() . "<br />Error Message: " . @mysql_error()); 
     $db = @mysql_select_db("", $conn) or die("Couldn't select database. In file: " . __file__ . " On line: " . __line__ . "<br /><br /><b>Mysql Error:</b><br />Error id: " . @mysql_errno() . "<br />Error Message: " . @mysql_error()); 
      $sql = "UPDATE userlist SET data = '$userfinal' WHERE id = 1;";  
     $result = @mysql_query($sql, $conn) or die("Couldn't submit query to database. In file: " . __file__ . " On line: " . __line__ . "<br /><br /><b>Mysql Error:</b><br />Error id: " . @mysql_errno() . "<br />Error Message: " . @mysql_error()); 
            
      return true;  
        }  

I don't think it's a problem with the php code. Some how the mysql table isn't being updated. Plus I get no errors!


#2 scs

scs
  • Members
  • PipPipPip
  • Advanced Member
  • 86 posts
  • LocationUSA

Posted 13 April 2006 - 02:02 AM

I really need help with this problem. For the first question. Is it posible that $_POST['username'] could become $_SESSION['username']? If so should I just change the post var so it doesn't change the session var?

#3 echoninja

echoninja
  • Members
  • PipPip
  • Member
  • 16 posts

Posted 13 April 2006 - 02:26 AM

$_SESSION['username'] = $row['username'];
$_SESSION['email'] = $row['email'];

is from the sender right? well for that simply register $session_user with the session when they login and do a db query for their personal data like email and register them. that way you can just use $session_whatever instead of drawing them each time and causing problems

could be the cure, could not, its still some good advice for ya ;)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users