Jump to content

Archived

This topic is now archived and is closed to further replies.

scs

login/message problem

Recommended Posts

When a user logs in he/she can send/recive messages to/from other users. Well when I was testing sending a message I had many problems. One was what ever user I pick for sending the message to became the user who sent the message. And two the user I was sending a message to became the user loged in with out any verifcation. The current users name is stored in a session variable. $_SESSION['username']. I know that when I login that the username is correct because the home page displays "Welcome " . $_SESSION['username']. Here is some of my code to better understand how my message/login system works.

[code]
//Login session variables created
  //$row is the database results
  $_SESSION['username'] = $row['username'];
  $_SESSION['email'] = $row['email'];
  $_SESSION['type'] = $row['type']; //This variable is only created if user is admin
  
  
  
  //Message sending to user
  $username = $_POST['username'];
  $subject = $_POST['subject'];
  $meesage = $_POST['message'];
              
             $conn = @mysql_connect("", "", "") or die("Couldn't connect to database. In file: " . __file__ . " On line: " . __line__ . "<br /><br /><b>Mysql Error:</b><br />Error id: " . @mysql_errno() . "<br />Error Message: " . @mysql_error());
             $db = @mysql_select_db("", $conn) or die("Couldn't select database. In file: " . __file__ . " On line: " . __line__ . "<br /><br /><b>Mysql Error:</b><br />Error id: " . @mysql_errno() . "<br />Error Message: " . @mysql_error());
              $sql = "SELECT username FROM users WHERE username = '$username'";
             $result = @mysql_query($sql, $conn) or die("Couldn't submit query to database. In file: " . __file__ . " On line: " . __line__ . "<br /><br /><b>Mysql Error:</b><br />Error id: " . @mysql_errno() . "<br />Error Message: " . @mysql_error());
              $num = @mysql_num_rows($result);
              
              if ($num = 0) {
  ?>
        <form id="new" name="new" method="post" action="messages.php?a=new">
         <span id="warning"><?php echo $username; ?> does not exContent for  id "name" Goes Herest in the database. Please try again or select a user from the registered users in the database.</span><br />
         <label>User Name<input name="username" type="text" maxlength="25" /></label><br />
         <label>Subject<input name="subject" type="text" id="subject" /> </label><br />
         <label>Message (HTML accepted)<br /><textarea name="message" cols="75" rows="20"  wrap="off"><?php echo $message; ?></textarea></label><br />
          <input name="send" type="submit" id="send" value="Send" />
         <input name="cancel" type="button" id="cancel" value="Cancel" onclick="javascript:document.location.href='messages.php';" />
        </form>
  <?php
                  @mysql_close();
              } else if ($num = 1) {
                 $sql = "INSERT INTO messages (username_from, username_to, message_subject, message_body, message_to_admin, message_from_admin, message_read) values('" . $_SESSION['username'] . "', '$username', '$subject', '$message', 'NO', 'NO', 'NO');";
                 if ($result = @mysql_query($sql, $conn) or die("Couldn't submit query to database. In file: " . __file__ . " On line: " . __line__ . "<br /><br /><b>Mysql Error:</b><br />Error id: " . @mysql_errno() . "<br />Error Message: " . @mysql_error())) {
                     echo 'Meesage sent. <a href="main.php">Click here to go back to home</a>';
                     ..........etc
  [/code]

When this( echo 'Meesage sent. <a href="main.php">Click here to go back to home</a>';) is displayed it means there was no errors in sending message. So I click on the link to continue. Then the user I sent the message to becomes the user loged. (admin or not) And when I view the message sent the user I sent it to is the user it says it's from. As you see in my code above the user I'm sending the message to $_POST['username'] some how became the user loged in $_SESSION['username']. If someone knows whats going on I really need to know.


Second problem.
When a user logs in I have a table that holds who is online. (The users are held in one row because I tryed doing the same thing but writing to a file and it didn't work.) Before updating online users was fine. Then all of a sudden the row is empty when a user is loged on. Here is my code for loging in a user and refreshing the user list.

Login user to userlist table:
[code]//Add user to online users list
  function loginUser($username) {  
            
      $current_time = time();  
     $conn = @mysql_connect("", "", "") or die("Couldn't connect to database. In file: " . __file__ . " On line: " . __line__ . "<br /><br /><b>Mysql Error:</b><br />Error id: " . @mysql_errno() . "<br />Error Message: " . @mysql_error());
     $db = @mysql_select_db("", $conn) or die("Couldn't select database. In file: " . __file__ . " On line: " . __line__ . "<br /><br /><b>Mysql Error:</b><br />Error id: " . @mysql_errno() . "<br />Error Message: " . @mysql_error());
      $sql = "SELECT data FROM userlist WHERE id = 1;";  
     $result = @mysql_query($sql, $conn) or die("Couldn't submit query to database. In file: " . __file__ . " On line: " . __line__ . "<br /><br /><b>Mysql Error:</b><br />Error id: " . @mysql_errno() . "<br />Error Message: " . @mysql_error());
      $row = @mysql_fetch_array($result);  
            
      $usersinfo = explode(",", $row['data']);  
            
      for ($i = 0; $i < sizeof($usersinfo); $i++) {  
          $userdata = explode("|", $usersinfo[$i]);  
          if ($username == $userdata[0]) {  
              refreshSession($username);  
                                return true;  
              break;  
          } else {  
              if ($row['data'] == "") {  
                  $data = "$username|$current_time";  
              } else {  
                 $data = $row['data'] . ",$username|$current_time";
              }  
          }  
      }  
            
                if ($row['data'] != $data) {  
          $sql = "UPDATE userlist SET data = '" . $row['data'] . "' WHERE id = 1;";  
         $result = @mysql_query($sql, $conn) or die("Couldn't submit query to database. In file: " . __file__ . " On line: " . __line__ . "<br /><br /><b>Mysql Error:</b><br />Error id: " . @mysql_errno() . "<br />Error Message: " . @mysql_error());
          @mysql_close();  
          return true;      
      } else {  
          @mysql_close();  
          return false;  
      }  
  }  
    
    
//Refresh users in online user list table  
        function updateUserTable($username) {  
            
      $current_time = time();  
      $expiry_time = $current_time - 3600;  
            
     $conn = @mysql_connect("", "", "") or die("Couldn't connect to database. In file: " . __file__ . " On line: " . __line__ . "<br /><br /><b>Mysql Error:</b><br />Error id: " . @mysql_errno() . "<br />Error Message: " . @mysql_error());
     $db = @mysql_select_db("", $conn) or die("Couldn't select database. In file: " . __file__ . " On line: " . __line__ . "<br /><br /><b>Mysql Error:</b><br />Error id: " . @mysql_errno() . "<br />Error Message: " . @mysql_error());
      $sql = "SELECT data FROM userlist WHERE id = 1;";  
     $result = @mysql_query($sql, $conn) or die("Couldn't submit query to database. In file: " . __file__ . " On line: " . __line__ . "<br /><br /><b>Mysql Error:</b><br />Error id: " . @mysql_errno() . "<br />Error Message: " . @mysql_error());
      $row = @mysql_fetch_array($result);  
            
      //divide users into array  
      $usersinfo = explode(",", $row['data']);  
            
      //weed out old users  
      $j = 0;  
      for ($i = 0; $i < sizeof($usersinfo); $i++) {  
          $userdata = explode("|", $usersinfo[$i]);  
          if ($userdata[0] == $username) {  
              if ($j <= 1) {  
                 $userfinal[] = $userdata[0] . "|" . $current_time;
                  $j++;  
              }  
          } else {  
                                if (!($userdata[1] < $expiry_time)) {  
                  $userfinal[] = $usersinfo[$i];  
              }  
          }  
      }  
            
      $userfinal = implode(",", $userfinal);  
            
     $conn = @mysql_connect("", "", "") or die("Couldn't connect to database. In file: " . __file__ . " On line: " . __line__ . "<br /><br /><b>Mysql Error:</b><br />Error id: " . @mysql_errno() . "<br />Error Message: " . @mysql_error());
     $db = @mysql_select_db("", $conn) or die("Couldn't select database. In file: " . __file__ . " On line: " . __line__ . "<br /><br /><b>Mysql Error:</b><br />Error id: " . @mysql_errno() . "<br />Error Message: " . @mysql_error());
      $sql = "UPDATE userlist SET data = '$userfinal' WHERE id = 1;";  
     $result = @mysql_query($sql, $conn) or die("Couldn't submit query to database. In file: " . __file__ . " On line: " . __line__ . "<br /><br /><b>Mysql Error:</b><br />Error id: " . @mysql_errno() . "<br />Error Message: " . @mysql_error());
            
      return true;  
        }  [/code]

I don't think it's a problem with the php code. Some how the mysql table isn't being updated. Plus I get no errors!

Share this post


Link to post
Share on other sites
I really need help with this problem. For the first question. Is it posible that $_POST['username'] could become $_SESSION['username']? If so should I just change the post var so it doesn't change the session var?

Share this post


Link to post
Share on other sites
$_SESSION['username'] = $row['username'];
$_SESSION['email'] = $row['email'];

is from the sender right? well for that simply register $session_user with the session when they login and do a db query for their personal data like email and register them. that way you can just use $session_whatever instead of drawing them each time and causing problems

could be the cure, could not, its still some good advice for ya ;)

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.