Jump to content

login/message problem

scs

By scs
in PHP Coding Help

 Share

Recommended Posts

scs Member

scs

Posted
Posted
When a user logs in he/she can send/recive messages to/from other users. Well when I was testing sending a message I had many problems. One was what ever user I pick for sending the message to became the user who sent the message. And two the user I was sending a message to became the user loged in with out any verifcation. The current users name is stored in a session variable. $_SESSION['username']. I know that when I login that the username is correct because the home page displays "Welcome " . $_SESSION['username']. Here is some of my code to better understand how my message/login system works.

[code]
//Login session variables created
  //$row is the database results
  $_SESSION['username'] = $row['username'];
  $_SESSION['email'] = $row['email'];
  $_SESSION['type'] = $row['type']; //This variable is only created if user is admin
  
  
  
  //Message sending to user
  $username = $_POST['username'];
  $subject = $_POST['subject'];
  $meesage = $_POST['message'];
              
             $conn = @mysql_connect("", "", "") or die("Couldn't connect to database. In file: " . __file__ . " On line: " . __line__ . "<br /><br /><b>Mysql Error:</b><br />Error id: " . @mysql_errno() . "<br />Error Message: " . @mysql_error());
             $db = @mysql_select_db("", $conn) or die("Couldn't select database. In file: " . __file__ . " On line: " . __line__ . "<br /><br /><b>Mysql Error:</b><br />Error id: " . @mysql_errno() . "<br />Error Message: " . @mysql_error());
              $sql = "SELECT username FROM users WHERE username = '$username'";
             $result = @mysql_query($sql, $conn) or die("Couldn't submit query to database. In file: " . __file__ . " On line: " . __line__ . "<br /><br /><b>Mysql Error:</b><br />Error id: " . @mysql_errno() . "<br />Error Message: " . @mysql_error());
              $num = @mysql_num_rows($result);
              
              if ($num = 0) {
  ?>
        <form id="new" name="new" method="post" action="messages.php?a=new">
         <span id="warning"><?php echo $username; ?> does not exContent for  id "name" Goes Herest in the database. Please try again or select a user from the registered users in the database.</span><br />
         <label>User Name<input name="username" type="text" maxlength="25" /></label><br />
         <label>Subject<input name="subject" type="text" id="subject" /> </label><br />
         <label>Message (HTML accepted)<br /><textarea name="message" cols="75" rows="20"  wrap="off"><?php echo $message; ?></textarea></label><br />
          <input name="send" type="submit" id="send" value="Send" />
         <input name="cancel" type="button" id="cancel" value="Cancel" onclick="javascript:document.location.href='messages.php';" />
        </form>
  <?php
                  @mysql_close();
              } else if ($num = 1) {
                 $sql = "INSERT INTO messages (username_from, username_to, message_subject, message_body, message_to_admin, message_from_admin, message_read) values('" . $_SESSION['username'] . "', '$username', '$subject', '$message', 'NO', 'NO', 'NO');";
                 if ($result = @mysql_query($sql, $conn) or die("Couldn't submit query to database. In file: " . __file__ . " On line: " . __line__ . "<br /><br /><b>Mysql Error:</b><br />Error id: " . @mysql_errno() . "<br />Error Message: " . @mysql_error())) {
                     echo 'Meesage sent. <a href="main.php">Click here to go back to home</a>';
                     ..........etc
  [/code]

When this( echo 'Meesage sent. <a href="main.php">Click here to go back to home</a>';) is displayed it means there was no errors in sending message. So I click on the link to continue. Then the user I sent the message to becomes the user loged. (admin or not) And when I view the message sent the user I sent it to is the user it says it's from. As you see in my code above the user I'm sending the message to $_POST['username'] some how became the user loged in $_SESSION['username']. If someone knows whats going on I really need to know.


Second problem.
When a user logs in I have a table that holds who is online. (The users are held in one row because I tryed doing the same thing but writing to a file and it didn't work.) Before updating online users was fine. Then all of a sudden the row is empty when a user is loged on. Here is my code for loging in a user and refreshing the user list.

Login user to userlist table:
[code]//Add user to online users list
  function loginUser($username) {  
            
      $current_time = time();  
     $conn = @mysql_connect("", "", "") or die("Couldn't connect to database. In file: " . __file__ . " On line: " . __line__ . "<br /><br /><b>Mysql Error:</b><br />Error id: " . @mysql_errno() . "<br />Error Message: " . @mysql_error());
     $db = @mysql_select_db("", $conn) or die("Couldn't select database. In file: " . __file__ . " On line: " . __line__ . "<br /><br /><b>Mysql Error:</b><br />Error id: " . @mysql_errno() . "<br />Error Message: " . @mysql_error());
      $sql = "SELECT data FROM userlist WHERE id = 1;";  
     $result = @mysql_query($sql, $conn) or die("Couldn't submit query to database. In file: " . __file__ . " On line: " . __line__ . "<br /><br /><b>Mysql Error:</b><br />Error id: " . @mysql_errno() . "<br />Error Message: " . @mysql_error());
      $row = @mysql_fetch_array($result);  
            
      $usersinfo = explode(",", $row['data']);  
            
      for ($i = 0; $i < sizeof($usersinfo); $i++) {  
          $userdata = explode("|", $usersinfo[$i]);  
          if ($username == $userdata[0]) {  
              refreshSession($username);  
                                return true;  
              break;  
          } else {  
              if ($row['data'] == "") {  
                  $data = "$username|$current_time";  
              } else {  
                 $data = $row['data'] . ",$username|$current_time";
              }  
          }  
      }  
            
                if ($row['data'] != $data) {  
          $sql = "UPDATE userlist SET data = '" . $row['data'] . "' WHERE id = 1;";  
         $result = @mysql_query($sql, $conn) or die("Couldn't submit query to database. In file: " . __file__ . " On line: " . __line__ . "<br /><br /><b>Mysql Error:</b><br />Error id: " . @mysql_errno() . "<br />Error Message: " . @mysql_error());
          @mysql_close();  
          return true;      
      } else {  
          @mysql_close();  
          return false;  
      }  
  }  
    
    
//Refresh users in online user list table  
        function updateUserTable($username) {  
            
      $current_time = time();  
      $expiry_time = $current_time - 3600;  
            
     $conn = @mysql_connect("", "", "") or die("Couldn't connect to database. In file: " . __file__ . " On line: " . __line__ . "<br /><br /><b>Mysql Error:</b><br />Error id: " . @mysql_errno() . "<br />Error Message: " . @mysql_error());
     $db = @mysql_select_db("", $conn) or die("Couldn't select database. In file: " . __file__ . " On line: " . __line__ . "<br /><br /><b>Mysql Error:</b><br />Error id: " . @mysql_errno() . "<br />Error Message: " . @mysql_error());
      $sql = "SELECT data FROM userlist WHERE id = 1;";  
     $result = @mysql_query($sql, $conn) or die("Couldn't submit query to database. In file: " . __file__ . " On line: " . __line__ . "<br /><br /><b>Mysql Error:</b><br />Error id: " . @mysql_errno() . "<br />Error Message: " . @mysql_error());
      $row = @mysql_fetch_array($result);  
            
      //divide users into array  
      $usersinfo = explode(",", $row['data']);  
            
      //weed out old users  
      $j = 0;  
      for ($i = 0; $i < sizeof($usersinfo); $i++) {  
          $userdata = explode("|", $usersinfo[$i]);  
          if ($userdata[0] == $username) {  
              if ($j <= 1) {  
                 $userfinal[] = $userdata[0] . "|" . $current_time;
                  $j++;  
              }  
          } else {  
                                if (!($userdata[1] < $expiry_time)) {  
                  $userfinal[] = $usersinfo[$i];  
              }  
          }  
      }  
            
      $userfinal = implode(",", $userfinal);  
            
     $conn = @mysql_connect("", "", "") or die("Couldn't connect to database. In file: " . __file__ . " On line: " . __line__ . "<br /><br /><b>Mysql Error:</b><br />Error id: " . @mysql_errno() . "<br />Error Message: " . @mysql_error());
     $db = @mysql_select_db("", $conn) or die("Couldn't select database. In file: " . __file__ . " On line: " . __line__ . "<br /><br /><b>Mysql Error:</b><br />Error id: " . @mysql_errno() . "<br />Error Message: " . @mysql_error());
      $sql = "UPDATE userlist SET data = '$userfinal' WHERE id = 1;";  
     $result = @mysql_query($sql, $conn) or die("Couldn't submit query to database. In file: " . __file__ . " On line: " . __line__ . "<br /><br /><b>Mysql Error:</b><br />Error id: " . @mysql_errno() . "<br />Error Message: " . @mysql_error());
            
      return true;  
        }  [/code]

I don't think it's a problem with the php code. Some how the mysql table isn't being updated. Plus I get no errors!
Link to comment
Share on other sites
scs Member

scs

Posted
  • Author
Posted
I really need help with this problem. For the first question. Is it posible that $_POST['username'] could become $_SESSION['username']? If so should I just change the post var so it doesn't change the session var?
Link to comment
Share on other sites
echoninja Newbie

echoninja

Posted
Posted
$_SESSION['username'] = $row['username'];
$_SESSION['email'] = $row['email'];

is from the sender right? well for that simply register $session_user with the session when they login and do a db query for their personal data like email and register them. that way you can just use $session_whatever instead of drawing them each time and causing problems

could be the cure, could not, its still some good advice for ya ;)
Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.