Jump to content

Recommended Posts

I am making a music / social networking site. The profile pages seem to logout ANY user going to them, for no reason.. Here is my php:

 

 

CODE THAT SETS SESSION IN LOGIN.PHP:

session_regenerate_id();
$member=mysql_fetch_assoc($res);

$_SESSION['i']=$member['uid'];
$_SESSION['u']=$member['user'];

session_write_close();
header("location: index.php?dologin=".rand());
//Dologin just shows the "welcome" thingy.
exit();

 

PROFILE.PHP CODE:

<?PHP
include('inc.php');

if (isset($_GET['u'])) {
$user = $_GET['u'];

$sql = "SELECT * FROM `musix`.`userdetails`
WHERE `usaer` = '".clean($user)."' LIMIT 1;";
$res = mysql_query($sql) or die(mysql_error());

$ret = "<h1>$user's Profile</h1>";

while($u = mysql_fetch_assoc($res)) {
 $ret.= "

 <table width='80%'><tr><td width='100%'>
 <table width='80%'>

 <tr><td>Occupation: </td><td>".$u['occupation']."</td></tr>
 <tr><td>Interests: </td><td>".$u['interests']."</td></tr>
 <tr><td>Location: </td><td>".$u['location']."</td></tr>
 <tr><td> </td><td> </td></tr>
 <tr><td>Favorite Movies: </td><td>".$u['movies']."</td></tr>
 <tr><td>Favorite Shows: </td><td>".$u['television']."</td></tr>

 </table></td><td align='right'>
 ";

if (is_file('./pic/'.$user.'.jpg')) {
$ret.= "<img src='./pic/$user.jpg' alt='User Picture' />\r\n";
} else if (is_file('./pic/'.$user.'.png')) {
$ret.= "<img src='./pic/$user.png' alt='User Picture' />\r\n";
} else if (is_file('./pic/'.$user.'.gif')) {
$ret.= "<img src='./pic/$user.gif' alt='User Picture' />\r\n";
} else if (is_file('./pic/'.$user.'.jpeg')) {
$ret.= "<img src='./pic/$user.jpeg' alt='User Picture' />\r\n";
} else {
$ret.= "<img src='./pic/nopic.jpg' alt='User Picture' />\r\n";
}

$ret.= "
 </td></tr><tr><td colspan='2'><br/>
 <table width='100%' style='border-color: darkblue;'>
   <tr><th style='background-color:darkblue;'>About Me</th></tr>
   <tr><td style='border-color: darkblue;'>".$u['aboutme']."</td></tr>
 </table><br/>
 <table width='100%' style='border-color: darkblue;'>
   <tr><th style='background-color:darkblue;'>Biography</th></tr>
   <tr><td style='border-color: darkblue;'>".$u['biography']."</td></tr>
 </table><br/>
 <table width='100%' style='border-color: darkblue;'>
   <tr><th style='background-color:darkblue;'>My Favorite Songs</th></tr>
   <tr><td style='border-color: darkblue;'>";

$fav = str_split(';',$u['music']);

foreach ($fav as $song) {
$a = split(':',$song);
echo "<a href='play.php?id='".$a[0]."'>".@$a[1]."</a> \r\n";
}

$ret.= "</td></tr>
 </table>
 </td></tr></table>
 ";
}

html($user.'\'s Profile',$ret);
} else if (!empty($_SESSION['u'])) {
if (isset($_GET['edit'])) {

mysql_query($sql) or die(mysql_error());
}
$sql = "SELECT * FROM `musix`.`userdetails`
WHERE `user` = '".$_SESSION['u']."' LIMIT 1;";
$res = mysql_query($sql) or die(mysql_error());
$ret.= "<h1>Edit Profile</h1>";

while($u = mysql_fetch_assoc($res)) {

}

html('Your Profile',$ret);
} else {
header('location: login.php');
}

?>

 

INC.PHP:

<?PHP
session_set_cookie_params(3600*24*355);
error_reporting(E_ALL);
session_start();

mysql_connect('localhost','root','') or die(mysql_error());
mysql_select_db('musix') or die(mysql_error());

function lognm() {
return gmdate('[m/d/Y H:i:s] ').$_SERVER['REMOTE_ADDR'];
}

function logme($str) {
$str = lognm().$str;

$log = fopen('`site.log','a+');
fwrite($log,$str."\r\n");
fclose($log);
}

function get_comments() {$id = @$_GET['id'];
$comments = mysql_query('SELECT * FROM `comments` WHERE
`pid`='.$id.' ORDER BY `cid` ASC');
$RET = 'Post a Comment: 
<form method="POST" action="comment.php"><table><tr><td>';
if (empty($_SESSION['u'])) {
$RET.= 'Posting as: <input type="text" name="name"
value="'.$_SERVER['REMOTE_ADDR'].'" />';
} else {
$RET.= '<input type="hidden" name="name" value="'.$_SESSION['u'].'" />
Posting as: '.$_SESSION['u'];
}
$RET.= ' </td><td>
<input type="submit" name="sub" value="Post Comment" /></td></tr>
<td colspan="2"><input type="hidden" name="id" value="'.$id.'" />
<input type="hidden" name="dt" value="'.time().'" />
<textarea name="text" cols="50" rows="4">
Please enter your comment here...</textarea>
</td></tr></table>
</form>
';

while ($row = @mysql_fetch_assoc($comments)) {

 $RET.= '<table width="50%" style="background-color:#191919;"><tr><th
 style="background-color:#595959;">'.$row['name'].'</th></tr>
 <tr><td style="background-color:#595959;">
 '.$row['text'].'</td></tr></table>'."<br/>\r\n";

}

return($RET);
}

function clean($str) {
$str  = @trim($str);

if(version_compare(phpversion(),'4.3.0') >= 0) {
	if(get_magic_quotes_gpc()) {
		$str = stripslashes($str);
	}
	if(@mysql_ping()) {
		$str = mysql_real_escape_string($str);
	}
	else {
		$str = addslashes($str);
	}
}
else {
	if(!get_magic_quotes_gpc()) {
		$str = addslashes($str);
	}
}
return $str;
}

function html($TITLE,$RET,$HEAD = "",$down = false) {



$RET = str_replace('{{BLOCK}--COMMENTS--(ID}}:',get_comments(),$RET);

echo '<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html 
    PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Musix :: '.$TITLE.'</title>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<base href="http://'.$_SERVER['SERVER_NAME'].$_SERVER['PHP_SELF'].'" />
<style type="text/css">
body,table,img,td,th {
font-family: Geneva, Arial, Helvetica, sans-serif;
background-color: #383838;
text-align:center;
font-size: 14px;
color: #EEEEEE;
       border: 0px;
}
textarea,input,file {
       background-color: #222222;
       color: #00DDFF;
}
submit,button {
       background-color: #050505;
       color: #00DD00;
}
a:link,link,a {
       color: #FF0000;
}
</style>
'.$HEAD.'
</head>
';
if ($down) {
echo '<body onload="timedCount();">';
} else {
echo '<body>';
}
echo '<div align="center">
<table width="75%" border="1">
 <tr>
   <th width="25%" align="left">
     
   </th>
   <th width="50%" align="center">
     <a href="http://'.$_SERVER['SERVER_NAME'].'/six/index.php"><img
       src="http://'.$_SERVER['SERVER_NAME'].'/six/header.gif"
       alt="Header Image for Musix" style="border:0px;" /></a>
   </th>';
if (!empty($_SESSION['u'])) {
echo '
   <th width="25%" align="left">
    Welcome, '.$_SESSION['u'].'!
   </th>';
} else {
echo '
   <th width="25%" align="right">
    <form method="POST" action="login.php">
    User: <input type="text" name="user" size="15" /><br />
    Pass: <input type="password" name="pass" size="15" /><br />
    <a href="register.php">Register</a> | 
    <input type="submit" value="Login" name="quicklogin" />
    </form>
   </th>';
}
echo '
 </tr>
 <tr>
   <td colspan="3"><table width="100%"><tr>
    <td><h3><a href="search.php">Search</a></h3></td>
    <td><h3><a href="up.php">Upload</a> (<a href="qup.php">Quick</a>)</h3></td>';

echo '    </tr></table></td>
 </tr>
 <tr>
   <td colspan="3"><div align="center">'.$RET.'</div></td>
 </tr>
 <tr>
   <th colspan="3">Musix® Copyright© Damon Hosting 2007.  All Rights Reserved.<br/></th>
 </tr>
</table><br/>
<!-- Begin: AdBrite -->
<script type="text/javascript">'; echo "
  var AdBrite_Title_Color = 'ff3333';
  var AdBrite_Text_Color = 'CCCCCC';
  var AdBrite_Background_Color = '383838';
  var AdBrite_Border_Color = '191919';
</script>"; echo '
<span style="white-space:nowrap;"><script src="http://ads.adbrite.com/mb/text_group.php?sid=495634&zs=3732385f3930" type="text/javascript"></script><!--
--><a target="_top" href="http://www.adbrite.com/mb/commerce/purchase_form.php?opid=495634&afsid=1"><img src="http://files.adbrite.com/mb/images/adbrite-your-ad-here-leaderboard-w.gif" style="background-color:#191919" alt="Your Ad Here" width="14" height="90" border="0" /></a></span>
<!-- End: AdBrite --></div></body></html>'; exit();
}

?>

 

I click profile links like "profile.php?u=admin" and it logs me out, and shows me admin's profile. The login box at the top shows up instead of saying "welcome admin"... It affectively unset's session. Please help me!

 

EDIT by toplay:

 

please don't use that abbreviation.

 

Link to comment
https://forums.phpfreaks.com/topic/79730-solved-profile-page-unsetting-session/
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.