only1perky Posted January 25, 2008 Share Posted January 25, 2008 Hi guys I'm having a problem with a site i'm working on and need some urgent assistance. Ok here goes, Members login to the members area using a username and password, once logged in they have the option to edit their details. At first this works well and as expected. However if the user should view other users products or services whilst logged in aand then click edit details the recently viewed users details are displayed and not the logged in ones. This is obviously very serious and any help would be grately appreciated. Quote Link to comment https://forums.phpfreaks.com/topic/87735-members-area-update-details-changes-to-different-users/ Share on other sites More sharing options...
rajivgonsalves Posted January 25, 2008 Share Posted January 25, 2008 well if your using session the user_id or whatever is getting ovewritten on that page some code on the page doing this would be helpful to pinpoint the problem Quote Link to comment https://forums.phpfreaks.com/topic/87735-members-area-update-details-changes-to-different-users/#findComment-448747 Share on other sites More sharing options...
only1perky Posted January 25, 2008 Author Share Posted January 25, 2008 Hi unfortuently I inherited this site and am a new comer to php so you'll have to be patient with me. Here is all the code from the edit details page. <? include("../config/config.inc.php"); include("../includes/classes/template_reader.class.php"); include("../includes/classes/authentication.class.php"); $obj_template = new TemplateReader; $obj_authentication = new Authentication; $colname_rs_check_exist = "-1"; $obj_authentication->check_login(); $content['links']=$obj_authentication->userlinks(); $content['loginbox']=$obj_authentication->check_loginbox(); include("../includes/classes/category.class.php"); $obj_category = new Category; $content['categories']=$obj_category->category(); $content['price']=$obj_category->price(); $content['exhibitor_type']=$_SESSION['type']; $content['name']=$_SESSION['contact']; ///if we have passed and email addess if (isset($HTTP_POST_VARS['email'])) { $colname_rs_check_exist = (get_magic_quotes_gpc()) ? $HTTP_POST_VARS['email'] : addslashes($HTTP_POST_VARS['email']); } //old query doesn;t work //see if the email exists for another user $query_rs_check_exist = sprintf("SELECT email FROM exhibitors WHERE id != ".$_SESSION['uid']." AND email = '%s' ", $colname_rs_check_exist); //$query_rs_check_exist = sprintf("SELECT email, id FROM exhibitors WHERE email = '%s' ", $colname_rs_check_exist); $rs_check_exist = mysql_query($query_rs_check_exist) or die(mysql_error().": $query_rs_check_exist" ); $row_rs_check_exist = mysql_fetch_assoc($rs_check_exist); $totalRows_rs_check_exist = mysql_num_rows($rs_check_exist); //get the exhibitors id //$ex_id = $row_rs_check_exist['id']; function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = ""){ $theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue; switch ($theType) { case "text": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "long": case "int": $theValue = ($theValue != "") ? intval($theValue) : "NULL"; break; case "double": $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL"; break; case "date": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "defined": $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; break; } return $theValue; } $editFormAction = $HTTP_SERVER_VARS['PHP_SELF']; if(isset($HTTP_SERVER_VARS['QUERY_STRING'])) { $editFormAction .= "?" . $HTTP_SERVER_VARS['QUERY_STRING']; } //update the user details if((isset($HTTP_POST_VARS["MM_update"])) && ($HTTP_POST_VARS["MM_update"] == "update") && $totalRows_rs_check_exist < 1) { if(is_array($HTTP_POST_VARS['category'])){ $craft = implode(",",$HTTP_POST_VARS['category']); }else{ $craft =$HTTP_POST_VARS['category']; } $updateSQL = sprintf("UPDATE exhibitors SET business=%s, contact=%s,address1=%s, address2=%s, address3=%s, city=%s, county=%s, postcode=%s, telephone=%s, fax=%s, email=%s, url=%s, region=%s, craft=%s, description=%s, ename=%s, eaddr=%s, commision=%s, creditcards=%s, delivery=%s, gallery=%s, onlineshop=%s, traning=%s, password=%s WHERE id=%s", GetSQLValueString($HTTP_POST_VARS['business'], "text"), GetSQLValueString($HTTP_POST_VARS['contact'], "text"), GetSQLValueString($HTTP_POST_VARS['address1'], "text"), GetSQLValueString($HTTP_POST_VARS['address2'], "text"), GetSQLValueString($HTTP_POST_VARS['address3'], "text"), GetSQLValueString($HTTP_POST_VARS['city'], "text"), GetSQLValueString($HTTP_POST_VARS['county'], "text"), GetSQLValueString($HTTP_POST_VARS['postcode'], "text"), GetSQLValueString($HTTP_POST_VARS['telephone'], "text"), GetSQLValueString($HTTP_POST_VARS['fax'], "text"), GetSQLValueString($HTTP_POST_VARS['email'], "text"), GetSQLValueString($HTTP_POST_VARS['url'], "text"), GetSQLValueString($HTTP_POST_VARS['region'], "text"), GetSQLValueString($craft, "text"), GetSQLValueString($HTTP_POST_VARS['description'], "text"), GetSQLValueString($HTTP_POST_VARS['ename'], "text"), GetSQLValueString($HTTP_POST_VARS['eaddr'], "text"), GetSQLValueString($HTTP_POST_VARS['commision'], "text"), GetSQLValueString(isset($HTTP_POST_VARS['creditcard']) ? "true" : "", "defined","1","0"), GetSQLValueString(isset($HTTP_POST_VARS['delivery']) ? "true" : "", "defined","1","0"), GetSQLValueString(isset($HTTP_POST_VARS['gallery']) ? "true" : "", "defined","1","0"), GetSQLValueString(isset($HTTP_POST_VARS['ecommerce']) ? "true" : "", "defined","1","0"), GetSQLValueString(isset($HTTP_POST_VARS['training']) ? "true" : "", "defined","1","0"), GetSQLValueString($HTTP_POST_VARS['password'], "text"), GetSQLValueString($HTTP_POST_VARS['hidden_id'], "int")); //die($updateSQL); $Result1 = mysql_query($updateSQL) or die(mysql_error()); } ?> <?php // added to keep the session variables up to date, after the update behaviour (above) has updated the database if((isset($HTTP_POST_VARS["MM_update"])) && ($HTTP_POST_VARS["MM_update"] == "update")) { $ex_business = $HTTP_POST_VARS['business']; $ex_contact = $HTTP_POST_VARS['contact']; } ?> <?php //select regions $query_rsregion = "SELECT label, val FROM region ORDER BY region.label"; $rsregion = mysql_query($query_rsregion) or die(mysql_error()); $row_rsregion = mysql_fetch_assoc($rsregion); $totalRows_rsregion = mysql_num_rows($rsregion); //select crafts $query_rscraft = "SELECT label, val FROM craft ORDER BY craft.label"; $rscraft = mysql_query($query_rscraft) or die(mysql_error()); $row_rscraft = mysql_fetch_assoc($rscraft); $totalRows_rscraft = mysql_num_rows($rscraft); //selct exhibitors based on craft type $query_rsrecent = "SELECT exhibitors.id, exhibitors.business, exhibitors.craft, craft.label as c, exhibitors.featured FROM exhibitors, craft WHERE exhibitors.approved = 1 AND craft.val = exhibitors.craft ORDER BY id DESC LIMIT 0, 5"; $rsrecent = mysql_query($query_rsrecent) or die(mysql_error()); $row_rsrecent = mysql_fetch_assoc($rsrecent); $totalRows_rsrecent = mysql_num_rows($rsrecent); //get the exhibitor details $colname_rs_exhibitor_ed = "-1"; //die("session is ".$_SESSION['uid']); if(isset($_SESSION['uid'])){ $colname_rs_exhibitor_ed = (get_magic_quotes_gpc()) ? $_SESSION['uid'] : addslashes($_SESSION['uid']); } //die("id is".$colname_rs_exhibitor_ed); $query_rs_exhibitor_ed = sprintf("SELECT exhibitors.id, exhibitors.business, exhibitors.contact, exhibitors.exhibitor_type, exhibitors.address1, exhibitors.address2, exhibitors.address3, exhibitors.city, exhibitors.county, exhibitors.postcode, exhibitors.telephone, exhibitors.fax, exhibitors.email, exhibitors.url, exhibitors.region, exhibitors.craft, exhibitors.description, exhibitors.ename, exhibitors.eaddr, exhibitors.commision, exhibitors.creditcards, exhibitors.delivery, exhibitors.gallery, exhibitors.onlineshop, exhibitors.traning, exhibitors.password, craft.label as c, region.label as r FROM exhibitors, craft, region WHERE exhibitors.id = %s AND region.val = exhibitors.region", $colname_rs_exhibitor_ed); $rs_exhibitor_ed = mysql_query($query_rs_exhibitor_ed) or die(mysql_error()); $row_rs_exhibitor_ed = mysql_fetch_assoc($rs_exhibitor_ed); $array_exhibitor_ed = mysql_fetch_array($rs_exhibitor_ed); $totalRows_rs_exhibitor_ed = mysql_num_rows($rs_exhibitor_ed); $query_rs_region = "SELECT label, val FROM region WHERE val <> '%' ORDER BY region.label"; $rs_region = mysql_query($query_rs_region) or die(mysql_error()); $row_rs_region = mysql_fetch_assoc($rs_region); $totalRows_rs_region= mysql_num_rows($rs_region); $query_rs_craft = "SELECT label, val FROM craft WHERE val <> '%' ORDER BY craft.label"; $rs_craft = mysql_query($query_rs_craft) or die(mysql_error()); $row_rs_craft = mysql_fetch_assoc($rs_craft); $totalRows_rs_craft = mysql_num_rows($rs_craft); $query_rs_books = "SELECT isbn, title, author, price, (isbn/isbn)*RAND() AS MyRAND FROM books ORDER BY MyRAND LIMIT 2"; $rs_books = mysql_query($query_rs_books) or die(mysql_error()); $row_rs_books = mysql_fetch_assoc($rs_books); $totalRows_rs_books = mysql_num_rows($rs_books); $content['loginbox']= $obj_authentication->check_loginbox(); echo $obj_template->showRegForm("../templates/user/indextop.html",$content); ?> <script language="javascript" type="text/javascript"> <!-- function createRequestObject(){ var request_o; //declare the variable to hold the object. var browser = navigator.appName; //find the browser name if(browser == "Microsoft Internet Explorer") request_o = new ActiveXObject("Microsoft.XMLHTTP"); else request_o = new XMLHttpRequest(); return request_o; //return the object } var http = createRequestObject(); function getCraft(val){ var string = "&cr="+"<?= $row_rs_exhibitor_ed['craft'] ?>"+"&desc="+"<?= $row_rs_exhibitor_ed['description'] ?>"+"&en="+"<?= $row_rs_exhibitor_ed['ename'] ?>"+"&ea="+"<?= $row_rs_exhibitor_ed['eaddr'] ?>"+"&com="+"<?= $row_rs_exhibitor_ed['commision'] ?>"; http.open('get', '../../ajxCommon.php?action=getCraft&id='+val+string); http.onreadystatechange = handlegetCraftOpts; http.send(null); } function handlegetCraftOpts(){ if(http.readyState == 4){ var response = http.responseText; document.getElementById('craftdiv').innerHTML = response; } } --> </script> <script language="javascript" type="text/javascript" src="/include.js"></script> <?php if((isset($HTTP_POST_VARS["MM_update"])) && ($HTTP_POST_VARS["MM_update"] == "update") && $totalRows_rs_check_exist < 1 ){ ?><table width="100%" border="0" cellpadding="1" cellspacing="0" class="lpurpback"> <table width="100%" border="0" cellpadding="2" cellspacing="0" class="dpurpback"> <tr> <td class="th">Record updated<strong></strong></td> </tr> </table> <table width="100%" border="0" cellpadding="2" cellspacing="4" class="whiteback"> <tr> <td><p>Your details have been successfully updated, as shown below.</p> </td> </tr> </table> <?php }else if((isset($HTTP_POST_VARS["MM_update"])) && ($HTTP_POST_VARS["MM_update"] == "update") && $totalRows_rs_check_exist > 0){ ?><table width="100%" border="0" cellpadding="1" cellspacing="0" class="lpurpback"> <table width="100%" border="0" cellpadding="2" cellspacing="0" class="dpurpback"> <tr> <td class="th">Email address already exists<strong></strong></td> </tr> </table> <table width="100%" border="0" cellpadding="2" cellspacing="4" class="whiteback"> <tr> <td><p>The email address <?php $HTTP_POST_VARS['email']; ?> is already being used. Your email address is also used as your user login, so it must be unique.</p><p>Please amend and try again. If the problem persists, contact uk-craft via the <a href="contact.php">contact form</a>.</p></td> </tr> </table> <?php } ?><br> <table width="100%" border="0" cellpadding="1" cellspacing="0" class="lpurpback"> <tr> <td> <table width="100%" border="0" cellpadding="2" cellspacing="0" class="lpurpback"> <tr> <td class="th">Edit Details<a name="form"></a></td> </tr> </table> <table width="100%" border="0" cellpadding="2" cellspacing="4" class="whiteback"> <tr> <td><form action="<?=$editFormAction?>" method="POST" name="update" id="update" onSubmit="return check_required(eval(elarray=[this.business,this.contact,this.city,this.county,this.region,this.url,this.description,this.email,this.password]))"> <p><br> <span class="darktitle">Business name: </span><span class="blacksm">The name of your business. Please do <strong>not</strong> add marketing hype (e.g. Somerset Widgets - the best widgets in the World)</span><br> <input name="business" type="text" value="<?=$content['bname']?>" size="50" maxlength="50"> <span class="redsm">* required</span> <br> <br> <span class="darktitle">Contact name:</span> <span class="blacksm">This name will not be displayed, for use by uk-craft only.</span><br> <input name="contact" type="text" value="<?=$content['name']?>" size="50" maxlength="50"> <span class="redsm">* required</span> <br><br> <span class="darktitle">Exhibitor Type : <?= ($row_rs_exhibitor_ed['exhibitor_type'] == "Basic") ? "Basic" : "" ?> <?= ($row_rs_exhibitor_ed['exhibitor_type'] == "Promotional") ? "Promotional" : "" ?> <?= ($row_rs_exhibitor_ed['exhibitor_type'] == "Premium") ? "Premium" : "" ?> <?= ($row_rs_exhibitor_ed['exhibitor_type'] == "Platinum") ? "Platinum" : "" ?> <?= ($row_rs_exhibitor_ed['exhibitor_type'] == "Professional") ? "Professional" : "" ?> </span><br><br> <!-- <input type="radio" name="utype" value="Basic" onClick="getCraft(this.value)" <?= ($row_rs_exhibitor_ed['exhibitor_type'] == "Basic") ? "checked" : "" ?>><span class="blacksm">Basic</span> <input type="radio" name="utype" value="Promotional" onClick="getCraft(this.value)" <?= ($row_rs_exhibitor_ed['exhibitor_type'] == "Promotional") ? "checked" : "" ?>><span class="blacksm">Promotional</span> <input type="radio" name="utype" value="Premium" onClick="getCraft(this.value)" <?= ($row_rs_exhibitor_ed['exhibitor_type'] == "Premium") ? "checked" : "" ?>><span class="blacksm">Premium</span> <input type="radio" name="utype" value="Platinum" onClick="getCraft(this.value)" <?= ($row_rs_exhibitor_ed['exhibitor_type'] == "Platinum") ? "checked" : "" ?>><span class="blacksm">Platinum</span> <input type="radio" name="utype" value="Professional" onClick="getCraft(this.value)" <?= ($row_rs_exhibitor_ed['exhibitor_type'] == "Professional") ? "checked" : "" ?>><span class="blacksm">Professional</span> <span class="redsm">* required</span>--> <span class="darktitle">Address:</span><br> <input type="text" name="address1" size="50" value="<?php echo stripslashes($row_rs_exhibitor_ed['address1']); ?>" maxlength="50"><br> <input name="address2" type="text" value="<?php echo stripslashes($row_rs_exhibitor_ed['address2']); ?>" size="50" maxlength="50"><br> <input name="address3" type="text" value="<?php echo stripslashes($row_rs_exhibitor_ed['address3']); ?>" size="50" maxlength="50"><br> <span class="darktitle">City:</span><br> <input name="city" type="text" value="<?php echo stripslashes($row_rs_exhibitor_ed['city']); ?>" size="30" maxlength="30"> <span class="redsm">* required</span> <br> <span class="darktitle">County:</span><br> <input name="county" type="text" value="<?php echo $row_rs_exhibitor_ed['county']; ?>" size="30" maxlength="30"> <span class="redsm">* required</span> <br> <span class="darktitle">Postcode:</span> <br> <input name="postcode" type="text" value="<?php echo $row_rs_exhibitor_ed['postcode']; ?>" size="30" maxlength="30"> <br> <span class="darktitle">Region:</span><a href="javascript:open_map('update_1')" class="blacksm"> map</a><br> <select name="region" id="region"> <?php do{ ?> <option value="<?php echo $row_rs_region['val']?>"<?php if (!(strcmp($row_rs_region['val'], $row_rs_exhibitor_ed['region']))) {echo "SELECTED";} ?>><?php echo $row_rs_region['label']?></option> <?php } while ($row_rs_region = mysql_fetch_assoc($rs_region)); $rows = mysql_num_rows($rs_region); if($rows > 0) { mysql_data_seek($rs_region, 0); $row_rs_region = mysql_fetch_assoc($rs_region); } ?> </select> <span class="redsm">* required</span><br> <span class="darktitle">Telephone number:</span><br> <input name="telephone" type="text" value="<?php echo $row_rs_exhibitor_ed['telephone']; ?>" size="20" maxlength="20"> <br> <span class="darktitle">Fax number:</span><br> <input name="fax" type="text" value="<?php echo $row_rs_exhibitor_ed['fax']; ?>" size="20" maxlength="20"> <br> <br> <span class="darktitle">Email address: </span><span class="blacksm">Your email address will be used as your username and to send you your password, so you can amend your details</span>. <br> <input name="email" type="text" id="email" value="<?php echo $row_rs_exhibitor_ed['email']; ?>" size="30" maxlength="100"> <span class="redsm">* required</span><br> <br> <span class="darktitle">Password: </span><span class="blacksm">6 to 10 characters (cAsE sEnsiTiVe)</span><br> <input name="password" type="text" id="password" value="<?php echo $row_rs_exhibitor_ed['password']; ?>" size="15" maxlength="10"> <span class="redsm">* required</span> <br> <br> <span class="darktitle">Website address:</span><br> <input name="url" type="text" id="url" value="<?php echo $row_rs_exhibitor_ed['url']; ?>" size="40" maxlength="150"> </p> <p><div id="craftdiv"> <br><br><span class="darktitle">Craft Category:</span><span class="blacksm"></span><br> <? $craft = explode(",", $row_rs_exhibitor_ed['craft']); if($row_rs_exhibitor_ed['exhibitor_type'] == "Platinum" || $row_rs_exhibitor_ed['exhibitor_type'] == "Professional"){ echo "<select name=category[] id=category[] multiple>"; }else{ echo "<select name=category id=category>"; } do{ ?> <option value="<?php echo $row_rs_craft['val']?>"<?php if(in_array($row_rs_craft['val'], $craft)){ echo "SELECTED"; } ?>><?php echo $row_rs_craft['label']?></option> <?php } while($row_rs_craft = mysql_fetch_assoc($rs_craft)); $rows = mysql_num_rows($rs_craft); if($rows > 0){ mysql_data_seek($rs_craft, 0); $row_rs_craft = mysql_fetch_assoc($rs_craft); } ?> </select><span class="redsm">* required</span><br> <br> <?php if($row_rs_exhibitor_ed['exhibitor_type'] == "Basic" ){ ?> <br><br> <span class="darktitle">Description of work:</span><span class="blacksm">You have <span id="myCommCounter">50</span> words remaining</span><br> <textarea name="description" id="description" cols="50" rows="6" wrap="VIRTUAL" onpaste="return wtaCount(this,'myCommCounter',50)" onKeyPress="return wtaLimit()" onKeyUp="return wtaCount(this,'myCommCounter',50)"><?=$row_rs_exhibitor_ed['description']?></textarea> <?php } ?> <?php if($row_rs_exhibitor_ed['exhibitor_type'] == "Promotional"){ ?> <br><br> <span class="darktitle">Description of work:</span><span class="blacksm">You have <span id="myCommCounter">500</span> words remaining</span><br> <textarea name="description" id="description" cols="50" rows="6" wrap="VIRTUAL" onpaste="return wtaCount(this,'myCommCounter',500)" onKeyPress="return wtaLimit()" onKeyUp="return wtaCount(this,'myCommCounter',500)"><?=$row_rs_exhibitor_ed['description']?></textarea> <?php } ?> <?php if($row_rs_exhibitor_ed['exhibitor_type'] == "Premium"){ ?> <br><br> <span class="darktitle">Description of work:</span><span class="blacksm">You have <span id="myCommCounter">1000</span> words remaining</span><br> <textarea name="description" id="description" cols="50" rows="6" wrap="VIRTUAL" onpaste="return wtaCount(this,'myCommCounter',1000)" onKeyPress="return wtaLimit()" onKeyUp="return wtaCount(this,'myCommCounter',1000)"><?=$row_rs_exhibitor_ed['description']?></textarea> <?php } ?> <?php if($row_rs_exhibitor_ed['exhibitor_type'] == "Platinum"){ ?> <br><br> <span class="darktitle">Description of work:</span><span class="blacksm">You have <span id="myCommCounter">2000</span> words remaining</span><br> <textarea name="description" id="description" cols="50" rows="6" wrap="VIRTUAL" onpaste="return wtaCount(this,'myCommCounter',2000)" onKeyPress="return wtaLimit()" onKeyUp="return wtaCount(this,'myCommCounter',2000)"><?=$row_rs_exhibitor_ed['description']?></textarea> <?php } ?> <?php if($row_rs_exhibitor_ed['exhibitor_type'] == "Professional"){ ?> <br><br> <span class="darktitle">Description of work:</span><span class="blacksm">You have <span id="myCommCounter">3500</span> words remaining</span><br> <textarea name="description" id="description" cols="50" rows="6" wrap="VIRTUAL" onpaste="return wtaCount(this,'myCommCounter',3500)" onKeyPress="return wtaLimit()" onKeyUp="return wtaCount(this,'myCommCounter',3500)"><?=$row_rs_exhibitor_ed['description']?></textarea> <?php } ?> <?php if($row_rs_exhibitor_ed['exhibitor_type'] == "Platinum" || $row_rs_exhibitor_ed['exhibitor_type'] == "Professional"){ ?> <br><br><span class="darktitle">Description of events:</span> <br><span class="darktitle">Event name/venue:</span><br><input type="textbox" name="ename" id="ename" value="<?=$row_rs_exhibitor_ed['ename']?>"> <br><span class="darktitle">Address/Dates/Stand or Hall No:</span><br><textarea name="eaddr" id="eaddr" cols="50" rows="6"><?=$row_rs_exhibitor_ed['eaddr']?></textarea><br><br> <span class="darktitle">Description of recent commissions:</span><span class="blacksm">You have <span id="myCommCounter">50</span> words remaining</span><br> <textarea name="commision" id="commision" cols="50" rows="6" wrap="VIRTUAL" onpaste="return wtaCount(this,'myCommCounter',50)" onKeyPress="return wtaLimit()" onKeyUp="return wtaCount(this,'myCommCounter',50)"><?=$row_rs_exhibitor_ed['commision']?></textarea> <?php } ?> </div></p> <p> <span class="darktitle">Exhibitor Information:</span><br /> <input type="checkbox" name="gallery" value="yes" <?php echo ($row_rs_exhibitor_ed['gallery']) ? 'checked' : '' ?> > I sell my work in the uk-craft galleryshop.<br> <input type="checkbox" name="creditcard" value="yes" <?php echo ($row_rs_exhibitor_ed['creditcards']) ? 'checked' : '' ?>> You can buy securely from me online using PayPal.<br> <input type="checkbox" name="ecommerce" value="yes" <?php echo ($row_rs_exhibitor_ed['onlineshop']) ? 'checked' : '' ?>> You can buy offline from me with a cheque.<br> <input type="checkbox" name="delivery" value="yes" <?php echo ($row_rs_exhibitor_ed['delivery']) ? 'checked' : '' ?>> I am available for commissions.<br> <input type="checkbox" name="training" value="yes" <?php echo ($row_rs_exhibitor_ed['traning']) ? 'checked' : '' ?>> I offer training/workshops/tuition.<br> <input name="hidden_id" type="hidden" id="hidden_id" value="<?php echo $row_rs_exhibitor_ed['id']; ?>"> </p> <p><input name="submit" type="image" id="update_btn" onMouseOver="MM_swapImage('update_btn','','../../images/btns/btn_update_over.gif',1)" onMouseOut="MM_swapImgRestore()" src="../../images/btns/btn_update.gif" alt="Update" width="52" height="21" border="0"></p> <input type="hidden" name="MM_update" value="update"> </form></td> </tr> </table> </td> </tr> </table> <? echo $obj_template->showRegForm("../templates/user/indexbottom.html", $content); ?> Quote Link to comment https://forums.phpfreaks.com/topic/87735-members-area-update-details-changes-to-different-users/#findComment-448757 Share on other sites More sharing options...
rajivgonsalves Posted January 25, 2008 Share Posted January 25, 2008 not the edit page the view product or services pages $_SESSION['uid'] is getting overwritten over there search the code you'll find it there... Quote Link to comment https://forums.phpfreaks.com/topic/87735-members-area-update-details-changes-to-different-users/#findComment-448765 Share on other sites More sharing options...
only1perky Posted January 25, 2008 Author Share Posted January 25, 2008 Ok sorry about that. Here is the view product page code: <? include("../config/config.inc.php"); include("../includes/classes/template_reader.class.php"); include("../includes/classes/authentication.class.php"); include("../includes/classes/product.class.php"); include("../includes/classes/pagination.class.php"); include("../includes/classes/category.class.php"); include("../includes/classes/paypalclass.php"); $obj_category = new Category; $obj_template = new TemplateReader; $obj_authentication = new Authentication; $obj_product = new Product; $obj_pagination = new Pagination; $obj_paypalclass = new paypalclass; session_register('pid'); //if(isset($_GET['delid'])&&$_GET['delid']<>'') //$obj_product->del_product($_GET['delid']); //$obj_authentication->check_login(); $pid=$_GET['pid']; $dat=gmdate("Y-m-d H:i:s"); $ip = getenv("REMOTE_ADDR"); if($ip){ $obj_product->visitor_ip($pid,$dat,$ip); } $content=$obj_product->view($pid); $content['pid']=$_GET['pid']; $content['links']=$obj_authentication->userlinks(); $content['loginbox']=$obj_authentication->check_loginbox(); $content['imagelist']=$obj_product->view_images($pid); if( $content['imagelist']<>'') { $content['gallery']="window.addEvent('domready',startGallery);"; $content['gallery2']="myGallery"; } $content['categories']=$obj_category->category(); $content['price']=$obj_category->price(); $content['heading']="Product details"; echo $obj_template->showRegForm("../templates/user/indextop.html",$content); echo $obj_template->showRegForm("../templates/user/view_product.html",$content); echo $obj_template->showRegForm("../templates/user/indexbottom.html",$content); ?> And here is the code for ("../templates/user/view_product.html",$content): <link rel="stylesheet" href="/galleryshop/css/jd.gallery.css" type="text/css" media="screen" charset="utf-8" /> <script src="/galleryshop/script/mootools.v1.11.js" type="text/javascript"></script> <script src="/galleryshop/script/jd.gallery.js" type="text/javascript"></script> <script type="text/javascript" src="/galleryshop/js/ajax-dynamic-content.js"></script> <script type="text/javascript" src="/galleryshop/js/ajax.js"></script> <script type="text/javascript" src="/galleryshop/js/ajax-tooltip.js"></script> <script type="text/javascript"> function startGallery(){ var myGallery = new gallery($('myGallery'), { timed: false }); } {--gallery--} </script> <script type="text/javascript"> function ship() { document.paypal.shipping.value=document.del.delivery.value; } </script> <link rel="stylesheet" href="/galleryshop/css/ajax-tooltip.css" media="screen" type="text/css" /> <br /><br /><h2>{--heading--} - {--product_name--}</h2> <p>Courtesy of <a href="javascript:;" onClick="window.open('aboutmyworkbasic.php?mywork&id={--uid--}','myWin','scrollbars=yes,width=300,height=500');"><b>{--business--}</b></a></p> <br /><div class="content"><div id="{--gallery2--}">{--imagelist--}</div></div><div><br /><br /> <a href="#" onmouseover="ajax_showTooltip('show_tip.php?pid={--pid--}&type=ds',this);return false" onmouseout="ajax_hideTooltip()"><img alt="Product Description" src="../images/product-description.png" border="0" /></a> <a href="product_details_list.php?userid={--uid--}" title="Show all By {--business--}"> <img src="../images/show-all-by-this-designer.png" border="0" alt="Show all By {--contact--}" /></a> <a href="shoppingterms.php?id={--uid--}" title="{--business--} - Shopping Terms"> <img src="../images/my-shopping-terms.png" border="0" alt="My Shopping Terms" /></a> <a href="user_contact.php?contact&id={--uid--}" title="Ask {--business--} a Question"><img src="../images/ask-the-seller-a-question.png" border="0" alt="Ask the Seller a Question" /></a> <a href="viewHappybuyers.php?id={--uid--}" title="Happy Buyers for {--business--}"> <img src="../images/happy-buyers.png" border="0" alt="Happy Buyers" /></a> <a href="aboutmywork.php?mywork&id={--uid--}" title="About My Work"> <img src="../images/about-my-work.png" border="0" alt="About My Work" /></a> <a href="viewmydetails.php?about&id={--uid--}" title="About Me"> <img src="../images/about-me.png" border="0" alt="About Me" /></a> <!-- <a href="#" onmouseover="ajax_showTooltip('show_tip.php?pid={--uid--}&type=mywork&user=a',this);return false" onmouseout="ajax_hideTooltip()" title="About the Work of {--contact--}"> <img src="../images/about-my-work.png" border="0" alt="About My Work"></a> <a href="#" onmouseover="ajax_showTooltip('show_tip.php?pid={--uid--}&type=about&user=a',this);return false" onmouseout="ajax_hideTooltip()" title="About the Artist"> <img src="../images/about-me.png" border="0" alt="About Me"></a> --> <a href="{--url--}" title="Visit the Website of {--business--}" {--target--}> <img src="../images/link-to-website.png" border="0" alt="Visit the Website of {--business--}"></a> </div><br /> <p><a href="offline_details.php?pid={--pid--}&uid={--uid--}" title="Order {--product_name--} Offline">Order {--product_name--} Offline</a><br /> Price excluding delivery: £{--product_price--}<br /> <a href="http://www.fieba.net/fieba/opencompactconverter.jsp">Currency Converter</a><br /> <form name="del">Estimated delivery time: {--product_dtime--}<br />Delivery options {--product_doptionuk--}</form> <br /><a href="guarantee.php"title="7 Day Satisfaction Guarantee">7 Day Satisfaction Guarantee</a> <br /><a href="shoppingterms.php?id={--uid--}" title="">Designer-makers shopping terms</a> <br /><a href="../../buying_craft.php" target="_blank" title="">New to buying craft online</a> <br /> <br /> </p>{--payp--}{--buynowbutton--}<div></div> Quote Link to comment https://forums.phpfreaks.com/topic/87735-members-area-update-details-changes-to-different-users/#findComment-448785 Share on other sites More sharing options...
rajivgonsalves Posted January 25, 2008 Share Posted January 25, 2008 everything looks fine... on both pages no variables getting mixed up.. strange maybe I'll give it a closer look Quote Link to comment https://forums.phpfreaks.com/topic/87735-members-area-update-details-changes-to-different-users/#findComment-448789 Share on other sites More sharing options...
only1perky Posted January 25, 2008 Author Share Posted January 25, 2008 It happens when you click a link from there, could it be on this page (i'm looking at: $uid=$_GET['id'];, If it is could you advise me on what to change it to. <? include("../config/config.inc.php"); include("../includes/classes/template_reader.class.php"); include("../includes/classes/authentication.class.php"); include("../includes/classes/product.class.php"); include("../includes/classes/pagination.class.php"); include("../includes/classes/category.class.php"); $obj_template = new TemplateReader; $obj_authentication = new Authentication; $obj_product = new Product; $obj_pagination = new Pagination; //$obj_authentication->check_login(); $obj_category = new Category; $content['categories']=$obj_category->category(); $content['price']=$obj_category->price(); define('max_uploads',10); $uid=$_GET['id']; $query=mysql_query("select * from mydetails where user_id=$uid"); $obj=mysql_fetch_object($query); if(mysql_num_rows($query)){ $content1['paypalemail']=$obj->paypalemail; $content1['terms']=$obj->terms; $content1['contactme']=$obj->contactme; $content1['mywork']=$obj->mywork; $content1['aboutme']=$obj->aboutme; } $content['loginbox']=$obj_authentication->check_loginbox(); $content['category']=$obj_product->category(); $content['max_uploads']=max_uploads; if(isset($_GET['contact'])) { $content['heading']="Contact Me"; $content['content']=$content1['contactme']; } if(isset($_GET['terms'])) { $content['heading']="Terms"; $content['content']=$content1['terms']; } if(isset($_GET['mywork'])) { $content['heading']="My Work"; $content['content']= preg_replace( "/\n/", "<br/>", $content1['mywork']); } if(isset($_GET['about'])) { $content['heading']="About Me"; $content['content'] = preg_replace( "/\n/", "<br/>", $content1['aboutme']); } echo $obj_template->showRegForm("../templates/user/indextop.html",$content); echo $obj_template->showRegForm("../templates/user/opportunity.html",$content); echo $obj_template->showRegForm("../templates/user/indexbottom.html",$content); ?> Quote Link to comment https://forums.phpfreaks.com/topic/87735-members-area-update-details-changes-to-different-users/#findComment-448793 Share on other sites More sharing options...
rajivgonsalves Posted January 25, 2008 Share Posted January 25, 2008 its should not make any difference unless register_globals are on.. but still I do not think it would make a difference... Quote Link to comment https://forums.phpfreaks.com/topic/87735-members-area-update-details-changes-to-different-users/#findComment-448795 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.