Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Page 1 of 2 12 LastLast
Results 1 to 15 of 23
  1. #1
    New Coder
    Join Date
    May 2011
    Posts
    43
    Thanks
    6
    Thanked 0 Times in 0 Posts

    I need help Bad...going crazy

    I am building a music community website, been working on it for over a month, I am now stuck.

    The registration works fine, everything gets written to the database, including the id info, which is what I am having problems with.

    I am using a flash header to login, the flash movie also uses a php script to detect wether or not u are logged in, if not it displays email and password fields, if u are logged in, it displays three buttons, view, edit, and logout, now here is where I am having problems, when I log in, go to the profile.php page, there is nothing, none of the info written to the database is showing up, it does show up if I manually put the id number into the page, but not through the php scripting, a couple of guys and myself have been trying to debug it over at sitepoint, but all we could figure out is that it is not grabbing and implementing the id properly, so I put in some code to show me where the id comes from and where it becomes invalid, and this is what it output:

    id from SESSION:
    id after ` filter: 0
    Invalid member

    now obviously this means that the session was never even started properly, so here is my php code for the profile.php page, I am omitting the html since that (as of yet) is not causing a problem.


    PHP Code:
    <?php 
    session_start
    (); 


    include_once 
    "scripts/connect_to_mysql.php";

    $id "";
    $username "";
    $firstname "";
    $lastname "";
    $country "";    
    $state "";
    $city "";
    $zip "";
    $bio_body "";
    $bio_body "";
    $website "";
    $youtube "";
    $user_pic "";
    $blabberDisplayList "";


    if (isset(
    $_GET['id'])) { 
         echo 
    "id from GET: " $_GET['id'] . "<br>"//debug
         
    $id = (int) $_GET['id']; 

    } else if (isset(
    $_SESSION['id'])) { 
         echo 
    "id from SESSION: " $_SESSION['id'] . "<br>"//debug     
         
    $id = (int) $_SESSION['id']; 

    } else { 
         
       include_once 
    "index.php"
       exit(); 

    $id str_replace('`'''$id);
         echo 
    "id after ` filter: $id<br>"//debug

    $id = (int)$id
    if( 
    $id == ) { 
      exit(
    'Invalid member'); 
    }    

    $sql mysql_query("SELECT * FROM myMembers WHERE id=$id");

    while(
    $row mysql_fetch_array($sql)){


        
    $username $row["username"];
        
    $firstname $row["firstname"];
        
    $lastname $row["lastname"];
        
    $country $row["country"];    
        
    $state $row["state"];
        
    $city $row["city"];
        
    $zip $row["zip"];
        
    $email $row["email"];
        
    //$email = "<a href=\"mailto:$email\"><u><font color=\"#006600\">Mail</font></u></a>";    
        
    $sign_up_date $row["sign_up_date"];
        
    $sign_up_date strftime("%b %d, %Y"strtotime($sign_up_date));
        
    $last_log_date $row["last_log_date"];
        
    $last_log_date strftime("%b %d, %Y"strtotime($last_log_date));    
        
    $bio_body $row["bio_body"];    
        
    $website $row["website"];
        
    $youtube $row["youtube"];
        
        
    $check_pic "members/$id/image01.jpg";
        
    $default_pic "members/0/image01.jpg";
        if (
    file_exists($check_pic)) {
        
    $user_pic "<img src=\"$check_pic\" width=\"300px\" />";
        } else {
        
    $user_pic "<img src=\"$default_pic\" width=\"300px\" />";
        }
        
        if (
    $youtube == "") {
        
    $youtubeChannel "<br />This user has no YouTube channel yet.";
        } else {
        
    $youtubeChannel ' <script src="http://www.gmodules.com/ig/ifr?url=http://www.google.com/ig/modules/youtube.xml&amp;up_channel=' $youtube '&amp;synd=open&amp;w=290&amp;h=370&amp;title=&amp;border=%23ffffff%7C3px%2C1px+solid+%23999999&amp;output=js"></script>  '
        }    


    $style_sheet "default";

    ?>

  • #2
    Regular Coder mic2100's Avatar
    Join Date
    Feb 2006
    Location
    Scunthorpe
    Posts
    562
    Thanks
    15
    Thanked 28 Times in 27 Posts
    hi,

    i had a problem a few weeks ago and looking at your problem had me thinking about what was causing the problem with mine.

    http://www.codingforums.com/showthread.php?t=226704

    What i was thinking was maybe the $_SESSION is set as a string somewhere in which case using (int) before it would return 0.

    Hopefully this is your problem. Good luck.

  • #3
    New Coder
    Join Date
    May 2011
    Posts
    43
    Thanks
    6
    Thanked 0 Times in 0 Posts
    didn't fix it, thanks for the info though.

  • #4
    Senior Coder
    Join Date
    Jul 2009
    Location
    South Yorkshire, England
    Posts
    2,318
    Thanks
    6
    Thanked 304 Times in 303 Posts
    Code:
    <?php 
    session_start();
    exit('Id: '.$_SESSION['id']);
    What does that output?

  • #5
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,474
    Thanks
    63
    Thanked 537 Times in 524 Posts
    Sounds to me as if the page that sets the session isn't using session_start() correctly or in the correct place. Either that or the value its being set to isn't what you think it is.

    If you still can't fathom it out by this evening (GMT) PM me, i'll take a look for you via TeamViewer - i've had a lot of odd quirks like this and i always nail them eventually.

    Google it, download it and PM me later for further instructions if you need to.
    I can't really think of anything to write here now...

  • #6
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,994
    Thanks
    4
    Thanked 2,662 Times in 2,631 Posts
    The problem isn't that sessions are not started, its that _SESSION['id'] has been assigned a null or empty string value. That is displayed in your first output. Casting null to an integer will always return 0 ('' = null = 0 = false).
    The problem lies where $_SESSION['id'] is assigned, which is likely a login script. It definitely assigns this session variable, but doesn't give it any value.

  • #7
    New Coder
    Join Date
    May 2011
    Posts
    43
    Thanks
    6
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Fou-Lu View Post
    The problem isn't that sessions are not started, its that _SESSION['id'] has been assigned a null or empty string value. That is displayed in your first output. Casting null to an integer will always return 0 ('' = null = 0 = false).
    The problem lies where $_SESSION['id'] is assigned, which is likely a login script. It definitely assigns this session variable, but doesn't give it any value.
    see I figured it was something like this, I will post the login script.


    PHP Code:
    <?php
    session_start
    ();
    if (
    $_POST['email'] != "") {

    include_once 
    "connect_to_mysql.php";

    $email $_POST['email'];
    $pass $_POST['pass'];
    $remember $_POST['remember'];

    $email strip_tags($email);
    $pass strip_tags($pass);
    $email mysql_real_escape_string($email);
    $pass mysql_real_escape_string($pass);
    $email eregi_replace("`"""$email);
    $pass eregi_replace("`"""$pass);

    $pass md5($pass);

    //make query
    $sql mysql_query("SELECT * FROM myMembers WHERE email='$email' AND password='$pass' AND email_activated='1'"); 
    $login_check mysql_num_rows($sql);

    if(
    $login_check 0){ 

        while(
    $row mysql_fetch_array($sql)){ 

            
    $id $row["id"];   
            
    session_register('id'); 
            
    $_SESSION['id'] = $id;
           
            
    $firstname $row["firstname"];   
            
    session_register('firstname'); 
            
    $_SESSION['firstname'] = $firstname;
           
            
    $email $row["email"];   
            
    session_register('email'); 
            
    $_SESSION['email'] = $email;
             
            
    mysql_query("UPDATE myMembers SET last_log_date=now() WHERE id='$id'"); 
              
        }
        if(
    $remember == "yes"){
          
    setcookie("idCookie"$idtime()+60*24*60*60"/");
          
    setcookie("firstnameCookie"$firstnametime()+60*24*60*60"/");
          
    setcookie("emailCookie"$emailtime()+60*24*60*60"/");
          
    setcookie("passCookie"$passtime()+60*24*60*60"/");
        }    
        
    $my_msg "all_good";
        print 
    "return_msg=$my_msg&id=$id&firstname=$firstname";
        
    } else {
    $my_msg "no_good";
        print 
    "return_msg=$my_msg"
      exit();
    }


    }
    ?>

  • #8
    New Coder
    Join Date
    May 2011
    Posts
    43
    Thanks
    6
    Thanked 0 Times in 0 Posts
    there is also a checkuserlog to see if the user is logged in, maybe that could be causing a problem.

    PHP Code:
    <?php
    session_start
    ();

    if (
    $_POST['post_code'] == "check_log") {

        if (!isset(
    $_SESSION['id'])) { 

              if (!isset(
    $_COOKIE['idCookie'])) {  
      
                   print 
    "return_msg=not_logged_in";
                   exit();
         
              }
         
        }

       
        include_once 
    "connect_to_mysql.php";

       
        if (isset(
    $_SESSION['id'])) { 

        
    $id $_SESSION['id'];
        
    $firstname $_SESSION['firstname'];
        print 
    "id=$id&member_name=$firstname";

        exit();

        }
        
            if (isset(
    $_COOKIE['idCookie'])) {

        
    $id $_COOKIE['idCookie'];
        
    $firstname $_COOKIE['firstnameCookie'];
        
    $email $_COOKIE['emailCookie'];
        
    $pass $_COOKIE['passCookie'];
        
    // Register the session vars just like we do in the login form
        
    session_register('id');
        
    $_SESSION['id'] = $id;
        
    session_register('firstname');
        
    $_SESSION['firstname'] = $firstname;
        
    session_register('email');
        
    $_SESSION['email'] = $email;
        
    session_register('pass');
        
    $_SESSION['pass'] = $pass;
       
        
    $id $_SESSION['id'];
        
    $firstname $_SESSION['firstname'];

      
        
    $sql1 mysql_query("SELECT last_log_date FROM myMembers WHERE id='$id'"); 
        while(
    $row mysql_fetch_array($sql1)){ 
            
    $last_log_date $row["last_log_date"];
        }
        
        
    $today date("Y-m-d");
        
        
    $last_log_date strftime("%Y-%m-%d"strtotime($last_log_date));
        if (
    $last_log_date != $today) {
              
    mysql_query("UPDATE myMembers SET last_log_date=now() WHERE id='$id'"); 
        }
     
        print 
    "id=$id&member_name=$firstname";

        exit();

        }

    }
    I am posting these because my brain is absolutely fried, and I just can't figure it out

  • #9
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,994
    Thanks
    4
    Thanked 2,662 Times in 2,631 Posts
    Session_register is a long passed deprectated feature that requires you to have register_globals enabled. Remove all of these calls.
    Fix that up first, and post back with the results. I'll take a closer look when I get a chance if there is still a problem. I'm thinking it will not solve the problem though.

    I should mention that this is horrendously insecure. Just what you have posted here indicates all I need to establish a valid session is a cookie with idCookie in it. I can specify whatever I want in that cookie and it will log me in as there exists no check to prevent me from doing so.

  • #10
    New Coder
    Join Date
    May 2011
    Posts
    43
    Thanks
    6
    Thanked 0 Times in 0 Posts
    you're right it didn't fix the problem.

    I seem to be learning php from some old documents, I wasn't aware of it until now. It's a source file package I downloaded from developphp.com, have been going step by step through the tutorials to learn php to build this website.

    He talks about security on the tuts, mentioned how everything is secure, but I guess not. So thanks for that, I will do some research on how to make this more secure.

    But anyway, as I said, the changes didn't fix the problem.

  • #11
    New Coder
    Join Date
    May 2011
    Posts
    43
    Thanks
    6
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by MattF View Post
    Code:
    <?php 
    session_start();
    exit('Id: '.$_SESSION['id']);
    What does that output?
    this is the ouput

    "Id: 1"

    so it is gathering the ID then, well I'm confused, why does it not display the data in the page.

    if I type http://www.twinrecords.net/profile.php?id=1 I get the page with the info placed in it, but if I do it through the scripts, I don't get the right output, and the address in the bar shows just profile.php, not profile.php?id=1

  • #12
    Senior Coder
    Join Date
    Jul 2009
    Location
    South Yorkshire, England
    Posts
    2,318
    Thanks
    6
    Thanked 304 Times in 303 Posts
    Keep placing the exit line further down the script until you find where the id is being scrubbed or overwritten. For example, try it now as:

    Code:
    <?php 
    session_start();
    
    include_once "scripts/connect_to_mysql.php";
    
    exit('Id: '.$_SESSION['id']);
    If there's no id then, the included file is messing with the id, else if the id is still fine, move that exit line to below where you set those vars etc, until you find the point where it disappears.

  • Users who have thanked MattF for this post:

    twinrecords (05-31-2011)

  • #13
    New Coder
    Join Date
    May 2011
    Posts
    43
    Thanks
    6
    Thanked 0 Times in 0 Posts
    ok, in code I am posting, where I put the exit line, that's where it stopped printing out the id number and started showing "id:" no value...


    PHP Code:
    <?php 
    session_start
    ();


    include_once 
    "scripts/connect_to_mysql.php";

    $id "";

    exit(
    'Id: '.$_SESSION['id']);

    $username "";
    $firstname "";
    $lastname "";
    $country "";    
    $state "";
    $city "";
    $zip "";
    $bio_body "";
    $bio_body "";
    $website "";
    $youtube "";
    $user_pic "";
    $blabberDisplayList "";



    if (
    $_GET['id']) {
        
         
    $id = (int) $_GET['id'];

    } else if (isset(
    $_SESSION['id'])) {
        
         
    $id = (int) $_SESSION['id'];

    } else {
        
       include_once 
    "index.php";
       exit();
    }
    I guess it would do that there?

  • #14
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,994
    Thanks
    4
    Thanked 2,662 Times in 2,631 Posts
    Show this script, minus any configuration information: connect_to_mysql.php

  • #15
    New Coder
    Join Date
    May 2011
    Posts
    43
    Thanks
    6
    Thanked 0 Times in 0 Posts
    here it is:

    PHP Code:
    <?php

    $db_host 
    "*****************";
    $db_username "*****";
    $db_pass "********";
    $db_name "*****";

    mysql_connect("$db_host","$db_username","$db_pass") or die(mysql_error());
    mysql_select_db("$db_name") or die("No DB found by that name");


    ?>


  •  
    Page 1 of 2 12 LastLast

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •