...

View Full Version : I need help Bad...going crazy



twinrecords
05-31-2011, 10:03 AM
I am building a music community website, been working on it for over a month, I am now stuck.

The registration works fine, everything gets written to the database, including the id info, which is what I am having problems with.

I am using a flash header to login, the flash movie also uses a php script to detect wether or not u are logged in, if not it displays email and password fields, if u are logged in, it displays three buttons, view, edit, and logout, now here is where I am having problems, when I log in, go to the profile.php page, there is nothing, none of the info written to the database is showing up, it does show up if I manually put the id number into the page, but not through the php scripting, a couple of guys and myself have been trying to debug it over at sitepoint, but all we could figure out is that it is not grabbing and implementing the id properly, so I put in some code to show me where the id comes from and where it becomes invalid, and this is what it output:

id from SESSION:
id after ` filter: 0
Invalid member

now obviously this means that the session was never even started properly, so here is my php code for the profile.php page, I am omitting the html since that (as of yet) is not causing a problem.



<?php
session_start();


include_once "scripts/connect_to_mysql.php";

$id = "";
$username = "";
$firstname = "";
$lastname = "";
$country = "";
$state = "";
$city = "";
$zip = "";
$bio_body = "";
$bio_body = "";
$website = "";
$youtube = "";
$user_pic = "";
$blabberDisplayList = "";


if (isset($_GET['id'])) {
echo "id from GET: " . $_GET['id'] . "<br>"; //debug
$id = (int) $_GET['id'];

} else if (isset($_SESSION['id'])) {
echo "id from SESSION: " . $_SESSION['id'] . "<br>"; //debug
$id = (int) $_SESSION['id'];

} else {

include_once "index.php";
exit();
}
$id = str_replace('`', '', $id);
echo "id after ` filter: $id<br>"; //debug

$id = (int)$id;
if( $id == 0 ) {
exit('Invalid member');
}

$sql = mysql_query("SELECT * FROM myMembers WHERE id=$id");

while($row = mysql_fetch_array($sql)){


$username = $row["username"];
$firstname = $row["firstname"];
$lastname = $row["lastname"];
$country = $row["country"];
$state = $row["state"];
$city = $row["city"];
$zip = $row["zip"];
$email = $row["email"];
//$email = "<a href=\"mailto:$email\"><u><font color=\"#006600\">Mail</font></u></a>";
$sign_up_date = $row["sign_up_date"];
$sign_up_date = strftime("%b %d, %Y", strtotime($sign_up_date));
$last_log_date = $row["last_log_date"];
$last_log_date = strftime("%b %d, %Y", strtotime($last_log_date));
$bio_body = $row["bio_body"];
$website = $row["website"];
$youtube = $row["youtube"];

$check_pic = "members/$id/image01.jpg";
$default_pic = "members/0/image01.jpg";
if (file_exists($check_pic)) {
$user_pic = "<img src=\"$check_pic\" width=\"300px\" />";
} else {
$user_pic = "<img src=\"$default_pic\" width=\"300px\" />";
}

if ($youtube == "") {
$youtubeChannel = "<br />This user has no YouTube channel yet.";
} else {
$youtubeChannel = ' <script src="http://www.gmodules.com/ig/ifr?url=http://www.google.com/ig/modules/youtube.xml&amp;up_channel=' . $youtube . '&amp;synd=open&amp;w=290&amp;h=370&amp;title=&amp;border=%23ffffff%7C3px%2C1px+solid+%23999999&amp;output=js"></script> ';
}

}
$style_sheet = "default";

?>

mic2100
05-31-2011, 11:49 AM
hi,

i had a problem a few weeks ago and looking at your problem had me thinking about what was causing the problem with mine.

http://www.codingforums.com/showthread.php?t=226704

What i was thinking was maybe the $_SESSION is set as a string somewhere in which case using (int) before it would return 0.

Hopefully this is your problem. Good luck.

twinrecords
05-31-2011, 01:08 PM
didn't fix it, thanks for the info though.

MattF
05-31-2011, 03:10 PM
<?php
session_start();
exit('Id: '.$_SESSION['id']);


What does that output?

tangoforce
05-31-2011, 03:15 PM
Sounds to me as if the page that sets the session isn't using session_start() correctly or in the correct place. Either that or the value its being set to isn't what you think it is.

If you still can't fathom it out by this evening (GMT) PM me, i'll take a look for you via TeamViewer - i've had a lot of odd quirks like this and i always nail them eventually.

Google it, download it and PM me later for further instructions if you need to.

Fou-Lu
05-31-2011, 03:16 PM
The problem isn't that sessions are not started, its that _SESSION['id'] has been assigned a null or empty string value. That is displayed in your first output. Casting null to an integer will always return 0 ('' = null = 0 = false).
The problem lies where $_SESSION['id'] is assigned, which is likely a login script. It definitely assigns this session variable, but doesn't give it any value.

twinrecords
05-31-2011, 04:04 PM
The problem isn't that sessions are not started, its that _SESSION['id'] has been assigned a null or empty string value. That is displayed in your first output. Casting null to an integer will always return 0 ('' = null = 0 = false).
The problem lies where $_SESSION['id'] is assigned, which is likely a login script. It definitely assigns this session variable, but doesn't give it any value.

see I figured it was something like this, I will post the login script.



<?php
session_start();
if ($_POST['email'] != "") {

include_once "connect_to_mysql.php";

$email = $_POST['email'];
$pass = $_POST['pass'];
$remember = $_POST['remember'];

$email = strip_tags($email);
$pass = strip_tags($pass);
$email = mysql_real_escape_string($email);
$pass = mysql_real_escape_string($pass);
$email = eregi_replace("`", "", $email);
$pass = eregi_replace("`", "", $pass);

$pass = md5($pass);

//make query
$sql = mysql_query("SELECT * FROM myMembers WHERE email='$email' AND password='$pass' AND email_activated='1'");
$login_check = mysql_num_rows($sql);

if($login_check > 0){

while($row = mysql_fetch_array($sql)){

$id = $row["id"];
session_register('id');
$_SESSION['id'] = $id;

$firstname = $row["firstname"];
session_register('firstname');
$_SESSION['firstname'] = $firstname;

$email = $row["email"];
session_register('email');
$_SESSION['email'] = $email;

mysql_query("UPDATE myMembers SET last_log_date=now() WHERE id='$id'");

}
if($remember == "yes"){
setcookie("idCookie", $id, time()+60*24*60*60, "/");
setcookie("firstnameCookie", $firstname, time()+60*24*60*60, "/");
setcookie("emailCookie", $email, time()+60*24*60*60, "/");
setcookie("passCookie", $pass, time()+60*24*60*60, "/");
}
$my_msg = "all_good";
print "return_msg=$my_msg&id=$id&firstname=$firstname";

} else {
$my_msg = "no_good";
print "return_msg=$my_msg";
exit();
}


}
?>

twinrecords
05-31-2011, 04:09 PM
there is also a checkuserlog to see if the user is logged in, maybe that could be causing a problem.


<?php
session_start();

if ($_POST['post_code'] == "check_log") {

if (!isset($_SESSION['id'])) {

if (!isset($_COOKIE['idCookie'])) {

print "return_msg=not_logged_in";
exit();

}

}


include_once "connect_to_mysql.php";


if (isset($_SESSION['id'])) {

$id = $_SESSION['id'];
$firstname = $_SESSION['firstname'];
print "id=$id&member_name=$firstname";

exit();

}

if (isset($_COOKIE['idCookie'])) {

$id = $_COOKIE['idCookie'];
$firstname = $_COOKIE['firstnameCookie'];
$email = $_COOKIE['emailCookie'];
$pass = $_COOKIE['passCookie'];
// Register the session vars just like we do in the login form
session_register('id');
$_SESSION['id'] = $id;
session_register('firstname');
$_SESSION['firstname'] = $firstname;
session_register('email');
$_SESSION['email'] = $email;
session_register('pass');
$_SESSION['pass'] = $pass;

$id = $_SESSION['id'];
$firstname = $_SESSION['firstname'];


$sql1 = mysql_query("SELECT last_log_date FROM myMembers WHERE id='$id'");
while($row = mysql_fetch_array($sql1)){
$last_log_date = $row["last_log_date"];
}

$today = date("Y-m-d");

$last_log_date = strftime("%Y-%m-%d", strtotime($last_log_date));
if ($last_log_date != $today) {
mysql_query("UPDATE myMembers SET last_log_date=now() WHERE id='$id'");
}

print "id=$id&member_name=$firstname";

exit();

}

}

I am posting these because my brain is absolutely fried, and I just can't figure it out

Fou-Lu
05-31-2011, 04:28 PM
Session_register is a long passed deprectated feature that requires you to have register_globals enabled. Remove all of these calls.
Fix that up first, and post back with the results. I'll take a closer look when I get a chance if there is still a problem. I'm thinking it will not solve the problem though.

I should mention that this is horrendously insecure. Just what you have posted here indicates all I need to establish a valid session is a cookie with idCookie in it. I can specify whatever I want in that cookie and it will log me in as there exists no check to prevent me from doing so.

twinrecords
05-31-2011, 05:15 PM
you're right it didn't fix the problem.

I seem to be learning php from some old documents, I wasn't aware of it until now. It's a source file package I downloaded from developphp.com, have been going step by step through the tutorials to learn php to build this website.

He talks about security on the tuts, mentioned how everything is secure, but I guess not. So thanks for that, I will do some research on how to make this more secure.

But anyway, as I said, the changes didn't fix the problem.

twinrecords
05-31-2011, 06:01 PM
<?php
session_start();
exit('Id: '.$_SESSION['id']);


What does that output?

this is the ouput

"Id: 1"

so it is gathering the ID then, well I'm confused, why does it not display the data in the page.

if I type http://www.twinrecords.net/profile.php?id=1 I get the page with the info placed in it, but if I do it through the scripts, I don't get the right output, and the address in the bar shows just profile.php, not profile.php?id=1

MattF
05-31-2011, 06:36 PM
Keep placing the exit line further down the script until you find where the id is being scrubbed or overwritten. For example, try it now as:



<?php
session_start();

include_once "scripts/connect_to_mysql.php";

exit('Id: '.$_SESSION['id']);


If there's no id then, the included file is messing with the id, else if the id is still fine, move that exit line to below where you set those vars etc, until you find the point where it disappears.

twinrecords
05-31-2011, 08:44 PM
ok, in code I am posting, where I put the exit line, that's where it stopped printing out the id number and started showing "id:" no value...



<?php
session_start();


include_once "scripts/connect_to_mysql.php";

$id = "";

exit('Id: '.$_SESSION['id']);

$username = "";
$firstname = "";
$lastname = "";
$country = "";
$state = "";
$city = "";
$zip = "";
$bio_body = "";
$bio_body = "";
$website = "";
$youtube = "";
$user_pic = "";
$blabberDisplayList = "";



if ($_GET['id']) {

$id = (int) $_GET['id'];

} else if (isset($_SESSION['id'])) {

$id = (int) $_SESSION['id'];

} else {

include_once "index.php";
exit();
}

I guess it would do that there?

Fou-Lu
05-31-2011, 08:56 PM
Show this script, minus any configuration information: connect_to_mysql.php

twinrecords
05-31-2011, 09:00 PM
here it is:


<?php

$db_host = "*****************";
$db_username = "*****";
$db_pass = "********";
$db_name = "*****";

mysql_connect("$db_host","$db_username","$db_pass") or die(mysql_error());
mysql_select_db("$db_name") or die("No DB found by that name");


?>

Fou-Lu
05-31-2011, 09:06 PM
So let me get this right here.


printf("Session var id: %s\n", $_SESSION['id']);
include_once "scripts/connect_to_mysql.php";
printf("Session var id: %s\n", $_SESSION['id']);


Comes up saying something like this?
Session var id: 1
Session var id:
?
There is nothing in that connection that modifies the session. Unless I'm missing something here, I clearly misunderstand where you are referring to the inclusion to empty $id field.

twinrecords
05-31-2011, 09:13 PM
ok, it maintains the id before and after the include, it's after the $id=""; where it seems to lose it, so maybe something is getting overwritten?....

twinrecords
05-31-2011, 09:18 PM
so when I do it like this



printf("Session var id: %s\n", $_SESSION['id']);
$id = "";
printf("Session var id: %s\n", $_SESSION['id']);


this is the output

Session var id: 1
Session var id:

twinrecords
05-31-2011, 09:21 PM
well, I just got it to work, I commented out the &id = ""; and now it is working just fine

Chris Hick
05-31-2011, 09:31 PM
Its a common mistake really.. anyone could go wrong with it. The logic is that you declared the id in your session, then started moving on with the script. In php, you don't have to declare a variable for it to be there (example: how you declared your id variable in your session). So, when you declared your variables after your session and include, it overwrote the id variable.

twinrecords
05-31-2011, 09:48 PM
I understand that now, was a great lesson

twinrecords
05-31-2011, 10:00 PM
how do I place this as solved

Fou-Lu
05-31-2011, 11:55 PM
how do I place this as solved

You may modify the first post to change the prefix.
This being said though, that does not solve the problem. Setting the $id to a new value will only affect the $_SESSION['id'] if it has been referenced as $id. Or wait, do you still have the session_register calls?



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum