Problems using sessions and GETs

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
andys2009
Forum Newbie
Posts: 1
Joined: Wed Aug 05, 2009 11:30 am

Problems using sessions and GETs

Post by andys2009 »

Hi there,

I'm doing a website for my dad for the local rugby club. I'm not a novice, which is why this problem is baffling me so much - I'm sure it's something stupid but I can't for the life of me find out why it's doing what it's doing. I've got an admin section so that they can edit stories on the site. I've created the functions to change and edit all those stories, and they pass a session message through to the admin page which tells the user if it's worked or not. I've just recently been creating a change password section which has been giving me so much bother.

It's supposed to send a session message through to the admin page in the same way as the addstory pages etc, but the session is for some reason not working and not sending the message through to the admin page. I've enclosed the changepassword.php and admin.php files from the website - hopefully you guys can make sense of them still, I have been chopping and changing quite a lot.

ChangePassword.php

Code: Select all

 
<?php
session_start();
session_register("success");
include("/home/lenzieru/includes/dbfunc.inc");
include_once("fckeditor/fckeditor.php");
db_connect("lenzieru_latest");
 
if($_SESSION['userID'] == "")
{
die("You are not logged in. Please go away :)");
}
$userID = $_SESSION['userID'];
$failstring = "userid=".$userID;
$getUserDetailsQuery = "SELECT * FROM users WHERE userID = '$userID'";
$getUserDetailsResult = mysql_query($getUserDetailsQuery) or die (siteErrorLogging(mysql_error()));
$getUserDetailsArray = mysql_fetch_array($getUserDetailsResult) or die (siteErrorLogging(mysql_error()));
$userFullName = $getUserDetailsArray['firstName']." ".$getUserDetailsArray['surname'];
 
$oldpw = $_POST['oldpassword'];
$newpw = $_POST['newpassword'];
$confpw = $_POST['confpassword'];
if(isSet($_POST['changePW']))
{
    $failstring += "  testingtest";
    if(md5($oldpw) == $getUserDetailsArray['password'])
    {
        $test1 = TRUE;
        $failstring += "1";
        if($newpw == $confpw)
        {
            $test2 = TRUE;
            $failstring += "2";
            if(strlen($newpw) < 8)
            {
                $test3 = FALSE;
                $failstring += "Your password is less than 8 characters - please try again. ";
            }
            else
            {
                $test3 = TRUE;
                $failstring += "3";
            }
    
        }
        else
        {
            $test2 = FALSE;
            $failstring += "Your passwords were not identical - please try again. ";
        }
    }
    else
    {
        $test1 = FALSE;
        $failstring += "Your new and old passwords do not match - please try again. ";
    }
    
    
    
    
    if($test1 == TRUE && $test2 == TRUE && $test3 == TRUE)
    {
        $md5newPW = md5($newpw);
        $updatePWQuery = "UPDATE users SET password = '$md5newPW' WHERE userID = '$userID'";
        $updatePWResult = mysql_query($updatePWQuery) or die (siteErrorLogging(mysql_query()));
        $teststring += "testing testing testing ";
        $rows = mysql_affected_rows();
        
        if($rows == 0)
        {
            $_SESSION['success'] = "Your password was not changed. Please contact Andy Seaton at andyseaton@gmail.com. ";
            header("Location: admin.php?complete=fail");
        }
        else
        {
            $_SESSION['success'] = "Your password has been successfully changed. ";
            header("Location: admin.php?complete=success");
        }
 
        
    }
    else
    {
        $failstring += "this is <span style='color:blue' title='I&#39;m naughty, are you naughty?'>smurf</span>";
        
    }
    $_SESSION['success'] = "this is".$failstring;
    header("Location: admin.php?complete=failstring".$failstring);
    
 
}
 
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<!--
 
Design by Free CSS Templates
http://www.freecsstemplates.org
Released for free under a Creative Commons Attribution 2.5 License
 
Title      : Transition
Version    : 1.0
Released   : 20070703
Description: A two-column, fixed-width template with light color blend.
 
-->
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>Lenzie Rugby Football Club</title>
<meta name="keywords" content="" />
<meta name="description" content="" />
<link href="../default.css" rel="stylesheet" type="text/css" />
<style type="text/css">
<!--
.style4 {color: #009900}
.style8 {
    color: #666666
}
.style9 {color: #FF0000}
-->
</style>
<script language="JavaScript" type="text/javascript" src="wysiwyg.js"></script>
</head>
<body>
<div id="header">
    <div id="logo">
      <h1><img src="../images/logo.png" alt="" width="141" height="59" /></h1>
  </div>
    <div id="topmenu">
        <ul>
            <li class="first"><a href="#sponsors">Sponsors</a></li>
            <li><a href="../contact.html">Contact</a></li>
            <li><a href="../about.html">About LRFC </a></li>
      </ul>
  </div>
</div>
<div id="header2">
    <div id="menu">
        <ul>
            <li class="first"><a href="admin.php"> Admin Home</a></li>
            <li><a href="logout.php"> Log out </a>
        </ul>
  </div>
    <div id="splash"><a href="#"><img src="../images/scrum.jpg" alt="" width="560" height="200" /></a></div>
</div>
<hr />
<div id="page">
  <div id="contentB">
        <div>
            <h1 class="title">Add a story to the database</h1>
            <?php
            if($_SESSION['success'] != "")
            {
            echo "<p style='color:red'>".$_SESSION['success']."</p>";
            $_SESSION['success'] = "";
             }
            ?>
            <div class="content">
                <p>You can change your password here. 8 or more characters, and it's best if you have a mix of upper and lower case numbers. Try not to use dates of birth, mothers maiden names, etc :)</p>
                <form method="post" action="<?php $_SERVER['PHP_SELF']; ?>">
                <table width="200" border="0">
                  <tr>
                    <td>Old Password: </td>
                    <td><input type="password" name="oldpassword" /></td>
                  </tr>
                  <tr>
                    <td>New Password:</td>
                    <td><input type="password" name="newpassword" /></td>
                  </tr>
                  <tr>
                    <td>Confirm New Password:</td>
                    <td><input type="password" name="confpassword" /></td>
                  </tr>
                </table>
                <input type="submit" name="changePW" value="Change Password" />
                <input type="reset" value="Reset" />
                </form>
                <p>&nbsp;</p>
              <p>&nbsp;</p>
          </div>
        </div>
      <div class="twocols"></div>
  </div>
    <div style="clear: both;">&nbsp;
      <table width="760">
        <tr>
          <td colspan="4"><div align="center"><strong><a name="sponsors" id="sponsors"></a>Thanks to our generous sponsors: </strong></div></td>
        </tr>
        <tr>
          <td colspan="4">&nbsp;</td>
        </tr>
        <tr>
          <td><div align="center"><strong><a href="http://www.cala.co.uk/">Cala Homes </a></strong></div></td>
          <td><div align="center"><strong><a href="http://www.caledonian-brewery.co.uk/">Caledonian Brewing Co</a> </strong></div></td>
          <td><div align="center"><strong><a href="http://www.vecumbernauld.co.uk/">Village Estates</a> </strong></div></td>
          <td rowspan="2">&nbsp;</td>
        </tr>
        <tr>
          <td><div align="center"><strong><a href="http://www.landengineering.co.uk/">Land Engineering </a></strong></div></td>
          <td><div align="center"><strong><a href="http://www.ghwindows.co.uk/">GH Windows </a></strong></div></td>
          <td><div align="center"><strong><a href="http://applegate.co.uk/company/11/99/613.htm">Charterhill</a></strong></div></td>
        </tr>
        <tr>
          <td>&nbsp;</td>
          <td><div align="center"><strong><a href="http://www.archibaldyoung.co.uk/">Archibald Young Ltd</a> </strong></div></td>
          <td>&nbsp;</td>
          <td>&nbsp;</td>
        </tr>
      </table>
  </div>
</div>
<hr />
<div id="footer-wrapper">
    <div id="footer">
        <p id="legal">Copyright &copy; 2007 Nucleo Solutions.<br />
      Designed by <a href="http://www.freecsstemplates.org/">Free CSS Templates</a></p>
  </div>
</div>
 
</body>
</html>
 
Admin.php

Code: Select all

 
<?php
session_start();
include("/home/lenzieru/includes/dbfunc.inc");
 
db_connect("lenzieru_latest");
 
if($_SESSION['userID'] == "")
{
die("You are not logged in. Please go away :)");
}
$userID = $_SESSION['userID'];
$getUserDetailsQuery = "SELECT * FROM users WHERE userID = '$userID'";
$getUserDetailsResult = mysql_query($getUserDetailsQuery) or die (siteErrorLogging(mysql_error()));
$getUserDetailsArray = mysql_fetch_array($getUserDetailsResult) or die (siteErrorLogging(mysql_error()));
$userFullName = $getUserDetailsArray['firstName']." ".$getUserDetailsArray['surname'];
 
 
 
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>Lenzie Rugby Football Club</title>
<meta name="keywords" content="" />
<meta name="description" content="" />
<link href="../default.css" rel="stylesheet" type="text/css" />
<style type="text/css">
<!--
.style4 {color: #009900}
.style8 {
    color: #666666
}
.style9 {color: #FF0000}
-->
</style>
<script language="JavaScript" type="text/javascript" src="wysiwyg.js"></script>
</head>
<body>
<div id="header">
    <div id="logo">
      <h1><img src="../images/logo.png" alt="" width="141" height="59" /></h1>
  </div>
    <div id="topmenu">
        <ul>
            <li class="first"><a href="#sponsors">Sponsors</a></li>
            <li><a href="../contact.html">Contact</a></li>
            <li><a href="../about.html">About LRFC </a></li>
      </ul>
  </div>
</div>
<div id="header2">
    <div id="menu">
        <ul>
            <li class="first"><a href="admin.php"> Admin Home</a></li>
            <li><a href="logout.php"> Log out </a>
        </ul>
  </div>
    <div id="splash"><a href="#"><img src="../images/scrum.jpg" alt="" width="560" height="200" /></a></div>
</div>
<hr />
<div id="page">
  <div id="contentB">
        <div>
            <h1 class="title">Add a story to the database</h1>
            <div class="content">
            <p> </p>
            <?php 
            echo $_SESSION['success'];
            echo $_GET['complete'];
            if($_SESSION['success'] == "" && $_GET['complete'] == "fail")
            {
                echo "there is nothing in session ".$_SESSION['success']." ... ggg".$_SESSION['teststring'];
                $_SESSION['success'] = "";          
             }
             else
             {
                
if($_GET['complete'] != "success")
{
echo "<p style='color:red'> ".$_GET['complete'].". Try again, or contact Andy Seaton at andyseaton@gmail.com </p>";
}
else if($_GET['complete'] == "success")
{
echo "<p style='color:red'> The password was changed successfully </p>";
}
else
{
echo "<p style='color:red'>ff".$_SESSION['success']."</p>";
$_SESSION['success'] = "";
}
             }
            
            ?>
            
            <p> Welcome, <?php echo $userFullName; ?> </p>
            
                <P> <a href="addStory.php"> Add a story to the stories database </a>
                <p> <a href="delStory.php"> Delete a story from the stories database </a>
                <p> <a href="editStory.php"> Edit a story currently on the database </a>
                <p> <a href="boostStory.php"> Boost a story to the top of the pile </a>                </p>
                <p>&nbsp;</p>
                <p> <a href="changepassword.php"> Change your password </a></p>
              <p>&nbsp;</p>
          </div>
        </div>
      <div class="twocols"></div>
  </div>
    <div style="clear: both;">&nbsp;
      <table width="760">
        <tr>
          <td colspan="4"><div align="center"><strong><a name="sponsors" id="sponsors"></a>Thanks to our generous sponsors: </strong></div></td>
        </tr>
        <tr>
          <td colspan="4">&nbsp;</td>
        </tr>
        <tr>
          <td><div align="center"><strong><a href="http://www.cala.co.uk/">Cala Homes </a></strong></div></td>
          <td><div align="center"><strong><a href="http://www.caledonian-brewery.co.uk/">Caledonian Brewing Co</a> </strong></div></td>
          <td><div align="center"><strong><a href="http://www.vecumbernauld.co.uk/">Village Estates</a> </strong></div></td>
          <td rowspan="2">&nbsp;</td>
        </tr>
        <tr>
          <td><div align="center"><strong><a href="http://www.landengineering.co.uk/">Land Engineering </a></strong></div></td>
          <td><div align="center"><strong><a href="http://www.ghwindows.co.uk/">GH Windows </a></strong></div></td>
          <td><div align="center"><strong><a href="http://applegate.co.uk/company/11/99/613.htm">Charterhill</a></strong></div></td>
        </tr>
        <tr>
          <td>&nbsp;</td>
          <td><div align="center"><strong><a href="http://www.archibaldyoung.co.uk/">Archibald Young Ltd</a> </strong></div></td>
          <td>&nbsp;</td>
          <td>&nbsp;</td>
        </tr>
      </table>
  </div>
</div>
<hr />
<div id="footer-wrapper">
    <div id="footer">
        <p id="legal">Copyright &copy; 2007 Nucleo Solutions.<br />
      Designed by <a href="http://www.freecsstemplates.org/">Free CSS Templates</a></p>
  </div>
</div>
 
</body>
</html>
 
Anyway, I would be very grateful to know where I'm going wrong - cheers.

Andy
dzynit
Forum Newbie
Posts: 8
Joined: Tue Jul 03, 2007 8:15 am

Re: Problems using sessions and GETs

Post by dzynit »

Did you try removing

Code: Select all

session_register("success");
from line 4 on your ChangePassword.php script?
User avatar
aceconcepts
DevNet Resident
Posts: 1424
Joined: Mon Feb 06, 2006 11:26 am
Location: London

Re: Problems using sessions and GETs

Post by aceconcepts »

session_register() is deprecated. Do as dzynit has suggested and remove line 4.

By the way, are you Andy Seaton? I saw this name in your script. I know an Andy Seaton myself.
Post Reply