PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
<?php
include 'session.php';
include 'dbconnect_silent.php';
$username = $user;
?>
<?php
//get post number//
$postnum = $_GET["postnum"];
?>
<table style="BORDER-RIGHT: black 1px solid; BORDER-TOP: black 1px solid; BORDER-LEFT: black 1px solid; BORDER-BOTTOM: black 1px solid; BORDER-COLLAPSE: collapse" cellpadding="3" width="350">
<tbody>
<tr>
<td background="images/pbody.png">
<?php
//grab post//
$sql = "SELECT * from prayerlog WHERE postid='$postnum' ORDER BY postid DESC";
$result = mysql_query($sql) or print ("Can't select entry from table php_blog.<br />" . $sql . "<br />" . mysql_error());
while($row = mysql_fetch_array($result)){
$date = stripslashes($row['timestamp']);
$entry = stripslashes($row['entry']);
$reply = stripslashes($row['reply']);
$replytext = stripslashes($row['replytext']);
$poster = stripslashes($row['userlink']);
if($username != $poster){
?>
<b><center>Error: You do not have permission to view this post</center></b>
<?php
}else{
?>
<div><strong><u>Prayer request:
<?php
echo $date;
?>
</u></strong><br />
<textarea id="entry" rows="3" cols="39" name="entry">
<?php
echo $entry;
?>
</textarea><br />
<br />
God's reply: (We advise that you date the reply, but you don't have to)
<form action="connectreply2.php?postnum=<?php
echo $postnum;
?>
" method="post">
<textarea id="replytext" rows="4" cols="39" name="replytext">
</textarea><br />
<div align="right"><input id="submit" type="submit" name="submit" value="post reply" /> </div>
</form>
<?php
}
}
?>
<?php
if (!mysql_num_rows($result)){
?>
<b><center>Error: no post was found</center></b>
<?php
}
?>
</div>
</td>
</tr>
</tbody>
</table>
<br />
<br />
</center>
In IE it displays the page, but in Firefox it gives me "Error: you do not have permission to view this post"
I have checked the mySQL database, and the userlink is the same as the username i am logging in as to try this. why could this be happening?
the wierd this is i use that same system to check if the user has permission to view the post on about 5 other pages, but it only fails to work right on this one.
Last edited by suthie on Tue Aug 07, 2007 3:20 pm, edited 2 times in total.
sorry for the bump. i tured on error reporting and got all this:
Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /www/justfree.com/p/e/n/penguinflash/htdocs/connectreply.php:1) in /www/justfree.com/p/e/n/penguinflash/htdocs/session.php on line 3
Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /www/justfree.com/p/e/n/penguinflash/htdocs/connectreply.php:1) in /www/justfree.com/p/e/n/penguinflash/htdocs/session.php on line 3
Notice: Undefined index: areyouin in /www/justfree.com/p/e/n/penguinflash/htdocs/session.php on line 4
Notice: Undefined index: user in /www/justfree.com/p/e/n/penguinflash/htdocs/session.php on line 5
Warning: Cannot modify header information - headers already sent by (output started at /www/justfree.com/p/e/n/penguinflash/htdocs/connectreply.php:1) in /www/justfree.com/p/e/n/penguinflash/htdocs/session.php on line 7
Error: You do not have permission to view this post
[url=http://forums.devnetwork.net/viewtopic.php?t=30037]Forum Rules[/url] Section 1.1 wrote:4. All users of any level are restricted to bumping (as defined here) any given thread within twenty-four (24) hours of its last post. Non-trivial posts are not considered bumping. A bump post found in violation will be deleted, and you may or may not receive a warning. Persons bumping excessively be considered as spammers and dealt with accordingly.
Do not bump. Period.
Second...
Headers sent messages are asked about on these forums upwards of five times a week. A little searching would help in that regards. To cut to the chase, there is output being sent to the browser before a call to a header reliant function is being made (header(), setcookie(), session_start()), so I would check to see where you might be using these functions and make sure that they are called before any output is sent to the browser.
<?php
// start output buffering. Why? Who knows.
ob_start();
// Start the session
session_start();
// Set $areyouin to either a post var or a session var
// If the session var is not already set, you are throwing undefined index notices
// and have null as the value of $_SESSION['areyouin']
$areyouin = isset($_POST['areyouin']) ? $_POST['areyouin'] : $_SESSION['areyouin'];
// Same applies here. If there is no form posted data and no session data set yet
// this becomes null
$user = isset($_POST['user']) ? $_POST['user'] : $_SESSION['user'];
// No post, no session, this evaluates to false, which redirects
if($areyouin != true){
header ('Location: nosession.html');
}
// Flush the output buffer
ob_flush();
?>
It has not given me any troubles anywhere else. It just seems to dislike this one page. Is there a more efficient/better way to rewrite this? or is there something weird in the one page that clashes with this?
First thing, get rid of output buffering here. It does nothing for you at all. Second, use some more logical conditionals. And lastly, initialize your variables so these types of things are caught.
<?php
// Start the session
session_start();
// Initialize $areyouin and $user
$areyouin = null;
$user = null;
// Now get the actual values for these variables from 1) the session, or 2) the form
/*
IN BOTH CASES THE DATA SHOULD BE VALIDATED IN SOME CAPACITY!
*/
if (!empty($_SESSION['areyouin'])) {
$areyouin = $_SESSION['areyouin'];
} elseif (!empty($_POST['areyouin'])) {
$areyouin = $_POST['areyouin'];
}
if (!empty($_SESSION['user'])) {
$user = $_SESSION['user'];
} elseif (!empty($_POST['user'])) {
$user = $_POST['user'];
}
if (is_null($areyouin) || is_null($user)) {
echo 'Neither user or areyou in has been set!';
//header('Location: http://www.fullurlofmysite.com/nosession.html');
}
?>
I ran that and it echoed "Neither user or areyouin has been set!" but once again, only on this one page. All the other ones work fine. And also, this does not happen when i try it in ie.
What is making it think that neither of these variables have been set everytime I go to this one page?
Is that same file included in all of the pages in the app? Have you cleared your cache yet? Have you reviewed your cookies to make sure that there are cookies set?
I also have tried the page on multiple computers to make sure it wasn't just some wierd thing with mine
as for the cookies thing there are too cookies from justfree.com, the webhost i am using temporarily. they do not have my subdomain in the filename, but i would assume one of them is from me... how else could it do a session on about twenty other pages with the same code?
session.php works on every other page it is included in (around 20 pages) but not this one. and it does work on this one IF the page is viewed with Internet Explorer.
what in the world could cause this?
in addition, when i add error reporting into session.php, i get no errors.