Here's the code...I can't seem to find what's wrong with it.
Code: Select all
<?
/**
* UserInfo.php
*
* This page is for users to view their account information
* with a link added for them to edit the information.
*
*/
include("session.php");
?>
<html>
<title>Capital Abode</title>
<body>
<?
/* Requested Username error checking */
$req_user = trim($_GET['username']);
if(!$req_user || strlen($req_user) == 0 ||
!eregi("^([0-9a-z])+$", $req_user) ||
!$database->usernameTaken($req_user)){
die("Username not registered");
}
/* Logged in user viewing own account */
if(strcmp($session->username,$req_user) == 0){
echo "<h1>My Account</h1>";
}
/* Visitor not viewing own account */
else{
echo "<h1>User Info</h1>";
}
/* Display requested user information */
$req_user_info = $database->getUserInfo($req_user);
/* Username */
echo "<b>Username: ".$req_user_info['username']."</b><br>";
/* Email */
echo "<b>Email:</b> ".$req_user_info['userEmail']."<br>";
/**
* Note: when you add your own fields to the users table
* to hold more information, like homepage, location, etc.
* they can be easily accessed by the user info array.
*
* $session->user_info['location']; (for logged in users)
*
* ..and for this page,
*
* $req_user_info['location']; (for any user)
*/
/* If logged in user viewing own account, give link to edit */
if(strcmp($session->username,$req_user) == 0){
echo "<br><a href=\"useredit.php\">Edit Account Information</a><br>";
}
/* Link back to main */
echo "<br>Back To [<a href=\"main.php\">Main</a>]<br>";
?>
</body>
</html>
Code: Select all
/**
* checkLogin - Checks if the user has already previously
* logged in, and a session with the user has already been
* established. Also checks to see if user has been remembered.
* If so, the database is queried to make sure of the user's
* authenticity. Returns true if the user has logged in.
*/
function checkLogin(){
global $database; //The database connection
/* Check if user has been remembered */
if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookid'])){
$this->username = $_SESSION['username'] = $_COOKIE['cookname'];
$this->userid = $_SESSION['userid'] = $_COOKIE['cookid'];
}
/* Username and userid have been set and not guest */
if(isset($_SESSION['username']) && isset($_SESSION['userid']) &&
$_SESSION['username'] != GUEST_NAME){
/* Confirm that username and userid are valid */
if($database->confirmUserPass($_SESSION['username'], $_SESSION['userid']) != 0){
/* Variables are incorrect, user not logged in */
unset($_SESSION['username']);
unset($_SESSION['userid']);
return false;
}
/* User is logged in, set class variables */
$this->userinfo = $database->getUserInfo($_SESSION['username']);
$this->username = $this->userinfo['username'];
$this->userid = $this->userinfo['userid'];
$this->userlevel = $this->userinfo['userLevel'];
return true;
}
/* User not logged in */
else{
return false;
}
}
Code: Select all
/**
* usernameTaken - Returns true if the username has
* been taken by another user, false otherwise.
*/
function usernameTaken($username){
if(!get_magic_quotes_gpc()){
$username = addslashes($_POST['username']);
}
$q = "SELECT username FROM ".TBL_USERS." WHERE username = '$username'";
$result = mysql_query($q, $this->connection);
if(!$result || (mysql_num_rows($result) < 1)){
return 1; //Indicates username failure
}
}