Unable to display database values based on Session ID

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
ricola
Forum Newbie
Posts: 6
Joined: Thu Feb 26, 2009 7:47 pm

Unable to display database values based on Session ID

Post by ricola »

I have a script where people log in to access their personal info. This script stopped working all of sudden. My ISP blames my code. People can login successfully, but their info isn't displayed. Instead they see a page with blank fields. The database works fine (tested). The PHP.ini file was checked as well (the ISP turned "register globals" on, what didn't solve the problem).

I've been trying to solve this since four days and so far nothing but headaches. :banghead:

At this point I just need a fresh set of eyes, as I just can't see the error. I posted the files in question below.

login.php

Code: Select all

 <?php
session_start();
ob_start();
 
include("include/dbinfo.inc.php");
mysql_connect($mysql_host,$username,$password);
@mysql_select_db($database) or die('Unable to connect to the database because: ' . mysql_error());
 
$username = $_POST['username'];
$password = $_POST['password'];
 
$username = stripslashes($username);
$password = stripslashes($password);
$username=mysql_real_escape_string($username);
$password=mysql_real_escape_string($password);
 
$result = mysql_query("SELECT * FROM users WHERE username = '$username' LIMIT 1");
$qdata1 = mysql_fetch_object($result);
 
if ( (!empty ($_POST['username'])) && (!empty ($_POST['password'])) ) {
 
if ($qdata1->password == "$password") {
$userprofile = $qdata1;
 
     include "include/newsession.php";
            echo "<p> <center>Successfully,Logged in<br>
<br><a href='logout.php'> Log OUT </a><br>
<br><a href='main.php'>Click here if your browser is not redirecting automatically or you don't want to wait.</a><br></center>"
;
     print "<script>";
       print " self.location='main.php';"; // Comment this line if you don't want to redirect
          print "</script>";
 
    
        }}    
    else {
 
        session_unset();
echo "<font face='Verdana' size='3' color=red>Wrong Login. Use your correct username and password and try again. <br><br><input type='button' value='Retry' onClick='history.go(-1)'>";
        
    }
mysql_close();
?>
 
main.php (only showing database pull part)

Code: Select all

 <?php include("include/checklogin.php");?>
 
        <p><strong>Client:</strong> <? echo "$company"; ?></p>
        <p><strong>Contact:</strong> <? echo "$contact"; ?></p>
        <p><strong>Project:</strong> <? echo "$project"; ?></p>
        <p><strong>Start Date:</strong> <? echo "$proposal_date"; ?></p>
        <p><strong>Estimated Costs: $</strong><? echo "$estimate"; ?></p>
        <p><strong>Deposit:</strong> $<? echo "$deposit"; ?></p>
        <p><strong>Notes: </strong><? echo "$notes"; ?></p>
 
 

checklogin.php

Code: Select all

 <?php
session_start();
 
# Prevent the cacheing of pages and make it ewxpire instantly
Header('Cache-Control: no-cache');
Header('Pragma: no-cache');
header("Cache-control: private"); //IE6+ fix
 
# Protect page from being called directly from web browser
$back = "<div align=center>You must <a href='xxxx'>login</a> to access this page.</div>";
$acc_denied = "<br>
<br>
<br>
<br>
<div align=center><h3>Access Denied</h3></div>".$back;
if (!isset($_SESSION["id"])) { die($acc_denied); }
 
# Connect to Database
include("include/dbinfo.inc.php");
mysql_connect($mysql_host,$username,$password);
@mysql_select_db($database) or die('Unable to connect to the database because: ' . mysql_error());
 
$result = mysql_query("SELECT * FROM content WHERE id='$userprofile->id'");
 
$row = mysql_fetch_assoc($result);
 
$company = $row['company'];
$email = $row ['email'];
$contact = $row ['contact'];
$project = $row ['project'];
$proposal_date = $row ['proposal_date'];
$estimate = $row ['estimate'];
$deposit = $row ['deposit'];
$notes= $row ['notes'];
$projecturl= $row ['projecturl'];
 
//and if multiple rows returned:
 
while($row = mysql_fetch_assoc($result))
 
mysql_close($conn);
 
 
?>
 
Any help is greatly appreciated!!!!!!!! :wink:
User avatar
Benjamin
Site Administrator
Posts: 6935
Joined: Sun May 19, 2002 10:24 pm

Re: Unable to display database value based on Session ID

Post by Benjamin »

Have you reviewed the error logs?
ricola
Forum Newbie
Posts: 6
Joined: Thu Feb 26, 2009 7:47 pm

Re: Unable to display database values based on Session ID

Post by ricola »

No, forgot about that....hold on....
Last edited by ricola on Thu Feb 26, 2009 9:39 pm, edited 2 times in total.
ricola
Forum Newbie
Posts: 6
Joined: Thu Feb 26, 2009 7:47 pm

Re: Unable to display database values based on Session ID

Post by ricola »

Here we go.....
Notice: Undefined variable: userprofile in .../checklogin.php on line 29
Doesn't make sense to me cause $userprofile is defined in login.php which is the first script called.... (?)

Here is the part where it is defined:

Code: Select all

$result = mysql_query("SELECT * FROM users WHERE username = '$username' LIMIT 1");
$qdata1 = mysql_fetch_object($result);
 
if ( (!empty ($_POST['username'])) && (!empty ($_POST['password'])) ) {
 
if ($qdata1->password == "$password") {
[color=#FF0000]$userprofile = $qdata1;[/color]
 
Any fix for this?
User avatar
pcoder
Forum Contributor
Posts: 230
Joined: Fri Nov 03, 2006 5:19 am

Re: Unable to display database values based on Session ID

Post by pcoder »

That means your PHP installation is configured for Errors, Warnings and Notices.
You have to configure it to show only the Errors and the Warnings, which is the defalult PHP configuration.
Cheers
ricola
Forum Newbie
Posts: 6
Joined: Thu Feb 26, 2009 7:47 pm

Re: Unable to display database values based on Session ID

Post by ricola »

Yes, I turned on error reporting to find the bug. As of today I still have not been able to find it. Error reporting will be turned off once the bug has been fixed.
ricola
Forum Newbie
Posts: 6
Joined: Thu Feb 26, 2009 7:47 pm

Re: Unable to display database values based on Session ID

Post by ricola »

I'm trying to find out why it can't read the value of $userprofile defined in login.php. So I added "print $_SESSION['userprofile']" statement on the landing page after logging in. This returns: "Object". That doesn't sound right.

Does anybody understand why this happens? Any help?
User avatar
php_east
Forum Contributor
Posts: 453
Joined: Sun Feb 22, 2009 1:31 pm
Location: Far Far East.

Re: Unable to display database values based on Session ID

Post by php_east »

try this typos corrected version

Code: Select all

 
$result = mysql_query("SELECT * FROM users WHERE username = '".$username."' LIMIT 1");
$qdata1 = mysql_fetch_object($result);
 
if ( (!empty ($_POST['username'])) && (!empty ($_POST['password'])) ) 
{
if ( $qdata1->password == $password) {
$userprofile = $qdata1;
 
ricola
Forum Newbie
Posts: 6
Joined: Thu Feb 26, 2009 7:47 pm

Re: Unable to display database values based on Session ID

Post by ricola »

Thanks for your help. I changed the two occurances as per your suggestions, but that didn't make a difference.

Somebody else told me to try this:

Code: Select all

echo "<pre>" . print_r($_SESSION['userprofile'], 1) . "</pre>";
With this I could test if 'userprofile" actually carried the correct data, which it did! With this new info, I was able to figure out what was missing in my script:

Code: Select all

$userprofile =  $_SESSION['userprofile'];
.
And voila! Problem solved!!!!! 8)

This part was not needed before, but it seems that the PHP on my server got updated and session globals have to be defined more clearly. :D
Post Reply