Page 1 of 1

Unable to display database values based on Session ID

Posted: Thu Feb 26, 2009 7:52 pm
by ricola
I have a script where people log in to access their personal info. This script stopped working all of sudden. My ISP blames my code. People can login successfully, but their info isn't displayed. Instead they see a page with blank fields. The database works fine (tested). The PHP.ini file was checked as well (the ISP turned "register globals" on, what didn't solve the problem).

I've been trying to solve this since four days and so far nothing but headaches. :banghead:

At this point I just need a fresh set of eyes, as I just can't see the error. I posted the files in question below.

login.php

Code: Select all

 <?php
session_start();
ob_start();
 
include("include/dbinfo.inc.php");
mysql_connect($mysql_host,$username,$password);
@mysql_select_db($database) or die('Unable to connect to the database because: ' . mysql_error());
 
$username = $_POST['username'];
$password = $_POST['password'];
 
$username = stripslashes($username);
$password = stripslashes($password);
$username=mysql_real_escape_string($username);
$password=mysql_real_escape_string($password);
 
$result = mysql_query("SELECT * FROM users WHERE username = '$username' LIMIT 1");
$qdata1 = mysql_fetch_object($result);
 
if ( (!empty ($_POST['username'])) && (!empty ($_POST['password'])) ) {
 
if ($qdata1->password == "$password") {
$userprofile = $qdata1;
 
     include "include/newsession.php";
            echo "<p> <center>Successfully,Logged in<br>
<br><a href='logout.php'> Log OUT </a><br>
<br><a href='main.php'>Click here if your browser is not redirecting automatically or you don't want to wait.</a><br></center>"
;
     print "<script>";
       print " self.location='main.php';"; // Comment this line if you don't want to redirect
          print "</script>";
 
    
        }}    
    else {
 
        session_unset();
echo "<font face='Verdana' size='3' color=red>Wrong Login. Use your correct username and password and try again. <br><br><input type='button' value='Retry' onClick='history.go(-1)'>";
        
    }
mysql_close();
?>
 
main.php (only showing database pull part)

Code: Select all

 <?php include("include/checklogin.php");?>
 
        <p><strong>Client:</strong> <? echo "$company"; ?></p>
        <p><strong>Contact:</strong> <? echo "$contact"; ?></p>
        <p><strong>Project:</strong> <? echo "$project"; ?></p>
        <p><strong>Start Date:</strong> <? echo "$proposal_date"; ?></p>
        <p><strong>Estimated Costs: $</strong><? echo "$estimate"; ?></p>
        <p><strong>Deposit:</strong> $<? echo "$deposit"; ?></p>
        <p><strong>Notes: </strong><? echo "$notes"; ?></p>
 
 

checklogin.php

Code: Select all

 <?php
session_start();
 
# Prevent the cacheing of pages and make it ewxpire instantly
Header('Cache-Control: no-cache');
Header('Pragma: no-cache');
header("Cache-control: private"); //IE6+ fix
 
# Protect page from being called directly from web browser
$back = "<div align=center>You must <a href='xxxx'>login</a> to access this page.</div>";
$acc_denied = "<br>
<br>
<br>
<br>
<div align=center><h3>Access Denied</h3></div>".$back;
if (!isset($_SESSION["id"])) { die($acc_denied); }
 
# Connect to Database
include("include/dbinfo.inc.php");
mysql_connect($mysql_host,$username,$password);
@mysql_select_db($database) or die('Unable to connect to the database because: ' . mysql_error());
 
$result = mysql_query("SELECT * FROM content WHERE id='$userprofile->id'");
 
$row = mysql_fetch_assoc($result);
 
$company = $row['company'];
$email = $row ['email'];
$contact = $row ['contact'];
$project = $row ['project'];
$proposal_date = $row ['proposal_date'];
$estimate = $row ['estimate'];
$deposit = $row ['deposit'];
$notes= $row ['notes'];
$projecturl= $row ['projecturl'];
 
//and if multiple rows returned:
 
while($row = mysql_fetch_assoc($result))
 
mysql_close($conn);
 
 
?>
 
Any help is greatly appreciated!!!!!!!! :wink:

Re: Unable to display database value based on Session ID

Posted: Thu Feb 26, 2009 7:57 pm
by Benjamin
Have you reviewed the error logs?

Re: Unable to display database values based on Session ID

Posted: Thu Feb 26, 2009 7:58 pm
by ricola
No, forgot about that....hold on....

Re: Unable to display database values based on Session ID

Posted: Thu Feb 26, 2009 9:14 pm
by ricola
Here we go.....
Notice: Undefined variable: userprofile in .../checklogin.php on line 29
Doesn't make sense to me cause $userprofile is defined in login.php which is the first script called.... (?)

Here is the part where it is defined:

Code: Select all

$result = mysql_query("SELECT * FROM users WHERE username = '$username' LIMIT 1");
$qdata1 = mysql_fetch_object($result);
 
if ( (!empty ($_POST['username'])) && (!empty ($_POST['password'])) ) {
 
if ($qdata1->password == "$password") {
[color=#FF0000]$userprofile = $qdata1;[/color]
 
Any fix for this?

Re: Unable to display database values based on Session ID

Posted: Thu Feb 26, 2009 10:44 pm
by pcoder
That means your PHP installation is configured for Errors, Warnings and Notices.
You have to configure it to show only the Errors and the Warnings, which is the defalult PHP configuration.
Cheers

Re: Unable to display database values based on Session ID

Posted: Fri Feb 27, 2009 11:45 am
by ricola
Yes, I turned on error reporting to find the bug. As of today I still have not been able to find it. Error reporting will be turned off once the bug has been fixed.

Re: Unable to display database values based on Session ID

Posted: Fri Feb 27, 2009 2:42 pm
by ricola
I'm trying to find out why it can't read the value of $userprofile defined in login.php. So I added "print $_SESSION['userprofile']" statement on the landing page after logging in. This returns: "Object". That doesn't sound right.

Does anybody understand why this happens? Any help?

Re: Unable to display database values based on Session ID

Posted: Fri Feb 27, 2009 6:06 pm
by php_east
try this typos corrected version

Code: Select all

 
$result = mysql_query("SELECT * FROM users WHERE username = '".$username."' LIMIT 1");
$qdata1 = mysql_fetch_object($result);
 
if ( (!empty ($_POST['username'])) && (!empty ($_POST['password'])) ) 
{
if ( $qdata1->password == $password) {
$userprofile = $qdata1;
 

Re: Unable to display database values based on Session ID

Posted: Fri Feb 27, 2009 7:10 pm
by ricola
Thanks for your help. I changed the two occurances as per your suggestions, but that didn't make a difference.

Somebody else told me to try this:

Code: Select all

echo "<pre>" . print_r($_SESSION['userprofile'], 1) . "</pre>";
With this I could test if 'userprofile" actually carried the correct data, which it did! With this new info, I was able to figure out what was missing in my script:

Code: Select all

$userprofile =  $_SESSION['userprofile'];
.
And voila! Problem solved!!!!! 8)

This part was not needed before, but it seems that the PHP on my server got updated and session globals have to be defined more clearly. :D