Unable to display database values based on Session ID
Posted: Thu Feb 26, 2009 7:52 pm
I have a script where people log in to access their personal info. This script stopped working all of sudden. My ISP blames my code. People can login successfully, but their info isn't displayed. Instead they see a page with blank fields. The database works fine (tested). The PHP.ini file was checked as well (the ISP turned "register globals" on, what didn't solve the problem).
I've been trying to solve this since four days and so far nothing but headaches.
At this point I just need a fresh set of eyes, as I just can't see the error. I posted the files in question below.
login.php
main.php (only showing database pull part)
checklogin.php
Any help is greatly appreciated!!!!!!!! 
I've been trying to solve this since four days and so far nothing but headaches.
At this point I just need a fresh set of eyes, as I just can't see the error. I posted the files in question below.
login.php
Code: Select all
<?php
session_start();
ob_start();
include("include/dbinfo.inc.php");
mysql_connect($mysql_host,$username,$password);
@mysql_select_db($database) or die('Unable to connect to the database because: ' . mysql_error());
$username = $_POST['username'];
$password = $_POST['password'];
$username = stripslashes($username);
$password = stripslashes($password);
$username=mysql_real_escape_string($username);
$password=mysql_real_escape_string($password);
$result = mysql_query("SELECT * FROM users WHERE username = '$username' LIMIT 1");
$qdata1 = mysql_fetch_object($result);
if ( (!empty ($_POST['username'])) && (!empty ($_POST['password'])) ) {
if ($qdata1->password == "$password") {
$userprofile = $qdata1;
include "include/newsession.php";
echo "<p> <center>Successfully,Logged in<br>
<br><a href='logout.php'> Log OUT </a><br>
<br><a href='main.php'>Click here if your browser is not redirecting automatically or you don't want to wait.</a><br></center>"
;
print "<script>";
print " self.location='main.php';"; // Comment this line if you don't want to redirect
print "</script>";
}}
else {
session_unset();
echo "<font face='Verdana' size='3' color=red>Wrong Login. Use your correct username and password and try again. <br><br><input type='button' value='Retry' onClick='history.go(-1)'>";
}
mysql_close();
?>
Code: Select all
<?php include("include/checklogin.php");?>
<p><strong>Client:</strong> <? echo "$company"; ?></p>
<p><strong>Contact:</strong> <? echo "$contact"; ?></p>
<p><strong>Project:</strong> <? echo "$project"; ?></p>
<p><strong>Start Date:</strong> <? echo "$proposal_date"; ?></p>
<p><strong>Estimated Costs: $</strong><? echo "$estimate"; ?></p>
<p><strong>Deposit:</strong> $<? echo "$deposit"; ?></p>
<p><strong>Notes: </strong><? echo "$notes"; ?></p>
checklogin.php
Code: Select all
<?php
session_start();
# Prevent the cacheing of pages and make it ewxpire instantly
Header('Cache-Control: no-cache');
Header('Pragma: no-cache');
header("Cache-control: private"); //IE6+ fix
# Protect page from being called directly from web browser
$back = "<div align=center>You must <a href='xxxx'>login</a> to access this page.</div>";
$acc_denied = "<br>
<br>
<br>
<br>
<div align=center><h3>Access Denied</h3></div>".$back;
if (!isset($_SESSION["id"])) { die($acc_denied); }
# Connect to Database
include("include/dbinfo.inc.php");
mysql_connect($mysql_host,$username,$password);
@mysql_select_db($database) or die('Unable to connect to the database because: ' . mysql_error());
$result = mysql_query("SELECT * FROM content WHERE id='$userprofile->id'");
$row = mysql_fetch_assoc($result);
$company = $row['company'];
$email = $row ['email'];
$contact = $row ['contact'];
$project = $row ['project'];
$proposal_date = $row ['proposal_date'];
$estimate = $row ['estimate'];
$deposit = $row ['deposit'];
$notes= $row ['notes'];
$projecturl= $row ['projecturl'];
//and if multiple rows returned:
while($row = mysql_fetch_assoc($result))
mysql_close($conn);
?>