Topic: [SOLVED] Search wrapper help

[Snatch]

Hi, i'm using the below code for my search wrapper. It works but instead of showing the users id how would i show the users name? I had a stab in the dark at using user_name but as I expected it didn't work.

Code: [Select]

<?php
if(!isset($_SESSION['user_id'])){
    // check if the user is logged in
    // the user is not logged in
    // just display the search box
?>
<script type="text/javascript" src="./js/cleardefault.js"></script>

<form method="get" action="search.php">
<input name="search" type="text" size="35" value="click here to search" class="cleardefault" />
</form>


      <?php
} else {
    // the user is logged in
    // display the search box, name of user and logout
?>
      <script type="text/javascript" src="./js/cleardefault.js"></script>


<form method="get" action="search.php">
  <table width="755" border="0">
        <tr>
          <td width="331" height="24"><input name="search" type="text" size="35" value="click here to search" class="cleardefault" /></td>
          <td width="350">You are currently logged in as: <?php echo "$_SESSION[user_id]"; ?></td>
          <td width="60"><a class="one" href='logout.php'>Logout</a></td>
        </tr>
      </table>
</form>

<?php
}
?>


[Ken2k7]

Uh, well how is the session being created? Can you post the code where it's created?

[Snatch]

Code: [Select]

if(isset($_SESSION['user_id'])) {
 header("Location: ".$afterlogin);
}else{
 if(isset($_COOKIE['user_id'])) {
  // Read cookie, make session
  $sql = "SELECT id,state,password,active FROM `".$db_tbl."` WHERE id='".$_COOKIE['user_id']."'";
  $query = mysql_query($sql);
  $row = mysql_fetch_object($query);
  $id = htmlspecialchars($row->id);
  $status = htmlspecialchars($row->state);
  $dbpass = htmlspecialchars($row->password);
  $actief = htmlspecialchars($row->active);
  if($dbpass == $_COOKIE['user_password'] AND $actief == 1) {
   $_SESSION['user_id'] = $id;
   $_SESSION['user_status'] = $status;
   ?>
   <script language="Javascript" type="text/javascript">
    location.href='<?= $afterlogin ?>';
   </script>
   <?
  }else{
   echo $login_cookiefalse;
   setcookie("user_id", "", time() - 3600);
   setcookie("user_password", "", time() - 3600);
  }
 }else{
  if(isset($_POST['submit'])) {
   // Login
   $sql = "SELECT id,name,password,state,active,cookie_pass FROM `".$db_tbl."` WHERE name='".$_POST['user']."'";
   $query = mysql_query($sql);
   $count = mysql_num_rows($query);
   if($count == 1) {
    $row = mysql_fetch_object($query);
    $dbpass = htmlspecialchars($row->password);
    $userpass = md5($_POST['pass']);
    $cookiepass = htmlspecialchars($row->cookie_pass);
    $userid = htmlspecialchars($row->id);
    $userstatus = htmlspecialchars($row->state);
    $useractief = htmlspecialchars($row->active);
    if($dbpass == $userpass) {
     if($useractief == 1) {
      $_SESSION['user_id'] = $userid;
      $_SESSION['user_status'] = $userstatus;
      if($_POST['cookie'] == "do") {
       if($cookiepass == "") {
        $cookiecode = mt_srand((double)microtime()*100000);
        while(strlen($cookiecode) <= 10) {
         $i = chr(mt_rand (0,255));
         if(eregi("^[a-z0-9]$", $i)) {
         $cookiecode = $cookiecode.$i;
         }
        }
        $sql = "UPDATE `".$db_tbl."` SET cookie_pass = '".$cookiecode."' WHERE name = '".$_POST['user']."' LIMIT 1";
        mysql_query($sql);
        $cookiepass = $cookiecode;
       }
       setcookie("cookie_id", $userid, time() + 365 * 86400);
       setcookie("cookie_pass", $cookiepass, time() + 365 * 86400);
      }
      echo $loginsucces;


[Ken2k7]

Either add $_SESSION['name'] in all the $_SESSION parts or edit all the $_SESSION['id'] to $_SESSION['name']. Then to display the name, just use $_SESSION['name'].

[Snatch]

Thanks Ken!