Jump to content

sessions


lmcgr44

Recommended Posts

hello

 

i am makeing a forum and to post a new thread it has to check if the user is logged in, so i log into my website and i go to the post new topic but it says im not logged in here is the new_topic.php and also the login.php

 

new_topic.php

<?php
session_start();
include_once "../scripts/connect_to_mysql.php"; // Connect to the database
// Check to see if the user is logged in with session variables
if (!isset($_SESSION['userpass']) || $_SESSION['userpass'] == "") {
echo "Please log in...";
exit();
} else {
// Assume they are a member because they have a password session variable set
// Check the database to be sure that their ID, password, and email session variables all match in the database
$u_id = mysql_real_escape_string($_SESSION['id']);
$u_name = mysql_real_escape_string($_SESSION['username']);
$u_email = mysql_real_escape_string($_SESSION['useremail']);
$u_pass = mysql_real_escape_string($_SESSION['userpass']);
$sql = mysql_query("SELECT * FROM myMembers WHERE id='$u_id' AND username='$u_name' AND email='$u_email' AND password='$u_pass'");
    $numRows = mysql_num_rows($sql);
    if ($numRows < 1) {
    echo "ERROR: You do not exist in the system.";
    exit();
    }
}

////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
// Check to make sure the URL variables of "sid" and "title" are set
if (!isset($_POST['forum_id']) || $_POST['forum_id'] == "" || !isset($_POST['forum_title']) || $_POST['forum_title'] == "") {
echo "Important variables are missing";
exit();
} else {
// Acquire the variables and proceed to show them a form for creating a new topic
$forum_section_id = preg_replace('#[^0-9]#i', '', $_POST['forum_id']); 
$forum_section_title = preg_replace('#[^A-Za-z 0-9]#i', '', $_POST['forum_title']); 
}
///////////////////////////////////////////////////////////////////////////////////////////////////
$sql = mysql_query("SELECT * FROM forum_sections WHERE id='$forum_section_id' AND title='$forum_section_title'");
$numRows = mysql_num_rows($sql);
if ($numRows < 1) {
    echo "ERROR: That section deos not exist.";
    exit();
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link href="style/style.css" rel="stylesheet" type="text/css" />
<title>Create New Topic</title>
<script type="text/javascript" language="javascript"> 
<!--
function validateMyForm ( ) { 
    var isValid = true;
    if ( document.form1.post_title.value == "" ) { 
    alert ( "Please type in a title for this topic" ); 
    isValid = false;
    } else if ( document.form1.post_title.value.length < 10 ) { 
            alert ( "Your title must be at least 10 characters long" ); 
            isValid = false;
    } else if ( document.form1.post_body.value == "" ) { 
            alert ( "Please type in your topic body." ); 
            isValid = false;
    }
    return isValid;
}
//-->
</script>
</head>
<body>
<?php include_once("template_header.php"); ?>
<table style="background-color: #F0F0F0; border:#069 1px solid; border-top:none;" width="900" border="0" align="center" cellpadding="12" cellspacing="0">
  <tr>
    <td width="731" valign="top">
    <div id="breadcrumbs"><a href="http://www.webintersect.com">Web Intersect Home</a> ← <a href="http://www.webintersect.com/forum">Forum Home</a> ← <a href="section.php?id=<?php echo $forum_section_id; ?>"><?php echo $forum_section_title; ?></a></div>
    <h2>Creating New Topic In the  <em><?php echo $forum_section_title; ?></em> Forum</h2>
    
    <form action="parse_post.php" method="post" name="form1">
    <input name="post_type" type="hidden" value="a" />
    Topic Author:<br /><input name="topic_author" type="text" disabled="disabled" maxlength="64" style="width:96%;" value="<?php echo $u_name; ?>" />
    <br /><br />
    Please type in a title for your topic here:<br /><input name="post_title" type="text" maxlength="64" style="width:96%;" /><br /><br />
    Please type in your topic body:<br /><textarea name="post_body" rows="15" style="width:96%;"></textarea>
    <br /><br /><input name="" type="submit" value="Create my topic now!" onclick="javascript:return validateMyForm();"/>
    <input name="fsID" type="hidden" value="<?php echo $forum_section_id; ?>" />
    <input name="fsTitle" type="hidden" value="<?php echo $forum_section_title; ?>" />
    <input name="uid" type="hidden" value="<?php echo $_SESSION['id']; ?>" />
    <input name="upass" type="hidden" value="<?php echo $_SESSION['userpass']; ?>" />
    </form>
    
    </td>
    <td width="189" valign="top"><div style=" width:160px; height:600px; background-color: #999; color: #CCC; padding:12px;"> <br />
      <br />
      <br />
      <h3>Ad Space or Whatever</h3>
    </div></td>
  </tr>
</table>
<?php include_once("template_footer.php"); ?>
</body>
</html>

 

login.php

<?php
// Start Session to enable creating the session variables below when they log in
session_start();
// Force script errors and warnings to show on page in case php.ini file is set to not display them
error_reporting(E_ALL);
ini_set('display_errors', '1');
//-----------------------------------------------------------------------------------------------------------------------------------
// Initialize some vars
$errorMsg = '';
$email = '';
$pass = '';
$remember = '';
if (isset($_POST['email'])) {

$email = $_POST['email'];
$pass = $_POST['pass'];
if (isset($_POST['remember'])) {
	$remember = $_POST['remember'];
}
$email = stripslashes($email);
$pass = stripslashes($pass);
$email = strip_tags($email);
$pass = strip_tags($pass);

// error handling conditional checks go here
if ((!$email) || (!$pass)) { 

	$errorMsg = 'Please fill in both fields';

} else { // Error handling is complete so process the info if no errors
	include 'scripts/connect_to_mysql.php'; // Connect to the database
	$email = mysql_real_escape_string($email); // After we connect, we secure the string before adding to query
    //$pass = mysql_real_escape_string($pass); // After we connect, we secure the string before adding to query
	$pass = md5($pass); // Add MD5 Hash to the password variable they supplied after filtering it
	// Make the SQL query
        $sql = mysql_query("SELECT * FROM myMembers WHERE email='$email' AND password='$pass' AND email_activated='1'"); 
	$login_check = mysql_num_rows($sql);
        // If login check number is greater than 0 (meaning they do exist and are activated)
	if($login_check > 0){ 
    			while($row = mysql_fetch_array($sql)){

				// Pleae note: Adam removed all of the session_register() functions cuz they were deprecated and
				// he made the scripts to where they operate universally the same on all modern PHP versions(PHP 4.0  thru 5.3+)
				// Create session var for their raw id
				$id = $row["id"];   
				$_SESSION['id'] = $id;
				// Create the idx session var
				$_SESSION['idx'] = base64_encode("g4p3h9xfn8sq03hs2234$id");
                    // Create session var for their username
				$username = $row["username"];
				$_SESSION['username'] = $username;

				mysql_query("UPDATE myMembers SET last_log_date=now() WHERE id='$id' LIMIT 1");
        			//die($username);
    			} // close while

    			// Remember Me Section
    			if($remember == "yes"){
                    $encryptedID = base64_encode("g4enm2c0c4y3dn3727553$id");
    			    setcookie("idCookie", $encryptedID, time()+60*60*24*100, "/"); // Cookie set to expire in about 30 days
		        setcookie("passCookie", $pass, time()+60*60*24*100, "/"); // Cookie set to expire in about 30 days
				$_SESSION['username'] = $username;
    			} 
    			// All good they are logged in, send them to homepage then exit script
    			//die($_SESSION['username']);
			$_SESSION['username'] = $username;
			header("location: index.php?user=$username;"); 
    			exit();

	} else { // Run this code if login_check is equal to 0 meaning they do not exist
	    $errorMsg = "Incorrect login data, please try again";
	}


    } // Close else after error checks

} //Close if (isset ($_POST['uname'])){

?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="icon" href="favicon.ico" type="image/x-icon" />
<link rel="shortcut icon" href="favicon.ico" type="image/x-icon" />
<link href="style/main.css" rel="stylesheet" type="text/css" />
<script src="js/jquery-1.4.2.js" type="text/javascript"></script>
<title>Log In</title>
<style type="text/css">
<!--
body {
margin-top: 0px;
}
-->
</style></head>
<body>
<table width="400" align="center" cellpadding="6" style="background-color:#FFF; border:#666 1px solid;">
  <form action="login.php" method="post" enctype="multipart/form-data" name="signinform" id="signinform">
    <tr>
      <td width="23%"><font size="+2">Log In</font></td>
      <td width="77%"><font color="#FF0000"><?php print "$errorMsg"; ?></font></td>
    </tr>
    <tr>
      <td><strong>Email:</strong></td>
      <td><input name="email" type="text" id="email" style="width:60%;" /></td>
    </tr>
    <tr>
      <td><strong>Password:</strong></td>
      <td><input name="pass" type="password" id="pass" maxlength="24" style="width:60%;"/></td>
    </tr>
  <tr>
      <td align="right"> </td>
      <td><input name="remember" type="checkbox" id="remember" value="yes" checked="checked" />
        Remember Me</td>
    </tr>
    <tr>
      <td> </td>
      <td><input name="myButton" type="submit" id="myButton" value="Sign In" /></td>
    </tr>
    <tr>
      <td> </td>
      <td> </td>
    </tr>
    <tr>
      <td colspan="2">Forgot your password? <a href="forgot_pass.php">Click Here</a>
  <br /></td>
    </tr>
    <tr>
      <td colspan="2">Need an Account? <a href="register.php">Click Here</a><br />        <br /></td>
    </tr>
  </form>
</table>
<br />
<br />
<br />
</body>
</html>

 

Link to comment
Share on other sites

  • 1 year later...

Hi,

 

I?m following Adams tut and I?m stuck on the forum section.  When I?m login and click on a topic in my forum, I get this response? ERROR: You do not exist in the system. I was wondering if ever got this response and if so, how did you fix it?

 

I would appreciate anything you could do to help me.

 

Thanks,

Scotty13

 

 

 

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.