PDA

View Full Version : A problem with my session script


dreamer
May 1st, 2004, 07:25 AM
Well this is what i got:

login.html > checkuser.php > post.html > post.php
What happens is that a user logins in and it will give them a session (it writes the username, firstname and lastname of the user).

Then they gets to post.html. they fill in the fields and submit. the information is sent to post.php. If they havn't logged in it will give them a message, if they have the message is recorded into a mysql database. I'm only having problems with the post.php file. I think i am callin the session in wrong.

hope you can help.



<?
session_start();
header("Cache-control: private");

if($_SESSION['user_name'] || $_SESSION['first_name'] || $_SESSION['last_name']){
echo "You must login to post! If you do not have an account you may register it for free!";
include 'login.html';
include 'register.html';
exit();
}

include 'db.php';

$title = $_POST['title'];
$url = $_POST['url'];
$message = $_POST['message'];
$username = $_SESSION['user_name']
$firstname = $_SESSION['first_name']
$lastname = $_SESSION['last_name']

$title = stripslashes($title);
$url = stripslashes($url);
$message = stripslashes($message);

if((!$title) || (!$url) || (!$message) || (!$username) || (!$firstname) || (!$lastname)){
echo 'You did not submit the following required information! <br />';
if(!$title){
echo "Message Title is a required field. Please enter it below.<br />";
}
if(!$url){
echo "Url is a required field. Please enter it below.<br />";
}
if(!$message){
echo "Message is a required field. Please enter it below.<br />";
}
if(!$username){
echo "There was an error in recording your username. Please Login!<br />";
}
if(!$firstname){
echo "There was an error in recording your first name. Please Login!<br />";
}
if(!$lastname){
echo "There was an error in recording your last name. Please Login!<br />";
}
include 'post.html';
exit();
}

$sql = mysql_query("INSERT INTO public (title, url, message, username, firstname, lastname, postdate)
VALUES('$title', '$url', '$message', '$username', '$first_name', '$last_name', now())")
?>


Thanks for your help.
T-O
May 1st, 2004, 08:05 AM
your write frist you need to call the session...


// let's say you have a var called username and you want to trun it into a session.
$username = "yourName";
// there are loads of ways you could make a But i like using session_register function.
// It is used thusly.
session_register(username);
// Now you have made the var "username" into a session.
// Now you can use it.
$username2 = $_SESSION['username'];
echo "$username2";
// this would return. yourName.
also i've browsed throu your script it's missing some ";"
dreamer
May 1st, 2004, 08:54 AM
but i did. in the checkuser.php file i have:



session_register('first_name');
$_SESSION['first_name'] = $first_name;
session_register('last_name');
$_SESSION['last_name'] = $last_name;
session_register('email_address');
$_SESSION['email_address'] = $email_address;
session_register('special_user');
$_SESSION['user_level'] = $user_level;
session_register('user_name');
$_SESSION['username'] = $username;
dreamer
May 1st, 2004, 08:58 AM
here is my updated script. I added the else function. I don't think a if statement will work inside another statement.



<?
session_start();
header("Cache-control: private");

if($_SESSION['user_name'] || $_SESSION['first_name'] || $_SESSION['last_name']){
echo "You must login to post! If you do not have an account you may register it for free!";
include 'login.html';
include 'register.html';
exit();
}

else {
include 'db.php';

$title = $_POST['title'];
$url = $_POST['url'];
$message = $_POST['message'];
$username = $_SESSION['user_name'];
$firstname = $_SESSION['first_name'];
$lastname = $_SESSION['last_name'];

$title = stripslashes($title);
$url = stripslashes($url);
$message = stripslashes($message);

if((!$title) || (!$url) || (!$message) || (!$username) || (!$firstname) || (!$lastname)){
echo 'You did not submit the following required information! <br />';
if(!$title){
echo "Message Title is a required field. Please enter it below.<br />";
}
if(!$url){
echo "Url is a required field. Please enter it below.<br />";
}
if(!$message){
echo "Message is a required field. Please enter it below.<br />";
}
if(!$username){
echo "There was an error in recording your username. Please Login!<br />";
}
if(!$firstname){
echo "There was an error in recording your first name. Please Login!<br />";
}
if(!$lastname){
echo "There was an error in recording your last name. Please Login!<br />";
}
include 'post.html';
exit();
}

$sql = mysql_query("INSERT INTO public (title, url, message, username, firstname, lastname, postdate)
VALUES('$title', '$url', '$message', '$username', '$first_name', '$last_name', now())")
}
?>
dreamer
May 1st, 2004, 09:05 AM
ahh ok. i didn't see that! lol thanks for pointing out.

however, there is a different problem. when you login it writes the session with the values given. however when you go to a different page it doesn't work anymore. How do you keep the session opn on all pages until the session is killed?

I added this to everypage i want to session to be ketp:


session_start();
header("Cache-control: private");


but it still doesn't work.
dreamer
May 1st, 2004, 09:08 AM
O WAIT. the session is still there i did a test!

thats odd... how would you write the IF command to check with there is a session?

As is... once they login the session records the username etc. and when checking, it will check if there is a session present with a username. if not then the message appears.
dreamer
May 1st, 2004, 09:41 AM
ok thanks. all working.

But now i added on a else script so that if the visitor isn't logged in, it wont give all those error messages. But i don't know how to put a command inside a command. check it out:



<?
session_start();
header("Cache-control: private");

if((!$_SESSION['user_name'] === "") || (!$_SESSION['first_name'] === "") || (!$_SESSION['last_name'] === "")){
echo "You must login to post! If you do not have an account you may register it for free!";
include 'login.html';
include 'signup.html';
exit();
}

else{
include 'db.php';

$title = $_POST['title'];
$url = $_POST['url'];
$message = $_POST['message'];
$username = $_SESSION['user_name'];
$firstname = $_SESSION['first_name'];
$lastname = $_SESSION['last_name'];

$title = stripslashes($title);
$url = stripslashes($url);
$message = stripslashes($message);

if((!$title) || (!$url) || (!$message) || (!$username) || (!$firstname) || (!$lastname)){
echo 'You did not submit the following required information! <br />';
if(!$title){
echo "Message Title is a required field. Please enter it below.<br />";
}
if(!$url){
echo "Url is a required field. Please enter it below.<br />";
}
if(!$message){
echo "Message is a required field. Please enter it below.<br />";
}
if(!$username){
echo "There was an error in recording your username. Please Login!<br />";
}
if(!$firstname){
echo "There was an error in recording your first name. Please Login!<br />";
}
if(!$lastname){
echo "There was an error in recording your last name. Please Login!<br />";
}
include 'post.html';
exit();
}

$sql = mysql_query("INSERT INTO public (title, url, message, username, firstname, lastname, postdate)
VALUES('$title', '$url', '$message', '$username', '$firstname', '$lastname', 'now()')")
}
?>


thanks again!