whats this error?

justsomeguy · July 9, 2007

I can't see a situation where any value in the database (the access field) would determine whether or not you can connect to the database in the first place. It doesn't make any sense that the database would accept a connection or not when the only difference is one of the values in the database. The database doesn't know which value you're going to look at, so that can't affect whether or not you can connect in the first place.The only thing I can think of is that if register_globals is enabled, then logging in and creating a session variable might overwrite another variable you are using, for example the database user. Make sure that register_globals is disabled in php.ini, or if you have a local variable called $user that contains the database username, give it a different name.

shujjah · July 10, 2007

yes register_globals is OFF and there is no $user variable as u can see in the db_connect.php file

justsomeguy · July 10, 2007

So if you replace this:

<?phpsession_start();include('access.php');check_access(1);?><html><head></head><body>content of the page</body></html>

with this:

<?phpsession_start();include('access.php');check_access(0);?><html><head></head><body>content of the page</body></html>

Do you get different results? One time it connects to the database and one time it doesn't?

shujjah · July 11, 2007

yes then when i login with user with access 1 it takes a lot of time to load and the same error. and if i login with user access 0 it shows the content of the page. and if i cahnge check_access(0) to check_access() it works with both users.

justsomeguy · July 11, 2007

That's strange. I'll look into getting a backtrace of the code. Until then, replace this line:if ($row['access'] != func_get_arg($i)) // they don't have that accesswith this:if (intval($row['access']) !== intval(func_get_arg($i))) // they don't have that accessAlso, change any lines like this:include "db_connect.php";or this:include_once "db_connect.php";to this:require_once "db_connect.php";in all files. They should all use require_once. Try that first and tell me if you see anything different.

shujjah · July 11, 2007

nopes i changed all that and i tried it with check_access(1) in 1.php and the same results.

justsomeguy · July 11, 2007

OK, replace 1.php with this:

<?phpsession_start();include('access.php');check_access(1);debug_print_backtrace();?><html><head></head><body>content of the page</body></html>

shujjah · July 11, 2007

ok when i login with user with access 1 it shows content of the page ?> content of the page ? why two times content of the page and y a ?> between them?and when i login with user access 0i get the same error Warning: mysql_connect() [function.mysql-connect]: Can't connect to MySQL server on 'localhost' (10048) in D:\xampp\htdocs\db_connect.php on line 2Could not connect: Can't connect to MySQL server on 'localhost' (10048)?

justsomeguy · July 11, 2007

I realized I forgot to use require_once there instead of include, that should be require_once. Remove the debug_print_backtrace from 1.php, and add it to the end of the check_access function.

function check_access(){  //existing code  debug_print_backtrace();}

Also, give me the process when they log in. They load the login page, and submit the form which goes to checkpass.php, which requires the db_connect file and then redirects them to 1.php. 1.php then requires the access.php file, which requires the db_connect file and checks the user. Did I leave anything out?

shujjah · July 12, 2007

access.php

<?phpsession_start(); // start the sessionrequire_once"db_connect.php";function check_access(){  if(!isset($_SESSION['user'])){	  // the session is not set	  header("Location: login.php?error=" . rawurlencode("You are not logged in")); // take him/her to the login page  }  if ($result = @mysql_query('Select access From users Where username="' . $_SESSION['user'] . '"'))  {	if ($row = @mysql_fetch_assoc($result))	{	  for ($i = 0; $i < func_num_args(); $i++) // for each access level	  {		if (intval($row['access']) !== intval(func_get_arg($i))) // they don't have that access		  header("Location: login.php?error=" . rawurlencode("You don't have access for that page."));	  }	}	else // there was an error with mysql_fetch_assoc	  header("Location: login.php?error=" . rawurlencode("You don't have access for that page."));  }  else // there was an error with mysql_query	header("Location: login.php?error=" . rawurlencode("You don't have access for that page."));	debug_print_backtrace();}/*check_access(); //only check if they are logged incheck_access(1); //check for access level 1check_access(0, 1, 2); //check for either level 0, 1, or 2*/?>

ok now when i login with user access 1 i get this #0 check_access(1) called at [D:\xampp\htdocs\1.php:4] content of the pageand when with user with access 0 i get this after a lot of time i mean some 30 secs or soWarning: mysql_connect() [function.mysql-connect]: Can't connect to MySQL server on 'localhost' (10048) in D:\xampp\htdocs\db_connect.php on line 2Could not connect: Can't connect to MySQL server on 'localhost' (10048)the same old errorand yes they load the login form ( i mean me ) then on submitting the data goes to check_access.php which requires db_connect.php and then check the username etc then redirects 1.php which requies access.php which requires db_connect.php and checks the user access.

justsomeguy · July 13, 2007

Put this at the top of the check_access function:

print_r($GLOBALS);exit();

Make sure to view the source of the page and copy that, don't just copy what you see in the browser. It will be pretty long, but I need the output for both times when you try check_access.

shujjah · July 14, 2007

well when i open 1.php without logging in it used to redirect me to login.php but now it is showing this

then i opened login.php and logged in with user access 1 and it showed

then i logged out and logged in with user access 0 and i got this

and remember 1.php has this code

check_access(1);

shujjah · July 14, 2007

oh now i realised i have to view the source of the page so here it iswith user access 1 i get

Array(	[GLOBALS] => Array *RECURSION*	[_ENV] => Array		(			[ALLUSERSPROFILE] => C:\Documents and Settings\All Users			[CLASSPATH] => .;C:\Program Files\Java\j2re1.4.2_05\lib\ext\QTJava.zip			[CommonProgramFiles] => C:\Program Files\Common Files			[COMPUTERNAME] => BIGGI-4CEC5976D			[ComSpec] => C:\WINDOWS\system32\cmd.exe			[FP_NO_HOST_CHECK] => NO			[NUMBER_OF_PROCESSORS] => 1			[OS] => Windows_NT			[Path] => C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\			[PATHEXT] => .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH			[PROCESSOR_ARCHITECTURE] => x86			[PROCESSOR_IDENTIFIER] => x86 Family 15 Model 4 Stepping 1, GenuineIntel			[PROCESSOR_LEVEL] => 15			[PROCESSOR_REVISION] => 0401			[ProgramFiles] => C:\Program Files			[QTJAVA] => C:\Program Files\Java\j2re1.4.2_05\lib\ext\QTJava.zip			[SystemDrive] => C:			[SystemRoot] => C:\WINDOWS			[TEMP] => C:\WINDOWS\TEMP			[TMP] => C:\WINDOWS\TEMP			[USERPROFILE] => C:\Documents and Settings\LocalService			[windir] => C:\WINDOWS			[AP_PARENT_PID] => 1420		)	[HTTP_ENV_VARS] => Array		(			[ALLUSERSPROFILE] => C:\Documents and Settings\All Users			[CLASSPATH] => .;C:\Program Files\Java\j2re1.4.2_05\lib\ext\QTJava.zip			[CommonProgramFiles] => C:\Program Files\Common Files			[COMPUTERNAME] => BIGGI-4CEC5976D			[ComSpec] => C:\WINDOWS\system32\cmd.exe			[FP_NO_HOST_CHECK] => NO			[NUMBER_OF_PROCESSORS] => 1			[OS] => Windows_NT			[Path] => C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\			[PATHEXT] => .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH			[PROCESSOR_ARCHITECTURE] => x86			[PROCESSOR_IDENTIFIER] => x86 Family 15 Model 4 Stepping 1, GenuineIntel			[PROCESSOR_LEVEL] => 15			[PROCESSOR_REVISION] => 0401			[ProgramFiles] => C:\Program Files			[QTJAVA] => C:\Program Files\Java\j2re1.4.2_05\lib\ext\QTJava.zip			[SystemDrive] => C:			[SystemRoot] => C:\WINDOWS			[TEMP] => C:\WINDOWS\TEMP			[TMP] => C:\WINDOWS\TEMP			[USERPROFILE] => C:\Documents and Settings\LocalService			[windir] => C:\WINDOWS			[AP_PARENT_PID] => 1420		)	[_POST] => Array		(		)	[HTTP_POST_VARS] => Array		(		)	[_GET] => Array		(		)	[HTTP_GET_VARS] => Array		(		)	[_COOKIE] => Array		(			[PHPSESSID] => 536dc7f9dbdabe5ce52d7340f4730857		)	[HTTP_COOKIE_VARS] => Array		(			[PHPSESSID] => 536dc7f9dbdabe5ce52d7340f4730857		)	[_SERVER] => Array		(			[AuthDigestEnableQueryStringHack] => On			[HTTP_ACCEPT] => image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*			[HTTP_REFERER] => http://localhost/login.php			[HTTP_ACCEPT_LANGUAGE] => en-us			[HTTP_ACCEPT_ENCODING] => gzip, deflate			[HTTP_USER_AGENT] => Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)			[HTTP_HOST] => localhost			[HTTP_CONNECTION] => Keep-Alive			[HTTP_CACHE_CONTROL] => no-cache			[HTTP_COOKIE] => PHPSESSID=536dc7f9dbdabe5ce52d7340f4730857			[PATH] => C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\			[SystemRoot] => C:\WINDOWS			[COMSPEC] => C:\WINDOWS\system32\cmd.exe			[PATHEXT] => .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH			[WINDIR] => C:\WINDOWS			[SERVER_SIGNATURE] => <address>Apache/2.2.4 (Win32) DAV/2 mod_ssl/2.2.4 OpenSSL/0.9.8e mod_autoindex_color PHP/5.2.2 Server at localhost Port 80</address>			[SERVER_SOFTWARE] => Apache/2.2.4 (Win32) DAV/2 mod_ssl/2.2.4 OpenSSL/0.9.8e mod_autoindex_color PHP/5.2.2			[SERVER_NAME] => localhost			[SERVER_ADDR] => 127.0.0.1			[SERVER_PORT] => 80			[REMOTE_ADDR] => 127.0.0.1			[DOCUMENT_ROOT] => D:/xampp/htdocs			[SERVER_ADMIN] => admin@localhost			[SCRIPT_FILENAME] => D:/xampp/htdocs/1.php			[REMOTE_PORT] => 1149			[GATEWAY_INTERFACE] => CGI/1.1			[SERVER_PROTOCOL] => HTTP/1.1			[REQUEST_METHOD] => GET			[QUERY_STRING] => 			[REQUEST_URI] => /1.php			[SCRIPT_NAME] => /1.php			[PHP_SELF] => /1.php			[REQUEST_TIME] => 1184409834			[argv] => Array				(				)			[argc] => 0		)	[HTTP_SERVER_VARS] => Array		(			[AuthDigestEnableQueryStringHack] => On			[HTTP_ACCEPT] => image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*			[HTTP_REFERER] => http://localhost/login.php			[HTTP_ACCEPT_LANGUAGE] => en-us			[HTTP_ACCEPT_ENCODING] => gzip, deflate			[HTTP_USER_AGENT] => Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)			[HTTP_HOST] => localhost			[HTTP_CONNECTION] => Keep-Alive			[HTTP_CACHE_CONTROL] => no-cache			[HTTP_COOKIE] => PHPSESSID=536dc7f9dbdabe5ce52d7340f4730857			[PATH] => C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\			[SystemRoot] => C:\WINDOWS			[COMSPEC] => C:\WINDOWS\system32\cmd.exe			[PATHEXT] => .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH			[WINDIR] => C:\WINDOWS			[SERVER_SIGNATURE] => <address>Apache/2.2.4 (Win32) DAV/2 mod_ssl/2.2.4 OpenSSL/0.9.8e mod_autoindex_color PHP/5.2.2 Server at localhost Port 80</address>			[SERVER_SOFTWARE] => Apache/2.2.4 (Win32) DAV/2 mod_ssl/2.2.4 OpenSSL/0.9.8e mod_autoindex_color PHP/5.2.2			[SERVER_NAME] => localhost			[SERVER_ADDR] => 127.0.0.1			[SERVER_PORT] => 80			[REMOTE_ADDR] => 127.0.0.1			[DOCUMENT_ROOT] => D:/xampp/htdocs			[SERVER_ADMIN] => admin@localhost			[SCRIPT_FILENAME] => D:/xampp/htdocs/1.php			[REMOTE_PORT] => 1149			[GATEWAY_INTERFACE] => CGI/1.1			[SERVER_PROTOCOL] => HTTP/1.1			[REQUEST_METHOD] => GET			[QUERY_STRING] => 			[REQUEST_URI] => /1.php			[SCRIPT_NAME] => /1.php			[PHP_SELF] => /1.php			[REQUEST_TIME] => 1184409834			[argv] => Array				(				)			[argc] => 0		)	[_FILES] => Array		(		)	[HTTP_POST_FILES] => Array		(		)	[_REQUEST] => Array		(			[PHPSESSID] => 536dc7f9dbdabe5ce52d7340f4730857		)	[HTTP_SESSION_VARS] => Array		(			[user] => SpEeDyZ		)	[_SESSION] => Array		(			[user] => SpEeDyZ		)	[con] => Resource id #4	[dbselect] => 1)

and with user access 0

Array(	[GLOBALS] => Array *RECURSION*	[_ENV] => Array		(			[ALLUSERSPROFILE] => C:\Documents and Settings\All Users			[CLASSPATH] => .;C:\Program Files\Java\j2re1.4.2_05\lib\ext\QTJava.zip			[CommonProgramFiles] => C:\Program Files\Common Files			[COMPUTERNAME] => BIGGI-4CEC5976D			[ComSpec] => C:\WINDOWS\system32\cmd.exe			[FP_NO_HOST_CHECK] => NO			[NUMBER_OF_PROCESSORS] => 1			[OS] => Windows_NT			[Path] => C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\			[PATHEXT] => .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH			[PROCESSOR_ARCHITECTURE] => x86			[PROCESSOR_IDENTIFIER] => x86 Family 15 Model 4 Stepping 1, GenuineIntel			[PROCESSOR_LEVEL] => 15			[PROCESSOR_REVISION] => 0401			[ProgramFiles] => C:\Program Files			[QTJAVA] => C:\Program Files\Java\j2re1.4.2_05\lib\ext\QTJava.zip			[SystemDrive] => C:			[SystemRoot] => C:\WINDOWS			[TEMP] => C:\WINDOWS\TEMP			[TMP] => C:\WINDOWS\TEMP			[USERPROFILE] => C:\Documents and Settings\LocalService			[windir] => C:\WINDOWS			[AP_PARENT_PID] => 1420		)	[HTTP_ENV_VARS] => Array		(			[ALLUSERSPROFILE] => C:\Documents and Settings\All Users			[CLASSPATH] => .;C:\Program Files\Java\j2re1.4.2_05\lib\ext\QTJava.zip			[CommonProgramFiles] => C:\Program Files\Common Files			[COMPUTERNAME] => BIGGI-4CEC5976D			[ComSpec] => C:\WINDOWS\system32\cmd.exe			[FP_NO_HOST_CHECK] => NO			[NUMBER_OF_PROCESSORS] => 1			[OS] => Windows_NT			[Path] => C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\			[PATHEXT] => .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH			[PROCESSOR_ARCHITECTURE] => x86			[PROCESSOR_IDENTIFIER] => x86 Family 15 Model 4 Stepping 1, GenuineIntel			[PROCESSOR_LEVEL] => 15			[PROCESSOR_REVISION] => 0401			[ProgramFiles] => C:\Program Files			[QTJAVA] => C:\Program Files\Java\j2re1.4.2_05\lib\ext\QTJava.zip			[SystemDrive] => C:			[SystemRoot] => C:\WINDOWS			[TEMP] => C:\WINDOWS\TEMP			[TMP] => C:\WINDOWS\TEMP			[USERPROFILE] => C:\Documents and Settings\LocalService			[windir] => C:\WINDOWS			[AP_PARENT_PID] => 1420		)	[_POST] => Array		(		)	[HTTP_POST_VARS] => Array		(		)	[_GET] => Array		(		)	[HTTP_GET_VARS] => Array		(		)	[_COOKIE] => Array		(			[PHPSESSID] => 536dc7f9dbdabe5ce52d7340f4730857		)	[HTTP_COOKIE_VARS] => Array		(			[PHPSESSID] => 536dc7f9dbdabe5ce52d7340f4730857		)	[_SERVER] => Array		(			[AuthDigestEnableQueryStringHack] => On			[HTTP_ACCEPT] => image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*			[HTTP_REFERER] => http://localhost/login.php			[HTTP_ACCEPT_LANGUAGE] => en-us			[HTTP_ACCEPT_ENCODING] => gzip, deflate			[HTTP_USER_AGENT] => Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)			[HTTP_HOST] => localhost			[HTTP_CONNECTION] => Keep-Alive			[HTTP_CACHE_CONTROL] => no-cache			[HTTP_COOKIE] => PHPSESSID=536dc7f9dbdabe5ce52d7340f4730857			[PATH] => C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\			[SystemRoot] => C:\WINDOWS			[COMSPEC] => C:\WINDOWS\system32\cmd.exe			[PATHEXT] => .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH			[WINDIR] => C:\WINDOWS			[SERVER_SIGNATURE] => <address>Apache/2.2.4 (Win32) DAV/2 mod_ssl/2.2.4 OpenSSL/0.9.8e mod_autoindex_color PHP/5.2.2 Server at localhost Port 80</address>			[SERVER_SOFTWARE] => Apache/2.2.4 (Win32) DAV/2 mod_ssl/2.2.4 OpenSSL/0.9.8e mod_autoindex_color PHP/5.2.2			[SERVER_NAME] => localhost			[SERVER_ADDR] => 127.0.0.1			[SERVER_PORT] => 80			[REMOTE_ADDR] => 127.0.0.1			[DOCUMENT_ROOT] => D:/xampp/htdocs			[SERVER_ADMIN] => admin@localhost			[SCRIPT_FILENAME] => D:/xampp/htdocs/1.php			[REMOTE_PORT] => 1153			[GATEWAY_INTERFACE] => CGI/1.1			[SERVER_PROTOCOL] => HTTP/1.1			[REQUEST_METHOD] => GET			[QUERY_STRING] => 			[REQUEST_URI] => /1.php			[SCRIPT_NAME] => /1.php			[PHP_SELF] => /1.php			[REQUEST_TIME] => 1184409867			[argv] => Array				(				)			[argc] => 0		)	[HTTP_SERVER_VARS] => Array		(			[AuthDigestEnableQueryStringHack] => On			[HTTP_ACCEPT] => image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*			[HTTP_REFERER] => http://localhost/login.php			[HTTP_ACCEPT_LANGUAGE] => en-us			[HTTP_ACCEPT_ENCODING] => gzip, deflate			[HTTP_USER_AGENT] => Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)			[HTTP_HOST] => localhost			[HTTP_CONNECTION] => Keep-Alive			[HTTP_CACHE_CONTROL] => no-cache			[HTTP_COOKIE] => PHPSESSID=536dc7f9dbdabe5ce52d7340f4730857			[PATH] => C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\			[SystemRoot] => C:\WINDOWS			[COMSPEC] => C:\WINDOWS\system32\cmd.exe			[PATHEXT] => .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH			[WINDIR] => C:\WINDOWS			[SERVER_SIGNATURE] => <address>Apache/2.2.4 (Win32) DAV/2 mod_ssl/2.2.4 OpenSSL/0.9.8e mod_autoindex_color PHP/5.2.2 Server at localhost Port 80</address>			[SERVER_SOFTWARE] => Apache/2.2.4 (Win32) DAV/2 mod_ssl/2.2.4 OpenSSL/0.9.8e mod_autoindex_color PHP/5.2.2			[SERVER_NAME] => localhost			[SERVER_ADDR] => 127.0.0.1			[SERVER_PORT] => 80			[REMOTE_ADDR] => 127.0.0.1			[DOCUMENT_ROOT] => D:/xampp/htdocs			[SERVER_ADMIN] => admin@localhost			[SCRIPT_FILENAME] => D:/xampp/htdocs/1.php			[REMOTE_PORT] => 1153			[GATEWAY_INTERFACE] => CGI/1.1			[SERVER_PROTOCOL] => HTTP/1.1			[REQUEST_METHOD] => GET			[QUERY_STRING] => 			[REQUEST_URI] => /1.php			[SCRIPT_NAME] => /1.php			[PHP_SELF] => /1.php			[REQUEST_TIME] => 1184409867			[argv] => Array				(				)			[argc] => 0		)	[_FILES] => Array		(		)	[HTTP_POST_FILES] => Array		(		)	[_REQUEST] => Array		(			[PHPSESSID] => 536dc7f9dbdabe5ce52d7340f4730857		)	[HTTP_SESSION_VARS] => Array		(			[user] => Shujjah		)	[_SESSION] => Array		(			[user] => Shujjah		)	[con] => Resource id #4	[dbselect] => 1)

now what?

justsomeguy · July 14, 2007

Both of them look the same, both of them have a $con variable that is a connection resource. Run this on another machine and see if it does the same thing, I can't see anything in the code that would mysql_connect to fail. If you want, send me a PM with the code for every file, and I also need a database dump. You can export the database through phpMyAdmin by clicking Export and then making sure all the tables are selected (there is a Select All link).

shujjah · July 14, 2007

ok i have sent the pm with all the files and the link to the database now u can post me the error here or my pm

justsomeguy · July 14, 2007

OK, I've found what the problem is. It doesn't have anything to do with MySQL, so that's why this was confusing.The check_access function will redirect the user to login.php if they don't have access. When it does that it sets an error variable in the querystring. The login page has code in it to check if the session is already set and, if so, redirect the user to 1.php. So if someone logs in without access they get their password checked, the session is set, and they get redirected to 1.php. That runs the check_access function which finds that they don't have access and redirects them to login.php. The code on login.php sees that the session is set and sends them to 1.php, which runs check_access and it starts over again. So it was basically an infinite loop of redirecting between login.php and 1.php, and apparently somewhere along the line MySQL just decided to say that was enough.If you change your login.php to this it should work fine:

<?phpsession_start();if (isset($_GET['error'])){  unset($_SESSION['user']);  echo "<div style=\"color: red; font-weight: bold;\">" . stripslashes($_GET['error']) . "</div>";}elseif (isset($_SESSION['user'])){  header("Location: 1.php");  exit();}?><form method='POST' action='checkpass.php'>Username: <input type='text' name='username' maxLength='8' length='16'><br/>Password: <input type='password' name='password' length='16'><br/><input type='submit' value='Login'></form><p><a href='signup.php'>Signup</a></p>

shujjah · July 15, 2007

yeah now it works thnkx :)so now finally the user script is done again thnkx to u and now its up to the news and reviews scripts which will i m sure bring lots more error :)ok but first lets revise the databse for it u said that it shud be

users  id			int   autonumber	primary key  username	  varchar(20)  email		 varchar(100)  password	  varchar(40)news  id			int   autonumber	primary key  title		 varchar(200)  body		  text  date_added	int  author		intreviews  id			int autonumber	  primary key  title		 varchar(200)  body		  text  date_added	int  author		int

but now what i want to add is that i want a genre field for the reviews and a platform field for the reviews and a gameplay rating, graphics rating, overall etc which the the person who adds the reviews will decide and i also want a validate field for both the news and reviews and also i have some questions that how will the author field work i mean in that field will be the name of the user and i will use session user to get that name? and also how will the date field work?and i also want to have a picture for each review and news so how will i have that?

justsomeguy · July 15, 2007

OK, work on one of them at a time. It sounds like you want to do the reviews first. Add all the fields you want to the reviews table, the genre and platform fields can be varchar, and all of the rating fields should either be integer or float depending on whether you want the ratings to be whole numbers or decimals. The validate field only needs to be a tinyint of length 1. The author field is an integer field, it stores the id field from the users table. So if you look at the info in your database, you'll see an id column on the users table that holds an autonumber. Store that number for the user in the author field for the reviews table. If you want, when you check the password you can also store the id in the session, that way you don't have to look it up again later on. For the dates, use the time() function to generate a timestamp, the timestamp will just be a number that you can store in the database. When you want to display the time on the page, you can use the getdate function to get all the parts. I also wrote this function for myself to convert a timestamp into a date/time string:

################################################################ make_datestr#  $timest - the unix timestamp to format##  this function formats a unix timestamp as a date/time string###############################################################function make_datestr($timest){  $dateobj = getdate($timest);  if ($dateobj['mon'] < 10)	$mon = "0" . $dateobj['mon'];  else	$mon = $dateobj['mon'];  if ($dateobj['mday'] < 10)	$mday = "0" . $dateobj['mday'];  else	$mday = $dateobj['mday'];  $year = $dateobj['year'] % 2000;  if ($year < 10)	$year = "0" . $year;    if ($dateobj['hours'] == 0 && $dateobj['minutes'] == 0)	$timestr = "";  else  {	$hour = $dateobj['hours'];	if ($hour == 0)	  $hour = 12;	if ($hour > 12)	  $hour = $hour - 12;	if ($hour < 10)	  $hour = "0" . $hour;	if ($dateobj['minutes'] < 10)	  $mins = "0" . $dateobj['minutes'];	else	  $mins = $dateobj['minutes'];	if ($dateobj['seconds'] < 10)	  $secs = "0" . $dateobj['seconds'];	else	  $secs = $dateobj['seconds'];	if ($dateobj['hours'] > 11)	  $ampm = "pm";	else	  $ampm = "am";	  $timestr = " $hour:$mins{$ampm}";  }  return "$mon-$mday-$year{$timestr}";}

You might want to start putting all the custom functions in one file that you can include on every page to give you access to the different functions you're using.As for the images, just have a filename field in the reviews table that is a varchar. When someone uploads an image, you would move it to a certain folder, rename it if the file already exists, and then save the filename of the uploaded image in the database. Then on the reviews page you would just have PHP create an HTML img tag with the link to the image for the review.

shujjah · July 16, 2007

can u explain me the script u posted plz? coz i cant understand it.

justsomeguy · July 16, 2007

It's just a function that uses getdate to format a timestamp. It takes the timestamp and gets the month, day, year, hour, minutes, and seconds and formats them into a string that people can read. The format of the string is on the last line of the function.

shujjah · July 18, 2007

The reason y i am not starting is that i m confused about the author,date and especially the image. I know i will need 3 scripts may be four.One will be addreview.php which will contain the form to add the review and once it has been filled it wil enter that info into the datase. but i dont know how to do that author,date and image thing thats y i cant start coz i have to include the image upload option in the form and i dont know how to do that i mean how to upload it to a folder and then save the file name in the db. may be i can do the form in one script and the processing in the other script so this makes it two scripts. then on the index i will just show the latest 5 reviews so thats the third script. and fourth will be review.php which will contain all the reviews. then will come the last script readreview.php ( or something like that ) which will open the php. so plz can u help me about the author,date and especially the image thing? Please :)ANd one last thing in all the tutorials i have read about news system all of them have the date field either as a datestamp or soemthing like that and its not a int field so?

justsomeguy · July 18, 2007

ANd one last thing in all the tutorials i have read about news system all of them have the date field either as a datestamp or soemthing like that and its not a int field so?

Everyone else is wrong! You can use a datestamp if you want, but you won't have any problems using an int. The way my mind thinks, anything that can be done with a datestamp I can do with an integer timestamp easier. It's just what you're used to, if you're used to a datestamp then use a datestamp.To handle file uploads, read these sections:http://www.php.net/manual/en/features.file-upload.php http://www.php.net/manual/en/function.move-uploaded-file.phpThe author ID you can get from the database. It's easiest to save the user ID in the session when they log in. So in addition to saving $_SESSION['user'], also save the id field from the database in $_SESSION['id']. Then when you insert the review you use $_SESSION['id'] for the author field. For the date field, use the time function, which will give you a timestamp with both the date and time.

$date = time();

You can verify for yourself with the function I pasted above.

echo make_datestr(time());

shujjah · July 18, 2007

so for the author i will add this code to checkpass.php

<?php		session_start();		require_once "db_connect.php";// code 1 will go here		$_POST['username'] = addslashes($_POST['username']); // protects against SQL injection		$_POST['password'] = addslashes($_POST['password']); // same ^^		$password = md5($_POST['password']); // encrypt the password		$userrow = mysql_query("SELECT * FROM `users` ". "WHERE `username` = '" . $_POST['username'] . "'". " AND `password` = '" . $password . "';",$con);if (!$userrow)  {  die('Could not connect: ' . mysql_error());  }		if(mysql_num_rows($userrow) != "1"){				// no rows found, wrong password or username				echo "<font color='red'><b>Wrong username or password!</b></font>";				include "login.php";		} else {				// 1 row found exactly, we have the user!				$_SESSION['user'] = $_POST['username'];				// code two will go here				header("Location: 1.php");		}?>

and this is what i will add ?

//code 1 $userid = mysql_query("SELECT * FROM `users` 'id' '". "WHERE `username` = '" . $_POST['username'] . "';",$con);

and this code

//code 2$_SESSION['id'] = $userid;

so is this the right code that i shud be using?

justsomeguy · July 18, 2007

No, that's not valid SQL code. You just added the name of the field after the table name, that doesn't work. You don't need to edit the SQL statement, you're already getting everything about the user (that's what select * means). If you only want to get the fields you need, you can do this:

		$userrow = mysql_query("SELECT id FROM `users` ". "WHERE `username` = '" . $_POST['username'] . "'". " AND `password` = '" . $password . "';",$con);

This is how you save the id field in the session:$_SESSION['id'] = $userrow['id'];

shujjah · July 18, 2007

ah so i only use this code $_SESSION['id'] = $userrow['id']; thnkx a lot.now again some stupid questions but i m a newbie .Ok in the add review form i will also add to field to upload the image. Then in the script that processes the form there will be code to validate the fields and enter the data ( title etc ) into the databse. And in the same script i will also add the code which will upload the image ( the link u gave me the code in that ) and will move in into a certain folder and will save its name and add it to the database?

whats this error?

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Archived

Announcements