9 Replies - 918 Views - Last Post: 07 April 2011 - 12:54 PM Rate Topic: -----

#1 amrelewa  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 20
  • Joined: 29-March 11

PHP problems .. please help!

Posted 06 April 2011 - 03:20 PM

I am almost done with a website. I have some problems that I collected to solve all of them one time at the end. I solved some of them but I still have other problems that I couldn't solve. The following are technical brief about the website, some useful details, and the problems that I am facing.

Brief about the website
This is a website were users signup for simple accounts then create groups to invite their friends to join created groups.

Databases
There are two databases. The first is called "USERS" and it is for users details. The second is called "GROUPS" and it is for groups details.

Languages
I am using html and php.

Problems
1) Secure accounts and logout is not working.
I tried to secure accounts that created by users and the logout process, but it is not working. When I logout from my account, and type the success login url, it direct me to my profile without asking me to login. I used the following php script in every single account page that I created, in order to secure the accounts page. The first script I used in the top of the page, and the second I used in the bottom of the page.

First script
<?php 
require_once ('verify.php'); 
$page_title = 'YOUR PAGE TITLE GOES HERE';
ob_start();
session_start();
if (!isset($page_title)) {
	$page_title = 'User Registration';
}
if (!isset($_SESSION['firstname'])) {
	$url = BASE_URL . ''; 

	ob_end_clean();

	header("Location: $url");

	exit(); // Quit the script.
}
?>

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Second script
<?php 
ob_end_flush();
?>



2) php if statement that direct to pages is not working.
I used a strategy in order to direct users to the right pages. For examples, when users signup, they are not required to add their bank account information. But after they signup, they have to add their bank account information, in order to create a group. So when the user login for the first time, a php page include if/else statement that say if the user did not added his bank account info, direct him to a specific page. The statements are not working and I think there is something wrong with it. The following is an example of if/else statement that I am using.

<?php 
include 'db.php';

$sql = mysql_query("SELECT * FROM users");

$account_type= 'account_type';
$account_owner_name= 'account_owner_name';
$account_routing_number= 'account_routing_number';
$account_number= 'account_number';
$Shares= 'shares';
$rows= mysql_fetch_assoc($sql);

if ($rows[$account_type] == "Checking" && $rows[$Shares] == "1")
  include 'account_bank_group.php';
elseif ($rows[$account_type] == "Saving" && $rows[$Shares] == "1")
  include 'account_bank_group.php';
elseif ($rows[$account_type] == "Checking" && $rows[$Shares] != "1")
  include 'account_bank.php';
elseif ($rows[$account_type] == "Saving" && $rows[$Shares] != "1")
  include 'account_bank.php';
else 
  include 'account.php';
?> 



3) conflict in view settings.
In each account, there is settings page. This settings whether "view" or "edit view" data. If the user already input his information, so that page will view this info. I created two accounts on the website. I didn't save any extra information in the second account beside the signup required details. But when I login, and click on settings, it view extra information for the first account. So there is a kind of conflict. Below is the code of this page (settings view page)

<?php 
require_once ('verify.php'); 
$page_title = 'YOUR PAGE TITLE GOES HERE';

ob_start();
session_start();

if (!isset($page_title)) {
	$page_title = 'User Registration';
}
if (!isset($_SESSION['firstname'])) {
	$url = BASE_URL . ''; 
	ob_end_clean();
	header("Location: $url");
	exit(); 
}
?>

<html>
<head>
<title></title>
<meta />
<meta / >
<link rel="stylesheet" type="text/css" href="mystyle.css" /> 
</head>

<body>
<div id="container">
    <div id="header">
        <div id="logo"></div>
    </div>
<div calss="hr"><hr /></div>
<div id="incontainer">

<!-- Beginning of Content -->
<? session_start();?>
<div style="float:right">
<a href="login_success.php">Home</a> &nbsp; <a href="settings.php">Settings</a> &nbsp; <?php echo "<a href=logout.php>Logout</a>"; ?>
</div>
<h2>Account Settings</h2>

 <?php
include 'db.php';

$sql = mysql_query("SELECT * FROM users");

$firstname= 'firstname';
$lastname= 'lastname';
$email= 'email';
$birthday= 'birthday';
$gender= 'gender';
$password= 'password';
$user_level= 'user_level';
$account_type= 'account_type';
$account_owner_name= 'account_owner_name';
$account_routing_number= 'account_routing_number';
$account_number= 'account_number';
$rows= mysql_fetch_assoc($sql);

echo "<table width='650' height='151'>";
  echo "<tr>";
    echo "<td width='128' height='26'><p>Legal Name:</p></td>";
    echo "<td colspan='2'><p>$rows[$firstname] $rows[$lastname]</p></td>";
    echo "</tr>";
  echo "<tr>";
    echo "<td width='128' height='26'><p>Birthday:</p></td>";
    echo "<td colspan='2'><p>$rows[$birthday]</p></td>";
    echo "</tr>";
  echo "<tr>";
    echo "<td width='128' height='26'><p>Gender:</p></td>";
    echo "<td colspan='2'><p>$rows[$gender]</p></td>";
    echo "</tr>";
  echo "<tr>";
    echo "<td height='26'><p>Email Address:</p></td>";
    echo "<td colspan='2'><p>$rows[$email]</p></td>";
    echo "</tr>";
  echo "<tr>";
    echo "<td height='20'><p>Bank Account:</p></td>";
    echo "<td width='176'><p>Account type</p></td>";
    echo "<td width='305'><p><em>$rows[$account_type]</em></p></td>";
 echo " </tr>";
  echo "<tr>";
    echo "<td height='21'>&nbsp;</td>";
    echo "<td><p>Account owner's name</p></td>";
    echo "<td><p><em>$rows[$account_owner_name]</em></p></td>";
  echo "</tr>";
  echo "<tr>";
    echo "<td height='22'>&nbsp;</td>";
    echo "<td><p>Account routing number</p></td>";
    echo "<td><p><em>$rows[$account_routing_number]</em></p></td>";
  echo "</tr>";
  echo "<tr>";
    echo "<td>&nbsp;</td>";
    echo "<td><p>Account number</p></td>";
    echo "<td><p><em>$rows[$account_number]</em></p></td>";
  echo "</tr>";
echo "</table>";

?>
<br />
<br /><div style="float:left"><a class="button_Up" href="settings_edit.php"><span>Edit</span></a></div>
<!-- End of Content -->
</div>
<footer>
    <div calss="hr"><hr />
    <a href="about">About  </a>-<a href="contact"> Contact </a>-<a href="#"> Privacy </a>-<a href="#"> Legal </a>-<a href="#"> Help </a>-<a href="#"> Career </a>
    <h3>Copyright © 1990-2011 Created by Amr Elewa</h3>
</footer>
</div>
</body>
</html>
<?php 
ob_end_flush();
?>



4) recover password button is not working.
The recover button in password recover page is not working. It is not responding when I click on it. I gave up to know why. The following is the script of this page.


<h2>Get New Password</h2>
<form name="form1" method="post" action="lostpw.php">
  <table width="500" height="100" border="0" cellspacing="0" cellpadding="">
    <tr> 
      <td><p>Please enter your email address:</td>
      <td><input name="email" class="rounded" type="text" id="email"></p></td>
    </tr>
    <tr>
      <td><input name="recover" type="hidden" id="recover" value="recover">
      <button><a type='submit' name="Submit" class="button"><span>Recover My Password!</span></a></button></td>
      <td></td>
    </tr>
  </table>
</form>
<!-- End of Content -->


--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Thanks so much guys for any help regarding any problem. Thats much appreciated.

MOD EDIT: After more than 10 posts, you would think you would know to USE CODE TAGS!!!

:code:

This post has been edited by JackOfAllTrades: 06 April 2011 - 03:30 PM
Reason for edit:: Added code tags


Is This A Good Question/Topic? 0
  • +

Replies To: PHP problems .. please help!

#2 Martyr2  Icon User is offline

  • Programming Theoretician
  • member icon

Reputation: 4334
  • View blog
  • Posts: 12,128
  • Joined: 18-April 07

Re: PHP problems .. please help!

Posted 06 April 2011 - 03:42 PM

Ok lets hammer out the first two real quick....

Problem 1...

ob_end_clean() and other ob functions are for the output buffer, that is, content sent to the user. It has nothing to do with sessions. You need to destroy the session if you wish to wipe it out (this is what you do to logout). Look up session_destroy().

Problem 2...

Your if statements here can be simplified greatly. Look at what you are asking..

if ($rows[$account_type] == "Checking" && $rows[$Shares] == "1")
  include 'account_bank_group.php';
elseif ($rows[$account_type] == "Saving" && $rows[$Shares] == "1")
  include 'account_bank_group.php';
elseif ($rows[$account_type] == "Checking" && $rows[$Shares] != "1")
  include 'account_bank.php';
elseif ($rows[$account_type] == "Saving" && $rows[$Shares] != "1")
  include 'account_bank.php';



is the same as saying...

if ($rows[$account_type] == "Checking" || $rows[$account_type] == "Saving") {
  if ($rows[$Shares] == "1") {
      include 'account_bank_group.php';
  }
  else {
      include 'account_bank.php';
  }
}



Right? The thing about this change is that your includes are only done once. It also simplifies the number of lines. So as far as your problem it could be in two places. The first is that you are including the same include files over and over again (check out include_once() vs include() vs require() vs require_once()). The second spot is that you are comparing the value of $rows[$Shares] to a string of 1 and not 1. This may be alright since PHP can juggle types, but be sure you are properly comparing values.

Try to hash those two problems out and then we can move onto the others. :)
Was This Post Helpful? 0
  • +
  • -

#3 amrelewa  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 20
  • Joined: 29-March 11

Re: PHP problems .. please help!

Posted 06 April 2011 - 04:07 PM

Regarding the first problem. I didn't code it by myself, since I don't know how to create this feature, and thats why there might be some contradictions. You suggest to look up for session_destroy() and rewrite it again from the beginning or I can make some modifications in the existed code? I am open to learn new php stuff :)

The second problem. You are actually right. But it even didn't work. Let me explain to you the login of this statement. After the user signup, s/he required to add their bank account information in order to create a group. So we have three conditions. First, the user didn't create or enroll in a group and their bank account not added yet. Second, the user didn't create or enroll in a group, but their bank account was added. Third, the user create or enroll in a group, and their bank account was added. I created for each condition a separate page that display relevant buttons and information to each condition. So, when the user login, I want to check which condition s/he applied in, to direct him/her to the write page. I made a little modification in the code that you provided, because you didn't add the third page in the if/else statement, but it didnt work too :( It direct me to the second condition while I supposed to be directed to the first condition. This is the code that I modified.

PLEASE USE CODE TAGS. WE SHOULDN'T NEED TO ADD THEM FOR YOU!!!!
if ($rows[$account_type] == "Checking" || $rows[$account_type] == "Saving")	{
  if ($rows[$Shares] == "1") {
      include 'account_bank_group.php';
  }
  else {
      include 'account_bank.php';
  }
}
  else {
	  include 'account.php';
	  }

This post has been edited by CTphpnwb: 06 April 2011 - 05:15 PM
Reason for edit:: CODE TAGS WERE MISSING

Was This Post Helpful? 0
  • +
  • -

#4 Martyr2  Icon User is offline

  • Programming Theoretician
  • member icon

Reputation: 4334
  • View blog
  • Posts: 12,128
  • Joined: 18-April 07

Re: PHP problems .. please help!

Posted 06 April 2011 - 04:33 PM

No I am not telling you to rewrite the first piece. I am just saying that you should call session_destroy() any time you want to "kick a user out of the session". So instead of cleaning the output buffer (ob_end_clean) just call session_destroy() and redirect the user back to the login screen. This should then cause any code you have on any of the other pages to look for the username session variable and not find it because you wiped it out.

As for the second problem, you made the correct edit. The next step is to make sure that your $rows[$account_type] is outputting the right value along with your $rows[$Shares]. If either of these are not what you think they are, it will cause you to skip past the first conditions.

Also remember that the value returned from the $rows[$Shares] variable may be a numerical 1 and you are comparing it to a string. PHP is pretty good at matching up data types, but if for some reason it is screwing this up you can also have a problem. So try comparisons like if ($rows[$Shares] == 1). Notice here we use just numerical 1 instead of "1".

:)
Was This Post Helpful? 0
  • +
  • -

#5 amrelewa  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 20
  • Joined: 29-March 11

Re: PHP problems .. please help!

Posted 06 April 2011 - 06:39 PM

Okay, I replaced "ob_end_clean()" with session_destroy() in the page where the user reach after they logged out in order to destroy the session. Unfortunately, it didnt work. There is something that might be helpful regarding this problem. The following is the script that I am using in the logout page. When the user click logout, I ask him/her if they are sure that they want to logout, and they they click yes or no. I destroyed the session in this script, but I don't know why it is not working.

<?

if(!isset($_REQUEST['logmeout'])){
	echo "<center><p>Are you sure you want to logout?</p></center><br />";
	echo "<center><a href=logout_yes.php>Yes</a> | <a href=javascript:history.back()>No</a>";
} else {
	session_destroy();
	if(!session_is_registered('firstname')){
		echo "<center><font color=red><strong>You are now logged out!</strong></font></center><br />";
		echo "<center><strong>Login:</strong></center><br />";
		include 'login.html';
	}
}
?>





Regarding the second problem. I realized that I had a problem in the database. I set the Shared field as "varchar", so it was empty when there are no shares. I changed it to "enum('0','1','2','3')" in order to make it numeric field (I hope that I made the right choice). But it didn't work too. I copied below my database. you might wanna take a look at it.
CREATE TABLE IF NOT EXISTS `users` (
  `userid` int(25) NOT NULL AUTO_INCREMENT,
  `firstname` varchar(25) NOT NULL DEFAULT '',
  `lastname` varchar(25) NOT NULL DEFAULT '',
  `email` varchar(25) NOT NULL DEFAULT '',
  `birthday` varchar(25) NOT NULL DEFAULT '',
  `gender` varchar(25) NOT NULL DEFAULT '',
  `password` varchar(255) NOT NULL DEFAULT '',
  `user_level` enum('0','1','2','3') NOT NULL DEFAULT '0',
  `signup_date` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
  `last_login` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
  `activated` enum('0','1') NOT NULL DEFAULT '0',
  `account_type` varchar(25) NOT NULL DEFAULT '',
  `account_owner_name` varchar(25) NOT NULL DEFAULT '',
  `account_routing_number` varchar(25) NOT NULL DEFAULT '',
  `account_number` varchar(25) NOT NULL DEFAULT '',
  `shares` enum('0','1','2','3') NOT NULL DEFAULT '0',
  PRIMARY KEY (`userid`)
) ENGINE=MyISAM  DEFAULT CHARSET=latin1 COMMENT='Membership Information' AUTO_INCREMENT=3 ;


MOD EDIT: Added code tags YET AGAIN!!!

This post has been edited by JackOfAllTrades: 06 April 2011 - 08:17 PM

Was This Post Helpful? 0
  • +
  • -

#6 JackOfAllTrades  Icon User is offline

  • Saucy!
  • member icon

Reputation: 6063
  • View blog
  • Posts: 23,517
  • Joined: 23-August 08

Re: PHP problems .. please help!

Posted 06 April 2011 - 08:18 PM

Listen, you now have 14 posts. You should NOT have to be told to USE CODE TAGS WHEN POSTING CODE!!!

:code:

If that's too complicated for you, then see the first link in my signature.
Was This Post Helpful? 1
  • +
  • -

#7 amrelewa  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 20
  • Joined: 29-March 11

Re: PHP problems .. please help!

Posted 07 April 2011 - 08:01 AM

Thanks for letting me know about this. I watched the video and I understand what you. I will make sure next time to use the code tags.
Was This Post Helpful? 0
  • +
  • -

#8 amrelewa  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 20
  • Joined: 29-March 11

Re: PHP problems .. please help!

Posted 07 April 2011 - 12:11 PM

I fixed the first three problems ..... Finallyyyyyy .. I just have the forth silly problem still struggling with it. Any body know how I can fix it?

Thanks
Was This Post Helpful? 0
  • +
  • -

#9 nandureddy  Icon User is offline

  • D.I.C Head

Reputation: 28
  • View blog
  • Posts: 129
  • Joined: 31-January 11

Re: PHP problems .. please help!

Posted 07 April 2011 - 12:38 PM

Post the code of "lostpw.php" that you have used in
<form name="form1" method="post" action="lostpw.php">
Did you use
 $_GET['email'] or $_POST['email']

This post has been edited by nandureddy: 07 April 2011 - 12:38 PM

Was This Post Helpful? 0
  • +
  • -

#10 amrelewa  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 20
  • Joined: 29-March 11

Re: PHP problems .. please help!

Posted 07 April 2011 - 12:54 PM

I used
$_POST['email'] 
But I just fixed the last problem. I wasn't function because an HTML/CSS coding problem. Thank you so much for your help.
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1