Member Avatar for rEhSi_123

Hello everybody,

Not sure if the above title is correct for the issue I have but moderators please feel free to correct it.:)

Anyways my issue is whenever a user logs onto my forum, my index page seems to display the ID of the user also.........

Exactly like this:

4Welcome,JohnSmith! Logout

The '4' is basically the ID of the person, but I dont want the person logged in to see this.

I checked my index.php and login.php page and couldn't find the cause to this problem.

Could somebody please check the code in my login.php and index.php and point out where I have gone wrong.

Thanks

<?php

error_reporting(E_ALL ^ E_NOTICE);//Report all error except NOTICES

session_start();
include "./global.php";

	$action = $_GET['act'] ;
	$actions_array = array('forum','create','topic','reply','mod','profile');
?>
<html>
<head>
<title>KJ's Forum</title>
<link rel="stylesheet" type="text/css" href="./style.css">
</head>
<body>
<center>
<div id="holder">
<div id="userinfo">
<?php
	
		   if ($_SESSION['uid']) {
			
			echo $_SESSION['uid'];
			$sql = 'SELECT * FROM users WHERE id = '. (int) $_SESSION['uid'];
			$res = mysql_query($sql) or die(mysql_error());

			if(mysql_num_rows($res) == 0){
				session_destroy();
				echo "Please <a href=\"./login.php\">Login</a> to your account, or <a href=\"./register.php\">Register</a> a new account!\n";

			}else {
				$row = mysql_fetch_assoc($res);
				echo "Welcome back, <a href=\"./index.php?act=profile&act2=info&id=".$row['id']."\">".$row['username']."</a>! <a href=\"./logout.php\" onclick=\"return confirm('Are you sure you want to Logout?')\">Logout</a>\n";
				echo "<br>\n";
	            echo "<a href=\"./index.php\">Forum Index</a>\n";
				if($row['admin'] == '1'){
				echo " | <a href=\"./admin.php\">Administrative Section</a>\n";
			    }
			} 
		    }else {
                         echo "Please <a href=\"./login.php\">Login</a> to your account, or <a href=\"./register.php\">Register</a> a new account!\n";
                    }
					
					$admin_user_level = $row['admin'];
?>
</div>
	<div id="content">
<?php
						if(!$action || !in_array($action,$actions_array)){
							$sql1 = "SELECT * FROM `forum_cats` WHERE `admin` < ".$row['admin']."+1 ORDER BY `id` ASC";
							$res1 = mysql_query($sql1) or die(mysql_error());
							
							$i=1;
						while ($row2 = mysql_fetch_assoc($res1)){
							echo "<div id=\"fcontent\">\n";
							echo " <div class=\"header\" id=\"header_".$i."\" onMouseOver=\"this.className='headerb'\" onMouseOut=\"this.className='header'\">".$row2['name']."</div>\n";

							$sql2 = "SELECT * FROM `forum_sub_cats` WHERE `cid`='".$row2['id']."' AND `admin` < ".$row['admin']."+1 ORDER BY `desc` ASC";
							$res2 = mysql_query($sql2) or die(mysql_error());
							
					   while ($row3 = mysql_fetch_assoc($res2)){
							echo " <div id=\"content\">\n";
							echo " <a href=\"./index.php?act=forum&id=".$row3['id']."\">".$row3['name']."</a><br>\n";
							echo " " . $row3['desc'] . "\n";
							echo " </div>\n";
							}
							
							echo "</div>\n";
							$i++;
						}
						}else{
						switch($action) {
						case "forum": include "./includes/forum.php"; break;
						case "create": include "./includes/create.php"; break;
						case "topic": include "./includes/topic.php"; break;
						case "reply": if(!$_SESSION['uid']){
									  header("Location: login.php");
									  }else{
									  include "./includes/reply.php";
									  } break;
						case "mod": if(!$_SESSION['uid']){
									  header("Location: login.php");
									  }else{
									  include "./includes/mod.php";
									  } break;
						case "profile": if(!$_SESSION['uid']){
									  header("Location: login.php");
									  }else{
									  include "./includes/profile.php";
									  } break;
							}
					}
?>	
</div>
</div>
</center>
</body>
</html>
<html>
<center>
<div id="holder">
<div id="userinfo">
<link rel="stylesheet" type="text/css" href="./style.css">
<?php

error_reporting(E_ALL ^ E_NOTICE);//Report all error except NOTICES

session_start();
include "./global.php";

if( $_SESSION['uid'] )
{
	echo "You are already logged in, if you wish to log out, please <a href=\"./logout.php\">click here</a>!\n";
} 
else
{
	if(!$_POST['submit'])
	{
		echo "<table border=\"0\" cellspacing=\"3\" cellpadding=\"3\" >\n";
		echo "<form method=\"post\" action=\"./login.php\">\n";
		echo "<tr><td>USERNAME:</td><td ><input type=\"text\" name=\"username\"></td></tr>\n";
		echo "<tr><td>PASSWORD:</td><td ><input type=\"password\"name=\"password\"></td></tr>\n";
		echo "<tr><td colspan=\"2\" align=\"right\"><input type=\"submit\" name=\"submit\" value=\"Login\"></td></tr>\n";
		echo "</form></table>\n";
		
	}
	else 
	{
        
		$user = mss( $_POST['username'] );
		$pass = $_POST['password'];
		
		if( $user && $pass )
		{
			$sql = "SELECT `id` FROM `users` WHERE `username`= '".$user."'";
			$res = mysql_query( $sql ) or die( mysql_error() );
			if( mysql_num_rows( $res ) > 0)
			{
				$sql2 = "SELECT `id` FROM `users` WHERE `username`= '".$user."' AND `password`= '". md5($pass)."'";
				$res2 = mysql_query( $sql2 ) or die( mysql_error() );
				
				if(mysql_num_rows($res2) > 0)
				{
					$row = mysql_fetch_assoc($res2);
					$_SESSION['uid'] = $row['id'];
					
					echo "You have successfully logged in as " .$user. "<br><br><a href=\"./index.php\">Proceed to the Forum Index</a>\n";
				}
				else 
				{
				  echo "Username and password combination are incorrect!\n";
				}
		   }
		   else 
		   {
				echo "The username you supplied does not exist!\n";
		   }
		}
		else 
		{
			echo "You must supply both the username and password field!\n";  
		}
		
	}
}
?>
</div>
</div>
</center>
</html>
  • 3 Contributors
  • 4 Replies
  • 117 Views
  • 3 Weeks Discussion Span
  • Latest Post Latest Post by nathenastle
Member Avatar for nathenastle

hi this is nathen ,can you please tell me clearly what you want please

Member Avatar for nav33n

echo $_SESSION;

You are echoing userid. Are you sure you thoroughly checked it ? :icon_rolleyes:

Member Avatar for rEhSi_123

You are echoing userid. Are you sure you thoroughly checked it ? :icon_rolleyes:

Thanks dude for the help.......

The issue started from my previous forum:
http://www.daniweb.com/forums/thread180719.html

I just blindly copied it into my code without seeing that the code was echoing the user id....:D

I couldn't even see this echoing as I had gone code blind....;-)

Member Avatar for nathenastle

Please help me in newsletter sending ,
this my code the problem is the mail is send to single person is going correctly ,if the same mail send to more number of persons getting wrong mail is going but the data display only in first mail ,the other mails getting decoded data please help me urgent,
In code i given comments for $mime_boundary i dont know its correct or not ,other wise please give me the code for newsletter for more number of peoples
thanks in advance

if(($_POST['group']<>'') && ($_POST['group']==0))
  {
	if($usrgroup='all')
	 {
	    $query="select email from cfair_adminusers order by admin_id";
		$var=mysql_query($query);
		while($arrayemail=mysql_fetch_array($var))
		 {
			$emailid=$arrayemail['email'];
			$to = $emailid;
			$subject = $subject ;
			$message=$message;
 //$mime_boundary="==Multipart_Boundary_x".md5(mt_rand())."x";
		   if($_FILES['filename']!='')
		   {
			   $tmp_name = $_FILES['filename']['tmp_name'];
			   $type = $_FILES['filename']['type'];
			   $name = $_FILES['filename']['name'];
			   $size = $_FILES['filename']['size'];
		  	  if(file_exists($tmp_name))
			   {
				    
				     if(is_uploaded_file($tmp_name))
					 {
			
						 $file = fopen($tmp_name,'rb');
				    	 $data = fread($file,filesize($tmp_name));
						 fclose($file);
				 		 $data = chunk_split(base64_encode($data));
					 }
			   } 
		   }
	 
	       $headers .= 'From:superadmin@fair.com' . "\r\n" .
			"MIME-Version: 1.0\r\n" .
			 "Content-Type: multipart/mixed;\r\n" .
			 " boundary=\"{$mime_boundary}\"";
		   $headers .= 'Bcc: [email]admin@fair.com[/email]' . "\r\n";
			'Reply-To: [email]sss@.solutin.com[/email]' . "\r\n" .
			'X-Mailer: PHP/' . phpversion();
			if(@mail($to, $subject, $message, $headers))
			{   
				 echo "Message Sent";
				 header("location:send_newsletter.php");
			}
			else
			{
			echo "Mail Not Sent";
			}
			
	    }//while
	  }//if	  
	}//if
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.