Problem with headers in php - Developers

[QUOTE=Eax;16798026]Thanks :) Sounds intelligent but how would I do it? Get this error when I insert your piece: [code] Parse error: syntax error, unexpected T_STRING in /var/www/friends/friend_login.php on line 49 [/code][/QUOTE] Re-read it I accidentally messed up. Not realising what you had originally put in there.

[QUOTE=kebabs;16797979] Wait that can't be possible, what you've done there is simply exiting the script so the header() isn't even being called so it won't change the page. [/QUOTE] Well it does change the page O_o How would I go about changing the page then? :) [editline]10:10PM[/editline] Great! That fixed some of it, problem is: It still logs in as the incorrect user :S

[code]$check = mysql_query("SELECT * FROM users WHERE username = '$username'") or die(mysql_error());[/code] Not sure on this but try this, [code]$check = mysql_query("SELECT * FROM `users` WHERE username = '".mysql_real_escape_string($username))."'") or die(mysql_error());[/code] God I'm retarded, relating to what I questioned you about before ( the loop ) here's a new version. [code]$check = mysql_query("SELECT * FROM `users` WHERE username = '".mysql_real_escape_string($username))."' AND password = '".mysql_real_escape_string($password)."'") or die(mysql_error());[/code]

[QUOTE=kebabs;16800222][code]$check = mysql_query("SELECT * FROM users WHERE username = '$username'") or die(mysql_error());[/code] Not sure on this but try this, [code]$check = mysql_query("SELECT * FROM `users` WHERE username = '".mysql_real_escape_string($username))."'") or die(mysql_error());[/code] God I'm retarded, relating to what I questioned you about before ( the loop ) here's a new version. [code]$check = mysql_query("SELECT * FROM `users` WHERE username = '".mysql_real_escape_string($username))."' AND password = '".mysql_real_escape_string($password)."'") or die(mysql_error());[/code][/QUOTE] Thanks :) Had to remove a ) after ($username) as it seemed misplaced (and caused errors :S) Now I can't even log in :S [editline]11:30PM[/editline] Wait.. That line is placed in two different places, should I replace them both or? [editline]11:31PM[/editline] Replacing the first one but not the second caused it to login, but with the wrong user :S

Oh yeah sorry I copied & pasta'd it and it was delicious. On the serious note, make sure you remove the loop and use mysql_num_rows() to check it. [code] if(mysql_num_rows($cake) == 1){ //Do something }else{ header("Location: friend_user_not_found.php"); }[/code] Do you want me to rewrite what you've done and use sessions?

What loop do you want me to delete again? [code] <?php // Connects to your Database include 'db_mysql.php'; //Checks if there is a login cookie if(isset($_COOKIE['ID_my_site'])) //if there is, it logs you in and directes you to the members page { $username = $_COOKIE['ID_my_site']; $pass = $_COOKIE['Key_my_site']; //$check = mysql_query("SELECT * FROM users WHERE username = '" . addslashes($_POST['username']) . "'") or die(mysql_error()); $check = mysql_query("SELECT * FROM `users` WHERE username = '".mysql_real_escape_string($username)."' AND password = '".mysql_real_escape_string($password)."'") or die(mysql_error()); while($info = mysql_fetch_array( $check )) { if ($pass != $info['password']) { //whatever } else { header("Location: friend_loggedin_show.php"); } } } //if the login form is submitted $showform = true; if (isset($_POST['submit'])) { // if form has been submitted $showform = false; // makes sure they filled it in if(!$_POST['username'] | !$_POST['pass']) { die('You did not fill in a required field.'); } // checks it against the database if (!get_magic_quotes_gpc()) { $_POST['email'] = addslashes($_POST['email']); } //$check = mysql_query("SELECT * FROM users WHERE username = '" . addslashes($_POST['username']) . "'") or die(mysql_error()); $check = mysql_query("SELECT * FROM `users` WHERE username = '".mysql_real_escape_string($username)."' AND password = '".mysql_real_escape_string($password)."'") or die(mysql_error()); //Gives error if user dosen't exist $check2 = mysql_num_rows($check); if ($check2 == 0) { header("Location: friend_user_not_found.php"); } while($info = mysql_fetch_array( $check )) { $_POST['pass'] = stripslashes($_POST['pass']); $info['password'] = stripslashes($info['password']); $_POST['pass'] = md5($_POST['pass']); //gives error if the password is wrong if ($_POST['pass'] != $info['password']) { die('Incorrect password, please try again.'); } else { // if login is ok then we add a cookie $_POST['username'] = stripslashes($_POST['username']); $hour = time() + 3600; setcookie(ID_my_site, $_POST['username'], $hour); setcookie(Key_my_site, $_POST['pass'], $hour); //then redirect them to the members area header("Location: friend_loggedin_show.php"); } } } ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <link rel="stylesheet" href="css/index.css" type="text/css" /> <title>.: Eax's Webpage :.</title> </head> <body style="color: white; background-color: white;"> <div align="center"> <?php include 'main_header.html'; include 'index_header.html'; ?> <div class="main_white"> <div align="left"> <?php if ($showform) { ?> <form action="<?php echo $_SERVER['PHP_SELF']?>" method="post"> <table border="0"> <tr> <td colspan="2"> <h1> Login </h1> </td> </tr> <tr> <td> Username: </td> <td> <input type="text" name="username" maxlength="40" /> </td> </tr> <tr> <td> Password: </td> <td> <input type="password" name="pass" maxlength="50" /> </td> </tr> <tr> <td colspan="2" align="right"> <input type="submit" name="submit" value="Login" /> <FORM> <INPUT TYPE="BUTTON" VALUE="Register" ONCLICK="window.location.href='friend_make_user.php'"> </FORM> </td> </tr> </table> </form> <br> <?php } ?> </div> </div> <?php include 'footer.php'; ?> </div> </body> </html> [/code] Seeing this is my fourth day of PHP I'm very very confused >_<

[QUOTE=Eax;16800900]What loop do you want me to delete again? - Snip - Seeing this is my fourth day of PHP I'm very very confused >_<[/QUOTE] I was refereing to the while loop because your essentially looping over any returned results and checking it so lets say you had 2 rows, both of which had the same fields. It would loop twice. You could counter this by sticking a limit on the query. But that's most likely confusing for you so would you like me to rewrite everything you've got in that above script?

Yes please! I would really appreciate it :) If you could also add some comments to help out I'd be exalted ^_^

Are there any other scripts which link in with the cookies? I believe I will need "friend_loggedin_show.php".

friend_logout.php [code] <?php $past = time() - 3600; //this makes the time in the past to destroy the cookie setcookie(ID_my_site, gone, $past); setcookie(Key_my_site, gone, $past); header("Location: friend_login.php"); ?> [/code] friend_loggedin_show.php [code] <?php // Connect to database include 'db_mysql.php'; //checks cookies to make sure they are logged in if(isset($_COOKIE['ID_my_site'])) { $username = $_COOKIE['ID_my_site']; $pass = $_COOKIE['Key_my_site']; $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error()); while($info = mysql_fetch_array( $check )) { //if the cookie has the wrong password, they are taken to the login page if ($pass != $info['password']) { header("Location: friend_login.php"); } //otherwise they are shown the admin area else { ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <link rel=stylesheet href="css/index.css" type="text/css"> <title> .: Eax's Webpage :. </title> </head> <body style="color: white; background-color: white;"> <div align="center"> <?php include 'main_header.html'?> <?php include 'index_header.html'?> <div class="main_white"><br><div align="left"> <?php # Get the userid $sql1 = "SELECT * FROM users"; $result1 = mysql_query($sql1) or print ("Can't select entries from table users.<br />" . $sql1 . "<br />" . mysql_error()); while($row1 = mysql_fetch_array($result1)) { $userid = stripslashes($row1['userid']); $username = stripslashes($row1['username']); } echo "<h1>".$userid." "."Hello ".$username."</h1><p><br><hr width=\"100\%\" color=\"1793d1\"></p><br>"; #Print the shit (check it) $sql = "SELECT * FROM user_friends WHERE ownerid = '$userid' ORDER BY vennerid DESC "; $result = mysql_query($sql) or print ("Can't select entries from table user_friends.<br />" . $sql . "<br />" . mysql_error()); while($row = mysql_fetch_array($result)) { $navn = stripslashes($row['navn']); $email = stripslashes($row['email']); $notes = stripslashes($row['notes']); $addresse = stripslashes($row['addresse']); $telefon = stripslashes($row['telefon']); ?> <p></p> <?php echo "Navn: ".$navn; ?><br><?php echo "Addresse: ".$addresse; ?><br><?php echo "Telefon: ".$telefon; ?><br><?php echo "Email: ".$email; ?><br><?php echo "Noter: ".$notes; ?><br><?php ?> <br><hr width="100%" color="1793d1"></p><br> <?php } echo "<br><FORM><INPUT TYPE=\"BUTTON\" VALUE=\"Add friend\" ONCLICK=\"window.location.href='friend_post.php'\"> <INPUT TYPE=\"BUTTON\" VALUE=\"Log Out\" ONCLICK=\"window.location.href='friend_logout.php'\"></FORM>"; #<br><a href=friend_logout.php><font color=\"black\"><u>Logout</u></font></a>"; ?><br><?php } } } else //if the cookie does not exist, they are taken to the login screen { header("Location: friend_login.php"); } ?> </div> </div> <?php include 'footer.php'?></div> </body> </html> [/code] friend_post.php [code] <?php // Connect to database include 'db_mysql.php'; //checks cookies to make sure they are logged in if(isset($_COOKIE['ID_my_site'])) { $username = $_COOKIE['ID_my_site']; $pass = $_COOKIE['Key_my_site']; $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error()); while($info = mysql_fetch_array( $check )) { //if the cookie has the wrong password, they are taken to the login page if ($pass != $info['password']) { header("Location: friend_login.php"); } //otherwise they are shown the admin area else { ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <link rel=stylesheet href="css/index.css" type="text/css"> <title> .: Eax's Webpage :. </title> </head> <body style="color: white; background-color: white;"> <div align="center"> <?php include 'main_header.html'?> <?php include 'index_header.html'?> <div class="main_white"><br><div align="left"> <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>"> <p><div align="center"><label for="navn">Navn:</label><input type="text" name="navn" name="navn" size="40" /></div></p> <p><div align="center"><p><label for="addresse">Addresse:</label><input type="text" name="addresse" name="addresse" size="40" />      </div></p> <p><p><div align="center"><label for="telefon">Telefon:</label><input type="text" name="telefon" name="telefon" size="40" />   </div></p> <p><p><div align="center"><label for="email">Email:</label><input type="text" name="email" name="email" size="40" /></div></p> <p><p><div align="center"><label for="noter">Noter</label><br><textarea cols="40" rows="10" name="notes" id="notes"></textarea></div></p> <p><center><input type="submit" name="submit" id="submit" value="Submit"></p></center> </form> <?php if (isset($_POST['submit'])) { $sql1 = "SELECT userid FROM users"; $result1 = mysql_query($sql1) or print ("Can't select entries from table users.<br />" . $sql1 . "<br />" . mysql_error()); while($row1 = mysql_fetch_array($result1)) { $userid = stripslashes($row1['userid']); } $ownerid = $userid; $navn = htmlspecialchars(strip_tags($_POST['navn'])); $email = htmlspecialchars(strip_tags($_POST['email'])); $notes = htmlspecialchars(strip_tags($_POST['notes'])); $addresse = htmlspecialchars(strip_tags($_POST['addresse'])); $telefon = htmlspecialchars(strip_tags($_POST['telefon'])); $entry = $_POST['entry']; $entry = nl2br($entry); $by = "caketown"; $sql = "INSERT INTO user_friends (navn,addresse,telefon,email,notes,ownerid) VALUES ('$navn','$addresse','$telefon','$email','$notes','$ownerid')"; $result = mysql_query($sql) or print("Can't insert into table \"user_friends\".<br />" . $sql . "<br />" . mysql_error()); if ($result != false) { print "Your entry has successfully been entered into the database."; ?> <META HTTP-EQUIV="Refresh"; CONTENT="0; URL=friend_loggedin_show.php"> <?php mysql_close(); } } } } } //if the cookie does not exist, they are taken to the login screen else { header("Location: friend_login.php"); } ?> </div> </div> <?php include 'footer.php'?></div> </body> </html> [/code]

[b]friend_login.php[/b] [code]<?php // Connects to your Database include 'db_mysql.php'; // MAN THE DEFENCES AND START THE SESSION... Yeah session_start(); // Setting old vars but I don't see the need to do this but it's your script. $showform = true; // If we're not logged in and if the form has been submitted then check database for row if(!$_SESSION['loggedin'] && $_POST['submit']){ // SQL Query $query = mysql_query("SELECT * FROM `users` WHERE username = '".mysql_real_escape_string($_POST['username'])."' AND password = '".mysql_real_escape_string($_POST['password'])."'") or die(mysql_error()); // If the returned query returns one row then it's good. If it's 0 then the user does not exist. If there is more than one, there are multiple rows with the same columns. if(mysql_num_rows($query) == 1){ $_SESSION['loggedin'] = true; // You could set this as $_POST['username'] but make sure you run htmlspecialchars() or htmlentities before you echo. header("Location: friend_loggedin_show.php"); // Redirect to another page }else{ header("Location: friend_user_not_found.php"); // Redirect to page } } ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <link rel="stylesheet" href="css/index.css" type="text/css" /> <title>.: Eax's Webpage :.</title> </head> <body style="color: white; background-color: white;"> <div align="center"> <?php include 'main_header.html'; include 'index_header.html'; ?> <div class="main_white"> <div align="left"> <?php if ($showform) { ?> <form action="<?php echo $_SERVER['PHP_SELF']?>" method="post"> <table border="0"> <tr> <td colspan="2"> <h1> Login </h1> </td> </tr> <tr> <td> Username: </td> <td> <input type="text" name="username" maxlength="40" /> </td> </tr> <tr> <td> Password: </td> <td> <input type="password" name="pass" maxlength="50" /> </td> </tr> <tr> <td colspan="2" align="right"> <input type="submit" name="submit" value="Login" /> <FORM> <INPUT TYPE="BUTTON" VALUE="Register" ONCLICK="window.location.href='friend_make_user.php'"> </FORM> </td> </tr> </table> </form> <br> <?php } ?> </div> </div> <?php include 'footer.php'; ?> </div> </body> </html>[/code] [b]friend_loggedin_show.php[/b] [code]<?php //Start the session again session_start(); // Check if existing session is carried over. Sessions can be carried over different files FYI. if(!$_SESSION['loggedin']){ header("Location: friend_login.php"); } ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <link rel=stylesheet href="css/index.css" type="text/css"> <title> .: Eax's Webpage :. </title> </head> <body style="color: white; background-color: white;"> <div align="center"> <?php include 'main_header.html'?> <?php include 'index_header.html'?> <div class="main_white"><br><div align="left"> <?php # Get the userid $sql1 = "SELECT * FROM users"; $result1 = mysql_query($sql1) or print ("Can't select entries from table users.<br />" . $sql1 . "<br />" . mysql_error()); while($row1 = mysql_fetch_array($result1)) { $userid = stripslashes($row1['userid']); $username = stripslashes($row1['username']); } echo "<h1>".$userid." "."Hello ".$username."</h1><p><br><hr width=\"100\%\" color=\"1793d1\"></p><br>"; #Print the shit (check it) $sql = "SELECT * FROM user_friends WHERE ownerid = '$userid' ORDER BY vennerid DESC "; $result = mysql_query($sql) or print ("Can't select entries from table user_friends.<br />" . $sql . "<br />" . mysql_error()); while($row = mysql_fetch_array($result)) { $navn = stripslashes($row['navn']); $email = stripslashes($row['email']); $notes = stripslashes($row['notes']); $addresse = stripslashes($row['addresse']); $telefon = stripslashes($row['telefon']); ?> <p></p> <?php echo "Navn: ".$navn; ?><br><?php echo "Addresse: ".$addresse; ?><br><?php echo "Telefon: ".$telefon; ?><br><?php echo "Email: ".$email; ?><br><?php echo "Noter: ".$notes; ?><br><?php ?> <br><hr width="100%" color="1793d1"></p><br> <?php } echo "<br><FORM><INPUT TYPE=\"BUTTON\" VALUE=\"Add friend\" ONCLICK=\"window.location.href='friend_post.php'\"> <INPUT TYPE=\"BUTTON\" VALUE=\"Log Out\" ONCLICK=\"window.location.href='friend_logout.php'\"></FORM>"; #<br><a href=friend_logout.php><font color=\"black\"><u>Logout</u></font></a>"; ?><br><?php } } else //if the session does not exist, they are taken to the login screen { header("Location: friend_login.php"); } ?> </div> </div> <?php include 'footer.php'?></div> </body> </html>[/code] I left the majority of the bad indentation to you. I would advise moving the PHP up but I would also suggest don't do it now whilst I'm fixing the rest of it. [b]friend_logout.php[/b] [code] <?php // Start session again session_start(); if($_SESSION['loggedin']){ session_destroy(); // Destroy the session header("Location: friend_login.php"); // Redirect them because we've just removed the session so they would just get a white page otherwise }else{ header("Location: friend_login.php"); // Redirect them to the login page as they're not logged in anyway } ?> [/code] [b]friend_post.php[/b] [code] <?php // Connect to database include 'db_mysql.php'; //Start the session again session_start(); // Check if existing session is carried over. Sessions can be carried over different files FYI. if(!$_SESSION['loggedin']){ header("Location: friend_login.php"); } ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <link rel=stylesheet href="css/index.css" type="text/css"> <title> .: Eax's Webpage :. </title> </head> <body style="color: white; background-color: white;"> <div align="center"> <?php include 'main_header.html'?> <?php include 'index_header.html'?> <div class="main_white"><br><div align="left"> <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>"> <p><div align="center"><label for="navn">Navn:</label><input type="text" name="navn" name="navn" size="40" /></div></p> <p><div align="center"><p><label for="addresse">Addresse:</label><input type="text" name="addresse" name="addresse" size="40" />      </div></p> <p><p><div align="center"><label for="telefon">Telefon:</label><input type="text" name="telefon" name="telefon" size="40" />   </div></p> <p><p><div align="center"><label for="email">Email:</label><input type="text" name="email" name="email" size="40" /></div></p> <p><p><div align="center"><label for="noter">Noter</label><br><textarea cols="40" rows="10" name="notes" id="notes"></textarea></div></p> <p><center><input type="submit" name="submit" id="submit" value="Submit"></p></center> </form> <?php if (isset($_POST['submit'])) { $sql1 = "SELECT userid FROM users"; $result1 = mysql_query($sql1) or print ("Can't select entries from table users.<br />" . $sql1 . "<br />" . mysql_error()); while($row1 = mysql_fetch_array($result1)) { $userid = stripslashes($row1['userid']); } $ownerid = $userid; $navn = htmlspecialchars(strip_tags($_POST['navn'])); $email = htmlspecialchars(strip_tags($_POST['email'])); $notes = htmlspecialchars(strip_tags($_POST['notes'])); $addresse = htmlspecialchars(strip_tags($_POST['addresse'])); $telefon = htmlspecialchars(strip_tags($_POST['telefon'])); $entry = $_POST['entry']; $entry = nl2br($entry); $by = "caketown"; $sql = "INSERT INTO user_friends (navn,addresse,telefon,email,notes,ownerid) VALUES ('$navn','$addresse','$telefon','$email','$notes','$ownerid')"; $result = mysql_query($sql) or print("Can't insert into table \"user_friends\".<br />" . $sql . "<br />" . mysql_error()); if ($result != false) { print "Your entry has successfully been entered into the database."; ?> <META HTTP-EQUIV="Refresh"; CONTENT="0; URL=friend_loggedin_show.php"> <?php mysql_close(); } } ?> </div> </div> <?php include 'footer.php'?></div> </body> </html> [/code] That should be it

Great thanks :D Reading now ^_^ Sorry >_< Might also have interest: friend_make_user.php [code] <?php // Connects to your Database //mysql_connect("your.hostaddress.com", "username", "password") or die(mysql_error()); //mysql_select_db("Database_Name") or die(mysql_error()); include "db_mysql.php"; //This code runs if the form has been submitted if (isset($_POST['submit'])) { //This makes sure they did not leave any fields blank if (!$_POST['username'] | !$_POST['pass'] | !$_POST['pass2'] ) { die('You did not complete all of the required fields'); } // checks if the username is in use if (!get_magic_quotes_gpc()) { $_POST['username'] = addslashes($_POST['username']); } $usercheck = $_POST['username']; $check = mysql_query("SELECT username FROM users WHERE username = '$usercheck'") or die(mysql_error()); $check2 = mysql_num_rows($check); //if the name exists it gives an error if ($check2 != 0) { die('Sorry, the username '.$_POST['username'].' is already in use.'); } // this makes sure both passwords entered match if ($_POST['pass'] != $_POST['pass2']) { die('Your passwords did not match. '); } // here we encrypt the password and add slashes if needed $_POST['pass'] = md5($_POST['pass']); if (!get_magic_quotes_gpc()) { $_POST['pass'] = addslashes($_POST['pass']); $_POST['username'] = addslashes($_POST['username']); } // now we insert it into the database $insert = "INSERT INTO users (username, password) VALUES ('".$_POST['username']."', '".$_POST['pass']."')"; $add_member = mysql_query($insert); ?> <html> <head> <link rel=stylesheet href="css/index.css" type="text/css"> <title> .: Eax's Webpage :. </title> </head> <body style="color: white; background-color: white;"> <div align="center"> <?php include 'main_header.html'?> <?php include 'index_header.html'?> <div class="main_white"><div align="left"> <h1>Registered</h1> <p>Thank you, you have registered - you may now login</a>.</p> <p>Do it here: <a href="friend_login.php"><u><font color="black">Login</font></u></a></p> <br> <?php } else { ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <link rel=stylesheet href="css/index.css" type="text/css"> <title> .: Eax's Webpage :. </title> </head> <body style="color: white; background-color: white;"> <div align="center"> <?php include 'main_header.html'?> <?php include 'index_header.html'?> <div class="main_white"><div align="left"> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> <table border="0"> <tr> <td colspan="2"> <h1> Register </h1> </td> </tr> <tr> <td> Username: </td> <td> <input type="text" name="username" maxlength="60"> </td> </tr> <tr> <td> Password: </td> <td> <input type="password" name="pass" maxlength="10"> </td> </tr> <tr> <td> Confirm Password: </td> <td> <input type="password" name="pass2" maxlength="10"> </td> </tr> <tr> <th colspan=2> <input type="submit" name="submit" value="Register"> </th> </tr> </table> </form> <br> <?php } ?> </div> </div> <?php include 'footer.php'?></div> </body> </html> [/code]

[QUOTE=Eax;16801546]Great thanks :D Reading now ^_^ Sorry >_< Might also have interest: friend_make_user.php [/QUOTE] You have a right to be retarded, you're new :D I don't need that one anyway as it's not checking if you're logged in or not so it's not relevant. Anyway I've gone over what I've done numerous times and I did fuck one or two things up but I've now fixed them so give them ago and tell me if it works or not. If it does, great! If not if you can tell me what the new error messages are etc would be helpful :P. Also there are many and I mean many stupid things you've done in there such as [code]echo "Navn: ".$navn; ?><br><?php[/code] You could of just done: [code]echo "Navn: ".$navn."<br/>";[/code]

[QUOTE=kebabs;16801475] That should be it[/QUOTE] Great! Thank you so much ^_^ Really appreciated :) I'll read it thoroughly tomorrow. (It's half past midnight here). Can you just really quick explain how the [code] session_start(); [/code]

[QUOTE=Eax;16802042]Great! Thank you so much ^_^ Really appreciated :) I'll read it thoroughly tomorrow. (It's half past midnight here). Can you just really quick explain how the [code] session_start(); [/code][/QUOTE] Do you want me to explain how it works or what? :P You could really just think of them as cookies but don't just think they're cookies, I'm not sure myself but in my opinion, using sessions is much easier than fiddling about with cookies.

This is wierd! It gives the EXACT same error. It sends me to "friend_user_not_found.php" Also: In friend_loggedin_show.php [code] Parse error: syntax error, unexpected '}' in /var/www/friends/friend_loggedin_show.php on line 67 [/code] About the session_start(); Yes please ;) Or link to something I can read about it :P

[url]http://uk2.php.net/manual/en/function.session-start.php[/url]

[QUOTE=jaybuz;16802250][url]http://uk2.php.net/manual/en/function.session-start.php[/url][/QUOTE] Thanks :) [editline]12:41AM[/editline] [QUOTE=kebabs;16802001]You have a right to be retarded, you're new :D I don't need that one anyway as it's not checking if you're logged in or not so it's not relevant. Anyway I've gone over what I've done numerous times and I did fuck one or two things up but I've now fixed them so give them ago and tell me if it works or not. If it does, great! If not if you can tell me what the new error messages are etc would be helpful :P. Also there are many and I mean many stupid things you've done in there such as [code]echo "Navn: ".$navn; ?><br><?php[/code] You could of just done: [code]echo "Navn: ".$navn."<br/>";[/code][/QUOTE] Thanks :) Yeah, I see that NOW >_< Well, live and learn ^_^

PHP is probably one of the most documented languages, you should use it.

[QUOTE=Eax;16802126]This is wierd! It gives the EXACT same error. It sends me to "friend_user_not_found.php" Also: In friend_loggedin_show.php [code] Parse error: syntax error, unexpected '}' in /var/www/friends/friend_loggedin_show.php on line 67 [/code] About the session_start(); Yes please ;) Or link to something I can read about it :P[/QUOTE] Trying to find what's missing from where is a pain but you do eventually get used to it. Please hold the line. [code] <?php // Connect to database include 'db_mysql.php'; //Start the session again session_start(); // Check if existing session is carried over. Sessions can be carried over different files FYI. if(!$_SESSION['loggedin']){ header("Location: friend_login.php"); } ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <link rel=stylesheet href="css/index.css" type="text/css"> <title> .: Eax's Webpage :. </title> </head> <body style="color: white; background-color: white;"> <div align="center"> <?php include 'main_header.html'?> <?php include 'index_header.html'?> <div class="main_white"><br><div align="left"> <?php # Get the userid $sql1 = "SELECT * FROM users"; $result1 = mysql_query($sql1) or print ("Can't select entries from table users.<br />" . $sql1 . "<br />" . mysql_error()); while($row1 = mysql_fetch_array($result1)) { $userid = stripslashes($row1['userid']); $username = stripslashes($row1['username']); } echo "<h1>".$userid." "."Hello ".$username."</h1><p><br><hr width=\"100\%\" color=\"1793d1\"></p><br>"; #Print the shit (check it) $sql = "SELECT * FROM user_friends WHERE ownerid = '$userid' ORDER BY vennerid DESC "; $result = mysql_query($sql) or print ("Can't select entries from table user_friends.<br />" . $sql . "<br />" . mysql_error()); while($row = mysql_fetch_array($result)) { $navn = stripslashes($row['navn']); $email = stripslashes($row['email']); $notes = stripslashes($row['notes']); $addresse = stripslashes($row['addresse']); $telefon = stripslashes($row['telefon']); } ?> <p></p> <?php echo "Navn: ".$navn; ?><br><?php echo "Addresse: ".$addresse; ?><br><?php echo "Telefon: ".$telefon; ?><br><?php echo "Email: ".$email; ?><br><?php echo "Noter: ".$notes; ?><br><?php ?> <br><hr width="100%" color="1793d1"></p><br> <?php echo "<br><FORM><INPUT TYPE=\"BUTTON\" VALUE=\"Add friend\" ONCLICK=\"window.location.href='friend_post.php'\"> <INPUT TYPE=\"BUTTON\" VALUE=\"Log Out\" ONCLICK=\"window.location.href='friend_logout.php'\"></FORM>"; #<br><a href=friend_logout.php><font color=\"black\"><u>Logout</u></font></a>"; ?> <br> </div> </div> <?php include 'footer.php'?></div> </body> </html>[/code] Try that.

No error :) But the login part still doesn't work :S It seems like it sends me to the user_not_found.php part? Oo

[QUOTE=Eax;16802539]No error :) But the login part still doesn't work :S It seems like it sends me to the user_not_found.php part? Oo[/QUOTE] I smell SQL Errors what version is the SQL?

[code]Server version: 5.0.75-0ubuntu10.2[/code] [editline]01:07AM[/editline] Does it md5() the password before checking? Doesn't seem like it as far as I can see. The passwords are encrypted upon being entered into the database :) [editline]01:29AM[/editline] Gonna go to bed for now :) Thanks for helping :)

[QUOTE=Eax;16802704][code]Server version: 5.0.75-0ubuntu10.2[/code] [editline]01:07AM[/editline] Does it md5() the password before checking? Doesn't seem like it as far as I can see. The passwords are encrypted upon being entered into the database :) [editline]01:29AM[/editline] Gonna go to bed for now :) Thanks for helping :)[/QUOTE] Well now that's an entirely different story! Jeeze :P So now in the SQL Statements you do this: [code] $query = mysql_query("SELECT * FROM `users` WHERE username = '".mysql_real_escape_string($_POST['username'])."' AND password = '".md5(mysql_real_escape_string($_POST['password']))."'") or die(mysql_error()); [/code]

It put it in, but it still doesn't log me in :S Hmm.. [editline]10:14AM[/editline] Found the error methinks :3 The error was that I on line 68: [code]<input type="password" name="password" maxlength="50" /> [/code] So yeah... >_< Thanks a lot for the help :D It was really appreciated :)

It works now :) At least that part does. New problems have arisen :S Whenever I want to create a new post(friend), I need to check that it is assigned to correct user. And I have no idea how to do this :S Right now I'm using this: [CODE] <?php $sql1 = "SELECT userid FROM users WHERE username = "eax'"; $result1 = mysql_query($sql1) or print ("Can't select entries from table users.<br />" . $sql1 . "<br />" . mysql_error()); while($row1 = mysql_fetch_array($result1)) { $userid = stripslashes($row1['userid']); } $ownerid = $userid; echo $userid; ?> [/CODE] But that only works for one user of course :S What can I do? Also. It doesn't seem to log me out of the session for some reason Oo Here's the logout code: [CODE] <?php // Start session again session_start(); if($_SESSION['loggedin']){ session_destroy(); // Destroy the session }else{ header("Location: friend_login.php"); // Redirect them to the login page as they're not logged in anyway } ?> [/PHP] And here's the code that "shows userposts/friends": [PHP] <?php // Connect to database include 'db_mysql.php'; //Start the session again session_start(); // Check if existing session is carried over. Sessions can be carried over different files FYI. if(!$_SESSION['loggedin']){ header("Location: friend_login.php"); } ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <link rel=stylesheet href="css/index.css" type="text/css"> <title> .: Eax's Webpage :. </title> </head> <body style="color: white; background-color: white;"> <div align="center"> <?php include 'main_header.html'?> <?php include 'index_header.html'?> <div class="main_white"><br><div align="left"> <?php # Get the userid $sql1 = "SELECT * FROM users"; $result1 = mysql_query($sql1) or print ("Can't select entries from table users.<br />" . $sql1 . "<br />" . mysql_error()); while($row1 = mysql_fetch_array($result1)) { $userid = stripslashes($row1['userid']); $username = stripslashes($row1['username']); } echo "<h1>".$userid." "."Hello ".$username."</h1><p><br><hr width=\"100\%\" color=\"1793d1\"></p><br>"; #Print the **** (check it) $sql = "SELECT * FROM user_friends WHERE ownerid = '$userid' ORDER BY vennerid DESC "; $result = mysql_query($sql) or print ("Can't select entries from table user_friends.<br />" . $sql . "<br />" . mysql_error()); while($row = mysql_fetch_array($result)) { $navn = stripslashes($row['navn']); $email = stripslashes($row['email']); $notes = stripslashes($row['notes']); $addresse = stripslashes($row['addresse']); $telefon = stripslashes($row['telefon']); ?> <p></p> <?php echo "Navn: ".$navn; ?><br><?php echo "Addresse: ".$addresse; ?><br><?php echo "Telefon: ".$telefon; ?><br><?php echo "Email: ".$email; ?><br><?php echo "Noter: ".$notes; ?><br><?php ?> <br><hr width="100%" color="1793d1"></p><br> <?php } echo "<br><FORM><INPUT TYPE=\"BUTTON\" VALUE=\"Add friend\" ONCLICK=\"window.location.href='friend_post.php'\"> <INPUT TYPE=\"BUTTON\" VALUE=\"Log Out\" ONCLICK=\"window.location.href='friend_logout.php'\"></FORM>"; #<br><a href=friend_logout.php><font color=\"black\"><u>Logout</u></font></a>"; ?> <br> </div> </div> <?php include 'footer.php'?></div> </body> </html> [/CODE] Well atleast I don't think it logs me out correctly as it always log back in to the same user :S Can anyone help? :)

[code] if($_SESSION['loggedin']){ session_destroy(); // Destroy the session header("Location: friend_login.php"); }else{ header("Location: friend_login.php"); // Redirect them to the login page as they're not logged in anyway } [/code] What exactly do you mean you need to check if it's assigned to the right user? Are you only showing posts from a certain user or what?

[QUOTE=kebabs;16812657][code] if($_SESSION['loggedin']){ session_destroy(); // Destroy the session header("Location: friend_login.php"); }else{ header("Location: friend_login.php"); // Redirect them to the login page as they're not logged in anyway } [/code] What exactly do you mean you need to check if it's assigned to the right user? Are you only showing posts from a certain user or what?[/QUOTE] Ah sorry, forgot to say that yeah :/ What I'm trying to make is a sort of database to hold info on your friends. I shouldn't be able to see your friends and vice versa :)

I'm still confused, explain in detail.

Okay :) You create a user on the site. Then you log in. From there you can Log Out or "Create Friend" Creating friend lets you enter the data on a person, saves it to the database and returns to where you can see your friends. Other users can only see their friends, not yours :) Need more detail? :)