Newgrounds.com — Everything, By Everyone.

I'm working on a site, and I bumped into a little problem. And I just cant seem to find out whats happening. I only have the problem on this page, nowhere else on my site. So it has to be somewhere on this page. If anyone could help me find my problem I would be really thank full.

So, I made a PM system for my site, but every time I try sending a PM the session variable with the name for the person logged in, changes to the user-id of that person. But I cant even find anywhere in my code where I change the variable.

Here's my site in .txt form: http://ptestsite.awardspace.com/sendpm.t xt

List of some variables:
$sessien = The sender
$_SESSION['navn'] = The username of the loged in person (this is what changes)
$navn and $_POST['res'] = The person the PM is to
$melding and $_POST['mes'] = the content of the PM
$emne and $_POST['sub'] = the Subject of the PM

The code might look random and unorganized. But there's a system there, and I can easily see what each part of my code does. And if some variables have weird names it's cuz some got Norwegian names. (Like: "Navn" is name in Norwegian)

Thank you for taking your time helping me!

Did you include 'session_start();' (without the quotes) ?

What is this for?

$sessien="lol";

At 5/12/08 04:20 PM, blindnil wrote: Did you include 'session_start();' (without the quotes) ?

yeah, I use it inside one of my own functions, the one that I use to check if the user is loged in.

At 5/12/08 06:16 PM, WoogieNoogie wrote: What is this for?

$sessien="lol";

Im not sure why I did that, but its to make sure its a string. Is that pointless?

At 5/12/08 06:22 PM, phyconinja wrote: Im not sure why I did that, but its to make sure its a string. Is that pointless?

Very much so. But, it wouldn't be doing anything. Can you show the code of the functions? I think that's where the error is occurring.

At 5/13/08 03:25 AM, WoogieNoogie wrote:

At 5/12/08 06:22 PM, phyconinja wrote: Im not sure why I did that, but its to make sure its a string. Is that pointless?

Very much so. But, it wouldn't be doing anything. Can you show the code of the functions? I think that's where the error is occurring.

Ok, that's what I thought. Dunno why I still got it there.

Here's the function that checks if the user is logged in. But I doubt the problem is here, I use it on every page, but the problem is only on 1.

function checkLogInState(){
session_start();
if(isset($_SESSION['navn']) && isset($_SESSION['pass'])){
$navn=$_SESSION['navn'];
$passord=$_SESSION['pass'];

$navn=mysql_real_escape_string($navn);
$getname=mysql_query("SELECT password FROM un WHERE name = '$navn'");
if(!$getname){
return FALSE;
}else{
while($pass = mysql_fetch_array($getname)){
$password=$pass['password'];
}
if($passord==$password){
return TRUE;
}else{
return FALSE;
}
}
}else{
return FALSE;
}
}

$navn=$_SESSION['navn'];
$passord=$_SESSION['pass'];

$navn=mysql_real_escape_string($navn);
$getname=mysql_query("SELECT password FROM un WHERE name = '$navn'");

can be changed to $getname = mysql_query("SELECT password FROM un WHERE name = '" . mysql_real_escape_string($_SESSION['navn '] . "'");.

At 5/13/08 08:25 AM, polym wrote: can be changed to $getname = mysql_query("SELECT password FROM un WHERE name = '" . mysql_real_escape_string($_SESSION['navn '] . "'");.

More like:

$getname = mysql_query("SELECT password FROM un WHERE name = '" . mysql_real_escape_string($_SESSION['navn']) . "'");

I don't see where you ever set the session variable...

At 5/13/08 08:25 AM, polym wrote:

$navn=$_SESSION['navn'];
$passord=$_SESSION['pass'];

$navn=mysql_real_escape_string($navn);
$getname=mysql_query("SELECT password FROM un WHERE name = '$navn'");

can be changed to $getname = mysql_query("SELECT password FROM un WHERE name = '" . mysql_real_escape_string($_SESSION['navn '] . "'");.

I know, but I like my way, it's easyer to read when your browsing thru your code fast.

At 5/13/08 02:07 PM, WoogieNoogie wrote: I don't see where you ever set the session variable...

I do that on the login page. But the problem only happen when I try sending a PM. And I didn't have the problem before I created the PM system. So it should be in the code I linked to, since its the only place where the problem happens.

Is it if you output the variable its changed or is it changed when its sent to the DB?

If its in the DB perhaps you should specify what columns the info is going into,

INSERT INTO pms VALUES('$melding','$emne','$navn','$sessien','$date','$id','$en','$en

Just shootin' in the dark, only thing that pops out.

At 5/13/08 06:52 PM, Seachmall wrote: Is it if you output the variable its changed or is it changed when its sent to the DB?

The session changes. when I try getting the information on another page, the username is switched with the user id. But I have no idea how that happens. But it only changes when I try sending a PM. So it has to be in this code.

At 5/13/08 08:03 PM, phyconinja wrote: So it has to be in this code.

If it's the session itself that's changing, then it's not in this code. A second part of the session isn't being stated.

Could you display the code of the output page?

At 5/14/08 02:25 AM, WoogieNoogie wrote:

At 5/13/08 08:03 PM, phyconinja wrote: So it has to be in this code.

If it's the session itself that's changing, then it's not in this code. A second part of the session isn't being stated.

Could you display the code of the output page?

Well, I noticed that every time I tryed sending a PM I got loged out. So I just checked the $_SESSION['navn'], and it was changed to the user id. It ONLY happens when I send a PM, so it has to be on that page. Even tho I cant find anything in my code that changes $_SESSION['navn'].

When I check the variable I just used

<?= $_SESSION['navn']; ?>

It shows the username before I send a pm, but id after.

I just found out that it changes to the user-id of the person you send the PM to. that should be proof enough for you that it happens on that page.

Sorry for tripple post, but I figured it out. Apperently I can use $navn instead of $_SESSION['navn']. and since I used that for something else, it changed the $_SESSION['navn'] variable. Didnt know that, thanks for your help everyone.