[RESOLVED] Problem With Displaying Table In Session.

samannoychatter

I have a problem. Its that i have a login field.
Now when anyuser logs in the page echos username email id of that session user.

But i want that the same page should show login fields and passout field when the session id and session username is not same as .

I am using this code

if($SESSION[userid]==$rowmem['userid'] && $SESSION['username']==$rowmem['username'])
{
<table cellspacing=0 cellpadding=0 class="headerimg" width="100%" height="80" border=0>
<tr>
<td width="100%" align="right">
</tr><td align="right" style="padding:0 10 0 10"><p></p></td></tr>
<tr><td align="right" style="padding:0 10 0 10"><p>YOU HAVE LOGGED IN AS : <?php echo ($rowmem['username']);?></p></td></tr>
</td></tr>
<tr><td align="right" style="padding: 0 10 0 10"><p>YOUR e-Mail ID -<?php echo ($rowmem['email']);?>    <a href="index1.php?mode=logout" class="menulnk">LOGOUT</a></p></tr>
</td></tr></table>

}

else
{
<table cellspacing=0 cellpadding=0 class="headerimg" width="100%" height="80" border=0>
<tr>
<td width="100%" align="right">
</tr><td align="right" style="padding:0 10 0 10"><p></p></td></tr>
<form name="memberLogin" action="<?php $_SERVER['PHP_SELF'];?>" method="post">
<input type="hidden" name="mode" value="Login"/>
<tr><td align="right" style="padding:0 10 0 10"><p>Username  <input type="text" name="username" id="username" size="15">
Password <input type="password" name="password" id="password" size="15"><input type="submit" name="Login" value="Login"/><input type="button" name="Cancel" value="Cancel"/></p></td></tr>
</form>
</td></tr>
<tr><td align="right" style="padding: 0 10 0 10"><p><font color="#FFFFCC"><strong><?php if($GLOBALS['err_msg']) { echo stripslashes($GLOBALS['err_msg']);}?></strong></font></p></tr>
<tr><td align="right" style="padding: 0 10 0 10"><p><a href="regis.php" title="New User Sign Up!" class="menulnk">New User Sign Up!</a>   <a href="login.php" title="Retrieve Account Password" class="menulnk">Forgot Password</a></p></tr>
</td></tr></table>
}

But everytime 1st table inside the if loop is displayed.
That the the only difference is that

YOU HAVE LOGGED IN AS : blank
YOUR e-Mail ID - blank.

Tell me a solution to this. I echo the 1st table in if loop when $Session['userid']==$rowmem['userid'] && $SESSION['username']==$rowmem['username']

An to non registered member the 2nd table in else loop.

Bjom

The if statement is not a loop 😉.

This needs some change:

if($_SESSION[userid]==$rowmem['userid'] && $_SESSION['username']==$rowmem['username'])

try this:

if(!empty($_SESSION['userid'], $_SESSION['username']) && $_SESSION[userid]==$rowmem['userid'] && $_SESSION['username']==$rowmem['username'])

A few other notes:

You use the $SERVER['PHP_SELF'] variable, which is not safe. Use $SERVER['SCRIPT_NAME'] instead.

You use GLOBALS, which is considered bad practice. You can surely do without.

Your site might be vulnerable to injections and xss attacks. Maybe checkout (either read through it or use it) a prerolled authentication class (like mine, which you can find from this thread here on the forum - complete with examples and documentation)

And two final notes:

Please do use [ php] [ /php] tags around your code.
Please organize your code properly. See zend coding standards for a good guideline.

hth

Bjom

samannoychatter

The if statement is giving error all d time.

Please tell me what is the correct one.

Error: Parse error: parse error, unexpected ',', expecting ')'

laserlight

The problem is that this:

!empty($_SESSION['userid'], $_SESSION['username'])

should be:

!empty($_SESSION['userid']) && !empty($_SESSION['username'])

However, in this case you could use isset instead of empty, e.g.,

isset($_SESSION['userid'], $_SESSION['username'])

Bjom

I'm sorry, didn't remember that empty and isset have different syntax. Laserlight is right, the correct statement should read:

if(!empty($_SESSION['userid']) && !empty($_SESSION['username']) && $_SESSION[userid]==$rowmem['userid'] && $_SESSION['username']==$rowmem['username'])

(or replace !empty with isset)

the difference between isset and !empty being, that the latter is stricter. This should help deciding: manual - isset manual - empty