private message system => can't log in

[Porkypie]

Hey,

I've finished the tutorial for the private messaging system.
But have a small problem with logging in.
When I enter a username and password I don't get redirected to the next part, instead I just get the login page again.
Sadly I don't get any error so I don't have a clue what I about what I should do to fix it.

I was hoping someone here can help me fix my problem.

Thanks in advance!

Porkypie

[ExtremeGaming]

You most likely have an undefined variable and your error reporting isn't high enough to display it. You are going to have to post the entire page that contains the form and the processing

[Porkypie]

I've managed to fix the problem (forgot one "=" in the form thanks for making me look there )

Now I'm stuck on a new problem.

I get the following error message when I try to log in:

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in C:\....\core\inc\user.inc.php on line 10

And here's the code:

<?php

// controleert gebruikersnaam en wachtwoord combinatie en geeft de gebruikers ID.
Function validate_credentials($user_name, $user_password){
	$user_name		= mysql_real_escape_string($user_user);
	$user_password 	= sha1($user_password);

	mysql_query("select `user_id` from `users` where `user_name` = '{$user_name}' and `user_password` = '{$user_password}'");
	
	if (mysql_num_rows($result) != 1){
		return false;
	}
	
	return mysql_result($result, 0);
}

function fetch_user_ids($user_names){
	foreach ($user_names as &$name){
		$name = mysql_real_escape_string($name);
	}

	$result = mysql_query("select `user_id`, `user_name` from `users`where `user_name` in ('" . implode("', '", $user_names) . "')");

	$names = array(); 
	
	while (($row = mysql_fetch_assoc($result)) !== false){
		$names[$row['user_name']] = $row['user_id'];
	}
	
	return $names;
}
	
?>

I rechecked the tutorial but line 10 seems identical to me.
Does anyone have a clue?

Porkypie

[ExtremeGaming]

The problem isn't with line 10 (completely). The real problem is there is no variable named $result. You need to change your query to $result = query so:

<?php

// controleert gebruikersnaam en wachtwoord combinatie en geeft de gebruikers ID.
Function validate_credentials($user_name, $user_password){
	$user_name		= mysql_real_escape_string($user_user);
	$user_password 	= sha1($user_password);

        // Changed this
	$result = mysql_query("select `user_id` from `users` where `user_name` = '{$user_name}' and `user_password` = '{$user_password}'");
	
	if (mysql_num_rows($result) != 1){
		return false;
	}
	
	return mysql_result($result, 0);
}

[Porkypie]

thanks again!

the error is gone now, but I get a login failed.
sadly no error message

[ExtremeGaming]

$user_user here:

	$user_name		= mysql_real_escape_string($user_user);

Should be $user_name

[Porkypie]

Thanks again ExtremeGaming

Took a good look at the video again since most mistakes in this part could have been prevented that way :p
but still the login problem remains.

I hope someone can help me further.

[Porkypie]

Had another look at my codes but still haven't found the mistake i've made.
I'm not sure where to look for the error either.
So if anyone needs parts of my code to help me out just give a shout and I'll post it
I would be really happy if someone can help me to get the PM system to work

Porkypie

[ExtremeGaming]

Post the login file, as well as the files that is uses (functions, processing, etc.)

[Porkypie]

I think these are the files you need:

<h1>login</h1>

<?php

if (isset($_POST['user_name'], $_POST['user_password'])){
	echo '<div class="msg error">Login failed.</div>';
}

?>

<form action="index.php?page=login" method="post">
	<div>
		<label for="user_name">Name</label>
		<input type="text" name="user_name" id="user_name" />
	</div>
	<div>
		<label for="user_password">Password</label>
		<input type="password" name="user_password" id="user_password" />
	</div>
	<div>
		<input type="submit" value="Login" />
	</div>
</form>

<?php

$core_path = dirname(__file__);

if (empty($_GET['page']) || in_array("{$_GET['page']}.page.inc.php", scandir("{$core_path}/pages")) == false){
	header('http/1.1 404 Not Found');
	header('Location: index.php?page=inbox');
	
	die();
}

session_start();

mysql_connect('localhost', 'root', '');
mysql_select_db('Westpop');

include("{$core_path}/inc/user.inc.php");
include("{$core_path}/inc/private_message.inc.php");

if (isset($_POST['user_name'], $_POST['user_password'])){
	if (($user_id = validate_credentials($_POST['user_name'], $_POST['user_password'])) !== false){
		$_SESSION['user_id'] = $user_id;
		
		header('Location: index.php?page=inbox');
		
		die();
	}
}

if (empty($_SESSION['user_id']) && $_GET['page'] !== 'login'){
	header('http/1.1 403 Forbidden');
	header('location: index.php?page=login');
	
	die();
}

$include_file = "{$core_path}/pages/{$_GET['page']}.page.inc.php";
	
?>

<?php

// controleert gebruikersnaam en wachtwoord combinatie en geeft de gebruikers ID.
Function validate_credentials($user_name, $user_password){
	$user_name		= mysql_real_escape_string($user_name);
	$user_password 	= sha1($user_password);

	$result = mysql_query("select `user_id` from `users` where `user_name` = '{$user_name}' and `user_password` = '{$user_password}'");
	
	if (mysql_num_rows($result) != 1){
		return false;
	}
	
	return mysql_result($result, 0);
}

function fetch_user_ids($user_names){
	foreach ($user_names as &$name){
		$name = mysql_real_escape_string($name);
	}

	$result = mysql_query("select `user_id`, `user_name` from `users` where `user_name` in ('" . implode("', '", $user_names) . "')");

	$names = array(); 
	
	while (($row = mysql_fetch_assoc($result)) !== false){
		$names[$row['user_name']] = $row['user_id'];
	}
	
	return $names;
}
	
?>

[Porkypie]

Finally found what was going wrong.

Password was encrypted >.<

sadly this still doesn't fix everything.

Warning: Invalid argument supplied for foreach() in C:\.........\www\1\core\pages\inbox.page.inc.php on line 36

<?php

$errors = array();

if (isset($_GET['delete_conversation'])){
		if (validate_conversation_id($_GET['delete_conversation']) === false){
		$errors[] = 'Invalid conversation ID.';
	}

	if (empty($errors)){
		delete_conversation($_GET['delete_conversation']);
	}	
}	

$conversations = fetch_conversation_summery();

if (empty($conversations)){
	$errors[] = 'U heeft geen berichten.';
}

if (empty($errors) === false){
	foreach ($errors as $error){
		echo '<div class="msg error">', $error, '</div>';
	}
}

?>
<div class="actions">
	<a href="index.php?page=new_conversation">Nieuw Gesprek</a>
	<a href="index.php?page=logout">Log Uit</a> 
</div>

<div class="conversations">
	<?php
	
	foreach ($conversations as $conversation){
		?>
		<div class="conversation <?php if ($conversation['unread_messages']) echo 'unread'; ?>">
			<h2>
				<a href="index.php?page=inbox&delete_conversation=<?php echo $conversation['id']; ?>">[x]</a>
				<a href="index.php?page=view_conversation&conversation_id=<?php echo $conversation['id']; ?>"><?php echo $conversation['subject']; ?></a>
			</h2>
			<p>Last Reply: <?php echo date('d/m/Y H:i:s', $conversation['last_reply']); ?></p>
		</div>
		<?php
	}
	
	?>
</div>

Hope someone can help me further again

thanks in advance!

Porkypie

[ExtremeGaming]

You need to post your fetch_conversation_summery() function. Make sure it's returning an array.

[Porkypie]

function fetch_conversation_summery(){
	$sql = "select
				`conversations`.`conversation_id`,
				`conversations`.`conversations_subject`,
				max(`conversations_messages`.`message_date`) as `conversation_last_reply`
				max(`conversations_messages`.`message_date`) > `conversations_members`.`conversation_last_view` as `conversation_unread` 				
			from `conversations`
			left join `conversations_messages` on `conversations`.`conversation_id` = `conversations_messages'.'conversation_id`
			inner join `conversations_members` on `conversations`.`conversation_id` = `conversations_members'.'conversation_id`
			where `conversations_members`.`user_id` = {$_session['user_id']}
			and `conversations_members`.`conversation_deleted` = 0
			group by `conversations`.`conversation_id`
			order by `conversation_last_reply` desc";
			
			return mysql_error();
			
			$result = mysql_query($sql);
			
			$conversation = array();
			
			while (($row = mysql_fetch_assoc($result)) !== false){
				$conversations[] = array(
					'id'				=> $row['conversation_id'],
					'subject'			=> $row['conversation_subject'],
					'last_reply'		=> $row['conversation_last_reply'],
					'unread_messages'	=> ($row['conversation_unread'] == 1),
					
			
		);
	}

	return $conversations;
}

[ExtremeGaming]

Remove the line completely that says:

return mysql_error();

[Porkypie]

I put that line in to prevent an error from happening so when i remove it is just get the old error back.

[Porkypie]

I managed to figure it out. there was a mistake in my code.
after removing the:

return mysql_error();

The error is gone but sadly the other error comes back.

Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in C:\Users\B_Kortekaas\Desktop\Studentpackage\WOS Portable\www\1\core\inc\private_message.inc.php on line 24

function fetch_conversation_summery(){
	$sql = "select
				`conversations`.`conversation_id`,
				`conversations`.`conversation_subject`,
				max(`conversations_messages`.`message_date`) as `conversation_last_reply`,
				max(`conversations_messages`.`message_date`) > `conversations_members`.`conversation_last_view` as `conversation_unread` 				
			from `conversations`
			left join `conversations_messages` on `conversations`.`conversation_id` = `conversations_messages'.'conversation_id`
			inner join `conversations_members` on `conversations`.`conversation_id` = `conversations_members'.'conversation_id`
			where `conversations_members`.`user_id` = {$_SESSION['user_id']}
			and `conversations_members`.`conversation_deleted` = 0
			group by `conversations`.`conversation_id`
			order by `conversation_last_reply` desc";
			
			$result = mysql_query($sql);
			
			$conversations = array();
			
			while (($row = mysql_fetch_assoc($result)) !== false){
				$conversations[] = array(
					'id'				=> $row['conversation_id'],
					'subject'			=> $row['conversation_subject'],
					'last_reply'		=> $row['conversation_last_reply'],
					'unread_messages'	=> ($row['conversation_unread'] == 1),
					
			
		);
	}

	return $conversations;
}

[ExtremeGaming]

First try changing your query to this:

$sql = "select
                                `conversations`.`conversation_id`,
                                `conversations`.`conversation_subject`,
                                max(`conversations_messages`.`message_date`) as `conversation_last_reply`,
                                max(`conversations_messages`.`message_date`) > `conversations_members`.`conversation_last_view` as `conversation_unread`                               
                        from `conversations`
                        left join `conversations_messages` on `conversations`.`conversation_id` = `conversations_messages`.`conversation_id`
                        inner join `conversations_members` on `conversations`.`conversation_id` = `conversations_members`.`conversation_id`
                        where `conversations_members`.`user_id` = {$_SESSION['user_id']}
                        and `conversations_members`.`conversation_deleted` = 0
                        group by `conversations`.`conversation_id`
                        order by `conversation_last_reply` desc";

Noticed you were using quotes instead of backticks.
If you still receive the error, put the return mysql_error() back in, then on the file that is giving the error, put:

echo fetch_conversation_summery();

Make sure it is right after your include(); to make sure we get the error message to display. Then post it here.

[Porkypie]

The mistake was actually in the query. I've rechecked it before I posted this but didn't notice a thing.
Thanks again!

when I try to send a message with the form and submit nothing happens.
Neither does it add anything to my database.

<?php

if (isset($_POST['to'], $_POST['subject'], $_post['body'])){
	$errors = array();

	if (empty($_POST['to'])){
		$errors[] = 'U moet minstens één naam invullen.';
	}else if (preg_match('#^[a-z, ]+$#i', $_POST['to']) === 0){
		$errors[] = 'De lijst van namen is incorrect.';
	}else{
		$user_names = explode(',', $_POST['to']);
		
		foreach ($user_names as &$name){
			$name = trim($name);
		}

		$user_ids = fetch_user_ids($user_names);
			
		if (count($user_ids) !== count($user_names)){
			$errors[] = 'De volgende gebruikers kunnen niet worden gevonden: ' .implode(', ', array_diff($user_names, array_keys($user_ids)));
		}	
	}
	
	if (empty($_POST['subject'])){
		$errors[] = 'Uw bericht heeft geen onderwerp.';
	}
	
	if (empty($_POST['body'])){
	$errors[] = 'U heeft geen bericht getypt.';
	}	

	if (empty($errors)){
		create_conversation(array_unique($user_ids), $_POST['subject'], $_POST['$body']);
	}
}

if (isset($errors)){
	if (empty($errors)){
		echo '<div class="msg success">Uw bericht is verzonden! <a href="index.php?page=inbox">Terug naar Inbox</a></div>';
	}else{
		foreach ($errors as $error){
			echo '<div class="msg error">', $error, '</div>';
		}
	}
}			

?>

<form action="" method="post">
	<div>
		<label for="to">Ontvanger(s):</label>
		<input type="text" name="to" id="to" value="<?php if (isset($_POST['to'])) echo htmlentities($_POST['to']); ?>" />
	</div>
	<div>
		<label for="subject">Onderwerp:</label>
		<input type="text" name="subject" id="subject" value="<?php if (isset($_POST['subject'])) echo htmlentities($_POST['subject']); ?>" />
	</div>
	<div>
		<label for="body">Type hier uw bericht:</label>
		<textarea name="body" rows="20" cols="117"><?php if (isset($_POST['body'])) echo htmlentities($_POST['body']); ?></textarea> 
	</div>
	<div>
		<input type="submit" value="verzenden" />
	</div>
</form>

The form action is empty but this is also empty in the tutorial.

Could someone tell me how to fix this?

[ExtremeGaming]

if (isset($_POST['to'], $_POST['subject'], $_post['body'])){

$_POST is case-sensitive, change $_post to $_POST as it will always return false the way you have it.

[Porkypie]

good to know

I think there's something wrong in this part of my code:

function create_conversation($user_ids, $subject, $body){
	$subject	= mysql_real_escape_string(htmlentities($subject));
	$body		= mysql_real_escape_string(htmlentities($body));
	
	mysql_query("insert into `conversations` (`conversation_subject`) values ('{$subject}')");
	
	$conversation_id = mysql_insert_id();
	
	$sql = "insert into `conversations_messages` (`conversation_id`, `user_id`, `message_date`, `message_text`)
			values ({$conversation_id}, {$_SESSION['user_id']}, unix_timestamp(), '{$body}')";
			
	mysql_query($sql);
	
	$values = array("({conversation_id}, {$_SESSION['user_id']}, unix_timestamp(), 0)");
	
	foreach ($user_ids as $user_id){
		$user_id = (int) $user_id;
		
		$values[] = "({conversation_id}, {$user_id}, 0, 0)";
	}
	
	$sql = "insert into `conversations_members` (`conversation_id`, `user_id`, `conversation_last_view`, `conversation_deleted`)
			values " . implode(", ", $values);
			
	mysql_query($sql);
}

I'm able to add messages to the message table but not able to really start a conversation. So when I log in with another account
I don't see any messages.

[jacek]

Not really following this but you're users are not receiving messages it's probably that the insert into `conversations_members` query is failing, which makes sense since you have a typo on this line

$values[] = "({conversation_id}, {$user_id}, 0, 0)";

it should be

$values[] = "({$conversation_id}, {$user_id}, 0, 0)";