Page 1 of 2

Hey I just made this issue...so solve it maybe? - SOLVED

Posted: Sun Jul 01, 2012 1:26 am
by Thunderbob
Hey guys
Here's what I dealing here...and it's quite tough so be prepared to be mind boggled (like me)

So I have a login and and profile system on my page that are currently operating on different "platforms".
I want to mix the two together seamlessly without completely starting over.

If you go to my site http://www.yourtechview.com , make an account, and login...you will be introduced to a page ending in
access-controlled.php

This page can only viewed while you have an active session..other wise you will be redirected to the login screen
(neat huh?)

so at the top right of the access-controlled.php page you'll notice that your full name will appear as a menu option. (cool beans)
What I want to do is to have that menu item linked to the login page of the user who is logged in.

that's all.

You're probably asking for code right about now and here goes.

Access Controlled page
<?PHP

require_once("./include/membersite_config.php");
if(!$fgmembersite->CheckLogin())
{    $fgmembersite->RedirectToURL("/source/login.php");
    exit;}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<!DOCTYPE HTML>
<!--
	Halcyonic 1.0 by nodethirtythree + FCT
	http://nodethirtythree.com | @nodethirtythree
	Released under the Creative Commons Attribution 3.0 license (nodethirtythree.com/license)
-->
<html>
	<head>
		<title>Your Tech Reviews</title>
                <div id="fb-root"></div>
<p>
<script type="text/javascript"><!--
(function(d, s, id) 
{
  var js, fjs = d.getElementsByTagName(s)[0];
  if (d.getElementById(id)) return;
  js = d.createElement(s); js.id = id;

  js.src = "//connect.facebook.net/en_US/all.js#xfbml=1";
  fjs.parentNode.insertBefore(js, fjs);
}(document, 'script', 'facebook-jssdk'));
// -->
</script>
</p>
<center>
<style type="text/css"> 
 
 
 
#navbar ul { 
        
margin: 0; 
        
padding: 5px; 
        
list-style-type: none; 
        
text-align: center; 
        
background-color: #FFFF; 
        } 
 

#navbar ul li {  
        display: inline; 
        } 
 

#navbar ul li a { 
        text-decoration: none; 
        padding: .2em 1em; 
        color: #FFFF; 
        background-color: #FFFF; 
        } 
 

#navbar ul li a:hover { 
        color: #B8B8B8; 
        background-color: #FFFF; 
        } 
 
 
</style>


		<meta http-equiv="content-type" content="text/html; charset=utf-8" />
		<meta name="description" content="" />
		<meta name="keywords" content="" />
                <script type="text/javascript" src="/js/jquery-1.7.1.min.js"></script>
                <script type="text/javascript" src="/js/jquery.slidertron-1.1.js"></script>
		<!--5grid--><script src="/js/viewport.js"></script><!--[if lt IE 9]>
                
                <script src="/js/ie.js"></script><![endif]-->
                <link rel="stylesheet" href="/css/responsive.css" /><!--/5grid-->
		<link rel="stylesheet" href="/css/style.css" />
                <link rel="stylesheet" href="/css/style111.css" />
                <link rel="stylesheet" href="/css/demo1.css" />
		<!--[if lte IE 9]><link rel="stylesheet" href="/css/style-ie9.css" /><![endif]-->
	</head>
	<body>
<p><!-- Header --></p>
<div id="header-wrapper"><header id="header" class="5grid">
<div class="12u-first"><!-- Logo -->
<h1><a href="#">Your Tech Reviews</a></h1>
<!-- Nav -->             <nav> 
            <a href="access-controlled.php">Home</a> <a href="reviews.php">Reviews</a> 
            <a href="videos.php">Videos</a> <a href="articles.php">Articles</a> <a href="market.php" ">Marketplace</a>               
            <a href="profile.php?uid=<?php echo $user['id'];?>"><?= $fgmembersite->UserFullName(); ?></a> 
 </nav></div>
</header>
<div id="banner">
<div class="5grid 5grid-alt">
<div class="6u-first"><!-- Banner Copy -->
<p>Your Technology. Your Reviews.</p>
<form method="get" action="http://www.google.com/search"><input type="text" value="             Start Searching Now!" size="31" onfocus="this.value=''" name="q" maxlength="200" class="button-big" /><input type="submit" value="Google Search" /><input type="radio" name="sitesearch" value="" /> The Web <input type="radio" name="sitesearch" value="yourtechview.com" checked="checked" /> Your Tech Reviews</form></div>
<div class="6u"><!-- Banner Image --><!-- HTML -->
<div id="slider">
<div class="viewer">
<div class="reel">
<div class="slide"><img src="/images/banner.jpg"/> </div>
<div class="slide"><img src="/images/rsz_beats.jpg" /></div>
<div class="slide"><img src="http://www.popsci.com/files/imagecache/ ... 931732.jpg" /></div>
<div class="slide"><img src="http://i.haymarket.net.au/News/xbox-360 ... lass.jpg"/> </div>
<div class="slide"><img src="http://cdn01.cdn.egotastic.com/wp-conte ... 00x450.jpg" /></div>
</div>
</div>
</div>
<!-- JS -->
<script type="text/javascript">// <![CDATA[
$('#slider').slidertron({
        viewerSelector: '.viewer',
        reelSelector: '.viewer .reel',
        slidesSelector: '.viewer .reel .slide',
        advanceDelay: 3000,
        speed: 'slow'
    });
// ]]></script>
</div>
<div class="5grid-clear"></div>
</div>
</div>
</div>
<p><!-- Features --></p>
<div id="features-wrapper">
<div id="features">
<div class="5grid">
<div class="3u-first"><!-- Feature #1 --><section><a href="#" class="bordered-feature-image"><img src="/images/pic01.jpg" /></a>
<h2>The new Macbook Pro RD</h2>
<p>Introducing the next generation of computers. This thing is no joke.</p>
</section></div>
<div class="3u"><!-- Feature #2 --><section><a href="#" class="bordered-feature-image"><img src="/images/pic02.jpg" /></a>
<h2>A Microsoft Tablet?</h2>
<p>Yes! Should we be surprised that Microsoft is competing against their own hardware partners? <strong>You decide</strong></p>
</section></div>
<div class="3u"><!-- Feature #3 --><section><a href="#" class="bordered-feature-image"><img src="/images/pic03.jpg" /></a>
<h2>Another Galaxy</h2>
<p>Some are seriously debating on this phone. Buy this sweet toy..or wait for Iphone 5?</p>
</section></div>
<div class="3u"><!-- Feature #4 --><section><a href="#" class="bordered-feature-image"><img src="/images/pic04.jpg" /></a>
<h2>Black Ops 2</h2>
<p>The first one was pretty good but this is what we want to see in November.</p>
</section></div>
</div>
</div>
</div>
<p><!-- Content --></p>
<div id="content-wrapper">
<div id="content">
<div class="5grid">
<div class="4u-first"><!-- Box #1 -->
<div class="4u"><!-- Box #2 -->
<div class="4u"><!-- Box #3 --></div>
</div>
</div>
</div>
<!-- Footer -->
<div id="footer-wrapper"><footer id="footer" class="5grid">
<div class="8u-first"><!-- Links --><section>
<h2>Links to Important Stuff</h2>
<div class="3u-first">
<ul class="link-list last-child">
<li><a href="/about">About Your Tech Views</a></li>
<li><a href="/contact">Contact Us</a></li>
<li><a href="#">Privacy Policy</a></li>
<li><a href="#">Jobs</a></li>
</ul>
</div>
<div class="3u">
<ul class="link-list last-child">
<li><a href="#">Terms of Use</a></li>
<li><a href="#">Guidelines </a></li>
<li><a href="#">Reputation </a></li>
<li><a href="#">Point System </a></li>
</ul>
</div>
<div class="3u"></div>
<div class="3u"></div>
<br /><br /><br /><br /><br /><br /></section></div>
<div class="4u"><!-- Blurb --></div>
</footer></div>
<!-- Copyright -->
<div id="copyright">(c) 2012 Untitled Website. All rights reserved. Design by <a href="http://nodethirtythree.com/">nodethirtythree</a> + <a href="http://www.freecsstemplates.org/">FCT</a>. Images by <a href="http://fotogrph.com/">Fotogrph</a>.</div>
</div>
</div>
</body>
</html>
here is the profile.php page
<?php
include('init.inc.php');
$user_info = fetch_user_info($_GET['uid']);
echo mysql_error(); 
?>


<!DOCTYPE HTML>

<!--

	Halcyonic 1.0 by nodethirtythree + FCT

	http://nodethirtythree.com | @nodethirtythree

	Released under the Creative Commons Attribution 3.0 license (nodethirtythree.com/license)

-->

<html>

	<head>

		<title><?php echo $user_info['username']; ?>'s Profile</title>

		<meta http-equiv="content-type" content="text/html; charset=utf-8" />

		<meta name="description" content="" />

		<meta name="keywords" content="" />

		<!--5grid--><script src="/js/viewport.js"></script><!--[if lt IE 9]><script src="/js/ie.js"></script><![endif]--><link rel="stylesheet" href="/css/responsive.css" /><!--/5grid-->

		<link rel="stylesheet" href="/css/style.css" />

		<!--[if lte IE 9]><link rel="stylesheet" href="/css/style-ie9.css" /><![endif]-->

	</head>

	<body class="subpage">



		<!-- Header -->

			<div id="header-wrapper">

				<header id="header" class="5grid">

					<div class="12u-first">



						<!-- Logo -->

							<h1><a href"">Profile</a></h1>

						

						<!-- Nav -->

							<nav> <a href="access-controlled.php">Home</a> <a href="reviews.html">Reviews</a> <a href="videos.html">Videos</a> <a href="articles.html">Articles</a> <a href="/market.html">Marketplace</a><a href="/source/login.php">Login</a> </nav>



					</div>

				</header>

			</div>



		<!-- Content -->

			<div id="content-wrapper">

				<div id="content">

					<div class="5grid">

						<div class="3u-first">

							

							<!-- Sidebar -->

								<section>

									<header>

										<h2><?php echo $user_info['username']; ?></h2>

									</header>

									<div>
<?php
if ($user_info === false){
   echo 'That user does not exist.';
} else {
?>

<p></p>
<p> Gender:  <?php echo ($user_info['gender'] == Male) ? 'Male' : 'Female'; ?></p>
<p>Location:<?php echo $user_info['location']; ?></p>

<?php
}
?>
</div>

								</section>

								<section>

									<header>

										<h2>About</h2>

									</header>

									<p>

										About:  <?php echo $user_info['about']; ?></p>

								</section>



						</div>

						<div class="9u">

							

							<!-- Main Content -->

								<section>

									<header>

										<h2>Currently Empty Space</h2>

										<h3>Nothing to do here</h3>

									</header>

									This is just going to be empty space


								</section>



						</div>

					</div>

				</div>

			</div>



		<!-- Footer -->

			<div id="footer-wrapper">

				<footer id="footer" class="5grid">

					<div class="8u-first">

					

						<!-- Links -->

							<section>

								<h2>Links to Important Stuff</h2>

								<div class="3u-first">

									<ul class="link-list last-child">

										<li><a href="#">Neque amet dapibus</a></li>

										<li><a href="#">Sed mattis quis rutrum</a></li>

										<li><a href="#">Accumsan suspendisse</a></li>

										<li><a href="#">Eu varius vitae magna</a></li>

									</ul>

								</div>

								<div class="3u">

									<ul class="link-list last-child">

										<li><a href="#">Neque amet dapibus</a></li>

										<li><a href="#">Sed mattis quis rutrum</a></li>

										<li><a href="#">Accumsan suspendisse</a></li>

										<li><a href="#">Eu varius vitae magna</a></li>

									</ul>

								</div>

								<div class="3u">

									<ul class="link-list last-child">

										<li><a href="#">Neque amet dapibus</a></li>

										<li><a href="#">Sed mattis quis rutrum</a></li>

										<li><a href="#">Accumsan suspendisse</a></li>

										<li><a href="#">Eu varius vitae magna</a></li>

									</ul>

								</div>

								<div class="3u">

									<ul class="link-list last-child">

										<li><a href="#">Neque amet dapibus</a></li>

										<li><a href="#">Sed mattis quis rutrum</a></li>

										<li><a href="#">Accumsan suspendisse</a></li>

										<li><a href="#">Eu varius vitae magna</a></li>

									</ul>

								</div>

							</section>



					</div>

					<div class="4u">

						

						<!-- Blurb -->

							<section>

								<h2>An Informative Text Blurb</h2>

								<p>

									Duis neque nisi, dapibus sed mattis quis, rutrum accumsan sed. Suspendisse eu 

									varius nibh. Suspendisse vitae magna eget odio amet mollis. Duis neque nisi, 

									dapibus sed mattis quis, sed rutrum accumsan sed. Suspendisse eu varius nibh 

									lorem ipsum amet dolor sit amet lorem ipsum consequat gravida justo mollis.

								</p>

							</section>

					

					</div>

				</footer>

			</div>



		<!-- Copyright -->

			<div id="copyright">

				(c) 2012 Untitled Website. All rights reserved. Design by <a href="http://nodethirtythree.com/">nodethirtythree</a> + <a href="http://www.freecsstemplates.org/">FCT</a>. Images by <a href="http://fotogrph.com/">Fotogrph</a>.

			</div>



	</body>

</html>

now the profile system I got from the youtube tutorials and uses a very different session method than the one I am using.
I've tried many things and nothing works.

I was able to make profile pages appear for all of my users and you can navigate through each via changing the uid at the end. However, I want to establish a link from the currently logged in user..directly to their profile page from the access-controlled.php page.

notice <a href="profile.php?uid=<?php echo $user['id'];?>"><?= $fgmembersite->UserFullName(); ?></a>
which shows your full name but links to no user.

let me know if you need to see more code.

Thank you all in advance.

Re: Hey I just made this issue...so solve it maybe?

Posted: Sun Jul 01, 2012 1:50 am
by sturekdrf
I would like to help but your bad use of that song lyric has temporarly made my brain melt. Ill try back later ;P

Re: Hey I just made this issue...so solve it maybe?

Posted: Sun Jul 01, 2012 2:23 am
by Thunderbob
whoops! haha
thanks for your consideration.

Re: Hey I just made this issue...so solve it maybe?

Posted: Sun Jul 01, 2012 9:12 am
by sturekdrf
Got time to look over some of the code, what do you mean by linked?

Re: Hey I just made this issue...so solve it maybe?

Posted: Sun Jul 01, 2012 10:46 am
by Thunderbob
by linked I mean when you click it...you are directed to your own profile page.

when I click the link.........as of right now I go to

www.yourtechview.com/source/profile.php?uid=

when their should be a number at the end (my number).

www.yourtechview.com/source/user_list.php
the links are done correctly on this page as you can see each user is linked to their profile page.

Re: Hey I just made this issue...so solve it maybe?

Posted: Sun Jul 01, 2012 12:13 pm
by jacek
The current user id must be stored somewhere from login ?

Re: Hey I just made this issue...so solve it maybe?

Posted: Sun Jul 01, 2012 12:23 pm
by Thunderbob
I've tried but I just don't know where to put it.
<?PHP
/*
    Registration/Login script from HTML Form Guide
    V1.0

    This program is free software published under the
    terms of the GNU Lesser General Public License.
    http://www.gnu.org/copyleft/lesser.html
    

This program is distributed in the hope that it will
be useful - WITHOUT ANY WARRANTY; without even the
implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.

For updates, please visit:
http://www.html-form-guide.com/php-form ... -form.html
http://www.html-form-guide.com/php-form ... -form.html

*/
require_once("class.phpmailer.php");
require_once("formvalidator.php");

class FGMembersite
{
    var $admin_email;
    var $from_address;
    
    var $username;
    var $pwd;
    var $database;
    var $tablename;
    var $connection;
    var $rand_key;
    
    var $error_message;
    
    //-----Initialization -------
    function FGMembersite()
    {
        $this->sitename = 'YourWebsiteName.com';
        $this->rand_key = '0iQx5oBk66oVZep';
    }
    
    function InitDB($host,$uname,$pwd,$database,$tablename)
    {
        $this->db_host  = $host;
        $this->username = $uname;
        $this->pwd  = $pwd;
        $this->database  = $database;
        $this->tablename = $tablename;
        
    }

    function fetch_users(){
        $result = mysql_query("SELECT `id_user` AS `id`, `username` AS `username` FROM `fgusers3` ");
               $users = array();
               while (($row = mysql_fetch_assoc($result)) !== false){
                $users[] = $row;
        }echo mysql_error();
               return $users;
}
function fetch_user_info($uid){
$uid = (int)$uid;
$sql = "SELECT
                               `username` AS `username`,
                               `user_about` AS `about`,
                               `user_location` AS `location`,
                               `user_gender` AS `gender`
                       FROM `fgusers3`
                       WHERE `id_user`= '{$uid}'" ;
$result = mysql_query($sql);
return mysql_fetch_assoc($result);
   }


    function SetAdminEmail($email)
    {
        $this->admin_email = $email;
    }
    
    function SetWebsiteName($sitename)
    {
        $this->sitename = $sitename;
    }
    
    function SetRandomKey($key)
    {
        $this->rand_key = $key;
    }
    
    //-------Main Operations ----------------------
    function RegisterUser()
    {
        if(!isset($_POST['submitted']))
        {
           return false;
        }
        
        $formvars = array();
        
        if(!$this->ValidateRegistrationSubmission())
        {
            return false;
        }
        
        $this->CollectRegistrationSubmission($formvars);
        
        if(!$this->SaveToDatabase($formvars))
        {
            return false;
        }
        
        if(!$this->SendUserConfirmationEmail($formvars))
        {
            return false;
        }

        $this->SendAdminIntimationEmail($formvars);
        
        return true;
    }

    function ConfirmUser()
    {
        if(empty($_GET['code'])||strlen($_GET['code'])<=10)
        {
            $this->HandleError("Please provide the confirm code");
            return false;
        }
        $user_rec = array();
        if(!$this->UpdateDBRecForConfirmation($user_rec))
        {
            return false;
        }
        
        $this->SendUserWelcomeEmail($user_rec);
        
        $this->SendAdminIntimationOnRegComplete($user_rec);
        
        return true;
    }    
    
    function Login()
    {
        if(empty($_POST['username']))
        {
            $this->HandleError("UserName is empty!");
            return false;
        }
        
        if(empty($_POST['password']))
        {
            $this->HandleError("Password is empty!");
            return false;
        }
        
        $username = trim($_POST['username']);
        $password = trim($_POST['password']);
        
        if(!isset($_SESSION)){ session_start(); }
        if(!$this->CheckLoginInDB($username,$password))
        {
            return false;
        }
        
        $_SESSION[$this->GetLoginSessionVar()] = $username;
        
        return true;
    }
    
    function CheckLogin()
    {
         if(!isset($_SESSION)){ session_start(); }

         $sessionvar = $this->GetLoginSessionVar();
         
         if(empty($_SESSION[$sessionvar]))
         {
            return false;
         }
         return true;
    }
    
    function UserFullName()
    {
        return isset($_SESSION['name_of_user'])?$_SESSION['name_of_user']:'';
    }
    
    function UserEmail()
    {
        return isset($_SESSION['email_of_user'])?$_SESSION['email_of_user']:'';
    }
    
    function LogOut()
    {
        session_start();
        
        $sessionvar = $this->GetLoginSessionVar();
        
        $_SESSION[$sessionvar]=NULL;
        
        unset($_SESSION[$sessionvar]);
    }
    
    function EmailResetPasswordLink()
    {
        if(empty($_POST['email']))
        {
            $this->HandleError("Email is empty!");
            return false;
        }
        $user_rec = array();
        if(false === $this->GetUserFromEmail($_POST['email'], $user_rec))
        {
            return false;
        }
        if(false === $this->SendResetPasswordLink($user_rec))
        {
            return false;
        }
        return true;
    }
    
    function ResetPassword()
    {
        if(empty($_GET['email']))
        {
            $this->HandleError("Email is empty!");
            return false;
        }
        if(empty($_GET['code']))
        {
            $this->HandleError("reset code is empty!");
            return false;
        }
        $email = trim($_GET['email']);
        $code = trim($_GET['code']);
        
        if($this->GetResetPasswordCode($email) != $code)
        {
            $this->HandleError("Bad reset code!");
            return false;
        }
        
        $user_rec = array();
        if(!$this->GetUserFromEmail($email,$user_rec))
        {
            return false;
        }
        
        $new_password = $this->ResetUserPasswordInDB($user_rec);
        if(false === $new_password || empty($new_password))
        {
            $this->HandleError("Error updating new password");
            return false;
        }
        
        if(false == $this->SendNewPassword($user_rec,$new_password))
        {
            $this->HandleError("Error sending new password");
            return false;
        }
        return true;
    }
    
    function ChangePassword()
    {
        if(!$this->CheckLogin())
        {
            $this->HandleError("Not logged in!");
            return false;
        }
        
        if(empty($_POST['oldpwd']))
        {
            $this->HandleError("Old password is empty!");
            return false;
        }
        if(empty($_POST['newpwd']))
        {
            $this->HandleError("New password is empty!");
            return false;
        }
        
        $user_rec = array();
        if(!$this->GetUserFromEmail($this->UserEmail(),$user_rec))
        {
            return false;
        }
        
        $pwd = trim($_POST['oldpwd']);
        
        if($user_rec['password'] != md5($pwd))
        {
            $this->HandleError("The old password does not match!");
            return false;
        }
        $newpwd = trim($_POST['newpwd']);
        
        if(!$this->ChangePasswordInDB($user_rec, $newpwd))
        {
            return false;
        }
        return true;
    }
    
    //-------Public Helper functions -------------
    function GetSelfScript()
    {
        return htmlentities($_SERVER['PHP_SELF']);
    }    
    
    function SafeDisplay($value_name)
    {
        if(empty($_POST[$value_name]))
        {
            return'';
        }
        return htmlentities($_POST[$value_name]);
    }
    
    function RedirectToURL($url)
    {
        header("Location: $url");
        exit;
    }
    
    function GetSpamTrapInputName()
    {
        return 'sp'.md5('KHGdnbvsgst'.$this->rand_key);
    }
    
    function GetErrorMessage()
    {
        if(empty($this->error_message))
        {
            return '';
        }
        $errormsg = nl2br(htmlentities($this->error_message));
        return $errormsg;
    }    
    //-------Private Helper functions-----------
    
    function HandleError($err)
    {
        $this->error_message .= $err."\r\n";
    }
    
    function HandleDBError($err)
    {
        $this->HandleError($err."\r\n mysqlerror:".mysql_error());
    }
    
    function GetFromAddress()
    {
        if(!empty($this->from_address))
        {
            return $this->from_address;
        }

        $host = $_SERVER['SERVER_NAME'];

        $from ="nobody@$host";
        return $from;
    } 
    
    function GetLoginSessionVar()
    {
        $retvar = md5($this->rand_key);
        $retvar = 'usr_'.substr($retvar,0,10);
        return $retvar;
    }
    
    function CheckLoginInDB($username,$password)
    {
        if(!$this->DBLogin())
        {
            $this->HandleError("Database login failed!");
            return false;
        }          
        $username = $this->SanitizeForSQL($username);
        $pwdmd5 = md5($password);
        $qry = "Select name, email from $this->tablename where username='$username' and password='$pwdmd5' and confirmcode='y'";
        
        $result = mysql_query($qry,$this->connection);
        
        if(!$result || mysql_num_rows($result) <= 0)
        {
            $this->HandleError("Error logging in. The username or password does not match");
            return false;
        }
        
        $row = mysql_fetch_assoc($result);
        
        
        $_SESSION['name_of_user']  = $row['name'];
        $_SESSION['email_of_user'] = $row['email'];
        
        return true;
    }
    
    function UpdateDBRecForConfirmation(&$user_rec)
    {
        if(!$this->DBLogin())
        {
            $this->HandleError("Database login failed!");
            return false;
        }   
        $confirmcode = $this->SanitizeForSQL($_GET['code']);
        
        $result = mysql_query("Select name, email from $this->tablename where confirmcode='$confirmcode'",$this->connection);   
        if(!$result || mysql_num_rows($result) <= 0)
        {
            $this->HandleError("Wrong confirm code.");
            return false;
        }
        $row = mysql_fetch_assoc($result);
        $user_rec['name'] = $row['name'];
        $user_rec['email']= $row['email'];
        
        $qry = "Update $this->tablename Set confirmcode='y' Where  confirmcode='$confirmcode'";
        
        if(!mysql_query( $qry ,$this->connection))
        {
            $this->HandleDBError("Error inserting data to the table\nquery:$qry");
            return false;
        }      
        return true;
    }
    
    function ResetUserPasswordInDB($user_rec)
    {
        $new_password = substr(md5(uniqid()),0,10);
        
        if(false == $this->ChangePasswordInDB($user_rec,$new_password))
        {
            return false;
        }
        return $new_password;
    }
    
    function ChangePasswordInDB($user_rec, $newpwd)
    {
        $newpwd = $this->SanitizeForSQL($newpwd);
        
        $qry = "Update $this->tablename Set password='".md5($newpwd)."' Where  id_user=".$user_rec['id_user']."";
        
        if(!mysql_query( $qry ,$this->connection))
        {
            $this->HandleDBError("Error updating the password \nquery:$qry");
            return false;
        }     
        return true;
    }
    
    function GetUserFromEmail($email,&$user_rec)
    {
        if(!$this->DBLogin())
        {
            $this->HandleError("Database login failed!");
            return false;
        }   
        $email = $this->SanitizeForSQL($email);
        
        $result = mysql_query("Select * from $this->tablename where email='$email'",$this->connection);  

        if(!$result || mysql_num_rows($result) <= 0)
        {
            $this->HandleError("There is no user with email: $email");
            return false;
        }
        $user_rec = mysql_fetch_assoc($result);

        
        return true;
    }
    
    function SendUserWelcomeEmail(&$user_rec)
    {
        $mailer = new PHPMailer();
        
        $mailer->CharSet = 'utf-8';
        
        $mailer->AddAddress($user_rec['email'],$user_rec['name']);
        
        $mailer->Subject = "Welcome to ".$this->sitename;

        $mailer->From = $this->GetFromAddress();        
        
        $mailer->Body ="Hello ".$user_rec['name']."\r\n\r\n".
        "Welcome! Your registration  with ".$this->sitename." is completed.\r\n".
        "\r\n".
        "Regards,\r\n".
        "Webmaster\r\n".
        $this->sitename;

        if(!$mailer->Send())
        {
            $this->HandleError("Failed sending user welcome email.");
            return false;
        }
        return true;
    }
    
    function SendAdminIntimationOnRegComplete(&$user_rec)
    {
        if(empty($this->admin_email))
        {
            return false;
        }
        $mailer = new PHPMailer();
        
        $mailer->CharSet = 'utf-8';
        
        $mailer->AddAddress($this->admin_email);
        
        $mailer->Subject = "Registration Completed: ".$user_rec['name'];

        $mailer->From = $this->GetFromAddress();         
        
        $mailer->Body ="A new user registered at ".$this->sitename."\r\n".
        "Name: ".$user_rec['name']."\r\n".
        "Email address: ".$user_rec['email']."\r\n";
        
        if(!$mailer->Send())
        {
            return false;
        }
        return true;
    }
    
    function GetResetPasswordCode($email)
    {
       return substr(md5($email.$this->sitename.$this->rand_key),0,10);
    }
    
    function SendResetPasswordLink($user_rec)
    {
        $email = $user_rec['email'];
        
        $mailer = new PHPMailer();
        
        $mailer->CharSet = 'utf-8';
        
        $mailer->AddAddress($email,$user_rec['name']);
        
        $mailer->Subject = "Your reset password request at ".$this->sitename;

        $mailer->From = $this->GetFromAddress();
        
        $link = $this->GetAbsoluteURLFolder().
                '/resetpwd.php?email='.
                urlencode($email).'&code='.
                urlencode($this->GetResetPasswordCode($email));

        $mailer->Body ="Hello ".$user_rec['name']."\r\n\r\n".
        "There was a request to reset your password at ".$this->sitename."\r\n".
        "Please click the link below to complete the request: \r\n".$link."\r\n".
        "Regards,\r\n".
        "Webmaster\r\n".
        $this->sitename;
        
        if(!$mailer->Send())
        {
            return false;
        }
        return true;
    }
    
    function SendNewPassword($user_rec, $new_password)
    {
        $email = $user_rec['email'];
        
        $mailer = new PHPMailer();
        
        $mailer->CharSet = 'utf-8';
        
        $mailer->AddAddress($email,$user_rec['name']);
        
        $mailer->Subject = "Your new password for ".$this->sitename;

        $mailer->From = $this->GetFromAddress();
        
        $mailer->Body ="Hello ".$user_rec['name']."\r\n\r\n".
        "Your password is reset successfully. ".
        "Here is your updated login:\r\n".
        "username:".$user_rec['username']."\r\n".
        "password:$new_password\r\n".
        "\r\n".
        "Login here: ".$this->GetAbsoluteURLFolder()."/login.php\r\n".
        "\r\n".
        "Regards,\r\n".
        "Webmaster\r\n".
        $this->sitename;
        
        if(!$mailer->Send())
        {
            return false;
        }
        return true;
    }    
    
    function ValidateRegistrationSubmission()
    {
        //This is a hidden input field. Humans won't fill this field.
        if(!empty($_POST[$this->GetSpamTrapInputName()]) )
        {
            //The proper error is not given intentionally
            $this->HandleError("Automated submission prevention: case 2 failed");
            return false;
        }
        
        $validator = new FormValidator();
        $validator->addValidation("name","req","Please fill in Name");
        $validator->addValidation("email","email","The input for Email should be a valid email value");
        $validator->addValidation("email","req","Please fill in Email");
        $validator->addValidation("username","req","Please fill in UserName");
        $validator->addValidation("password","req","Please fill in Password");

        
        if(!$validator->ValidateForm())
        {
            $error='';
            $error_hash = $validator->GetErrors();
            foreach($error_hash as $inpname => $inp_err)
            {
                $error .= $inpname.':'.$inp_err."\n";
            }
            $this->HandleError($error);
            return false;
        }        
        return true;
    }
    
    function CollectRegistrationSubmission(&$formvars)
    {
        $formvars['name'] = $this->Sanitize($_POST['name']);
        $formvars['email'] = $this->Sanitize($_POST['email']);
        $formvars['username'] = $this->Sanitize($_POST['username']);
        $formvars['password'] = $this->Sanitize($_POST['password']);
    }
    
    function SendUserConfirmationEmail(&$formvars)
    {
        $mailer = new PHPMailer();
        
        $mailer->CharSet = 'utf-8';
        
        $mailer->AddAddress($formvars['email'],$formvars['name']);
        
        $mailer->Subject = "Your registration with ".$this->sitename;

        $mailer->From = $this->GetFromAddress();        
        
        $confirmcode = $formvars['confirmcode'];
        
        $confirm_url = $this->GetAbsoluteURLFolder().'/confirmreg.php?code='.$confirmcode;
        
        $mailer->Body ="Hello ".$formvars['name']."\r\n\r\n".
        "Thanks for your registration with ".$this->sitename."\r\n".
        "Please click the link below to confirm your registration.\r\n".
        "$confirm_url\r\n".
        "\r\n".
        "Regards,\r\n".
        "Webmaster\r\n".
        $this->sitename;

        if(!$mailer->Send())
        {
            $this->HandleError("Failed sending registration confirmation email.");
            return false;
        }
        return true;
    }
    function GetAbsoluteURLFolder()
    {
        $scriptFolder = (isset($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] == 'on')) ? 'https://' : 'http://';
        $scriptFolder .= $_SERVER['HTTP_HOST'] . dirname($_SERVER['REQUEST_URI']);
        return $scriptFolder;
    }
    
    function SendAdminIntimationEmail(&$formvars)
    {
        if(empty($this->admin_email))
        {
            return false;
        }
        $mailer = new PHPMailer();
        
        $mailer->CharSet = 'utf-8';
        
        $mailer->AddAddress($this->admin_email);
        
        $mailer->Subject = "New registration: ".$formvars['name'];

        $mailer->From = $this->GetFromAddress();         
        
        $mailer->Body ="A new user registered at ".$this->sitename."\r\n".
        "Name: ".$formvars['name']."\r\n".
        "Email address: ".$formvars['email']."\r\n".
        "UserName: ".$formvars['username'];
        
        if(!$mailer->Send())
        {
            return false;
        }
        return true;
    }
    
    function SaveToDatabase(&$formvars)
    {
        if(!$this->DBLogin())
        {
            $this->HandleError("Database login failed!");
            return false;
        }
        if(!$this->Ensuretable())
        {
            return false;
        }
        if(!$this->IsFieldUnique($formvars,'email'))
        {
            $this->HandleError("This email is already registered");
            return false;
        }
        
        if(!$this->IsFieldUnique($formvars,'username'))
        {
            $this->HandleError("This UserName is already used. Please try another username");
            return false;
        }        
        if(!$this->InsertIntoDB($formvars))
        {
            $this->HandleError("Inserting to Database failed!");
            return false;
        }
        return true;
    }
    
    function IsFieldUnique($formvars,$fieldname)
    {
        $field_val = $this->SanitizeForSQL($formvars[$fieldname]);
        $qry = "select username from $this->tablename where $fieldname='".$field_val."'";
        $result = mysql_query($qry,$this->connection);   
        if($result && mysql_num_rows($result) > 0)
        {
            return false;
        }
        return true;
    }
    
    function DBLogin()
    {

        $this->connection = mysql_connect($this->db_host,$this->username,$this->pwd);

        if(!$this->connection)
        {   
            $this->HandleDBError("Database Login failed! Please make sure that the DB login credentials provided are correct");
            return false;
        }
        if(!mysql_select_db($this->database, $this->connection))
        {
            $this->HandleDBError('Failed to select database: '.$this->database.' Please make sure that the database name provided is correct');
            return false;
        }
        if(!mysql_query("SET NAMES 'UTF8'",$this->connection))
        {
            $this->HandleDBError('Error setting utf8 encoding');
            return false;
        }
        return true;
    }    
    
    function Ensuretable()
    {
        $result = mysql_query("SHOW COLUMNS FROM $this->tablename");   
        if(!$result || mysql_num_rows($result) <= 0)
        {
            return $this->CreateTable();
        }
        return true;
    }
    
    function CreateTable()
    {
        $qry = "Create Table $this->tablename (".
                "id_user INT NOT NULL AUTO_INCREMENT ,".
                "name VARCHAR( 128 ) NOT NULL ,".
                "email VARCHAR( 64 ) NOT NULL ,".
                "phone_number VARCHAR( 16 ) NOT NULL ,".
                "username VARCHAR( 16 ) NOT NULL ,".
                "password VARCHAR( 32 ) NOT NULL ,".
                "confirmcode VARCHAR(32) ,".
                "PRIMARY KEY ( id_user )".
                ")";
                
        if(!mysql_query($qry,$this->connection))
        {
            $this->HandleDBError("Error creating the table \nquery was\n $qry");
            return false;
        }
        return true;
    }
    
    function InsertIntoDB(&$formvars)
    {
    
        $confirmcode = $this->MakeConfirmationMd5($formvars['email']);
        
        $formvars['confirmcode'] = $confirmcode;
        
        $insert_query = 'insert into '.$this->tablename.'(
                name,
                email,
                username,
                password,
                confirmcode
                )
                values
                (
                "' . $this->SanitizeForSQL($formvars['name']) . '",
                "' . $this->SanitizeForSQL($formvars['email']) . '",
                "' . $this->SanitizeForSQL($formvars['username']) . '",
                "' . md5($formvars['password']) . '",
                "' . $confirmcode . '"
                )';      
        if(!mysql_query( $insert_query ,$this->connection))
        {
            $this->HandleDBError("Error inserting data to the table\nquery:$insert_query");
            return false;
        }        
        return true;
    }
    function MakeConfirmationMd5($email)
    {
        $randno1 = rand();
        $randno2 = rand();
        return md5($email.$this->rand_key.$randno1.''.$randno2);
    }
    function SanitizeForSQL($str)
    {
        if( function_exists( "mysql_real_escape_string" ) )
        {
              $ret_str = mysql_real_escape_string( $str );
        }
        else
        {
              $ret_str = addslashes( $str );
        }
        return $ret_str;
    }
    
 /*
    Sanitize() function removes any potential threat from the
    data submitted. Prevents email injections or any other hacker attempts.
    if $remove_nl is true, newline chracters are removed from the input.
    */
    function Sanitize($str,$remove_nl=true)
    {
        $str = $this->StripSlashes($str);

        if($remove_nl)
        {
            $injections = array('/(\n+)/i',
                '/(\r+)/i',
                '/(\t+)/i',
                '/(%0A+)/i',
                '/(%0D+)/i',
                '/(%08+)/i',
                '/(%09+)/i'
                );
            $str = preg_replace($injections,'',$str);
        }

        return $str;
    }    
    function StripSlashes($str)
    {
        if(get_magic_quotes_gpc())
        {
            $str = stripslashes($str);
        }
        return $str;
    }    
}
?>
I'm using this back end file to handle the login session and many other things.

Re: Hey I just made this issue...so solve it maybe?

Posted: Sun Jul 01, 2012 12:28 pm
by jacek
Right ... :shock:

Well could you post your login page ?

Re: Hey I just made this issue...so solve it maybe?

Posted: Sun Jul 01, 2012 1:03 pm
by Thunderbob
sure
<?PHP
session_start();

require_once("./include/membersite_config.php");

if(isset($_POST['submitted']))
{
   if($fgmembersite->Login())
   {
        $fgmembersite->RedirectToURL("login-home.php");
   }
}

?>

<!DOCTYPE HTML>
<!--
	Halcyonic 1.0 by nodethirtythree + FCT
	http://nodethirtythree.com | @nodethirtythree
	Released under the Creative Commons Attribution 3.0 license (nodethirtythree.com/license)
-->
<html>
	<head>
		<title>Login</title>
		<meta http-equiv="content-type" content="text/html; charset=utf-8" />
		<meta name="description" content="" />
		<meta name="keywords" content="" />
                <script type="text/javascript" src="/js/main.js"></script>
                <script type='text/javascript' src='/scripts/gen_validatorv31.js'></script>
                <!--5grid--><script src="/js/viewport.js"></script><!--[if lt IE 9]><script src="/css/ie.js"></script>
                <![endif]--><link rel="stylesheet" href="/css/responsive.css" /><!--/5grid-->
		<link rel="stylesheet" href="/css/style.css" />
		<!--[if lte IE 9]><link rel="stylesheet" href="/css/style-ie9.css" /><![endif]-->
	</head>
	<body class="subpage">
	
		<!-- Header -->
			<div id="header-wrapper">
				<header id="header" class="5grid">
					<div class="12u-first">

						<!-- Logo -->
							<h1><a href="#">Login</a></h1>
						
						<!-- Nav -->
							<nav>
								<a href="/index">Home</a>
								<a href="/reviews">Reviews</a>
								<a href="/videos">Videos</a>
								<a href="/articles">Articles</a>
                                                                <a href="/source/login.php">Login</a>
                                                                <a href="/market">Marketplace</a>

							</nav>

					</div>
				</header>
			</div>

		<!-- Content -->
			<div id="content-wrapper">
				<div id="content">
					<div class="5grid">
						<div class="12u-first">
						
							<!-- Main Content -->
								<section>
									<header>
										
									<body> <center>
<!-- Form Code Start -->
<div id='fg_membersite'>

<form id='login' action='/source/login.php' method='post' accept-charset='UTF-8'>
<h2><small>Enter your credentials</small></h2>

<input type='hidden' name='submitted' id='submitted' value='1'/>

<div><span class='error'></span></div>
<div class='container'>
    <label for='username' >Username</label><br/>
    <input type='text' name='username' id='username' value='' maxlength="50" /><br/>
    <span id='login_username_errorloc' class='error'></span>
</div>
<div class='container'>
    <label for='password' >Password</label><br/>
    <input type='password' name='password' id='password' maxlength="50" /><br/>
    <span id='login_password_errorloc' class='error'></span>
</div><br>
<div class='container'>
    <input type='submit' name='Submit' value='Submit' />
</div>
<div class='short_explanation'><a href='/source/register.php'>Register</a></div>
<div class='short_explanation'><a href='reset-pwd-req.php'>Forgot Password?</a></div>
</form>
<!-- client-side Form Validations:
Uses the excellent form validation script from JavaScript-coder.com-->

<script type='text/javascript'>
// <![CDATA[

    var frmvalidator  = new Validator("login");
    frmvalidator.EnableOnPageErrorDisplay();
    frmvalidator.EnableMsgsTogether();

    frmvalidator.addValidation("username","req","Please provide your username");
    
    frmvalidator.addValidation("password","req","Please provide the password");

// ]]>
</script>
</div>
<!--
Form Code End (see html-form-guide.com for more info.)
-->
</center>
</body> 
								</section>

						</div>
					</div>
				</div>
			</div>

		<!-- Footer -->
<div id="footer-wrapper"><footer id="footer" class="5grid">
<div class="8u-first"><!-- Links --><section>
<h2>Links to Important Stuff</h2>
<div class="3u-first">
<ul class="link-list last-child">
<li><a href="/about">About Your Tech Views</a></li>
<li><a href="/contact">Contact Us</a></li>
<li><a href="#">Privacy Policy</a></li>
<li><a href="#">Jobs</a></li>
</ul>
</div>
<div class="3u">
<ul class="link-list last-child">
<li><a href="#">Terms of Use</a></li>
<li><a href="#">Guidelines </a></li>
<li><a href="#">Reputation </a></li>
<li><a href="#">Point System </a></li>
</ul>
</div>
<div class="3u"></div>
<div class="3u"></div>
<br /><br /><br /><br /><br /><br /></section></div>
<div class="4u"><!-- Blurb --></div>
</footer></div>
<!-- Copyright -->
<div id="copyright">(c) 2012 Untitled Website. All rights reserved. Design by <a href="http://nodethirtythree.com/">nodethirtythree</a> + <a href="http://www.freecsstemplates.org/">FCT</a>. Images by <a href="http://fotogrph.com/">Fotogrph</a>.</div>
</body>
</html>

Re: Hey I just made this issue...so solve it maybe?

Posted: Sun Jul 01, 2012 2:13 pm
by jacek
Hmm okay... Looks like you will have to modify the Login() method to store the user id in the session. To be honest you would be better of scrapping that massive login class and using a simpler method. All you really need is a function that checks the users details, it could return their ID if they are correct or false if not
function validate_credentials($user, $pass){
    $user = mysql_real_escape_string($user);
    $pass = sha1($pass);

    $result = mysql_query("SELECT `user_id` FROM `users` WHERE `username` = '{$user}' AND `password` = '{$pass}'");
    
    if (mysql_num_rows($result) != 1){
        return false;
    }

    return mysql_result($result, 0);
}
Then you can change your login check to a simple
if (($uid = validate_credentials($_POST['user'], $_POST['pass']) !== false){
    $_SESSION['uid'] = $uid;
    header('Location: somewhere.php');
    die();
}
Much simpler :D

Re: Hey I just made this issue...so solve it maybe?

Posted: Sun Jul 01, 2012 5:30 pm
by Thunderbob
It seems your new method is working smoothly.

how do I get the href to point to the users own profile page?

this is in access-controlled.php line 96

Re: Hey I just made this issue...so solve it maybe?

Posted: Sun Jul 01, 2012 5:41 pm
by jacek
Thunderbob wrote:It seems your new method is working smoothly.
:D :D
Thunderbob wrote:how do I get the href to point to the users own profile page?
Well you have the user id in $_SESSION['uid'] so you can use that to fill in the ID.

Re: Hey I just made this issue...so solve it maybe?

Posted: Sun Jul 01, 2012 6:05 pm
by Thunderbob
so closeee :shock:

I'm getting http://www.yourtechview.com/source/profile.php?uid=id
it seems that the $_SESSION['uid'] is only resulting in id instead of the logged in user's id.

Re: Hey I just made this issue...so solve it maybe?

Posted: Sun Jul 01, 2012 6:28 pm
by jacek
Thunderbob wrote:I'm getting http://www.yourtechview.com/source/profile.php?uid=id
it seems that the $_SESSION['uid'] is only resulting in id instead of the logged in user's id.
:shock:

Can you post the code again ? It could be that you did
SELECT 'id' FROM `users` WHERE ...
The ' meaning string so you would just literally get "id"

Re: Hey I just made this issue...so solve it maybe?

Posted: Sun Jul 01, 2012 6:30 pm
by Thunderbob
which code?

Also thank you for taking your time in working with me.
You are very much appreciated.

Re: Hey I just made this issue...so solve it maybe?

Posted: Sun Jul 01, 2012 11:51 pm
by Thunderbob
HEY HEY HEY I solved it!!

Thanks again for all of the help!

Re: Hey I just made this issue...so solve it maybe?

Posted: Mon Jul 02, 2012 4:22 pm
by jacek
Thunderbob wrote:HEY HEY HEY I solved it!!

Thanks again for all of the help!
HEY HEY HEY. how ? :D

Re: Hey I just made this issue...so solve it maybe?

Posted: Mon Jul 02, 2012 4:47 pm
by Thunderbob
No it didn't work =(
I tried using the function checkLogin(); in the fgmembersite.php file
but it only returns a 1
now I get a number at the end of the uid= part but it doesn't equal the uid of the user currently logged in.
http://yourtechview.com/source/profile.php?uid=1

this is what is inside the function
if (($uid = validate_credentials($_POST['user'], $_POST['pass']) !== false){
    $_SESSION['uid'] = $uid;
    header('Location: somewhere.php');
    die();

Re: Hey I just made this issue...so solve it maybe?

Posted: Mon Jul 02, 2012 6:01 pm
by Temor
CheckLogin will only return True or False ( 1 or 0 )
   function CheckLogin()
    {
         if(!isset($_SESSION)){ session_start(); }
 
         $sessionvar = $this->GetLoginSessionVar();
         
         if(empty($_SESSION[$sessionvar]))
         {
            return false;
         }
         return true;
1 is equal to True
0 is equal to False

This code on the other hand should return the users ID.
function validate_credentials($user, $pass){
    $user = mysql_real_escape_string($user);
    $pass = sha1($pass);
 
    $result = mysql_query("SELECT `user_id` FROM `users` WHERE `username` = '{$user}' AND `password` = '{$pass}'");
   
    if (mysql_num_rows($result) != 1){
        return false;
    }
 
    return mysql_result($result, 0);
}
The code here is pretty self explanatory.
Select User Id where Username and Password are correct and then return the User ID.

So if you use the validate_credentials function, you should be able to do this:
<a href="profile.php?uid=<?php echo $_SESSION['uid'];?>"><?= $fgmembersite->UserFullName(); ?></a>
and it should link to the currently logged in user.

Re: Hey I just made this issue...so solve it maybe?

Posted: Mon Jul 02, 2012 7:17 pm
by Thunderbob
I tried using
<a href="profile.php?uid=<?php echo $_SESSION['uid'];?>"><?= $fgmembersite->UserFullName(); ?></a>
and it only returns "id"

so i'm getting http://yourtechview.com/source/profile.php?uid=id

on two different accounts

Re: Hey I just made this issue...so solve it maybe?

Posted: Mon Jul 02, 2012 7:32 pm
by Temor
Thunderbob wrote:I tried using
<a href="profile.php?uid=<?php echo $_SESSION['uid'];?>"><?= $fgmembersite->UserFullName(); ?></a>
and it only returns "id"

so i'm getting http://yourtechview.com/source/profile.php?uid=id

on two different accounts
That is probably due to one of two things. The first one is the one Jacek suggested earlier.
jacek wrote:
SELECT 'id' FROM `users` WHERE ...
The ' meaning string so you would just literally get "id"
And the other one is that you're actually storing " id " in the database, instead of a number.
Could you show us your table structure as well as your final SQL code?