PHP - Query Does Not Match Session!

Hello all,

I've made this for users login, and now I want the user to only be able to see his info
so how can I use the $_SESSION['userid'] to search the database for it's value and echo results?

here is my code, I want to use the session value instead of get
 
Code: [Select]
<?   

      if (isset($_GET['id'])) {
      $con = mysql_connect("supremecenter14.co.uk","teko_waw","tmisabro77");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("teko_waw", $con);


$result = mysql_query("select * from users where id = '{$_GET['id']}'");




$row = @mysql_fetch_array($result);
echo "<table width=98%>";       
        echo "<tr>";
echo "<td valign=\"top\" width=\"120px\">";
$rowid = $row['id'];
echo "<td valign=\"top\">";
echo "<table>
<tr>
<td valign=\"top\" class=\"searchtitle\">
".$row['fname']. '  ' .$row['mname']. '  ' .$row['lname']."
</td>
</tr>";
?>


and here is where they're set

Code: [Select]
if (isset($_POST['email']))
{
$email = mysql_real_escape_string($_POST['email']);
$password = mysql_real_escape_string($_POST['password']);

//Query

$results = mysql_query("SELECT * FROM users WHERE email = $email AND password = $password");

if(!result) {
$_SESSION['error'] = '<span style="color: red">Login Failed. Email or Password is Incorrect <br/>';
} else {
         
$row = mysql_fetch_assoc($results);
$_SESSION['userid'] = $row['id'];
$_SESSION['email'] = $email;
$_SESSION['error'] = 'Login Successful<br/>. Welcome,'. $email;

}

I am trying to create an index page which contains registration and login field
the problem that i get is on successful login a warning is displayed
session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at C:\xampp\htdocs\Eventz.com\index.php:116) in C:\xampp\htdocs\Eventz.com\index.php on line 235

This is the login part of my index.php
this tag is inside an html table below the login form
I also have a registration form and its php code above the login form


Code: [Select]
<?php
if (isset($_REQUEST['pass']))
{
    $id=$_POST['id'];
    $pass=$_POST['pass'];

    $conn =mysql_connect("localhost","root","");
    if (!$conn)
    {
   die('Could not connect: ' . mysql_error());
    }
/*
checking connection....success!
*/
    $e=mysql_select_db('test', $conn);
    if(!$e)
    {
   die(''.mysql_error());
    }
    else
    {
   echo 'database selected successfully';
    }

    if (isset($_REQUEST['id'])  || (isset($_REQUEST['pass'])))
    {
        if($_REQUEST['id'] == "" || $_REQUEST['pass']=="")
        {
       echo "login fields cannot be empty";
        }
        else
        {
            $sql=mysql_query("Select email,password from login where email='$id' AND password='$pass'");
            $count=mysql_num_rows($sql);
            if($count==1) 

    /* $count checks if username and password are in same row */
            {   
                session_start();
                $_SESSION['id']=$id;
                echo "</br>Login Successful</br>";
            }
            else
            {
           echo "</br>invalid</br>";
           echo "please try to login again</br>";

            }
        
        }   
    }
}
?>


Any help or suggestion would be appreciated

I am having trouble resolving an error.

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/s519970/public_html/header.php:27) in /home/s519970/public_html/admin/login.php on line 2

 What I can gather is I can't use "header (Location: 'admin.php')" after i've used session_start(). I have tried to replace the header (Location: 'admin.php') with this:

                echo "<script>document.location.href='admin.php'</script>";
      echo "<script>'Content-type: application/octet-stream'</script>";

I've been trying to read up on solutions but haven't been able to get it sorted. If anyone can offer some advice that would be greatly appreciated as im new to php.

Code: [Select]
<?php
  session_start();
  if(isset($_SESSION['user']))

                echo "<script>document.location.href='admin.php'</script>";
echo "<script>'Content-type: application/octet-stream'</script>";
?>

<div id="loginform">

<form action="dologin.php" method="post">
<table>
<tr>
<td><span>Username:</span></td>
<td><input type="text" name="username" /></td>
</tr>
<tr>
<td><span>Password:</span></td>
<td><input type="password" name="password" /></td>
</tr>
<tr>
<td colspan="2" align="right"><input type="submit" name="login" value="Login" /></td>
</tr>
</table>
</form>

</div>
I have tried using require_once('yourpage.php'); before my <head></head> tags in the header document where I've specified the html information but this doesn't seem to work. I've been advised to use ob_start("ob_gzhandler"); but I am not sure how to implement this.

Any advice is greatly appreciated!

in this page
 http://maximaart.com/newscp/
i have this problem
Code: [Select]
Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/maximasy/public_html/newscp/index.php:1) in /home/maximasy/public_html/newscp/index.php on line 2

my source code is

<?php
session_start();
include_once("config.php"); 
include_once("functions.php");
$errorMessage = '';
if (isset($_POST['txtUserId']) && isset($_POST['txtPassword'])) {
if ($_POST['txtUserId'] === "$user" && $_POST['txtPassword'] === "$pass") {
// the user id and password match,
$_SESSION['basic_is_logged_in'] = true;
require("main.php");
exit;?>

hi everyone.

i'm wondering what the best way is to create a session variable and pass it to an iframe.
i need to do something along these lines, but it doesn't seem to pass the ID. Any hints on how i should accomplish this?

Code: [Select]
session_start();
  $_SESSION['ID']=$_GET['ID']; // id from previous page
$ID=session_id();

 <iframe src="iframepage.php?ID=<?php echo $ID; ?>" style="width:680px; height:200px;" noresize="noresize" frameborder="0" border="0" scrolling="Yes" allowtransparency="true" /> </iframe>

I'm making a simple login system with MySQL and PHP (very simple, I'm just starting with PHP). The MySQL portion is done, but I need to ensure only people who are logged in can see certain content.

To check if people are logged in, my website checks that they have the $_SESSION['user'] variable set. If it is set, then it lets them continue through the website, if not, it tells them to login. Is that enough security, or can people simply inject a session cookie into their browser to spoof that they are logged in?

My idea was to generate a session key cookie when they login (just a random string of letters and numbers) and store that in the database, then on every page, check to make sure their session key is the same thing that's in the database. Is this necessary? It seems expensive.

Evening!

I've been iffing and ahhing over this and well im not too sure, hence the post.

Code: [Select]
// Redirects if there is no session id selected and echos the error on the previous page
if(!isset($_GET['get']) || ($_GET['getget'])){
header("Location: #.php?error");
}
So it should simply check if get is set if it isnt then see if getget is set?

If not redirect and show the error.

Now ive tried it and even when get/getget is set it still redirects, probably something silly. Care to share anyone?

Harry.

I'm having trouble of getting the code right
When i try to dump the $x value it's appearing null;

Code: [Select]
class Dictionary{

var $id=null;
var $en=null;
var $sp=null;
var $type=null;

public function __construct($data=array())
{
   if( isset($data['id']) ) $this->id= (int)$data['id'];
   if( isset($data['en']) ) $this->en= $data['en'];
   if( isset($data['sp']) ) $this->sp= $data['sp'];
   if( isset($data['type']) ) $this->type= $data['type'];
 
}
public function store ( $params ) {
 
    // Store all the parameters
    $this->__construct( $params );
}



public function WordGet($word)//add the english and spanish word
{

$con = new PDO(DBN,DB_USER,DB_PASS);
$sql = "SELECT *FROM word WHERE MATCH(en) AGAINST ('ctx')";
$st = $con->prepare($sql);
$st->bindValue(':word',$word,PDO::PARAM_STR);
$st->execute();
$r = $st->fetch();

$con = null;
return new Dictionary($r);

}


$test = new Dictionary;

$x = $test->WordGet('ctx');


var_dump($x);

hey guys im making a script where the user gets redirected...but im wanting to make sure the redirection is within the same domain and not being shipped off to another site when using ($_SERVER['HTTP_REFERER'])   now what im using seems to do the trick but im wondering if there is a better method of doing this?...i dont want to use regex either   thank you guys

<?php 

$match = strpos("http://127.0.0.1/login", $_SERVER['SERVER_NAME']);

if ($match && $match > 0 ||  $match === 0)
{
	echo "domain match";
}

?>

Hello,
I am trying to crawl a website and get all the domain names listed on the site to output into my php script. 
I am using the following code.... 
The main area is the preg match area, since I know nothing about it, nor do I understand it a little bit!

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,"http://link I am getting data from.com);
curl_setopt($ch, CURLOPT_TIMEOUT, 30); //timeout after 30 seconds
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
$result=curl_exec ($ch);
curl_close ($ch);
// Search The Results From The Starting Site
if( $result )
{
// LOOKING FOR ANYTHING.COM  all .com's
preg_match_all( "(.*)\.com", $result, $output, PREG_SET_ORDER );
 
foreach( $output as $item )

{
// ALL LINKS DISPLAY HERE 
print_r($item);



}

}


Any help would be greatly appreciated!

How to check if a result of a database match with a result of another database. How do  this?

E.g.
In DatabaseA holds a column called usernames.
In DatabaseB holds a column called banned.

Is it possible to match results of an Array with an Arrary of results of another database and COUNT the matching results?

E.g.
In DatabaseA holds 4 columns and the records are pulled in as an array.
Science
Geography
Accounting
Agriculture

In DatabaseB holds 4 columns and the records are pulled in as an array.
Geography
French
Accounting
Science

THE RESULT should echo = 1

so I use file_get_contents to get the contents of a webpage, one of the lines has


Code: [Select]
<meta property="og:url" content="http://www.google.com/blahblahblah?s=5cd04d4a7632296b9cdb463d04e82c05" />
I want it to echo only http://www.google.com/blahblahblah so anything between <meta property="og:url" content=" and ?s=5cd04d4a7632296b9cdb463d04e82c05" /> I want to extract and put into a variable

this works just fine but I was thinking preg match would be better


$thread = explode('<meta property="og:url" content="', $psuc);
$thread = explode('?s=', $thread[1]);
echo $thread[0];


Thanks

How to write this in a shorter way?

I've got a set of results and I need to check them against another database results. If they both are similar then I want to make it as "1" (points). The questions and the answers are in the same order (Question1, Question2, Question3 = Answer1, Answer2, Answer3). sa I guess the maching could be done using a set of arrays.

E.g.
get records from db1 get records from db2
get records from dbY get records from dbX
COUNT the matching data from db1 against dbY = echo TOTAL_SCORE1
COUNT the matching data from db2 against dbX = echo TOTAL_SCORE2

I've managed to get the data from the databases in order. But i need to get the COUNT of the MATCHING records.


php
\\Assume this is db1
$SomeVar = $_POST['sitting2'];
$queryU =  "SELECT * FROM adxone WHERE username = '".$SomeVar."'";
$resultU = mysql_query($queryU);
$scoreU = mysql_fetch_assoc($resultU);
$userRa1 = $scoreU['roundzAa'];
$userRa2 = $scoreU['roundzAb'];
$userRa3 = $scoreU['roundzAc'];
$userRa4 = $scoreU['roundzAd'];
$userRa5 = $scoreU['roundzAe'];
$userRa6 = $scoreU['roundzAf'];
$userRa7 = $scoreU['roundzAg'];
$userRa8 = $scoreU['roundzAh'];

\\ Assume this is dbY
$WinVar = 'examinationA';
$query =  "SELECT * FROM markacs WHERE roundx = '".$WinVar."'";
$result = mysql_query($query);
$scoreM = mysql_fetch_assoc($result);
$winRa1 = $scoreM['markwinxa'];  
$winRa2 = $scoreM['markwinxb']; 
$winRa3 = $scoreM['markwinxc']; 
$winRa4 = $scoreM['markwinxd']; 
$winRa5 = $scoreM['markwinxe']; 
$winRa6 = $scoreM['markwinxf']; 
$winRa7 = $scoreM['markwinxg']; 
$winRa8 = $scoreM['markwinxh']; 

/*need to match if 
$winRa1 = $userRa1, $winRa2 = $userRa2, etc..

then get the COUNT of the matching results*/

In this example i'm scanning a css file for colour hash codes...
 

$match='/(#[a-f0-9]{3,6})/is';	//	matches colour hashes from 3 to 6 in length
preg_match_all($match, $s, $a, PREG_PATTERN_ORDER);

That works ok for now, what i'm after is how once matched as above how to get some text from before the mmatch returned as a seperate group.

Example css:
body {
background: #fff;
}

a {
color: #000;
text-decoration: none;
}
At the moment i'm just returned "#fff" and "#000", what i'm after is ("#fff","body") and ("#000","a"). So basically after match come back to before "{" and either to start of file or next "}".

Any help please?

I am having a dilemma.  I am working on a script for a client.  It is a match making system.  It takes all the teams, minimum of 20 teams. 10 matches a season.  No team can play the same team in the season.  Here is my code I have so far.  If it does not make sense ask me, I will try to explain more in depth.

<?php
error_reporting(E_ALL);
include("security/config.php");

//create season for testing purposes
$sql_season = "insert into season (`season`) values ('1')";
$conn->query($sql_season) or die($conn->error);

$season = 1; //testing purpose
echo "Season 1:<br />"; //testing purpose

//get number of teams
$sql_teams = "select * from teams";
$rs = $conn->query($sql_teams) or die($conn->error);
$num_of_teams = $rs->num_rows;
echo "&nbsp;&nbsp;Number of teams this season: {$num_of_teams}<br />"; //testing purpose
//put all teams in array
$teams = array();
while($ts = $rs->fetch_array(MYSQLI_ASSOC)){
	$teams[] = $ts;
}


if($num_of_teams % 2 != 0){
	$teams[] = array('name' => 'bye week', 'id' => 0);
	$sql_dummy = "insert into teams (`name`) values ('bye week')";
	$conn->query($sql_dummy);
}

//how many matches
$weeks = 10;
$matches = 10;
echo "&nbsp;&nbsp;This Seaon will be {$weeks} consisting of {$matches} matches<br /><br />"; //testing purpose
for($i = 0; $i < $weeks; $i++){
	//mix up teams
	$teams1 = $teams;
	$teams2 = $teams;
	shuffle($teams1);
	shuffle($teams2);
	
	$week = $i + 1;
	
	//$sql_week = "insert into weeks (`number`, `season_id`) values ('{$week}', '{$season}')";
	//$conn->query($sql_week) or die($conn->error);
	//$weekID = $conn->insert_id;
	echo "&nbsp;&nbsp;&nbsp;&nbsp;Week {$week} Created:<br />";
	
	//$matchup = array();

	for($x = 0; $x < $matches; $x++){
		shuffle($teams1);
		shuffle($teams2);
		$team_1 = array_pop($teams1);
		$team_2 = array_pop($teams2);

		$rs = false;

		$rs = ($team_1['id'] == $team_2['id'] ? true : false);
		$sql_search = "select * from matches where season_id = '{$season}' "
		$sql_search .= "and team_1 = ('{$team_1['id']}' or '{$team_2['id']}') ";
		$sql_search .= "and team_2 = ('{$team_1['id']}' or '{$team_2['id']}')";
		$rss = $conn->query($sql_search) or die($conn->error);
		if(!$rs || !$rss){
			
			$sql_create = "insert into matches (`team_1`, `team_2`, `week`, `season_id`) values ('{$team_1['id']}', '{$team_2['id']}', '{$week}', '{$season}')";
			$rs = $conn->query($sql_create);
			if($rs){
				echo "&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;"; //testing purpose
				echo "{$team_1['name']} vs {$team_2['name']}<br />"; //testing purpose
			}
			else{
				echo 'error: ' . $conn->error . '<br />'; //testing purpose
			}
		}
		else{
			$teams1[] = $team_1;
			$teams2[] = $team_2;
			$x--;
		}
		
		
	}
}