Having a slight issue with the mismatch user site example from chapter 7 once i converted it over from cookies to sessions. Sessions is mostly working great, except for one annoying thing. Now that the profiles for all the mm users are now links to their profile on the index (home page), if I go to select someone else's profile I notice that I can only pull up the profile of my own test user that I setup.
As you can see from the screenshot I am already logged in.
This is my own viewprofile:
If I were to click on one of the other users profiles on the index, say Ruby's, I can still only see my own profile. Even tho the URL looks right to access hers.
http://centos/mismatch-sessions/viewprofile.php?user_id=12
mysql> select user_id,username from mismatch_user where user_id = 12; +---------+----------+ | user_id | username | +---------+----------+ | 12 | rubyr | +---------+----------+ 1 row in set (0.00 sec)
Here's what that looks like (with the URL included in the screesnshot):
That is true for every MM user. I think it has to do with the way I wrote my index.php code or my viewprofile.php code or both so I will show you both.
Here's my index:
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Mismatch - Where opposites attract!</title>
<link rel="stylesheet" type="text/css" href="style.css">
<center>
<h3>Mismatch - Where opposites attract!</h3>
</center>
require_once('appvars.php');
require_once('connectvars.php');
require_once('display_errors.php');
session_start();
// Generate the navigation menu
if (isset($_SESSION['username'])) {
echo '❤ <a href="viewprofile.php">View Profile</a>
';
echo '❤ <a href="editprofile.php">Edit Profile</a>
';
echo '❤ <a href="logout.php">Log Out (' . $_SESSION['username'] . ')</a>';
}
else {
echo '❤ <a href="login.php">Log In</a>
';
echo '❤ <a href="signup.php">Sign Up</a>
';
}
// Connect to the database
$dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
// Retrieve the user data from MySQL
$query = "SELECT user_id, first_name, picture FROM mismatch_user WHERE first_name IS NOT NULL ORDER BY join_date DESC LIMIT 5";
$data = mysqli_query($dbc, $query);
// Loop through the array of user data, formatting it as HTML
echo '<h4>Latest members:</h4>';
echo '';
while ($row = mysqli_fetch_array($data)) {
if (is_file(MM_UPLOADPATH . $row['picture']) && filesize(MM_UPLOADPATH . $row['picture']) > 0) {
echo '';
}
else {
echo '';
}
if (isset($_SESSION['user_id'])) {
echo '';
}
else {
echo '';
}
}
echo '<table><tbody><tr><td><img src="%27%20.%20MM_UPLOADPATH%20.%20$row[%27picture%27]%20.%20%27" alt="' . $row['first_name'] . '"></td></tr><tr><td><img src="%27%20.%20MM_UPLOADPATH%20.%20%27nopic.jpg%27%20.%20%27" alt="' . $row['first_name'] . '"></td> <td><a href="viewprofile.php?user_id=%27%20.%20$row[%27user_id%27]%20%20.%20%27">' . $row['first_name'] . '</a></td></tr><tr><td>' . $row['first_name'] . '</td></tr></tbody></table>';
mysqli_close($dbc);
?>
And here's my viewprofile.php
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Mismatch - View Profile</title>
<link rel="stylesheet" type="text/css" href="style.css">
<center>
<h3>Mismatch - View Profile</h3>
require_once('appvars.php');
require_once('connectvars.php');
require_once('login.php');
session_start();
// Connect to the database
$dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME)
or die(DB_CONNECT_ERR . mysqli_connect_error() . DB_CONNECT_ERR_NO . mysqli_connect_errno());
// Grab the profile data from the database
if (!isset($_SESSION['user_id'])) {
$query = "SELECT username, first_name, last_name, gender, birthdate, city, state, picture FROM mismatch_user WHERE user_id = '$user_id'";
}
else {
$query = "SELECT username, first_name, last_name, gender, birthdate, city, state, picture FROM mismatch_user WHERE user_id = '" . $_SESSION['user_id'] . "'";
}
$data = mysqli_query($dbc, $query)
or die( SQL_SELECT_ERR . mysqli_error($dbc) . SQL_ERR_NO . mysqli_errno($dbc) . QUERY_USED . $query );
if (mysqli_num_rows($data) == 1) {
// The user row was found so display the user data
$row = mysqli_fetch_array($data);
echo '';
if (!empty($row['username'])) {
echo '';
}
if (!empty($row['first_name'])) {
echo '';
}
if (!empty($row['last_name'])) {
echo '';
}
if (!empty($row['gender'])) {
echo '';
}
if (!empty($row['birthdate'])) {
if (!isset($_GET['user_id']) || ($user_id == $_SESSION['user_id'])) {
// Show the user their own birthdate
echo '';
}
else {
// Show only the birth year for everyone else
list($year, $month, $day) = explode('-', $row['birthdate']);
echo '';
}
}
if (!empty($row['city']) || !empty($row['state'])) {
echo '';
}
if (!empty($row['picture'])) {
echo '';
}
echo '<table><tbody><tr><td class="label">Username:</td><td>' . $row['username'] . '</td></tr><tr><td class="label">First name:</td><td>' . $row['first_name'] . '</td></tr><tr><td class="label">Last name:</td><td>' . $row['last_name'] . '</td></tr><tr><td class="label">Gender:</td><td>';
if ($row['gender'] == 'M') {
echo 'Male';
}
else if ($row['gender'] == 'F') {
echo 'Female';
}
else {
echo '?';
}
echo '</td></tr><tr><td class="label">Birthdate:</td><td>' . $row['birthdate'] . '</td></tr><tr><td class="label">Year born:</td><td>' . $year . '</td></tr><tr><td class="label">Location:</td><td>' . $row['city'] . ', ' . $row['state'] . '</td></tr><tr><td class="label">Picture:</td><td><img src="%27%20.%20MM_UPLOADPATH%20.%20$row[%27picture%27]%20.%3Cbr%20/%3E%20%20%20%20%20%20%20%20%27" alt="Profile Picture"></td></tr></tbody></table>';
if (!isset($_SESSION['user_id']) || ($user_id == $_SESSION['user_id'])) {
echo '<p>Would you like to <a href="editprofile.php">edit your profile</a>?</p>';
}
} // End of check for a single row of user results
else {
echo '<p class="error">There was a problem accessing your profile.</p>';
}
mysqli_close($dbc);
?>
<a href="index.php">Return Home</a></center>
Thanks in advance for any advice you may have. I'm totally stumped on this one!
