On my site, I have an issue when a new member registers, it should direct them to their profile page and their data should pull up.
Currently it does take them to their profile page, except it says "That user does not exist." because it seems that it is not saving the session variables. If I log this new member out and log them back in, then everything works correctly with a new session.
What is causing this? Here is some code that may help with solving the issue - if you need more code, please let me know. Just FYI the path is that they go to the register.php page and then are redirected to the profile.php page, so I will also provide the profile.php code.
function is:
//adds a user to the database
function add_user($user, $pass){
$user = mysql_real_escape_string(htmlentities($user));
$pass = sha1($pass);
mysql_query("INSERT INTO `users` (`user_name`, `user_password`) VALUES ('{$user}', '{$pass}')");
}
Code for register.php is:
<?php
include('core/init.inc.php');
$errors = array();
if (isset($_POST['username'], $_POST['password'], $_POST['repeat_password'])){
if (empty($_POST['username'])){
$errors[] = 'The username cannot be empty.';
}
if (empty($_POST['password']) || empty($_POST['repeat_password'])){
$errors[] = 'The password cannot be empty.';
}
if ($_POST['password'] !== $_POST['repeat_password']){
$errors[] = 'Password verification failed.';
}
if (user_exists($_POST['username'])){
$errors[] = 'The username you entered is already taken.';
}
if (empty($errors)){
add_user($_POST['username'], $_POST['password']);
$_SESSION['username'] = htmlentities($_POST['username']);
header('Location: profile.php');
die();
}
}
?>
profile.php code is:
<?php
include('core/init.inc.php');
if (isset($_GET['uid']) && $_GET['uid'] !='')
{
$user_info = fetch_user_info($_GET['uid']);
}
else
{
$user_info = fetch_user_info($_SESSION['uid']);
}
?>
the function fetch_user_info is: //fetches profile information for the given user function fetch_user_info($uid){ $uid = (int)$uid;
$sql = "SELECT
`user_name` AS `username`,
`user_firstname` AS `firstname`,
`user_lastname` AS 'lastname',
`user_email` AS `email`,
`user_about` AS `about`,
`user_location` AS `location`,
`user_gender` AS `gender`
FROM `users`
WHERE `user_id` = {$uid}";
$result = mysql_query($sql);
return mysql_fetch_assoc($result);
}
init.inc.php
<?php
session_start();
$exceptions = array('register', 'login', 'find', 'profile');
$page = substr(end(explode('/', $_SERVER['SCRIPT_NAME'])), 0, -4);
mysql_connect('localhost', 'root', 'root');
mysql_select_db('user_system');
$path = dirname(__FILE__);
include("{$path}/inc/user.inc.php");
if (isset($_COOKIE['username'], $_COOKIE['password']) && isset($_SESSION['username']) === false){
if ($uid = valid_credentials($_COOKIE['username'], $_COOKIE['password'])){
$_SESSION['username'] = htmlentities($_COOKIE['username']);
$_SESSION['uid'] = $uid;
setcookie('username', $_COOKIE['username'], time() + 604800);
setcookie('password', $_COOKIE['password'], time() + 604800);
}
}
if (in_array($page, $exceptions) === false){
if (isset($_SESSION['username']) === false){
header('Location: login.php');
die();
}
}
?>