Strange error re user_id when adding entries to database

[Anne Arbor]

Traq, thank you for your help. Looking at the actual code on the server, the session function is written correctly, i.e., session_start();

After I posted the code here, I went back over it and removed a lot of the comments. The parentheses probably got removed then. Several times something got accidentally removed and I would restore it. Here I apparently restored the ";" but not the parentheses.

[traq]

Did you write a function that checks if a user is logged in? If not, then you can probably use something like:

PHP Code:

function checkLoggedIn(){
    return ! empty( $_SESSION["user_id"] );
} 


then, on pages where the user must be logged in:

PHP Code:

<?php
session_start();

// make sure the function definition is loaded (i.e., include as necessary)
if( ! checkLoggedIn() ){
    // you're not logged in: go log in
    header( "http://example.com/log-in" );
    exit;
}

// now do everything else

[Anne Arbor]

Traq, that looks very cool. My understanding of PHP is so threadbare that it will take me a while to try it, but I really look forward to doing so.

I hope to try this later tonight or tomorrow, and will post the result.

Thank you so much.

On edit: Would I define the function on the log_in page? at the top? (or doesn't it matter?) And then actually use it on the logged_in and add_entry pages?

[Anne Arbor]

Traq, I may owe you a pretty big apology. I was trying *not* to post code that wasn't strictly relevant, so as not to clutter things up. The risk is, of course, that one leaves something essential out. I might have done that, entirely inadvertently. I'm sorry if that turns out to be true.

I've posted the 'log_in' page and the 'add_entry' page. I thought that would be enough. There is another page which would go, chronologically speaking, in between those two: the 'logged_in' page.

I'll post the code below. The reason that there are three pages is because the book I was relying on used three pages and I wasn't sure how to combine any of them.

*Important* - the code below supposedly redirects any user who is not logged in back to the log_in page. That has never happened to me.

Code:

<?php # Script 11.5 (DWS) - loggedin.php

// Refers to: first_name; login.php.

ob_start(); // Start output buffering.

require_once ('./includes/config.inc.php');
 // Include the configuration file for error management and such.

$page_title = 'Logged in';

include ('./includes/header.html');
   // Set the page title and include the HTML header.

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
        "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
<title>Logged In!</title>
</head>

<body>

<?php

    // Greet the user by name.

if (isset($_SESSION['first_name']) ) {

	echo "You are now logged in, {$_SESSION['first_name']}. <br><br><br>

     If you would like to post a new entry, go to the <a href='add_entry.php'>New entry</a> page.</p>";

} else {

// If no session value is present, redirect the user.

	ob_end_clean();    // Delete the buffer.

    // Start defining the URL.

	$url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']);

// Check for a trailing slash.

	if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\') ) {

		$url = substr ($url, 0, -1); // Chop off the slash.

	}

	$url .= '/login.php'; // Add the page.

	header("Location: $url");

	exit();     // Quit the script.

                }

echo '</body>
</html>';

ob_end_flush();

// Send everything to the Web browser.

?>

[traq]

Would I define the function on the log_in page? at the top? (or doesn't it matter?) And then actually use it on the logged_in and add_entry pages?

To make it as portable as possible, I would define it in its own script (or, if you already have a script that does nothing but define functions). This way, you can simply include the code wherever you need it.

I was trying *not* to post code that wasn't strictly relevant, so as not to clutter things up. The risk is, of course, that one leaves something essential out. I might have done that, entirely inadvertently. I'm sorry if that turns out to be true.

While that script does seem to do basically what my function describes, the difference is that your script is a page that you have to visit, while the function is used directly on the page in question. And that's an important distinction: if it's on a different page (more specifically, a different request), then the check is useless, because it's not dealing with the page you actually want to protect.

[Anne Arbor]

I haven't tried the new function yet because I need to set aside a block of time for that, and the opportunity is eluding me so far today.

Last night, after re-reading traq's comments and suggestions, I went back to the original error message, about the 'undefined index.' That error points to line 50 in my code. Plugging the code into my IDE, line 50 and its nearest neighbor say the following:

Code:

        $query = "INSERT INTO moods (user_idm, mood_rating, notes, time_entered)
                  VALUES ('$_SESSION[user_id]', '$mood', '$notes', NOW())";

Looking at that code, I wonder if there is a problem in the way that the first VALUE is written. Ordinarily a value in square brackets would have single quotes around it. Here that is not true: user_id has no quotes at all. I thought about modifying it so as to enclose user_id in quotes but then I would have multiple layers of quotes and probably run into other problems. Should that first variable be re-written and, if so, how?

[Anne Arbor]

I tried adding the suggested code, or something like it. Here is the code I added:

Code:

session_start();

function checkLoggedIn(){
    return !empty($_SESSION["user_id"] };

if(!checkLoggedIn() ){
    header("http://www.templog.com/login.php");
    exit;
}
else {
echo '<p>Still logged in, and that's important.</p>'; 
}

I added the 'else' clause so that I could have a positive indicator of being logged in.

The result, though, was that I got a completely blank page.

On edit: I have fooled around quite extensively with the added code to see if I could get it to work, or at least not to blank out the page altogether. The page goes blank if I have start_session(); in it (even without any of the other new code).

The page is okay when I add function checkLoggedIn(){ }

However, as soon as I add return !empty($_SESSION["user_id"] between the curly brackets, it again goes blank.

[Anne Arbor]

Oops (accidental post)

[Anne Arbor]

Something good might have happened, although I'm not entirely sure why.

For the moment, I've commented out all the 'new' code. I went back to my 'logged_in' page, grabbed some of that code and copied it to the add_entry page. Then I added about 20 new entries. All were entered into the database under the correct user_id -- which is a much more robust and reliable showing than I've probably ever had before.

Here is the code I added. I think it would serve the same function as the proposed code to check on log-in. For some reason, it has worked in the sense that the user is addressed by the correct name, and the entries placed in the form were inserted properly into the database.

Code:

if (isset($_SESSION['first_name']) ) {

	echo "You are now logged in, {$_SESSION['first_name']}. <br><br><br>

     If you would like to post a new entry, go to the <a href='add_entry.php'>New entry</a> page.</p>";

Why would this snippet of code work (to a degree, at least), while the other blanked out the page entirely?

[traq]

PHP Code:

        $query = "INSERT INTO moods (user_idm, mood_rating, notes, time_entered)
                  VALUES ('$_SESSION[user_id]', '$mood', '$notes', NOW())"; 


Looking at that code, I wonder if there is a problem in the way that the first VALUE is written. Ordinarily a value in square brackets would have single quotes around it. Here that is not true: user_id has no quotes at all. I thought about modifying it so as to enclose user_id in quotes but then I would have multiple layers of quotes and probably run into other problems. Should that first variable be re-written and, if so, how?

YES, the index should be quoted.
NO, that's not what was causing your problems.

When you write a string without quotes, PHP recognizes it as the name of a constant. If there is no such constant in your script, then PHP throws an error (E_NOTICE), and then assumes that you really meant it to be a string. So, in the end, it is treated as a string (as you expected), but there was an error and some unnecessary computational expense along the way.

PHP Code:

session_start();

function checkLoggedIn(){
    return !empty($_SESSION["user_id"] };
if(!checkLoggedIn() ){
    header("http://www.templog.com/login.php");
    exit;
}
else {
    echo '<p>Still logged in, and that's important.</p>'; 
} 


The result, though, was that I got a completely blank page.

You are missing the closing paren and semicolon after your call to empty. The semicolon after the curly brace (which closes the function definition) is unnecessary.

When php gives you a blank white page, it's usually an indication that a) there was a fatal error, and b) you have error reporting disabled. During development, it's a good idea to go to your php.ini file and turn error reporting on.

Code:

error_reporting = E_ALL | E_STRICT
display_errors = On

In this case, that would have shown you a message similar to

Parse error: syntax error, unexpected '}', expecting ')' …