1. 首页
  2. 问答
  3. 为什么此PHP消息代码不起作用?

为什么此PHP消息代码不起作用?

2013-10-27 99 views
-3

我一直在努力修复这段代码很长一段时间,我真的不知道它有什么问题。当你点击你收到这个页面的消息时,它显示的是你没有正确的权限来查看这当im登录到正确的帐户来做到这一点为什么是这样的?在此先感谢为什么此PHP消息代码不起作用?

<?php 
include('config.php'); 
?> 
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 
<html xmlns="http://www.w3.org/1999/xhtml"> 
    <head> 
     <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> 
     <link href="<?php echo $design; ?>/style.css" rel="stylesheet" title="Style" /> 
     <title>Read a PM</title> 
    </head> 
    <body> 
     <div class="header"> 
      <a href="<?php echo $url_home; ?>"><img src="<?php echo $design; ?>/images/logo.png" alt="Members Area" /></a> 
     </div> 
<?php 
//We check if the user is logged 
if(isset($_SESSION['username'])) 
{ 
//We check if the ID of the discussion is defined 
if(isset($_GET['id'])) 
{ 
$id = intval($_GET['id']); 
//We get the title and the narators of the discussion 
$req1 = mysql_query('select title, user1, user2 from pm where id="'.$id.'" and id2="1"'); 
$dn1 = mysql_fetch_array($req1); 
//We check if the discussion exists 
if(mysql_num_rows($req1)==1) 
{ 
//We check if the user have the right to read this discussion 
if($dn1['user1']==$_SESSION['userid'] or $dn1['user2']==$_SESSION['userid']) 
{ 
//The discussion will be placed in read messages 
if($dn1['user1']==$_SESSION['userid']) 
{ 
    mysql_query('update pm set user1read="yes" where id="'.$id.'" and id2="1"'); 
    $user_partic = 2; 
} 
else 
{ 
    mysql_query('update pm set user2read="yes" where id="'.$id.'" and id2="1"'); 
    $user_partic = 1; 
} 
//We get the list of the messages 
$req2 = mysql_query('select pm.timestamp, pm.message, users.id as userid, users.username, users.avatar from pm, users where pm.id="'.$id.'" and users.id=pm.user1 order by pm.id2'); 
//We check if the form has been sent 
if(isset($_POST['message']) and $_POST['message']!='') 
{ 
    $message = $_POST['message']; 
    //We remove slashes depending on the configuration 
    if(get_magic_quotes_gpc()) 
    { 
     $message = stripslashes($message); 
    } 
    //We protect the variables 
    $message = mysql_real_escape_string(nl2br(htmlentities($message, ENT_QUOTES, 'UTF-8'))); 
    //We send the message and we change the status of the discussion to unread for the recipient 
    if(mysql_query('insert into pm (id, id2, title, user1, user2, message, timestamp, user1read, user2read)values("'.$id.'", "'.(intval(mysql_num_rows($req2))+1).'", "", "'.$_SESSION['userid'].'", "", "'.$message.'", "'.time().'", "", "")') and mysql_query('update pm set user'.$user_partic.'read="yes" where id="'.$id.'" and id2="1"')) 
    { 
?> 
<div class="message">Your message has successfully been sent.<br /> 
<a href="read_pm.php?id=<?php echo $id; ?>">Go to the discussion</a></div> 
<?php 
    } 
    else 
    { 
?> 
<div class="message">An error occurred while sending the message.<br /> 
<a href="read_pm.php?id=<?php echo $id; ?>">Go to the discussion</a></div> 
<?php 
    } 
} 
else 
{ 
//We display the messages 
?> 
<div class="content"> 
<h1><?php echo $dn1['title']; ?></h1> 
<table class="messages_table"> 
    <tr> 
     <th class="author">User</th> 
     <th>Message</th> 
    </tr> 
<?php 
while($dn2 = mysql_fetch_array($req2)) 
{ 
?> 
    <tr> 
     <td class="author center"><?php 
if($dn2['avatar']!='') 
{ 
    echo '<img src="'.htmlentities($dn2['avatar']).'" alt="Image Perso" style="max-width:100px;max-height:100px;" />'; 
} 
?><br /><a href="profile.php?id=<?php echo $dn2['userid']; ?>"><?php echo $dn2['username']; ?></a></td> 
     <td class="left"><div class="date">Sent: <?php echo date('m/d/Y H:i:s' ,$dn2['timestamp']); ?></div> 
     <?php echo $dn2['message']; ?></td> 
    </tr> 
<?php 
} 
//We display the reply form 
?> 
</table><br /> 
<h2>Reply</h2> 
<div class="center"> 
    <form action="read_pm.php?id=<?php echo $id; ?>" method="post"> 
     <label for="message" class="center">Message</label><br /> 
     <textarea cols="40" rows="5" name="message" id="message"></textarea><br /> 
     <input type="submit" value="Send" /> 
    </form> 
</div> 
</div> 
<?php 
} 
} 
else 
{ 
    echo '<div class="message">You dont have the rights to access this page.</div>'; 
} 
} 
else 
{ 
    echo '<div class="message">This discussion does not exists.</div>'; 
} 
} 
else 
{ 
    echo '<div class="message">The discussion ID is not defined.</div>'; 
} 
} 
else 
{ 
    echo '<div class="message">You must be logged to access this page.</div>'; 
} 
?> 
     <div class="foot"><a href="list_pm.php">Go to my personnal messages</a> - <a href="http://www.webestools.com/">Webestools</a></div> 
    </body> 
</html>

来源

2013-10-27 user2925945

+1

我们应该如何知道? – HamZa

+0

那么这是一个网站,以帮助其他人的代码 – user2925945

+4

这几乎肯定是您的身份验证和登录逻辑的一个缺陷。请尝试通过一些额外的调试来隔离问题。最大限度地减少重现此行为所需的代码量。任何人都可以更容易地发现问题,而不会在bug周围产生大量毛病:) - 当你这样做时 - 你甚至可能自己发现问题! – Lix

回答

1

需要查看要调试的登录代码。但错误消息'您必须登录才能访问此页面'意味着您登录后session['username']尚未设置。 还请确保您已启用会话。

来源

2013-10-27 20:35:03 Jason

相关问题

 相关问题