After sending the message pops up: "Login to this page is allowed only to registered users!" If you remove the first half of the code? then everything works, only the author entry is not added to the database, and the recipient does not see the letter, although it is entered into the database.

 <?php session_start(); include '../core/init.php'; if (!empty($_SESSION['username']) and !empty($_SESSION['password'])) { $login = $_SESSION['username']; $password = $_SESSION['password']; $result2 = mysql_query("SELECT `user_id` FROM `users` WHERE `username`='$login' AND `password`='$password' AND `active`='1'"); $myrow2 = mysql_fetch_array($result2); if (empty($myrow2['user_id'])) { exit("Вход на эту страницу разрешен только зарегистрированным пользователям!"); } } else { exit("Вход на эту страницу разрешен только зарегистрированным пользователям!"); } if (isset($_POST['user_id'])) { $id = $_POST['user_id']; } if (isset($_POST['text'])) { $text = $_POST['text']; } if (isset($_POST['poluchatel'])) { $poluchatel = $_POST['poluchatel']; } $author = $_SESSION['username']; $date = date("Ymd"); $text = stripslashes($text); $text = htmlspecialchars($text); $result2 = mysql_query("INSERT INTO `messages` (`author`, `poluchatel`, `date`, `text`) VALUES ('$author','$poluchatel','$date','$text')"); //заносим в базу сообщение echo "<html><head><meta http-equiv='Refresh' content='1; URL=index.php?user_id=" . $id . "'></head></html>"; //перенаправляем пользователя ?>
  • And you do not perceive cookies? - atnartur 5:06
  • I do not see the authorization code, in it most likely there is a problem. try to print_r ($ _ SESSION), I am sure that the array will be either empty or with other keys. - FLK
  • Throw out courses of popova! - johniek_comp
  • one
    How do you keep your password in session? O_o $ _POST ['poluchatel']; // 1C all the head :) - Zowie
  • function VstavitVTablicuBazyDannyh ($ avtor, $ poluchatel, $ data, $ tekst) ... - Shevsky

1 answer 1

By code and by mistake, we can conclude: the password and login fields are set. Next, a request from the database occurs: if there is no such user, then an error that you see appears, and, regardless of this, the message is entered into the database. Accordingly, the problem is in the saved login and password. Perhaps in the session the password is unencrypted, but encrypted in the database? Check the value of the session with the values ​​in the database: 1. For the session after the line

  if (!empty($_SESSION['username']) and !empty($_SESSION['password'])) { Напишите: echo $_SESSION['username'] . ' = ' . $_SESSION['password'];
  1. For the database, in the table where users are stored, run the query: SELECT * FROM user_service table WHERE field_login = your_login