I want to send a message from a user (user A) to another user (user B) which those users are connected each other in the database. To be more specific.
We keep the connection of the users in a table in the database which we called friends. In this table we have two columns, username and friend.
I have the code in order to send data between the users but it doesn't perform any checking in order to see if the user A who wants to send a message to the user B are connected to each other. If the users are connected I want to allow them to send the message and if they are not I want to echo a notification that they are not allowed to send a message because they are not connected.
I can understand that I want an if condition where I perform the check to see if the users are connected and have the appropriate code below and if it is not connected then output the notification described above.
How can I create this checking?
I am using php and mysql
HERE IS MY CODE...
<?php
include_once 'header.php';
if (!$loggedin) die();
if (isset($_GET['view'])) {
$view = sanitizeString($_GET['view']);
} else {
$view = $username;
}
if (isset($_POST['text'])){
$text = sanitizeString($_POST['text']);
if ($text != ""){
$pm = substr(sanitizeString($_POST['pm']),0,1);
$time = time();
queryMysql("INSERT INTO messages VALUES(NULL, '$username', '$view', '$pm', $time, '$text')");
}
}
if ($view != "") {
if ($view == $username) {
$name1 = $name2 = "Your";
} else {
$name1 = "<a href='members.php?view=$view'>$view</a>'s";
$name2 = "$view's";
}
echo "<div class='main'><h3>$name1 Messages</h3>";
showProfile($view);
echo <<<_END
<form method='post' action='messages.php?view=$view'>
Type here to leave a message:<br />
<textarea name='text' cols='40' rows='3'></textarea><br />
Public<input type='radio' name='pm' value='0' checked='checked' />
Private<input type='radio' name='pm' value='1' />
<input type='submit' value='Post Message' /></form><br />
_END;
if (isset($_GET['erase'])) {
$erase = sanitizeString($_GET['erase']);
queryMysql("DELETE FROM messages WHERE id=$erase AND recip='$username'");
}
$query = "SELECT * FROM messages WHERE recip='$view' ORDER BY time DESC";
$result = queryMysql($query);
$num = mysql_num_rows($result);
for ($j = 0 ; $j < $num ; ++$j) {
$row = mysql_fetch_row($result);
if ($row[3] == 0 || $row[1] == $username || $row[2] == $username) {
echo date('M jS \'y g:ia:', $row[4]);
echo " <a href='messages.php?view=$row[1]'>$row[1]</a> ";
if ($row[3] == 0) {
echo "wrote: "$row[5]" ";
} else {
echo "whispered: <span class='whisper'>" . ""$row[5]"</span> ";
}
if ($row[2] == $username) {
echo "[<a href='messages.php?view=$view" . "&erase=$row[0]'>erase</a>]";
}
echo "<br>";
}
}
}
if (!$num) {
echo "<br /><span class='info'>No messages yet</span><br /><br />";
}
echo "<br /><a class='button' href='messages.php?view=$view'>Refresh messages</a>";
?>
</div><br /></body></html>
The checking system for my question is the below and it works..
<?php
include_once 'header.php';
if (!$loggedin) die();
if (isset($_GET['view'])) $view = sanitizeString($_GET['view']);
else $view = $username;
$result1 = mysql_num_rows(queryMysql("SELECT username,friend FROM friends
WHERE username='$username' AND friend='$view'"));
$result2 = mysql_num_rows(queryMysql("SELECT username,friend FROM friends
WHERE username='$view' AND friend='$username'"));
if (($result1 + $result2) > 1)
{
//REST OF THE CODE
}
?>
what we are doing is that for the result1 we are checking if the logged in username($username) is connected with the viewed profile ($view) and for the result2 we are doing vice versal, to be more specific we are checking in the result2 that if the username of the viewed profile($view) is connected with the ($username) then in the if statement we check that if those two result has more than one row in the table then they are both connected.
PS: sorry for my bad english
Related
I am having some issues for the last 5 hours. I've been trying to fix it and I can't seem to find a solution, so I hope you can help me!
So I have this vote.php script:
<?php
if(basename($_SERVER["PHP_SELF"]) == "vote.php") {
die("403 - Access Forbidden");
}
echo "<h2 class=\"text-left\">Vote</h2><hr/>";
$earnedpoints = false;
$insertnew = false;
$time = time();
$redirect = "";
$account = $mysqli->real_escape_string(preg_replace("/[^A-Za-z0-9 ]/", '', #$_POST['name']));
$siteid = $mysqli->real_escape_string(#$_POST['votingsite']);
$checkacc = $mysqli->query("SELECT * FROM accounts WHERE name = '$account'");
$countcheckacc = $checkacc->num_rows;
$row = $checkacc->fetch_assoc();
if($countcheckacc == 0 && isset($_POST['submit'])) {
$funct_error = "This account doesn't exist!";
}
if($row['loggedin'] > 0 && isset($_POST['submit'])) {
$funct_error = "This account is logged in!";
} elseif ($account == '' && isset($_POST['submit'])) {
$funct_error = 'You need to put in a username!';
} elseif(empty($_POST['votingsite']) && isset($_POST['submit'])){
$funct_error = "Please select a voting site";
} elseif(isset($_POST['submit'])) {
$checksite = $mysqli->query("SELECT * FROM ".$prefix."vote WHERE id = ".$siteid."");
$countchecksite = $checksite->num_rows;
if($countchecksite == 0 && isset($_POST['submit'])) {
$funct_error = "Invalid voting site.";
} else {
$result = $mysqli->query("SELECT *, SUM(times) as amount FROM ".$prefix."votingrecords WHERE NOT account='' AND NOT account='0' AND account='".$account."' AND siteid = '".$siteid."'") or die('Error - Could not look up vote record!');
$row = $result->fetch_assoc();
$sitequery = $mysqli->query("SELECT * FROM ".$prefix."vote WHERE id = '".$siteid."'");
$vsite = $sitequery->fetch_assoc();
$gvp = $vsite['gvp'];
$gnx = $vsite['gnx'];
$timecalc = $time - $row['date'];
if ($row['amount'] == '' || $timecalc > $vsite['waittime']) {
if($row['amount'] == '') {
$result = $mysqli->query("INSERT INTO ".$prefix."votingrecords (siteid, ip, account, date, times) VALUES ('".$siteid."', '".$ipaddress."', '".$account."', '".$time."', '1')") or die ('Error - Could not insert vote records!');
} else {
$result = $mysqli->query("UPDATE ".$prefix."votingrecords SET siteid = '".$siteid."', ip='".$ipaddress."', account='".$account."', date='".$time."', times='1' WHERE account='".$account."' AND siteid = '".$siteid."'") or die ('Error - Could not update vote records!');
}
$earnedpoints = true;
if ($earnedpoints == true) {
if ($account != '') {
$result = $mysqli->query("UPDATE accounts
SET $colvp = $colvp + $gvp,
$colnx = $colnx + $gnx
WHERE name='".$account."'") or die ('Error - Could not give rewards. Your site administrator needs to configure the NX and VP settings.');
}
$funct_msg = '<meta http-equiv="refresh" content="0; url='.$vsite['link'].'">';
$redirect = true;
}
} elseif($timecalc < $vsite['waittime'] && $row['amount'] != '') {
$funct_msg = 'You\'ve already voted for '.$vsite['name'].' within the last '.round($vsite['waittime']/3600).' hours!';
$funct_msg .= '<br />Vote time: '. date('M d\, h:i A', $row['date']);
} else {
$funct_error = 'Unknown Error';
}
}
}
if($redirect == true) {
echo $funct_msg;
} else {
if(isset($funct_msg)) {
echo '<div class="alert alert-danger">'.$funct_msg.'</div>';
}
if(isset($funct_error)) {
echo '<div class="alert alert-danger">'.$funct_error.'</div>';
}
$query = $mysqli->query("SELECT * from ".$prefix."vote");
if($query->num_rows == 0){
echo "<div class=\"alert alert-danger\">Your administrator has not added any voting sites yet!</div>";
} else {
echo "
<form method=\"post\">
<div class=\"form-group\">
<label for=\"voteSite\">Select Site:</label>
<select name=\"votingsite\" class=\"form-control\" id=\"voteSite\" required>
<option value=\"\" disabled selected>Select Site...</option>";
while($row = $query->fetch_assoc()){
echo "<option value=\"".$row['id']."\">".$row['name']."</option>";
}
echo "</select>
</div>";
if(!isset($_SESSION['id'])) {
echo "<input type=\"text\" name=\"name\" maxlength=\"15\" class=\"form-control\" placeholder=\"Username\" required autocomplete=\"off\"/><br/>";
} else {
echo "<input type=\"text\" name=\"name\" maxlength=\"15\" class=\"form-control\" placeholder=\"".$_SESSION['name']."\" value=\"".$_SESSION['name']."\" required autocomplete=\"off\"/><br/>";
}
echo "
<input type=\"submit\" name=\"submit\" value=\"Submit ยป\" class=\"btn btn-primary\"/>
</form>";
}
}
I have this in votingrecords table in SQL: ip, account, date, times, amount. It's correct.
The problem I'm having is that whenever I type my username to vote for the game, I'm getting this error message "Error - Could not look up vote record!".
Here's the code for this error:
else {
$result = $mysqli->query("SELECT *, SUM(times) as amount
FROM ".$prefix."votingrecords
WHERE NOT account=''
AND NOT account='0'
AND account='".$account."'
AND siteid = '".$siteid."'") or die('Error - Could not look up vote record!');
$row = $result->fetch_assoc();
$sitequery = $mysqli->query("SELECT * FROM ".$prefix."vote WHERE id = '".$siteid."'");
$vsite = $sitequery->fetch_assoc();
$gvp = $vsite['gvp'];
$gnx = $vsite['gnx'];
$timecalc = $time - $row['date'];
I hope you guys can help me, since I've tried everything and cannot get it to work
thanks for helping.
I got this issue fixed by executing this SET GLOBAL sql_mode = 'STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION'; in MYSQL.
This would not happen if #RiggsFolly didn't tell me to use this code to display real useful errors, so thank you.
Thanks all!
I have an inbox code for deleting messages.
If I select one single message it deletes all of them.
How can I fix this ?
Here is my code for delete_message.php :
<?php
$inboxbtn = $_POST['deleteinbox'];
$outboxbtn = $_POST['deleteoutbox'];
if ($inboxbtn)
{
$selectall = $_POST['selectall'];
if ($selectall)
{
$query = mysql_query("SELECT * FROM messages WHERE to_user='$user'");
while ($row = mysql_fetch_assoc($query))
{
mysql_query("UPDATE messages SET to_delete='1' WHERE to_user='$user'");
}
echo "All messages have been deleted.";
}
else
{
$query = mysql_query("SELECT * FROM messages WHERE to_user='$user'");
while ($row = mysql_fetch_assoc($query))
{
$msg_id = $row['id'];
$value = "cb" . "$msg_id";
$checkbox = $_POST[$value];
if ($value)
{
mysql_query("UPDATE `messages` SET `to_delete`='1' WHERE `to_user`='$user' AND `id`='$msg_id'");
}
}
echo "The selected messages have been deleted.";
}
}
elseif ($outboxbtn)
{
$selectall = $_POST['selectall'];
if ($selectall)
{
$query = mysql_query("SELECT * FROM messages WHERE from_user='$user'");
while ($row = mysql_fetch_assoc($query))
{
mysql_query("UPDATE messages SET from_delete='1' WHERE from_user='$user'");
}
echo "All messages have been deleted.";
}
else
{
$query = mysql_query("SELECT * FROM messages WHERE from_user='$user'");
while ($row = mysql_fetch_assoc($query))
{
$msg_id = $row['id'];
$value = "cb" . "$msg_id";
$checkbox = $_POST[$value];
if ($value)
{
mysql_query("UPDATE messages SET from_delete='1' WHERE to_user='$user' AND id='$msg_id'");
}
}
echo "The selected messages have been deleted.";
}
}
else echo "Choose a message to delete.";
?>
And here is the code in inbox.php that has the checkboxes
<?php
$query = mysql_query("SELECT * FROM messages WHERE from_user='$user' AND from_delete='0' ORDER BY id DESC");
$numrows = mysql_num_rows($query);
if ($numrows != 0)
{
echo "<form action='delete_message.php' method='POST'>";
echo "<div class='messages'>
<div class='leftside'><input type='checkbox' name='selectall'><input type='submit' name='deleteoutbox' value='Delete' class'button'></div>
<div class='rightside'>Date</div>
Subject And Message
<div class='clear'></div>
<hr>
</div>";
while ($row = mysql_fetch_assoc($query))
{
$msg_id = $row['id'];
$msg_to_user = $row['to_user'];
$msg_to_id = $row['to_id'];
$msg_from_user = $row['from_user'];
$msg_from_id = $row['from_id'];
$msg_subject = $row['subject'];
$content = nl2br($row['content']);
$msg_date = $row['date'];
$msg_from_delete = $row['from_delete'];
$msg_to_delete = $row['to_delete'];
if (!$msg_from_delete)
{
echo "<div class='messages'>";
echo "<div class='leftside'>
<input type='checkbox' name='cb$msg_id' value='$msg_id'>
<a href='profile.php?id=$msg_to_id' target='_blank'>$msg_to_user</a>
</div>";
echo "<div class='rightside'>$msg_date</div>";
echo "<div id='center' style='margin-left:150px; margin-right:150px;'>
<span class='toggle'><a href='#' onClick='return false'>$msg_subject</a></span>
<div class='hiddenDiv'>
<br /><hr>
<b>$smiles </b>
<br /><br />
</div>
</div>";
echo "<div class='clear'>";
echo "<br /><br /><hr>";
echo "</div></div>";
}
}
echo "</form>";
}
else echo "You Have No Messages In Your Outbox"
?>
Then for the inbox messages it is the same as the outbox but in the inbox form.
How can I fix this ?
The below code is for outbox.php since that's what you have pasted.
First, change your checkbox from:
<input type='checkbox' name='cb$msg_id' value='$msg_id'>
To something like:
<input type='checkbox' name='outbox_ids[]' value='$msg_id'>
And the elseif for the outbox will be:
elseif ($outboxbtn)
{
$selectall = $_POST['selectall'];
if ($selectall)
{
$query = mysql_query("SELECT * FROM messages WHERE from_user='$user'");
while ($row = mysql_fetch_assoc($query))
{
mysql_query("UPDATE messages SET from_delete='1' WHERE from_user='$user'");
}
echo "All messages have been deleted.";
}
else
{
if(isset($_POST['outbox_ids']){
$outbox_msg_ids = array_map('mysql_real_escape_string', $_POST['outbox_ids']);
//all the checked msg id are now stored in $outbox_msg_ids,
//we will loop through the values and pass it to the update query
foreach($outbox_msg_ids as $msg_id){
mysql_query("UPDATE messages SET from_delete='1' WHERE to_user='$user' AND id='$msg_id'");
}
echo "The selected messages have been deleted.";
} //isset if block ends
}
}
Note:
Please, don't use mysql_* functions in new code. They are no longer maintained and are officially deprecated. See the red box? Learn about prepared statements instead, and use PDO, or MySQLi - this article will help you decide which. If you choose PDO, here is a good tutorial.
Im new to PHP, login.php make you use your username instead of your email. How do you make it where I can have user's login just via email, an password instead of them using there username an password.
Login.php
<?php
session_start();
// Header file
require_once "views/template/header.php";
if ($_GET["op"] == "login")
{
if (!$_POST["username"] || !$_POST["password"])
{
die("You need to provide your e-mail and password.");
}
// Create query
$q = "SELECT * FROM `users` "
."WHERE `username`='".$_POST["username"]."' "
."AND `password`=PASSWORD('".$_POST["password"]."') "
."LIMIT 1";
// Run query
$r = mysql_query($q);
if ( $obj = #mysql_fetch_object($r) )
{
// Login good, create session variables
$_SESSION["valid_id"] = $obj->id;
$_SESSION["valid_user"] = $_POST["username"];
$_SESSION["valid_time"] = time();
// Redirect to member page
Header("Location: members.php");
}
else
{
// Login not successful
die("Sorry, could not log you in. Wrong login information.");
}
}
else
{
//If all went right the Web form appears and users can log in
echo "<form action=\"?op=login\" method=\"POST\">";
echo "Username: <input name=\"username\" size=\"15\"><br />";
echo "Password: <input type=\"password\" name=\"password\" size=\"8\"><br />";
echo "<input type=\"submit\" value=\"Login\">";
echo "</form>";
echo "Don't have account <a href='register.php'>create account now!</a>";
}
require_once "views/template/footer.php";
?>
Register.php
<?php
// dbConfig.php is a file that contains your
// database connection information. This
// tutorial assumes a connection is made from
// this existing file.
require_once "views/template/header.php";
//Input vaildation and the dbase code
if ( $_GET["op"] == "reg" )
{
$bInputFlag = false;
foreach ( $_POST as $field )
{
if ($field == "")
{
$bInputFlag = false;
}
else
{
$bInputFlag = true;
}
}
// If we had problems with the input, exit with error
if ($bInputFlag == false)
{
die( "Problem with your registration info. "
."Please go back and try again.");
}
$profile=$_POST['profilename'];
$password=$_POST['password'];
$email=$_POST['email'];
$fname=$_POST['firstname'];
$lname=$_POST['lastname'];
// Fields are clear, add user to database
// Setup query
$q = "INSERT INTO users (`profilename`,`password`,`email`,`firstname`,`lastname`)
VALUES ('$profile','$password','$email','$fname','$lname')";
// Run query
$r = mysql_query($q);
// Make sure query inserted user successfully
if ( !mysql_insert_id() )
{
die("Error: User not added to database.");
}
else
{
// Redirect to thank you page.
Header("Location: register.php?op=thanks");
}
} // end if
//The thank you page
elseif ( $_GET["op"] == "thanks" )
{
echo "<h2>Thanks for registering!</h2>";
}
//The web form for input ability
else
{
echo "<form action=\"?op=reg\" method=\"POST\">\n";
echo "Profile Name: <input name=\"profilename\" MAXLENGTH=\"16\"><br />\n";
echo "Password: <input type=\"password\" name=\"password\" MAXLENGTH=\"16\"><br />\n";
echo "Email Address: <input name=\"email\" MAXLENGTH=\"25\"><br />\n";
echo "First Name: <input name=\"firstname\" MAXLENGTH=\"25\"><br />\n";
echo "Last Name: <input name=\"lastname\" MAXLENGTH=\"25\"><br />\n";
echo "<input value='Submit' type=\"submit\">\n";
echo "</form>\n";
}
// EOF
require_once "views/template/footer.php";
?>
Just look for the email instead of the username:
// Create query
$q = "SELECT * FROM `users` "
."WHERE `email`='".$_POST["username"]."' "
."AND `password`=PASSWORD('".$_POST["password"]."') "
."LIMIT 1";
And change your form label:
echo "Email: <input name=\"username\" size=\"15\"><br />";
That's the quickest fix. Obviously to be more thorough you'll want to replace all instances of "Username" or $_POST['username'] in your login script with email, and you should stop using the mysql_* library since it's deprecated and soon to be removed.
I am new at designing websites and I recently wanted to add login/registration forms to my website I have a database and have coded all of the forms but when I attempt to register I am unable to because my information is not added to the database. I have been working on this for a while any advice on how to better my forms and registration system would be more than helpful. Thanks in advance!
Here are my forms:
Registration:
<?php
session_start();
include "dbConfig.php";
if (isset($_GET["op"]) == "login") {
if (!$_POST["username"] || !$_POST["password"]) {
die("You need to provide a username and password.");
}
// Create query
$q = "SELECT * FROM `gd_database` "
."WHERE `username`='".$_POST["username"]."' "
."AND `password`=PASSWORD('".$_POST["password"]."') "
."LIMIT 1";
// Run query
$r = mysql_query($q);
if ( $obj = #mysql_fetch_object($r) ) {
// Login good, create session variables
$_SESSION["valid_id"] = $obj->id;
$_SESSION["valid_user"] = $_POST["username"];
$_SESSION["valid_time"] = time();
// Redirect to member page
Header("Location: members.php");
} else {
// Login not successful
die("Sorry, could not log you in. Wrong login information.");
}
} else {
echo "<form action=\"?op=login\" method=\"POST\">";
echo "Username: <input name=\"username\" size=\"15\">";
echo "Password: <input type=\"password\" name=\"password\" size=\"8\">";
echo "<input type=\"submit\" value=\"Login\">";
echo "</form>";
}
?>
Login:
<?php
session_start();
include "dbConfig.php";
if (isset($_GET["op"]) == "login") {
if (!$_POST["username"] || !$_POST["password"]) {
die("You need to provide a username and password.");
}
// Create query
$q = "SELECT * FROM `gd_database` "
."WHERE `username`='".$_POST["username"]."' "
."AND `password`=PASSWORD('".$_POST["password"]."') "
."LIMIT 1";
// Run query
$r = mysql_query($q);
if ( $obj = #mysql_fetch_object($r) ) {
// Login good, create session variables
$_SESSION["valid_id"] = $obj->id;
$_SESSION["valid_user"] = $_POST["username"];
$_SESSION["valid_time"] = time();
// Redirect to member page
Header("Location: members.php");
} else {
// Login not successful
die("Sorry, could not log you in. Wrong login information.");
}
}
else
{
echo "<form action=\"?op=login\" method=\"POST\">";
echo "Username: <input name=\"username\" size=\"15\">";
echo "Password: <input type=\"password\" name=\"password\" size=\"8\">";
echo "<input type=\"submit\" value=\"Login\">";
echo "</form>";
}
?>
Your login and registration scripts are the same code and they assume that you already have an account are trying to verify the credentials. You'll need to insert the data from the form into the database with an INSERT statement before anything else. Right now, you're just checking for accounts in an empty table.
Look up some tutorials for registering users. Tutsplus is nice.
here is a code for registration
register.php
<?php
include ("dbConfig.php");
if ( $_GET["op"] == "reg" )
{
$bInputFlag = false;
foreach ( $_POST as $field )
{
if ($field == "")
{
$bInputFlag = false;
}
else
{
$bInputFlag = true;
}
}
if ($bInputFlag == false)
{
die( "Problem with your registration info. "
."Please go back and try again.");
}
$q = "INSERT INTO `dbUsers` (`username`,`password`,`email`) "
."VALUES ('".$_POST["username"]."', "
."PASSWORD('".$_POST["password"]."'), "
."'".$_POST["email"]."')";
$r = mysql_query($q);
if ( !mysql_insert_id() )
{
die("Error: User not added to database.");
}
else
{
Header("Location: register.php?op=thanks");
}
}
elseif ( $_GET["op"] == "thanks" )
{
echo "<h2>Thankyou for registering!</h2>";
}
else
{
echo "<form action=\"?op=reg\" method=\"POST\">\n";
echo "Username: <input name=\"username\" MAXLENGTH=\"16\"><br />\n";
echo "Password: <input type=\"password\" name=\"password\" MAXLENGTH=\"16
\">\n";
echo "Email Address: <input name=\"email\" MAXLENGTH=\"25\"><br />\n";
echo "<input type=\"submit\">\n";
echo "</form>\n";
}
?>
inorder to add data into your database you need to use a query INSERT.hope this code would help you in solving your problem.
I am trying to check the login, then trying to echo basic user info. Thanks in advance for everyones help. Any suggestions on why I'm unable to echo row data based on a specific logged in user?
<?php
<?php
session_start();
// dBase file
include "config.php";
ini_set('display_errors', 1);
if (isset($_GET["op"] ) && $_GET["op"] == "login")
{
if (!$_GET["username"] || !$_GET["password"])
{
die("You need to provide a username and password.");
}
// Create query
$q = "SELECT * FROM `users` "
."WHERE `username`='".$_GET["username"]."' "
."AND `password`=PASSWORD('".$_GET["password"]."') "
."LIMIT 1";
// Run query
$r = mysql_query($q);
$row = mysql_assoc_array($r);
$count = mysql_num_rows($r);
if ($obj = mysql_fetch_object($r) && $count == 1)
{
// Login good, create session variables
$_SESSION["id"] = $row['id'] = $obj->id;
$_SESSION["user"] = $row['username'] = $obj->username;
$_SESSION["time"] = time();
// Redirect to member page
Header("Location: welcome.php");
}
else
{
// Login not successful
die("Sorry, could not log you in. Wrong login information.");
header("Location: login2.php");
}
}
{
//If all went right the Web form appears and users can log in
echo "<form action=\"?op=login\" method=\"GET\">";
echo "Username: <input name=\"username\" name=\"username\" size=\"32\"><br />";
echo "Password: <input type=\"password\" name=\"password\" size=\"32\"><br />";
echo "<input type=\"submit\" value=\"Login\">";
echo "</form>";
}
?>
You're using mysql_fetch_object so you need to do:
$_SESSION["user"] = $obj->username;
Rather than:
$_SESSION["user"] = $row['username'];