SitePoint Sponsor

User Tag List

Results 1 to 8 of 8
  1. #1
    SitePoint Evangelist
    Join Date
    Dec 2006
    Posts
    430
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Sessions Problem

    Hi Guys,

    just found a problem with my login, when i login to my site , it displays all my information like it should, but if i view another members profile THEN go back to my control panel i take on there session and see all they're information instead of my own! i dont know what is doing this

    logincheck.php

    PHP Code:
    <?php 
      
    require("includes/db_connection.php"); 
       
      
    ## The all important post variables 
      
    $var_username mysql_real_escape_string(trim($_POST['username'])); 
      
    $var_password mysql_real_escape_string(trim($_POST['password'])); 
       
      
    ## blank submission 
      
    if(empty($var_username) || empty($var_password)) { 
       
      echo 
    '<div align="center" style="border: 1px solid black;padding:10px; background: yellow; color: #000000; font-size: 14px;"><b>You never filled in both fields, please fill them both in.</b></div><br />'
      exit;     
       
      } 
       
      
    $q "SELECT `id`,`username`,`password` FROM `users` WHERE `username`='$var_username' AND `password`='$var_password' LIMIT 1"
      
    $r mysql_query($q); 
      
    $row mysql_fetch_array($r); 
       
      
    $any_results mysql_num_rows($r); 
       
      if(
    $any_results != 1) { 
       
      echo 
    '<div align="center" style="border: 1px solid black;padding:10px; background: yellow; color: #000000; font-size: 14px;"><b>We can\'t find that username/password combination in the database, please re-check your login details.</b></div><br />'
      exit;     
              
         } else { 
          
      
    ## update the login timer 
      
    $var_update_time_query mysql_query("UPDATE `users` SET `last_login` = now() WHERE `username`='$var_username' AND `password`='$var_password'"); 
          
      
    ## There was a result back 
      
    session_start();  
      
    $_SESSION['id'] = $row['id']; 
      
    $_SESSION['username'] = $row['username']; 
      
    $_SESSION['loggedin'] = 'yes';  
       
      
    ## redirect to members page 
      
    header("Location:myaccount.php");  
          
      } 
    ?>
    sessions.php

    PHP Code:
    <?php 
    session_start
    ();  
      
    header("Cache-control: private"); 
      if(
    $_SESSION['loggedin'] != 'yes') {  
        
    header("Location: login.php");  
        exit;  
    }  
      
    ## a variable for easier access 
      
    $var_loggedinuserid $_SESSION['id']; 
      
    $var_loggedinuser $_SESSION['username']; 
    ?>
    the code above is what i use as an include at the top of every page, can anyone see what i have done wrong?

    thanks guys

    Graham

  2. #2
    ✯✯✯ silver trophybronze trophy php_daemon's Avatar
    Join Date
    Mar 2006
    Posts
    5,284
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    It seems that something happens on a member profile page code. Perhaps you are overwriting the username in session?
    Saul

  3. #3
    SitePoint Evangelist
    Join Date
    Dec 2006
    Posts
    430
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi Mate,

    Thanks for the help i solved it can you believe it was because register_globals was on in my server.

    cheers

    Graham

  4. #4
    ✯✯✯ silver trophybronze trophy php_daemon's Avatar
    Join Date
    Mar 2006
    Posts
    5,284
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Yes, actually that was one of my guesses. Proves how evil register_globals is.
    Saul

  5. #5
    dooby dooby doo silver trophybronze trophy
    spikeZ's Avatar
    Join Date
    Aug 2004
    Location
    Manchester UK
    Posts
    13,788
    Mentioned
    151 Post(s)
    Tagged
    3 Thread(s)
    ^ without doubt, eeeevillll!
    Mike Swiffin - Community Team Advisor
    Only a woman can read between the lines of a one word answer.....

  6. #6
    ✯✯✯ silver trophybronze trophy php_daemon's Avatar
    Join Date
    Mar 2006
    Posts
    5,284
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    I'd use this one:
    Saul

  7. #7
    dooby dooby doo silver trophybronze trophy
    spikeZ's Avatar
    Join Date
    Aug 2004
    Location
    Manchester UK
    Posts
    13,788
    Mentioned
    151 Post(s)
    Tagged
    3 Thread(s)
    Lol!
    Mike Swiffin - Community Team Advisor
    Only a woman can read between the lines of a one word answer.....

  8. #8
    We're from teh basements.
    Join Date
    Apr 2007
    Posts
    1,205
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by graham23s View Post
    PHP Code:
    ## a variable for easier access 
    $var_loggedinuserid $_SESSION['id']; 
    $var_loggedinuser $_SESSION['username']; 
    Excuse me for trolling but how exactly are those long variable names easier than the shorter $_SESSION keys?


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •