Results 1 to 6 of 6
Thread: logging in problems
Jun 9, 2011, 10:10 #1
- Join Date
- May 2011
- 0 Post(s)
- 0 Thread(s)
logging in problems
ok, I'm new to php, I just discovered a problem this morning and I'm not sure how to fix it, I'll explain as best I can.
I have a member based website, that i am still building, they sign up, account gets created, stored in the db, (username, id, etc.)
now let's say I sign in with profile #1, when logged in, it doesn't show in the address bar, it just says profile.php, but the member address would be blah.com/profile.php?id=1
once logged in, I can see all my profile data, pic and all that stuff, but then....
I can go to the address bar, type in blah.com/profile.php?id=2 and now I am logged in to that account, and they both have different usernames and passwords, I can go back and forth between accounts just by typing the profile.php?id=whatever to gain access to other accounts.
how scary is this????!!!?!?
so I am trying to figure out if this is my login script?, or is it in the profile.php code?, is it the session or cookies, or both?
I'm a little stumped, I am using the real escape string for all the data, psswords are sha1 with salt....