Jump to content


Photo

PHP sessions :| login .. when John becomes Peter :)


  • Please log in to reply
6 replies to this topic

#1 S4C

S4C
  • New Members
  • Pip
  • Newbie
  • 8 posts

Posted 12 July 2006 - 03:47 PM

So i have one problem. Im developing web system for IRC community.. (ahh whatever :) )
problem:
If lets say "John" and "Peter" is using my website at the same time.. Why does sessions variables exchanges.. I  mean John's $_SESSION['user'](object) becomes Peter's :| etc. :\ so wtf?
What im doing  wrong? What I should do?

Thanks a lot  ::)

#2 ShogunWarrior

ShogunWarrior
  • Members
  • PipPipPip
  • Advanced Member
  • 528 posts
  • LocationIreland

Posted 12 July 2006 - 03:49 PM

Seems very strange, mind posting code?
<a href="http://www.daviddora...nmedia.com/">My New Site/Blog</a> | <a href="http://www.daviddora...m/check/">Check your page for broken links/images/scripts</a>

Zend Certified Engineer
Follow me on Twitter: http://twitter.com/davidd

#3 brown2005

brown2005
  • Members
  • PipPipPip
  • Advanced Member
  • 943 posts

Posted 12 July 2006 - 03:52 PM

sure john didnt change his name to peter at the deedpoll.. lol..

only messing, can u post some code


#4 S4C

S4C
  • New Members
  • Pip
  • Newbie
  • 8 posts

Posted 12 July 2006 - 04:06 PM

Hmm the code seems to be very similar to this: http://php.codenewbi...ons-Page_1.html

#5 trq

trq
  • Staff Alumni
  • Advanced Member
  • 31,041 posts

Posted 12 July 2006 - 04:40 PM

Just post YOUR code!

#6 S4C

S4C
  • New Members
  • Pip
  • Newbie
  • 8 posts

Posted 12 July 2006 - 04:57 PM

Hmm I think i know where the problem is! :o Could it be..

<?php
        // login.php
	include ("temp/constants.php");
	function user_login($username, $pass) {
		$db = mysql_connect("localhost",DB_USER, DB_PASS) or die("Sorry news data base is not working..");
		mysql_select_db(DB_NAME, $db) or die("Ooops.. DB is not working!");
		$rec = mysql_query("SELECT * FROM `users` WHERE username='$username' AND pass='$pass'", $db);
		if (mysql_num_rows($rec) > 0) {
			$date =  date('Y-m-d H:i:s');
			mysql_query("UPDATE users SET active='$date' WHERE username='$username'", $db);
			session_start();
			$_SESSION['user'] = mysql_fetch_object($rec);
			$_SESSION['loged']= true;
		};
		mysql_close();
	};
	
	    if (isset($_POST['username']) && isset($_POST['pass']) ){
			$username = $_POST['username'];
			$pass = $_POST['pass'];
			if ($pass != "") && ($username != "")) user_login ($username,$pass);
		};
		if (isset($_SESSION['user'])) {
			 $id = $_SESSION['user']->id;
			 header ("location: index.php?cat=profile&user=$id"); // <---to his/her profile page
			 } else header("location: index.php");
?>

<?php
   	//patikriname ar vartotojas prisijunges
	if (!isset($_SESSION['loged'])) { print "<p align='center' class='Stil5'>Privalote prisijungti prie sistemos.</p>"; exit(); };
	if (isset($_GET['user'])) {
		 $user = user_info($_GET['user']);	// Maby $user is the same as $_SESSION['user'] ? o_O
		 } else exit();
                .....
?>

// Maby $user is the same as $_SESSION['user'] ? o_O if it is..
So if other user is 'loged' and im looking at his profile page i become $user = user_info($_GET['user']); MR JOHN :D 

#7 GingerRobot

GingerRobot
  • Staff Alumni
  • Advanced Member
  • 4,086 posts
  • LocationUK

Posted 12 July 2006 - 05:24 PM

I think that sounds likely, i had a very similar problem. I believe it happens only if register_globals is on.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users