Jump to content

Archived

This topic is now archived and is closed to further replies.

S4C

PHP sessions :| login .. when John becomes Peter :)

Recommended Posts

So i have one problem. Im developing web system for IRC community.. (ahh whatever :) )
problem:
If lets say "John" and "Peter" is using my website at the same time.. Why does sessions variables exchanges.. I  mean John's $_SESSION['user'](object) becomes Peter's :| etc. :\ so wtf?
What im doing  wrong? What I should do?

Thanks a lot  ::)

Share this post


Link to post
Share on other sites
sure john didnt change his name to peter at the deedpoll.. lol..

only messing, can u post some code

Share this post


Link to post
Share on other sites
Hmm the code seems to be very similar to this: http://php.codenewbie.com/articles/php/1482/Login_With_Sessions-Page_1.html

Share this post


Link to post
Share on other sites
Just post YOUR code!

Share this post


Link to post
Share on other sites
Hmm I think i know where the problem is! :O Could it be..

[code]<?php
        // login.php
include ("temp/constants.php");
function user_login($username, $pass) {
$db = mysql_connect("localhost",DB_USER, DB_PASS) or die("Sorry news data base is not working..");
mysql_select_db(DB_NAME, $db) or die("Ooops.. DB is not working!");
$rec = mysql_query("SELECT * FROM `users` WHERE username='$username' AND pass='$pass'", $db);
if (mysql_num_rows($rec) > 0) {
$date =  date('Y-m-d H:i:s');
mysql_query("UPDATE users SET active='$date' WHERE username='$username'", $db);
session_start();
$_SESSION['user'] = mysql_fetch_object($rec);
$_SESSION['loged']= true;
};
mysql_close();
};

    if (isset($_POST['username']) && isset($_POST['pass']) ){
$username = $_POST['username'];
$pass = $_POST['pass'];
if ($pass != "") && ($username != "")) user_login ($username,$pass);
};
if (isset($_SESSION['user'])) {
$id = $_SESSION['user']->id;
header ("location: index.php?cat=profile&user=$id"); // <---to his/her profile page
} else header("location: index.php");
?>
[/code]

[code]<?php
  //patikriname ar vartotojas prisijunges
if (!isset($_SESSION['loged'])) { print "<p align='center' class='Stil5'>Privalote prisijungti prie sistemos.</p>"; exit(); };
if (isset($_GET['user'])) {
$user = user_info($_GET['user']); // Maby $user is the same as $_SESSION['user'] ? o_O
} else exit();
                .....
?>

[/code]
// Maby $user is the same as $_SESSION['user'] ? o_O if it is..
So if other user is 'loged' and im looking at his profile page i become $user = user_info($_GET['user']); MR JOHN :D 

Share this post


Link to post
Share on other sites
I think that sounds likely, i had a very similar problem. I believe it happens only if register_globals is on.

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.