Jump to content

[SOLVED] Signing in as someone else with sessions?


Recommended Posts

Hi again so i have just come across a really annoying bug i have signed in as 2 different testing users and realised that the session keeps me logged in as the tester user each time and not a different one according to what details i enter in i.e email n pass. what could be the reason for this? :(

Login_process.php

<? 
// CONNECT TO THE DATABASE
mysql_connect ("localhost", "xxx", "xxx") or die ('Error: ' . mysql_error());
mysql_select_db ("xxx");

// CALL IN VARIABLES
$email = $_POST['email'];
$password = $_POST['password'];

// VALIDATION
if($password == ""){
echo("you didnt enter anything for your password, please try again");
exit();
}
if($email == ""){
echo("you didnt enter anything into the email address, please try again");
exit();
}
if(!ereg("^.+@.+\\..+$", $email)){
echo("the email you entered was not valid, please try again");
exit();
}

// CHECK IF EMAIL EXISTS
$sql = "SELECT * FROM user WHERE email='$_POST[email]'";
$result = mysql_query($sql) or die("couldnt confirm email");
$num = mysql_num_rows($result);
if($num == 1){
$sql2 = "SELECT * FROM user WHERE email='$_POST[email]' AND password='$_POST[password]'";
$result2 = mysql_query($sql2) or die("couldnt confirm password");
$num2 = mysql_num_rows($result2);
if($num2 > 0 ){
	session_start();
	$_SESSION['auth'] = "yes";
	$_SESSION['username'] = $username;
	print "<meta http-equiv=\"refresh\" content=\"0;URL=index.php\">";
}
else{
	echo "wrong password";
}
}
else{
echo "no account exists";
}
?>
<script type="text/javascript">
<!--
setTimeout('Redirect()',4000);
function Redirect()
{
location.href='index.php';
}
//-->
</script>

 

logout_process.php

<?
session_start();
session_destroy();
print "<meta http-equiv=\"refresh\" content=\"0;URL=index.php\">";
?>

 

Control panel page:

<?
session_start();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>login</title>
<style type="text/css">
<!--
body,td,th {
font-family: Helvetica, Arial, sans-serif;
color: #FFFFFF;
font-size: 14px
}
body {
background-color: #323232;
margin-left: 0px;
margin-top: 0px;
margin-right: 0px;
margin-bottom: 0px;
}
#container{
width: 100%;
height: 170px;
margin-bottom: 10px;
border-bottom: solid 1px #555555;
}
#login{
float:left;
width: 100%;
height: 50px;
background: url(images/login_box.gif) center no-repeat;
}
#loginform{
width: 919px;
height: 17px;
position:relative;
top: 17px;
left: 0px;
text-align: left;
padding-left: 20px;
}
a{
color: #90FF38;
text-decoration: none;
}
.textInput {
background-color:#333333;
border:solid 1px #9A9A9A;
color: #FFFFFF;
height: 17px;
padding-left: 5px;
margin-left: 5px;
margin-right: 5px;
}
.textInput2 {
background-color:#333333;
border:solid 1px #9A9A9A;
color: #33FF00;
height: 17px;
text-align: center;
margin-left: 5px;
margin-right: 5px;
}
.submitForm{
background: url(images/button.gif) no-repeat center;
width: 60px;
height: 22px;
color:#FFFFFF;
margin-left: 4px;
margin-top: 4px;
border:none;
}
#label{
background: url(images/label.gif);
height: 22px;
width: 70px;
color:#FFFFFF;
}
#details{
background: url(images/cp_box.gif) no-repeat center;
height: 105px;
width: 941px;
margin-bottom: 5px;
margin-top: 5px;
margin-left: 7px;
text-align:left;
}
-->
</style>
</head>

<body>
<div align="center">
<div id="container">
<div id="login">
<div id="loginform">
<?
// CONNECT TO THE DATABASE
mysql_connect ("localhost", "xxx", "xxx") or die ('Error: ' . mysql_error());
mysql_select_db ("xxx");


$query2 = "SELECT * FROM user WHERE username='{$_SESSION['username']}'"; 
$results2 = mysql_query($query2) or die ("Could not execute query");
while ($row2 = mysql_fetch_array($results2)){
extract($row2);?>

<label>You are logged in as :</label>
<? echo"<a href='page.php?id=$id'> $username </a>" ?></div>
</div>
<div id="details">
  <table width="935" border="0" cellspacing="10" cellpadding="0">
    <tr>
      <td width="80" height="80" align="center" valign="middle"><? echo"<img src='http://avatar.xboxlive.com/avatar/$gamert/avatarpic-l.png' width='80' height='80' alt='' />" ?></td>
      <td align="left" valign="top">Welcome  <? echo("$username") ?>...</td>
      <td width="400" align="right" valign="top">
  <input type="button" name="Submit23" value="edit" class="submitForm" onclick="parent.location='edit.php'"/>
          <input type="button" name="Submit232" value="settings" class="submitForm" onclick="parent.location='settings.php'"/>
            <input type="button" name="Submit233" value="Logout" class="submitForm" onclick="parent.location='logout_process.php'"/>
        <br /></td>
    </tr>
  </table>
</div>
</div>
</div>
<? }?>
<br />
</body>
</html>

nope that didnt work... does anybody want to come onboard and be trusted to just take a look at my setup and make sure that its not just a small thing..i know its a big thing to ask but this session thing is killing me.. its such a simple function but yet seems to be giving me the most grief

That's awefully trusting...  :P

 

Try one last thing before you allow someone to do that.

 

logout.php

<?php
session_start();
unset_session();
session_destroy();
?>

 

SHOOT! I made a mistake!

 

change unset_session(); to session_unset();

 

Per the PHP manual

Do NOT unset the whole $_SESSION with unset($_SESSION) as this will disable the registering of session variables through the $_SESSION superglobal.

That's awefully trusting...  :P

 

Try one last thing before you allow someone to do that.

 

logout.php

<?php
session_start();
unset_session();
session_destroy();
?>

 

SHOOT! I made a mistake!

 

change unset_session(); to session_unset();

 

still no luck even with your correction *sighs* i seem to muck up even the simplist of things. :(

 

EDIT: to see what i mean http://xbox.brokenbox.co.uk and register an account then try to log in with it.. tell me if it logs you into your account or brown account

Warning: Unknown: Your script possibly relies on a session side-effect which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data, unless register_globals is enabled. You can disable this functionality and this warning by setting session.bug_compat_42 or session.bug_compat...

I logged in but got this error.

hmmm logged in as browno.

 

It seems that somewhere in your script, "Browno" credentials are getting manually set. instead of dynamically.

try this:

 

this line

$sql = "SELECT * FROM user WHERE email='$_POST[email]'";

 

change to

$email = $_POST[email];
$sql = "SELECT * FROM user WHERE email = '$email' ";

 

and

 

http://objectmix.com/php/331357-register_globals-off-session-side-effect.html

Here is a working scipt from my current project.

 

<?php
session_start();
require('../config.php');
$con = mysql_connect($sever, $db_user, $db_pass);
mysql_select_db($db);
$username = $_POST['username'];
$password = $_POST['password'];
if ( isset( $username ) && isset( $password ) )
{
$sql="SELECT * FROM users where username = '$username' limit 1";
$result = mysql_query($sql);
$row = mysql_fetch_object($result);
if ($row->password === $password)
{$_SESSION['logged-in'] = true;
$_SESSION['username'] = $row->username;
header("location: ../index.php?login=success");
} else {
header('location: ../index.php?login=failed');
}
}

?>

hmmm logged in as browno.

 

It seems that somewhere in your script, "Browno" credentials are getting manually set. instead of dynamically.

 

thats exactly what i thought but couldnt find anything that looked as tho it was manually setting it.. i changed the login_process.php and still it still logs in as id=1 ie.. browno

 

code:

<? 
// CONNECT TO THE DATABASE
mysql_connect ("localhost", "xxx", "xxx") or die ('Error: ' . mysql_error());
mysql_select_db ("xxx");

// CALL IN VARIABLES
$email = $_POST['email'];
$password = $_POST['password'];

// VALIDATION
if($password == ""){
echo("you didnt enter anything for your password, please try again");
exit();
}
if($email == ""){
echo("you didnt enter anything into the email address, please try again");
exit();
}
if(!ereg("^.+@.+\\..+$", $email)){
echo("the email you entered was not valid, please try again");
exit();
}

// CHECK IF EMAIL EXISTS
$email = $_POST[email];
$sql = "SELECT * FROM user WHERE email = '$email' ";
$result = mysql_query($sql) or die("couldnt confirm email");
$num = mysql_num_rows($result);
if($num == 1){
$sql2 = "SELECT * FROM user WHERE email='$_POST[email]' AND password='$_POST[password]'";
$result2 = mysql_query($sql2) or die("couldnt confirm password");
$num2 = mysql_num_rows($result2);
if($num2 > 0 ){
	session_start();
	$_SESSION['auth'] = "yes";
	$_SESSION['username'] = $susername;
	print "<meta http-equiv=\"refresh\" content=\"0;URL=index.php\">";
}
else{
	echo "wrong password";
}
}
else{
echo "no account exists";
}
?>
<script type="text/javascript">
<!--
setTimeout('Redirect()',4000);
function Redirect()
{
location.href='index.php';
}
//-->
</script>

Where is $username set? I see nowhere in your script where it was set. maybe this contributed to the problem?

 

it was set from $_POST i believe.

 

i attached below the full files below in a zip, this may help you all a little bit quicker to help. if you have a server of you own i supplied an install.php for the mysql. of course check it all first to make sure your okay with it before running it.

 

[attachment deleted by admin]

it was set from $_POST i believe.

// CALL IN VARIABLES
$email = $_POST['email'];
$password = $_POST['password'];

Really?

 

Also, you should probably add strip_tags() and mysql_real_escape_string() to your $_POST variables for security. ;)

it was set from $_POST i believe.

// CALL IN VARIABLES
$email = $_POST['email'];
$password = $_POST['password'];

Really?

 

Also, you should probably add strip_tags() and mysql_real_escape_string() to your $_POST variables for security. ;)

 

hehe im very new to this :D. okay i see that i didnt call in username from post :P and thats why the session for username doesnt work :P hehe ill make the changes now :D

$_POST clean up like this is okay?

 

// CALL IN VARIABLES
$username = strip_tags(mysql_real_escape_string($_POST['pusername']));
$password = strip_tags(mysql_real_escape_string($_POST['ppassword']));
$fname = strip_tags(mysql_real_escape_string($_POST['pfname']));
$lname = strip_tags(mysql_real_escape_string($_POST['plname']));
$email = strip_tags(mysql_real_escape_string($_POST['pemail']));
$gamert = strip_tags(mysql_real_escape_string($_POST['pgamert']));

$_POST clean up like this is okay?

 

// CALL IN VARIABLES
$username = strip_tags(mysql_real_escape_string($_POST['pusername']));
$password = strip_tags(mysql_real_escape_string($_POST['ppassword']));
$fname = strip_tags(mysql_real_escape_string($_POST['pfname']));
$lname = strip_tags(mysql_real_escape_string($_POST['plname']));
$email = strip_tags(mysql_real_escape_string($_POST['pemail']));
$gamert = strip_tags(mysql_real_escape_string($_POST['pgamert']));

;)

I put strip_tags in mysql_real_escape_string but I think thats a matter of personal preference. Also, in your script it calls the variable $susername, not $username, so it would still be undefined. I'd suggest fixing that. (Edit: Your script on page 1 calls $username, and your script on page 2 calls $susername) !?

afetr all the changes still no luck :( i dont get the error message anymore from loggin in with session..you cant put in spaces or silly characters in the registration form but now the includes i.e control panel doesnt get the user information... its getting so late and i have to get up in 5 hours time.. i put together the file here of how far i have got.

 

http://xbox.brokenbox.co.uk

register a new as its a fresh table of data with the new coding in practice..

 

File to download below

 

[attachment deleted by admin]

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.