sessions, strange problem!

[spires]

Hi,

i am creating a login system. should be easy.
But for some reason, when i use session_regiser['username'];
and submit a form the username turns from the username typed into the input box
and into nicky???

My database username is nicky, that is the only place i think it is getting it from.
But i cant see how or why it is doing it.

try it out for your self.
[URL=http://www.nickyrubin.com/members]http://www.nickyrubin.com/members[/URL]
username = [email protected]
password = t4njrsh2

The page that this will link to will echo the password and username.
notice that the username has changed to nicky.

Has anyone seen this before?


Thanks for your help

[GingerRobot]

probably not a good idea to show your database username and password on the forum.

But yes, this is due to register_globals. If you have a session called $_SESSION['var'] and then in a page use the variable $var, it will overwrite the contents of $_SESSION['var'];

Ideally, you'd want to turn register_globals off if possible. Otherwise, change the database username and password variables to something like:
$dbusername
$dbpassword

[spires]

ok thanks.

I haven't used register_globals before. Do you know how to tur them off?

Dont worry, the username and password wil be deleted.
In the mean time, FREE music all around!

[GingerRobot]

register_globals is a php setting. You can only change it if you have ability to change you php.ini settings

[spires]

OK, thanks for your help.

[spires]

I have just tried changing the VARs to $dbusername and $dbpassword.

If i take away the header-Loaction on the login page, and echo the variables out instead,
They echo out the correct info.

However if i put the header-Location back in place. the next page only displays nicky
Wrong username and no password?

Anymore suggestions please.

Thanks

[GingerRobot]

Can we see what code you are using?

Im a little bit mistified by what you mean by the header-Location. if you are doing something like this:

header("location:connectionpage.php");

Then thats not a very good way to do it. You should be using include:

include("connectionpage.php");

But im not sure. You might mean something differant.

[ToonMariner]

post the code of the login script AND that of the page the header takes you to..

[spires]

ok, one sec

[spires]

login page

[code]
<?php
session_start();
session_destroy();

include('func.php');


$arrErrors = array();

if (!empty($_POST['submit'])) {
if ($_POST['username']=='')
$arrErrors['username'] = 'Add Your Username';
if ($_POST['password']=='')
$arrErrors['password'] = 'Add Your Password';

if (count($arrErrors) == 0) {

$dbusername=$_POST['username'];
$dbpassword=$_POST['password'];


$sql="SELECT * FROM paypal_cart_info WHERE username='$dbusername' and password='$dbpassword'";
$result = mysql_query($sql);
$count = mysql_num_rows($result);
$row = mysql_fetch_array($result);



if($dbusername && $dbpassword){
session_register('username');
session_register('password');
//echo $dbusername;
//echo $dbpassword;

header('Location:download_item.php');

} else {
$noinput = '<div class="error">Sorry. You have entered an incorrect username or password,<br> please try again';
}

  } else {
if (empty($dbusername) || empty($dbpassword)) { 
$strError = '<div class="error">';
foreach ($arrErrors as $error) {
$strError .= "<li>$error</li>";
}
$srtError .= '</div>';
  }
}


}

?>
[/code]

HMTL under neath, but i dont think you need that.

[spires]

location page

[code]
<?php
session_start();
if(!session_is_registered(username)) {
header("Location:index.php");
}
?>

<?php
include('func.php');


$dbpassword = $_SESSION['password'];
$dbusername = $_SESSION['username'];
echo $dbpassword;
echo $dbusername;




$query = "SELECT * FROM paypal_cart_info WHERE username='$dbusername' and password='$dbpassword'";
$result = mysql_query($query) or die ("query 2 failed");
$count = mysql_num_rows($result);


$query1 = "SELECT * FROM books ORDER BY id DESC";
$result1 = mysql_query($query1) or die ("Query failed");
$count1 = mysql_num_rows($result1);


?>
[/code]

[GingerRobot]

Sorry when i said change the variables i meant change the ones you are using when you connect to the database.

I imagine that you have in your functions page:
$username = 'nicky';

This will be overwriting the $_SESSION['username'];

[spires]

Sorry, i'm still not to clue'd up on php.

I'll go try it out.

[spires]

You are a STAR!!!!!!!!

Works perfect.

Thanks very much.