Jump to content


Photo

sessions, strange problem!


  • Please log in to reply
13 replies to this topic

#1 spires

spires
  • Members
  • PipPipPip
  • Advanced Member
  • 492 posts

Posted 18 August 2006 - 07:16 PM

Hi,

i am creating a login system. should be easy.
But for some reason, when i use session_regiser['username'];
and submit a form the username turns from the username typed into the input box
and into nicky???

My database username is nicky, that is the only place i think it is getting it from.
But i cant see how or why it is doing it.

try it out for your self.
http://www.nickyrubin.com/members
username = solus.music.jeff@mail.com
password = t4njrsh2

The page that this will link to will echo the password and username.
notice that the username has changed to nicky.

Has anyone seen this before?


Thanks for your help
How to make over $600 a day from AdSense? Discover EXACTLY how he does it in these videos:
http://www.adsense-online.com

#2 GingerRobot

GingerRobot
  • Staff Alumni
  • Advanced Member
  • 4,086 posts
  • LocationUK

Posted 18 August 2006 - 07:20 PM

probably not a good idea to show your database username and password on the forum.

But yes, this is due to register_globals. If you have a session called $_SESSION['var'] and then in a page use the variable $var, it will overwrite the contents of $_SESSION['var'];

Ideally, you'd want to turn register_globals off if possible. Otherwise, change the database username and password variables to something like:
$dbusername
$dbpassword

#3 spires

spires
  • Members
  • PipPipPip
  • Advanced Member
  • 492 posts

Posted 18 August 2006 - 07:28 PM

ok thanks.

I haven't used register_globals before. Do you know how to tur them off?

Dont worry, the username and password wil be deleted.
In the mean time, FREE music all around!
How to make over $600 a day from AdSense? Discover EXACTLY how he does it in these videos:
http://www.adsense-online.com

#4 GingerRobot

GingerRobot
  • Staff Alumni
  • Advanced Member
  • 4,086 posts
  • LocationUK

Posted 18 August 2006 - 07:30 PM

register_globals is a php setting. You can only change it if you have ability to change you php.ini settings

#5 spires

spires
  • Members
  • PipPipPip
  • Advanced Member
  • 492 posts

Posted 18 August 2006 - 07:32 PM

OK, thanks for your help.
How to make over $600 a day from AdSense? Discover EXACTLY how he does it in these videos:
http://www.adsense-online.com

#6 spires

spires
  • Members
  • PipPipPip
  • Advanced Member
  • 492 posts

Posted 18 August 2006 - 07:40 PM

I have just tried changing the VARs to $dbusername and $dbpassword.

If i take away the header-Loaction on the login page, and echo the variables out instead,
They echo out the correct info.

However if i put the header-Location back in place. the next page only displays nicky
Wrong username and no password?

Anymore suggestions please.

Thanks
How to make over $600 a day from AdSense? Discover EXACTLY how he does it in these videos:
http://www.adsense-online.com

#7 GingerRobot

GingerRobot
  • Staff Alumni
  • Advanced Member
  • 4,086 posts
  • LocationUK

Posted 18 August 2006 - 07:43 PM

Can we see what code you are using?

Im a little bit mistified by what you mean by the header-Location. if you are doing something like this:

header("location:connectionpage.php");

Then thats not a very good way to do it. You should be using include:

include("connectionpage.php");

But im not sure. You might mean something differant.

#8 ToonMariner

ToonMariner
  • Members
  • PipPipPip
  • Advanced Member
  • 3,342 posts
  • LocationNewcastle upon Tyne, UK

Posted 18 August 2006 - 07:43 PM

post the code of the login script AND that of the page the header takes you to..
follow me on twitter @PHPsycho

#9 spires

spires
  • Members
  • PipPipPip
  • Advanced Member
  • 492 posts

Posted 18 August 2006 - 07:45 PM

ok, one sec
How to make over $600 a day from AdSense? Discover EXACTLY how he does it in these videos:
http://www.adsense-online.com

#10 spires

spires
  • Members
  • PipPipPip
  • Advanced Member
  • 492 posts

Posted 18 August 2006 - 07:47 PM

login page

<?php
session_start();
session_destroy();

include('func.php');

 
$arrErrors = array();

if (!empty($_POST['submit'])) {
	if ($_POST['username']=='')
		$arrErrors['username'] = 'Add Your Username';
	if ($_POST['password']=='')
		$arrErrors['password'] = 'Add Your Password';

		if (count($arrErrors) == 0) {
			
			$dbusername=$_POST['username'];
			$dbpassword=$_POST['password'];
			
			
			$sql="SELECT * FROM paypal_cart_info WHERE username='$dbusername' and password='$dbpassword'";
			$result = mysql_query($sql);
			$count = mysql_num_rows($result);
			$row = mysql_fetch_array($result);
			
						
						
				if($dbusername && $dbpassword){
					session_register('username');
					session_register('password');
					//echo $dbusername;
					//echo $dbpassword;

					header('Location:download_item.php');

				} else {
					$noinput = '<div class="error">Sorry. You have entered an incorrect username or password,<br> please try again';
				}
				
		  } else {
			if (empty($dbusername) || empty($dbpassword)) {  
				$strError = '<div class="error">'; 
				foreach ($arrErrors as $error) {
					$strError .= "<li>$error</li>";
				}
			$srtError .= '</div>';
		   }
	}		
	
		
}

?>

HMTL under neath, but i dont think you need that.
How to make over $600 a day from AdSense? Discover EXACTLY how he does it in these videos:
http://www.adsense-online.com

#11 spires

spires
  • Members
  • PipPipPip
  • Advanced Member
  • 492 posts

Posted 18 August 2006 - 07:48 PM

location page

<?php
session_start();
if(!session_is_registered(username)) {
header("Location:index.php");
}
?>

<?php
include('func.php');


$dbpassword = $_SESSION['password'];
$dbusername = $_SESSION['username'];
echo $dbpassword;
echo $dbusername;




$query = "SELECT * FROM paypal_cart_info WHERE username='$dbusername' and password='$dbpassword'";
$result = mysql_query($query) or die ("query 2 failed");
$count = mysql_num_rows($result);


$query1 = "SELECT * FROM books ORDER BY id DESC"; 
	$result1 = mysql_query($query1) or die ("Query failed"); 
	$count1 = mysql_num_rows($result1); 


?>

How to make over $600 a day from AdSense? Discover EXACTLY how he does it in these videos:
http://www.adsense-online.com

#12 GingerRobot

GingerRobot
  • Staff Alumni
  • Advanced Member
  • 4,086 posts
  • LocationUK

Posted 18 August 2006 - 07:54 PM

Sorry when i said change the variables i meant change the ones you are using when you connect to the database.

I imagine that you have in your functions page:
$username = 'nicky';

This will be overwriting the $_SESSION['username'];

#13 spires

spires
  • Members
  • PipPipPip
  • Advanced Member
  • 492 posts

Posted 18 August 2006 - 07:56 PM

Sorry, i'm still not to clue'd up on php.

I'll go try it out.
How to make over $600 a day from AdSense? Discover EXACTLY how he does it in these videos:
http://www.adsense-online.com

#14 spires

spires
  • Members
  • PipPipPip
  • Advanced Member
  • 492 posts

Posted 18 August 2006 - 07:58 PM

You are a STAR!!!!!!!!

Works perfect.

Thanks very much.
How to make over $600 a day from AdSense? Discover EXACTLY how he does it in these videos:
http://www.adsense-online.com




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users