Jump to content

Archived

This topic is now archived and is closed to further replies.

spires

sessions, strange problem!

Recommended Posts

Hi,

i am creating a login system. should be easy.
But for some reason, when i use session_regiser['username'];
and submit a form the username turns from the username typed into the input box
and into nicky???

My database username is nicky, that is the only place i think it is getting it from.
But i cant see how or why it is doing it.

try it out for your self.
[URL=http://www.nickyrubin.com/members]http://www.nickyrubin.com/members[/URL]
username = solus.music.jeff@mail.com
password = t4njrsh2

The page that this will link to will echo the password and username.
notice that the username has changed to nicky.

Has anyone seen this before?


Thanks for your help

Share this post


Link to post
Share on other sites
probably not a good idea to show your database username and password on the forum.

But yes, this is due to register_globals. If you have a session called $_SESSION['var'] and then in a page use the variable $var, it will overwrite the contents of $_SESSION['var'];

Ideally, you'd want to turn register_globals off if possible. Otherwise, change the database username and password variables to something like:
$dbusername
$dbpassword

Share this post


Link to post
Share on other sites
ok thanks.

I haven't used register_globals before. Do you know how to tur them off?

Dont worry, the username and password wil be deleted.
In the mean time, FREE music all around!

Share this post


Link to post
Share on other sites
register_globals is a php setting. You can only change it if you have ability to change you php.ini settings

Share this post


Link to post
Share on other sites
I have just tried changing the VARs to $dbusername and $dbpassword.

If i take away the header-Loaction on the login page, and echo the variables out instead,
They echo out the correct info.

However if i put the header-Location back in place. the next page only displays nicky
Wrong username and no password?

Anymore suggestions please.

Thanks

Share this post


Link to post
Share on other sites
Can we see what code you are using?

Im a little bit mistified by what you mean by the header-Location. if you are doing something like this:

header("location:connectionpage.php");

Then thats not a very good way to do it. You should be using include:

include("connectionpage.php");

But im not sure. You might mean something differant.

Share this post


Link to post
Share on other sites
post the code of the login script AND that of the page the header takes you to..

Share this post


Link to post
Share on other sites
login page

[code]
<?php
session_start();
session_destroy();

include('func.php');


$arrErrors = array();

if (!empty($_POST['submit'])) {
if ($_POST['username']=='')
$arrErrors['username'] = 'Add Your Username';
if ($_POST['password']=='')
$arrErrors['password'] = 'Add Your Password';

if (count($arrErrors) == 0) {

$dbusername=$_POST['username'];
$dbpassword=$_POST['password'];


$sql="SELECT * FROM paypal_cart_info WHERE username='$dbusername' and password='$dbpassword'";
$result = mysql_query($sql);
$count = mysql_num_rows($result);
$row = mysql_fetch_array($result);



if($dbusername && $dbpassword){
session_register('username');
session_register('password');
//echo $dbusername;
//echo $dbpassword;

header('Location:download_item.php');

} else {
$noinput = '<div class="error">Sorry. You have entered an incorrect username or password,<br> please try again';
}

  } else {
if (empty($dbusername) || empty($dbpassword)) { 
$strError = '<div class="error">';
foreach ($arrErrors as $error) {
$strError .= "<li>$error</li>";
}
$srtError .= '</div>';
  }
}


}

?>
[/code]

HMTL under neath, but i dont think you need that.

Share this post


Link to post
Share on other sites
location page

[code]
<?php
session_start();
if(!session_is_registered(username)) {
header("Location:index.php");
}
?>

<?php
include('func.php');


$dbpassword = $_SESSION['password'];
$dbusername = $_SESSION['username'];
echo $dbpassword;
echo $dbusername;




$query = "SELECT * FROM paypal_cart_info WHERE username='$dbusername' and password='$dbpassword'";
$result = mysql_query($query) or die ("query 2 failed");
$count = mysql_num_rows($result);


$query1 = "SELECT * FROM books ORDER BY id DESC";
$result1 = mysql_query($query1) or die ("Query failed");
$count1 = mysql_num_rows($result1);


?>
[/code]

Share this post


Link to post
Share on other sites
Sorry when i said change the variables i meant change the ones you are using when you connect to the database.

I imagine that you have in your functions page:
$username = 'nicky';

This will be overwriting the $_SESSION['username'];

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.