spires Posted August 18, 2006 Share Posted August 18, 2006 Hi, i am creating a login system. should be easy. But for some reason, when i use session_regiser['username'];and submit a form the username turns from the username typed into the input boxand into nicky??? My database username is nicky, that is the only place i think it is getting it from.But i cant see how or why it is doing it.try it out for your self. [URL=http://www.nickyrubin.com/members]http://www.nickyrubin.com/members[/URL]username = solus.music.jeff@mail.compassword = t4njrsh2The page that this will link to will echo the password and username.notice that the username has changed to nicky.Has anyone seen this before?Thanks for your help Quote Link to comment Share on other sites More sharing options...
GingerRobot Posted August 18, 2006 Share Posted August 18, 2006 probably not a good idea to show your database username and password on the forum.But yes, this is due to register_globals. If you have a session called $_SESSION['var'] and then in a page use the variable $var, it will overwrite the contents of $_SESSION['var'];Ideally, you'd want to turn register_globals off if possible. Otherwise, change the database username and password variables to something like:$dbusername$dbpassword Quote Link to comment Share on other sites More sharing options...
spires Posted August 18, 2006 Author Share Posted August 18, 2006 ok thanks. I haven't used register_globals before. Do you know how to tur them off?Dont worry, the username and password wil be deleted. In the mean time, FREE music all around! Quote Link to comment Share on other sites More sharing options...
GingerRobot Posted August 18, 2006 Share Posted August 18, 2006 register_globals is a php setting. You can only change it if you have ability to change you php.ini settings Quote Link to comment Share on other sites More sharing options...
spires Posted August 18, 2006 Author Share Posted August 18, 2006 OK, thanks for your help. Quote Link to comment Share on other sites More sharing options...
spires Posted August 18, 2006 Author Share Posted August 18, 2006 I have just tried changing the VARs to $dbusername and $dbpassword.If i take away the header-Loaction on the login page, and echo the variables out instead, They echo out the correct info. However if i put the header-Location back in place. the next page only displays nickyWrong username and no password?Anymore suggestions please.Thanks Quote Link to comment Share on other sites More sharing options...
GingerRobot Posted August 18, 2006 Share Posted August 18, 2006 Can we see what code you are using?Im a little bit mistified by what you mean by the header-Location. if you are doing something like this:header("location:connectionpage.php");Then thats not a very good way to do it. You should be using include:include("connectionpage.php");But im not sure. You might mean something differant. Quote Link to comment Share on other sites More sharing options...
ToonMariner Posted August 18, 2006 Share Posted August 18, 2006 post the code of the login script AND that of the page the header takes you to.. Quote Link to comment Share on other sites More sharing options...
spires Posted August 18, 2006 Author Share Posted August 18, 2006 ok, one sec Quote Link to comment Share on other sites More sharing options...
spires Posted August 18, 2006 Author Share Posted August 18, 2006 login page[code]<?phpsession_start();session_destroy();include('func.php'); $arrErrors = array();if (!empty($_POST['submit'])) { if ($_POST['username']=='') $arrErrors['username'] = 'Add Your Username'; if ($_POST['password']=='') $arrErrors['password'] = 'Add Your Password'; if (count($arrErrors) == 0) { $dbusername=$_POST['username']; $dbpassword=$_POST['password']; $sql="SELECT * FROM paypal_cart_info WHERE username='$dbusername' and password='$dbpassword'"; $result = mysql_query($sql); $count = mysql_num_rows($result); $row = mysql_fetch_array($result); if($dbusername && $dbpassword){ session_register('username'); session_register('password'); //echo $dbusername; //echo $dbpassword; header('Location:download_item.php'); } else { $noinput = '<div class="error">Sorry. You have entered an incorrect username or password,<br> please try again'; } } else { if (empty($dbusername) || empty($dbpassword)) { $strError = '<div class="error">'; foreach ($arrErrors as $error) { $strError .= "<li>$error</li>"; } $srtError .= '</div>'; } } }?>[/code]HMTL under neath, but i dont think you need that. Quote Link to comment Share on other sites More sharing options...
spires Posted August 18, 2006 Author Share Posted August 18, 2006 location page[code]<?phpsession_start();if(!session_is_registered(username)) {header("Location:index.php");}?><?phpinclude('func.php');$dbpassword = $_SESSION['password'];$dbusername = $_SESSION['username'];echo $dbpassword;echo $dbusername;$query = "SELECT * FROM paypal_cart_info WHERE username='$dbusername' and password='$dbpassword'";$result = mysql_query($query) or die ("query 2 failed");$count = mysql_num_rows($result);$query1 = "SELECT * FROM books ORDER BY id DESC"; $result1 = mysql_query($query1) or die ("Query failed"); $count1 = mysql_num_rows($result1); ?>[/code] Quote Link to comment Share on other sites More sharing options...
GingerRobot Posted August 18, 2006 Share Posted August 18, 2006 Sorry when i said change the variables i meant change the ones you are using when you connect to the database.I imagine that you have in your functions page:$username = 'nicky';This will be overwriting the $_SESSION['username']; Quote Link to comment Share on other sites More sharing options...
spires Posted August 18, 2006 Author Share Posted August 18, 2006 Sorry, i'm still not to clue'd up on php.I'll go try it out. Quote Link to comment Share on other sites More sharing options...
spires Posted August 18, 2006 Author Share Posted August 18, 2006 You are a STAR!!!!!!!!Works perfect. Thanks very much. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.