sessions, strange problem!

spires · August 18, 2006

Hi,

i am creating a login system. should be easy.
But for some reason, when i use session_regiser['username'];
and submit a form the username turns from the username typed into the input box
and into nicky???

My database username is nicky, that is the only place i think it is getting it from.
But i cant see how or why it is doing it.

try it out for your self.
[URL=http://www.nickyrubin.com/members]http://www.nickyrubin.com/members[/URL]
username = solus.music.jeff@mail.com
password = t4njrsh2

The page that this will link to will echo the password and username.
notice that the username has changed to nicky.

Has anyone seen this before?

Thanks for your help

GingerRobot · August 18, 2006

probably not a good idea to show your database username and password on the forum.

But yes, this is due to register_globals. If you have a session called $_SESSION['var'] and then in a page use the variable $var, it will overwrite the contents of $_SESSION['var'];

Ideally, you'd want to turn register_globals off if possible. Otherwise, change the database username and password variables to something like:
$dbusername
$dbpassword

spires · August 18, 2006

ok thanks.

I haven't used register_globals before. Do you know how to tur them off?

Dont worry, the username and password wil be deleted.
In the mean time, FREE music all around!

GingerRobot · August 18, 2006

register_globals is a php setting. You can only change it if you have ability to change you php.ini settings

spires · August 18, 2006

OK, thanks for your help.

spires · August 18, 2006

I have just tried changing the VARs to $dbusername and $dbpassword.

If i take away the header-Loaction on the login page, and echo the variables out instead,
They echo out the correct info.

However if i put the header-Location back in place. the next page only displays nicky
Wrong username and no password?

Anymore suggestions please.

Thanks

GingerRobot · August 18, 2006

Can we see what code you are using?

Im a little bit mistified by what you mean by the header-Location. if you are doing something like this:

header("location:connectionpage.php");

Then thats not a very good way to do it. You should be using include:

include("connectionpage.php");

But im not sure. You might mean something differant.

ToonMariner · August 18, 2006

post the code of the login script AND that of the page the header takes you to..

spires · August 18, 2006

ok, one sec

spires · August 18, 2006

login page

[code]
<?php
session_start();
session_destroy();

include('func.php');

$arrErrors = array();

if (!empty($_POST['submit'])) {
if ($_POST['username']=='')
$arrErrors['username'] = 'Add Your Username';
if ($_POST['password']=='')
$arrErrors['password'] = 'Add Your Password';

if (count($arrErrors) == 0) {

$dbusername=$_POST['username'];
$dbpassword=$_POST['password'];

$sql="SELECT * FROM paypal_cart_info WHERE username='$dbusername' and password='$dbpassword'";
$result = mysql_query($sql);
$count = mysql_num_rows($result);
$row = mysql_fetch_array($result);

if($dbusername && $dbpassword){
session_register('username');
session_register('password');
//echo $dbusername;
//echo $dbpassword;

header('Location:download_item.php');

} else {
$noinput = '<div class="error">Sorry. You have entered an incorrect username or password,<br> please try again';
}

} else {
if (empty($dbusername) || empty($dbpassword)) {
$strError = '<div class="error">';
foreach ($arrErrors as $error) {
$strError .= "<li>$error</li>";
}
$srtError .= '</div>';
}
}

}

?>
[/code]

HMTL under neath, but i dont think you need that.

spires · August 18, 2006

location page

[code]
<?php
session_start();
if(!session_is_registered(username)) {
header("Location:index.php");
}
?>

<?php
include('func.php');

$dbpassword = $_SESSION['password'];
$dbusername = $_SESSION['username'];
echo $dbpassword;
echo $dbusername;

$query = "SELECT * FROM paypal_cart_info WHERE username='$dbusername' and password='$dbpassword'";
$result = mysql_query($query) or die ("query 2 failed");
$count = mysql_num_rows($result);

$query1 = "SELECT * FROM books ORDER BY id DESC";
$result1 = mysql_query($query1) or die ("Query failed");
$count1 = mysql_num_rows($result1);

?>
[/code]

GingerRobot · August 18, 2006

Sorry when i said change the variables i meant change the ones you are using when you connect to the database.

I imagine that you have in your functions page:
$username = 'nicky';

This will be overwriting the $_SESSION['username'];

spires · August 18, 2006

Sorry, i'm still not to clue'd up on php.

I'll go try it out.

spires · August 18, 2006

You are a STAR!!!!!!!!

Works perfect.

Thanks very much.

Sign In

sessions, strange problem!

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Join the conversation

Important Information