TeddyKiller Posted March 22, 2010 Share Posted March 22, 2010 Hi. When a user logs in, it sets two sessions "uid" and "hash" uid works perfectly fine, and it appears that the "hash" session gets set with the correct results (as I tested with echo's) Here is when the sessions get set. $query = mysql_query("SELECT * FROM users WHERE username = '$username' AND password = '$pwd' LIMIT 1") or trigger_error('Query failed: '. mysql_error()); $row = mysql_fetch_array($query); $_SESSION['uid'] = $row['id']; $hash = sha1($row['id'] . $_SERVER['REMOTE_ADDR'] . $secret_key); $_SESSION['hash'] = $hash; Then when I go onto test.php (whilst the sessions are still set) <?php session_start(); include("../inc/config.php"); include("functions.php"); $player = check_user(); echo $player->username; echo $player->password; echo $player->dob; echo $player->date; ?> Then here's the checkuser function. <?php function check_user() { if (!isset($_SESSION['uid']) || !isset($_SESSION['hash'])) { header("Location: /index.php"); } else { $check = sha1($_SESSION['uid'] . $_SERVER['REMOTE_ADDR'] . $secret_key); if ($check != $_SESSION['hash']) { session_unset(); session_destroy(); header("Location: /index.php"); } else { $query = mysql_query("SELECT * FROM users WHERE id='".$_SESSION['uid']."'") or trigger_error("Query failed: ".mysql_error()); $userarray = mysql_fetch_array($query); if (mysql_num_rows($query) ==0) { session_unset(); session_destroy(); header("Location: /index.php"); } foreach($userarray as $key=>$value) { $user->$key = $value; } return $user; } } } ?> I have echoed $secret_key outside the function (above it) and it gets displayed correctly. $secret_key is defined in config.php I also echo's it where the sessions get set, and it also.. echoed correctly. Although.. something goes wrong, it doesn't say if its the same. $check = sha1($_SESSION['uid'] . $_SERVER['REMOTE_ADDR'] . $secret_key); if ($check != $_SESSION['hash']) { There, for some reason it still destroys the sessions, so the session is not matching $check? Can anyone help me. Thanks Quote Link to comment Share on other sites More sharing options...
schilly Posted March 22, 2010 Share Posted March 22, 2010 when in a function, it has a separate namespace so $secret_key is not defined in that function. either pass it into the function or put global $secret_key; at the top of your function. Quote Link to comment Share on other sites More sharing options...
TeddyKiller Posted March 22, 2010 Author Share Posted March 22, 2010 That worked, although I tried passing it through the function. check_user($secret_key) but that didn't work, although it does now. Thanks (Atleast I learnt about globals now ! ) Quote Link to comment Share on other sites More sharing options...
schilly Posted March 22, 2010 Share Posted March 22, 2010 ya if you changed to function to: function check_user($secret_key){ and your function call to $player = check_user($secret_key); it should work that way as well. Quote Link to comment Share on other sites More sharing options...
KevinM1 Posted March 22, 2010 Share Posted March 22, 2010 Don't use 'global.' Pass it as an argument to the function instead. Quote Link to comment Share on other sites More sharing options...
TeddyKiller Posted March 22, 2010 Author Share Posted March 22, 2010 Warning: Missing argument 1 for check_user(), called in /home/jeanie/public_html/main.php on line 7 and defined in /home/jeanie/public_html/inc/functions.php on line 2 Warning: Cannot modify header information - headers already sent by (output started at /home/jeanie/public_html/inc/functions.php:2) in /home/jeanie/public_html/inc/functions.php on line 16 <?php session_start(); include("inc/config.php"); include('classes/imgmanip.php'); include("inc/functions.php"); $user = check_user($secret_key); ?> function check_user($secret_key) { Why am I getting errors? Quote Link to comment Share on other sites More sharing options...
KevinM1 Posted March 22, 2010 Share Posted March 22, 2010 Your secret key exists in the session, correct? Well, you need to either use that value directly, or assign it to a variable which you then pass to the function. In other words: $user = check_user($_SESSION['secret_key']); or $secret_key = $_SESSION['secret_key']; $user = check_user($secret_key); Remember: if you need to use variables across pages, put them in a session. EDIT: or, if you're worried about the secret key being compromised, save it somewhere (file, db), then read it from that data store when you need to access it. Quote Link to comment Share on other sites More sharing options...
TeddyKiller Posted March 22, 2010 Author Share Posted March 22, 2010 No. $secret_key is defined in config.php which is included in every file. edit: Oh damn, i was saving index.php rather than main.php Quote Link to comment Share on other sites More sharing options...
KevinM1 Posted March 22, 2010 Share Posted March 22, 2010 No. $secret_key is defined in config.php which is included in every file. The errors tell me that your functions.php file is borked. The error resides there. Show code? Quote Link to comment Share on other sites More sharing options...
TeddyKiller Posted March 22, 2010 Author Share Posted March 22, 2010 It's alright. I editted my last post saying that I was saving index.php rather than main.php though you replied too fast. Thanks for trying to help though Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.