Jump to content

problem with set session variables


markbett

Recommended Posts

when logging into the site session variables are declared and set:

[code]  if(mysql_num_rows($validate) == 1){
      while($row = mysql_fetch_assoc($validate)){
        $_SESSION['login'] = true;
        $_SESSION['userid'] = $row['id'];
        $_SESSION['first_name'] = $row['first_name'];
        $_SESSION['last_name']  = $row['last_name'];
        $_SESSION['email_address'] = $row['email_address'];[/code]
the problem i have is that when i call on these variables later on, they often have changed and are now showing information for a different users.  the problem generally is triggered after performing a new SQL query to fetch other information.  Where I am confused is that I do not set $_session variables in ANY other locations.  I am the one experiencing the poblem on my test site so i know i am not hacking anything and resetting variables....  am i mistaken that once $_SESSION['first_name']  is set to a value that it will rmeain that set value until explicitly told otherwise or is it the case that when you declare $_SESSION['first_name']  = $row['first_name']; every time you have a $row['first_name'] the session variable will be reset to that new value....
Link to comment
Share on other sites

No you aren't mistaken.

The only explanation I can think of is that your code which sets the $_SESSION variables is being called again..

Try adding a debugging statement like

[code]echo "<br>Setting session variables for user {$row['id']}<br>";[/code]

Then if that code gets run, you'll get a visual indicator on the page.
Link to comment
Share on other sites

alaas it shouldnt be able to:

[code]case "validate":
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
    $validate = mysql_query("SELECT * FROM users
                          WHERE username='$username'
                          AND password = md5('$password')
                          AND verified='1'  AND disabled='0'
                          ") or die (mysql_error());
                         
  if(mysql_num_rows($validate) == 1){
      while($row = mysql_fetch_assoc($validate)){
        $_SESSION['login'] = true;
        $_SESSION['userid'] = $row['id'];
        $_SESSION['first_name'] = $row['first_name'];
        $_SESSION['last_name']  = $row['last_name'];[/code]

i could throw in a check to see if they are logged in already and tell it not to run but because its in a switch it shouldnt be able to run a second time..... and on top of that its within its own sql return so for it to run the second time it should have to rerun the query and return proper values...... grrr
Link to comment
Share on other sites

ohh i should clarify... when first logged in the session variables are returned corrently... as i nav to new pages and run other queries to set things in the DB etc, that is when things change and instead of calling me Mark is will call me "21" or "Manager" etc even though the session is still the same
Link to comment
Share on other sites

Are you missing a break in your switch statement, above case "validate": ?

In any case, you have nothing to lose by adding paranoid statements like "If (impossible condition) die("Something impossible happened!")".  You'd be surprised at how often something which should be impossible actually happens :)
Link to comment
Share on other sites

no luck

[code]switch($_REQUEST['req']){
 
case "validate":
//ensure they are not already logged in//
if($_SESSION['login'] != TRUE){

$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
    $validate = mysql_query("SELECT * FROM users
                          WHERE username='$username'
                          AND password = md5('$password')
                          AND verified='1'  AND disabled='0'
                          ") or die (mysql_error());[/code]
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.