Jump to content

Archived

This topic is now archived and is closed to further replies.

markbett

problem with set session variables

Recommended Posts

when logging into the site session variables are declared and set:

[code]  if(mysql_num_rows($validate) == 1){
      while($row = mysql_fetch_assoc($validate)){
        $_SESSION['login'] = true;
        $_SESSION['userid'] = $row['id'];
        $_SESSION['first_name'] = $row['first_name'];
        $_SESSION['last_name']  = $row['last_name'];
        $_SESSION['email_address'] = $row['email_address'];[/code]
the problem i have is that when i call on these variables later on, they often have changed and are now showing information for a different users.  the problem generally is triggered after performing a new SQL query to fetch other information.  Where I am confused is that I do not set $_session variables in ANY other locations.  I am the one experiencing the poblem on my test site so i know i am not hacking anything and resetting variables....  am i mistaken that once $_SESSION['first_name']  is set to a value that it will rmeain that set value until explicitly told otherwise or is it the case that when you declare $_SESSION['first_name']  = $row['first_name']; every time you have a $row['first_name'] the session variable will be reset to that new value....

Share this post


Link to post
Share on other sites
No you aren't mistaken.

The only explanation I can think of is that your code which sets the $_SESSION variables is being called again..

Try adding a debugging statement like

[code]echo "<br>Setting session variables for user {$row['id']}<br>";[/code]

Then if that code gets run, you'll get a visual indicator on the page.

Share this post


Link to post
Share on other sites
alaas it shouldnt be able to:

[code]case "validate":
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
    $validate = mysql_query("SELECT * FROM users
                          WHERE username='$username'
                          AND password = md5('$password')
                          AND verified='1'  AND disabled='0'
                          ") or die (mysql_error());
                         
  if(mysql_num_rows($validate) == 1){
      while($row = mysql_fetch_assoc($validate)){
        $_SESSION['login'] = true;
        $_SESSION['userid'] = $row['id'];
        $_SESSION['first_name'] = $row['first_name'];
        $_SESSION['last_name']  = $row['last_name'];[/code]

i could throw in a check to see if they are logged in already and tell it not to run but because its in a switch it shouldnt be able to run a second time..... and on top of that its within its own sql return so for it to run the second time it should have to rerun the query and return proper values...... grrr

Share this post


Link to post
Share on other sites
ohh i should clarify... when first logged in the session variables are returned corrently... as i nav to new pages and run other queries to set things in the DB etc, that is when things change and instead of calling me Mark is will call me "21" or "Manager" etc even though the session is still the same

Share this post


Link to post
Share on other sites
Are you missing a break in your switch statement, above case "validate": ?

In any case, you have nothing to lose by adding paranoid statements like "If (impossible condition) die("Something impossible happened!")".  You'd be surprised at how often something which should be impossible actually happens :)

Share this post


Link to post
Share on other sites
no luck

[code]switch($_REQUEST['req']){
 
case "validate":
//ensure they are not already logged in//
if($_SESSION['login'] != TRUE){

$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
    $validate = mysql_query("SELECT * FROM users
                          WHERE username='$username'
                          AND password = md5('$password')
                          AND verified='1'  AND disabled='0'
                          ") or die (mysql_error());[/code]

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.