Jump to content


Photo

problem with set session variables


  • Please log in to reply
6 replies to this topic

#1 markbett

markbett
  • Members
  • PipPipPip
  • Advanced Member
  • 133 posts

Posted 15 September 2006 - 07:24 AM

when logging into the site session variables are declared and set:

   if(mysql_num_rows($validate) == 1){
      while($row = mysql_fetch_assoc($validate)){
         $_SESSION['login'] = true;
         $_SESSION['userid'] = $row['id'];
         $_SESSION['first_name'] = $row['first_name'];
         $_SESSION['last_name']  = $row['last_name'];
         $_SESSION['email_address'] = $row['email_address'];
the problem i have is that when i call on these variables later on, they often have changed and are now showing information for a different users.  the problem generally is triggered after performing a new SQL query to fetch other information.  Where I am confused is that I do not set $_session variables in ANY other locations.  I am the one experiencing the poblem on my test site so i know i am not hacking anything and resetting variables....  am i mistaken that once $_SESSION['first_name']  is set to a value that it will rmeain that set value until explicitly told otherwise or is it the case that when you declare $_SESSION['first_name']  = $row['first_name']; every time you have a $row['first_name'] the session variable will be reset to that new value....

#2 btherl

btherl
  • Staff Alumni
  • Advanced Member
  • 3,893 posts
  • LocationAustralia

Posted 15 September 2006 - 07:33 AM

No you aren't mistaken.

The only explanation I can think of is that your code which sets the $_SESSION variables is being called again..

Try adding a debugging statement like

echo "<br>Setting session variables for user {$row['id']}<br>";

Then if that code gets run, you'll get a visual indicator on the page.

#3 markbett

markbett
  • Members
  • PipPipPip
  • Advanced Member
  • 133 posts

Posted 15 September 2006 - 07:38 AM

alaas it shouldnt be able to:

case "validate":
	$username = mysql_real_escape_string($_POST['username']);
	$password = mysql_real_escape_string($_POST['password']);
    $validate = mysql_query("SELECT * FROM users
                           WHERE username='$username'
                           AND password = md5('$password')
                           AND verified='1'  AND disabled='0'
                           ") or die (mysql_error());
                           
   if(mysql_num_rows($validate) == 1){
      while($row = mysql_fetch_assoc($validate)){
         $_SESSION['login'] = true;
         $_SESSION['userid'] = $row['id'];
         $_SESSION['first_name'] = $row['first_name'];
         $_SESSION['last_name']  = $row['last_name'];

i could throw in a check to see if they are logged in already and tell it not to run but because its in a switch it shouldnt be able to run a second time..... and on top of that its within its own sql return so for it to run the second time it should have to rerun the query and return proper values...... grrr

#4 markbett

markbett
  • Members
  • PipPipPip
  • Advanced Member
  • 133 posts

Posted 15 September 2006 - 07:39 AM

ohh i should clarify... when first logged in the session variables are returned corrently... as i nav to new pages and run other queries to set things in the DB etc, that is when things change and instead of calling me Mark is will call me "21" or "Manager" etc even though the session is still the same

#5 btherl

btherl
  • Staff Alumni
  • Advanced Member
  • 3,893 posts
  • LocationAustralia

Posted 15 September 2006 - 07:41 AM

Are you missing a break in your switch statement, above case "validate": ?

In any case, you have nothing to lose by adding paranoid statements like "If (impossible condition) die("Something impossible happened!")".  You'd be surprised at how often something which should be impossible actually happens :)

#6 markbett

markbett
  • Members
  • PipPipPip
  • Advanced Member
  • 133 posts

Posted 15 September 2006 - 07:49 AM

no luck

switch($_REQUEST['req']){ 
   
case "validate":
//ensure they are not already logged in//
if($_SESSION['login'] != TRUE){

	$username = mysql_real_escape_string($_POST['username']);
	$password = mysql_real_escape_string($_POST['password']);
    $validate = mysql_query("SELECT * FROM users
                           WHERE username='$username'
                           AND password = md5('$password')
                           AND verified='1'  AND disabled='0'
                           ") or die (mysql_error());


#7 markbett

markbett
  • Members
  • PipPipPip
  • Advanced Member
  • 133 posts

Posted 15 September 2006 - 04:40 PM

*bump*




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users