Jump to content


Photo

Session variable


  • Please log in to reply
28 replies to this topic

#1 markbett

markbett
  • Members
  • PipPipPip
  • Advanced Member
  • 133 posts

Posted 05 October 2006 - 01:58 AM

on my site when a user logs in a number of session variables are set for them

                           
   if(mysql_num_rows($validate) == 1){
      while($row = mysql_fetch_assoc($validate)){
         $_SESSION['login'] = true;
         $_SESSION['userid'] = $row['id'];
         $_SESSION['first_name'] = $row['first_name'];
         $_SESSION['last_name']  = $row['last_name'];
         $_SESSION['email_address'] = $row['email_address'];
		 $_SESSION['username'] = $row['username'];
         $_SESSION['cid'] = $row['cart_id'];
         setcookie('cid', $unique_cid, time()+24*3600*60);
		 //security for sess hijack//
		 $_SESSION['user']->fingerprint =
				md5($_SERVER['HTTP_USER_AGENT']);
as you can see in the code

additionally in my code i set
session_start();
session_name('SBQA');
header("Cache-control: private"); // Fix for IE
before i spit anything out

the problem i am having is when you are logged in ( http://www.mygaysf.com/sbqa  you can log in using phpfreaks / password ) you will see that it correctly knows that you first name is "PHP Freaks"

now if you click on lets say the 15th in the calendar then VIEW EVENT
if you select the EVENT HOSTS name (a link so you will be able to send them a message) you will see that it has now changed your name in the welcome box.  There is NOTHING that should be resetting this session variable....

that code is simply:
<?php
if($_SESSION['login'] == true){
   // show logout hyperlinks
   echo 'Welcome</td></tr><tr><td>- Welcome '.$_SESSION[first_name].' to the SBQA website. Click '.$nav_class.'../sbqa/logout.php">HERE</a> to end your session and log out.<br />';
		if($_SESSION['useradmin'] != TRUE){
		echo  '</td></tr></table>';

also on the next page is has changed who you are (the FROM box)

i only set the session variable FIRST NAME one time when you log in... the only change i do make is on the event view page i do add a session variable so that I can determine who the evnet host is for the last event they viewed but that should not have any effect on this at all as that code is simply:

//we set variables here for the contacts
	
	$_SESSION['host_name']= $event_host;
	$_SESSION['host_email']= $host_email;
	$_SESSION['subject']= "Re: SBQA Event ".$title;

so WHY oh why is this happening to me??

#2 Hi I Am Timbo

Hi I Am Timbo
  • Members
  • PipPipPip
  • Advanced Member
  • 109 posts

Posted 05 October 2006 - 02:04 AM

It didn't change the name for me.  It said PHP Freaks on all pages.  Mac OS X / Firefox

#3 markbett

markbett
  • Members
  • PipPipPip
  • Advanced Member
  • 133 posts

Posted 05 October 2006 - 02:06 AM

and you select the CLICK HERE link so you could see the events details and the whole event description etc etc then you clicked on the name of the EVENT HOST and were brought to the messenger page?? 

#4 Hi I Am Timbo

Hi I Am Timbo
  • Members
  • PipPipPip
  • Advanced Member
  • 109 posts

Posted 05 October 2006 - 02:09 AM

I guess on the I want to go page it said

Welcome Website to the SBQA website. Click HERE to end your session and log out.

Are you session_start() ing on that page?

#5 markbett

markbett
  • Members
  • PipPipPip
  • Advanced Member
  • 133 posts

Posted 05 October 2006 - 02:12 AM

my index page has


session_start();
session_name('SBQA');
header("Cache-control: private"); // Fix for IE

before i put anyhting out to the browser...

#6 markbett

markbett
  • Members
  • PipPipPip
  • Advanced Member
  • 133 posts

Posted 05 October 2006 - 04:13 AM

**CORRECTION** the above should read layout not index....

does anyone have any ideas??

#7 Hi I Am Timbo

Hi I Am Timbo
  • Members
  • PipPipPip
  • Advanced Member
  • 109 posts

Posted 05 October 2006 - 04:15 AM

can you put a var_dump $_SESSION after that at the top of each page and I will look at it?

#8 markbett

markbett
  • Members
  • PipPipPip
  • Advanced Member
  • 133 posts

Posted 05 October 2006 - 04:27 AM

i added
echo session_name();  // Displays current session name in effect
echo session_id();   // Displays the current session id
and the session is staying the same i will add what you requested right now

#9 markbett

markbett
  • Members
  • PipPipPip
  • Advanced Member
  • 133 posts

Posted 05 October 2006 - 04:32 AM

ok i put that in there and you can see all the session variables....

#10 markbett

markbett
  • Members
  • PipPipPip
  • Advanced Member
  • 133 posts

Posted 05 October 2006 - 04:35 AM

so you can see the session varaible change there but there is NOTHING in the code that i can see that is doing that... the code for the page is:
<?php
include $_SERVER['DOCUMENT_ROOT'].'/sbqa/layout2.php';

$req = (!isset($_REQUEST['req'])) ? 'default' : $_REQUEST['req'];
	switch($req){ 
	
	case "view_day":
		$time = mysql_real_escape_string($_GET['date']); 
		if($time<1){
			$time=time();
			}
		$today = date('j',$time); 
		//myheader("smile");
		include $_SERVER['DOCUMENT_ROOT'].'/sbqa/html/day_view.htm';
		footer();
	break;
	
	case "view_event":
	$event_id=mysql_real_escape_string($_GET['event_id']);
		$sql = mysql_query("SELECT * FROM events, organisers WHERE 
			event_id ='{$event_id}' AND events.event_org = organisers.org_id") 
			or die (mysql_error());
	 if(!$sql){
         echo 'Error getting event information: '.
              mysql_error();
      } else {			
				while($row = mysql_fetch_array($sql)){
				stripslashes(extract($row));
		$start_time = strtotime($start_time);
		$stop_time = strtotime($stop_time);
		$rsvp_close = strtotime($rsvp_close);
		$start=date('l, M. j g:i A', $start_time);
		$stop=date('l, M. j g:i A', $stop_time);
		$rsvp=date('l, M. j g:i A', $rsvp_close);
		$address_url = '<a href="http://maps.google.com/maps?q='.$address.'" target="_blank">&nbsp;<img src="'.$_SERVER['SITE_ROOT'].'/sbqa/images/map.jpg" width="30" height="15">&nbsp;&nbsp;'.$location.'</a>';
		
		//set the open to variable
		if($open_to=='0'){
			$open_to='Everyone';
		}elseif($open_to=='1'){
			$open_to='Members Only';
		}elseif($open_to=='2'){
			$open_to='Members and Invited Guests';
		}elseif($open_to=='3'){
			$open_to='Invitation Only';
		}elseif($open_to=='4'){
			$open_to='Asian Members Only';
		}elseif($open_to=='5'){
			$open_to='All Asians';
		}else{
			$open_to='An Error Occured';
		}
		//determine if the event is full
		if($max_cap=='0'){
			$space_avail="This event does not have an attendance limit.";
		}else{	
			if(($max_cap-$attending)<='0'){
				$space_avail="This event is full.";
			}else{
				$space_avail="There are currently ".($max_cap-$attending)." spaces left.";
			}
		}
		//determine if the waiting list is full
		if($max_cap=='0'){
			$wait_avail="This event does not have a waiting list.";
		}else{	
			if(($max_cap+$wait_list-$attending)<='0'){
				$wait_avail="There is no room on the waiting list for this event.";
			}else{
				If($max_cap<$attending){
				$wait_avail="There are currently ".($max_cap+$wait_list-$attending)." spaces left on the waiting list.";
				}else{
				$wait_avail="There are currently ".$wait_list." spaces left on the waiting list.";
				}
			}		
		}		
		//deadline text
		if($rsvp_close>=time()){
			$rsvp_countdown= round(($rsvp_close-time())/86400);
			if($rsvp_countdown>1){
				$rsvp_text="Make sure you get in on this event while you can.  There are only ".$rsvp_countdown." days left to RSVP to this event.";
			}else{
				$rsvp_text="There is not much time left at all to RSVP to this event.  You need to act quickly";
			}
		}else{
			$rsvp_text="Unfortunately the deadline to RSVP to this event has passed.  Contact the event host if need further assistance.";
		}

		//create the attendance list
	if($attend_vis == 1){
		$attend_list="This event does not have a public attendance list";
	}elseif($attend_vis == 0){
				$sql=@mysql_query("SELECT name, guest_of, user_id FROM event_rsvp
					WHERE event_id = '$event_id' ORDER BY rsvp_id ASC") or die (mysql_error());
						if(!$sql){
							echo 'Error getting event information: '.mysql_error();
						} else {		
							  while($row = mysql_fetch_array($sql)){
							    stripslashes(extract($row));
								If(isset($user_id)){
									$attend_list.= $name."<br />";
								}else{
									$attend_list.=  "- Guest of ".$guest_of."<br />";
								}
							}
						}
	}else{
		$attend_list='An Error Occured';
	}
	
	//determien the event hosts name
	$sql = mysql_query("SELECT first_name, last_name, email_address AS host_email FROM users WHERE 
			id ='$event_host'")
			//id ='15'")//
			or die (mysql_error());
	 if(!$sql){
         echo 'Error getting determining event host: '.
              mysql_error();
      } else {
				while($row = mysql_fetch_array($sql)){
				stripslashes(extract($row));
					$event_host = $first_name.' '.$last_name;
			}		
		}
		
	//we set variables here for the contacts
	
	$_SESSION['host_name']= $event_host;
	$_SESSION['host_email']= $host_email;
	$_SESSION['subject']= "Re: SBQA Event ".$title;
		
	//the form where all data is dumped
			include $_SERVER['DOCUMENT_ROOT'].'/sbqa/html/event_view.htm';
			}
		}
		footer();
	break;
	
	default:
	    //myheader("smile");
		include $_SERVER['DOCUMENT_ROOT'].'/sbqa/html/6_month.htm';
		footer();
	break;

/*


include $_SERVER['DOCUMENT_ROOT'].'/sbqa/html/day_view.htm';
footer();*/
}
?>


#11 markbett

markbett
  • Members
  • PipPipPip
  • Advanced Member
  • 133 posts

Posted 05 October 2006 - 04:38 AM

the ONLY thing that could possibly make sense is that the SQL query that runs on that page that returns variables with the same names as those that were set in the session way back is what is causeing it to change but it shouldnt because....

case "validate":
//ensure they are not already logged in//
if($_SESSION['login'] != TRUE){

	$username = mysql_real_escape_string($_POST['username']);
	$password = mysql_real_escape_string($_POST['password']);
    $validate = mysql_query("SELECT * FROM users
                           WHERE username='$username'
                           AND password = md5('$password')
                           AND verified='1'  AND disabled='0'
                           ") or die (mysql_error());
                           
   if(mysql_num_rows($validate) == 1){
      while($row = mysql_fetch_assoc($validate)){
         $_SESSION['login'] = true;
         $_SESSION['userid'] = $row['id'];
         $_SESSION['first_name'] = $row['first_name'];
         $_SESSION['last_name']  = $row['last_name'];
         $_SESSION['email_address'] = $row['email_address'];
		 $_SESSION['username'] = $row['username'];
         $_SESSION['cid'] = $row['cart_id'];
         setcookie('cid', $unique_cid, time()+24*3600*60);

it shouldnt ever set those variable unless you arent logged in  and the session id never changes

#12 Hi I Am Timbo

Hi I Am Timbo
  • Members
  • PipPipPip
  • Advanced Member
  • 109 posts

Posted 05 October 2006 - 04:40 AM

Thanks, looks like sessions are getting crossed somehow.  Can you also echo phpsessid();

I noticed it changed in the session as well.  That helps a bit.  I also noticed that all of your variables are & variables.  I don't know if this is normal or what it means (well, I do know that it is a pass by reference, but I don't know if that always happens in a var_dump($_SESSION); or not).  I'm looking into that. 

Can you also echo session_id();

That should stay the same throughout. 
I noticed that the username changes when you go to a page with anther user's name on it.  Are you setting $_SESSION['firstname'] on every page?

#13 markbett

markbett
  • Members
  • PipPipPip
  • Advanced Member
  • 133 posts

Posted 05 October 2006 - 04:41 AM

the session is is what appears on the second line... it goes

SESSION NAME
SESSION ID

SESSION VAR DUMP

it appears to be staying the same... also see above for the session setting code...

#14 Hi I Am Timbo

Hi I Am Timbo
  • Members
  • PipPipPip
  • Advanced Member
  • 109 posts

Posted 05 October 2006 - 04:45 AM

of course.  Sorry.
Again, check to make sure that you aren't setting $_SESSION['first_name'] anywhere else.  possibly do a find on all pages if your dev environment supports it $_SESSION['first_name'] = .

It has to be setting it somewhere, it doesn't just change like magic.

#15 markbett

markbett
  • Members
  • PipPipPip
  • Advanced Member
  • 133 posts

Posted 05 October 2006 - 04:48 AM

and thats why im puzzled because it is...  you can see above and see all the code that is being called on that page and nowhere on there is a sesssion variable being changed.... the only thing i did was add 3 new variables.....

#16 Hi I Am Timbo

Hi I Am Timbo
  • Members
  • PipPipPip
  • Advanced Member
  • 109 posts

Posted 05 October 2006 - 04:51 AM

perhaps $_SESSION['login'] is set to !true on some pages, causing the login script to run again?

#17 Hi I Am Timbo

Hi I Am Timbo
  • Members
  • PipPipPip
  • Advanced Member
  • 109 posts

Posted 05 October 2006 - 04:52 AM

I would try echoing $_SESSION['login'] before and after the login code is executed.

#18 markbett

markbett
  • Members
  • PipPipPip
  • Advanced Member
  • 133 posts

Posted 05 October 2006 - 04:53 AM

i added
if($_SESSION['login'] != TRUE){
echo "i ran again cause i suck";
	$username = mysql_real_escape_string($_POST['username']);
	$password = mysql_real_escape_string($_POST['password']);
to make sure that the session isnt being set every time a page changes and those variables are only being set by that script a single time (because i dont see the i ran again message)

#19 markbett

markbett
  • Members
  • PipPipPip
  • Advanced Member
  • 133 posts

Posted 05 October 2006 - 04:54 AM

i thoguht about that as well which is why i did the above... furthermore when i watch the ["login"]=> &bool(true)  it doesnt change....

#20 markbett

markbett
  • Members
  • PipPipPip
  • Advanced Member
  • 133 posts

Posted 05 October 2006 - 05:01 AM

whats also puzzling is that it changes those variable but it doesnt change like teh email address...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users