Jump to content

Archived

This topic is now archived and is closed to further replies.

markbett

Session variable

Recommended Posts

on my site when a user logs in a number of session variables are set for them

[code]                           
   if(mysql_num_rows($validate) == 1){
      while($row = mysql_fetch_assoc($validate)){
         $_SESSION['login'] = true;
         $_SESSION['userid'] = $row['id'];
         $_SESSION['first_name'] = $row['first_name'];
         $_SESSION['last_name']  = $row['last_name'];
         $_SESSION['email_address'] = $row['email_address'];
$_SESSION['username'] = $row['username'];
         $_SESSION['cid'] = $row['cart_id'];
         setcookie('cid', $unique_cid, time()+24*3600*60);
//security for sess hijack//
$_SESSION['user']->fingerprint =
md5($_SERVER['HTTP_USER_AGENT']);[/code]
as you can see in the code

additionally in my code i set
[code]session_start();
session_name('SBQA');
header("Cache-control: private"); // Fix for IE
[/code]
before i spit anything out

the problem i am having is when you are logged in ( http://www.mygaysf.com/sbqa  you can log in using phpfreaks / password ) you will see that it correctly knows that you first name is "PHP Freaks"

now if you click on lets say the 15th in the calendar then VIEW EVENT
if you select the EVENT HOSTS name (a link so you will be able to send them a message) you will see that it has now changed your name in the welcome box.  There is NOTHING that should be resetting this session variable....

that code is simply:
[code]<?php
if($_SESSION['login'] == true){
   // show logout hyperlinks
   echo 'Welcome</td></tr><tr><td>- Welcome '.$_SESSION[first_name].' to the SBQA website. Click '.$nav_class.'../sbqa/logout.php">HERE</a> to end your session and log out.<br />';
if($_SESSION['useradmin'] != TRUE){
echo  '</td></tr></table>';[/code]

also on the next page is has changed who you are (the FROM box)

i only set the session variable FIRST NAME one time when you log in... the only change i do make is on the event view page i do add a session variable so that I can determine who the evnet host is for the last event they viewed but that should not have any effect on this at all as that code is simply:

[code] //we set variables here for the contacts

$_SESSION['host_name']= $event_host;
$_SESSION['host_email']= $host_email;
$_SESSION['subject']= "Re: SBQA Event ".$title;[/code]

so WHY oh why is this happening to me??

Share this post


Link to post
Share on other sites
and you select the CLICK HERE link so you could see the events details and the whole event description etc etc then you clicked on the name of the EVENT HOST and were brought to the messenger page?? 

Share this post


Link to post
Share on other sites
I guess on the I want to go page it said

Welcome Website to the SBQA website. Click HERE to end your session and log out.

Are you session_start() ing on that page?

Share this post


Link to post
Share on other sites
my index page has

[code]

session_start();
session_name('SBQA');
header("Cache-control: private"); // Fix for IE
[/code]

before i put anyhting out to the browser...

Share this post


Link to post
Share on other sites
**CORRECTION** the above should read layout not index....

does anyone have any ideas??

Share this post


Link to post
Share on other sites
i added [code]echo session_name();  // Displays current session name in effect
echo session_id();  // Displays the current session id[/code] and the session is staying the same i will add what you requested right now

Share this post


Link to post
Share on other sites
so you can see the session varaible change there but there is NOTHING in the code that i can see that is doing that... the code for the page is:
[code]
<?php
include $_SERVER['DOCUMENT_ROOT'].'/sbqa/layout2.php';

$req = (!isset($_REQUEST['req'])) ? 'default' : $_REQUEST['req'];
switch($req){

case "view_day":
$time = mysql_real_escape_string($_GET['date']);
if($time<1){
$time=time();
}
$today = date('j',$time);
//myheader("smile");
include $_SERVER['DOCUMENT_ROOT'].'/sbqa/html/day_view.htm';
footer();
break;

case "view_event":
$event_id=mysql_real_escape_string($_GET['event_id']);
$sql = mysql_query("SELECT * FROM events, organisers WHERE
event_id ='{$event_id}' AND events.event_org = organisers.org_id")
or die (mysql_error());
if(!$sql){
        echo 'Error getting event information: '.
              mysql_error();
      } else {
while($row = mysql_fetch_array($sql)){
stripslashes(extract($row));
$start_time = strtotime($start_time);
$stop_time = strtotime($stop_time);
$rsvp_close = strtotime($rsvp_close);
$start=date('l, M. j g:i A', $start_time);
$stop=date('l, M. j g:i A', $stop_time);
$rsvp=date('l, M. j g:i A', $rsvp_close);
$address_url = '<a href="http://maps.google.com/maps?q='.$address.'" target="_blank">&nbsp;<img src="'.$_SERVER['SITE_ROOT'].'/sbqa/images/map.jpg" width="30" height="15">&nbsp;&nbsp;'.$location.'</a>';

//set the open to variable
if($open_to=='0'){
$open_to='Everyone';
}elseif($open_to=='1'){
$open_to='Members Only';
}elseif($open_to=='2'){
$open_to='Members and Invited Guests';
}elseif($open_to=='3'){
$open_to='Invitation Only';
}elseif($open_to=='4'){
$open_to='Asian Members Only';
}elseif($open_to=='5'){
$open_to='All Asians';
}else{
$open_to='An Error Occured';
}
//determine if the event is full
if($max_cap=='0'){
$space_avail="This event does not have an attendance limit.";
}else{
if(($max_cap-$attending)<='0'){
$space_avail="This event is full.";
}else{
$space_avail="There are currently ".($max_cap-$attending)." spaces left.";
}
}
//determine if the waiting list is full
if($max_cap=='0'){
$wait_avail="This event does not have a waiting list.";
}else{
if(($max_cap+$wait_list-$attending)<='0'){
$wait_avail="There is no room on the waiting list for this event.";
}else{
If($max_cap<$attending){
$wait_avail="There are currently ".($max_cap+$wait_list-$attending)." spaces left on the waiting list.";
}else{
$wait_avail="There are currently ".$wait_list." spaces left on the waiting list.";
}
}
}
//deadline text
if($rsvp_close>=time()){
$rsvp_countdown= round(($rsvp_close-time())/86400);
if($rsvp_countdown>1){
$rsvp_text="Make sure you get in on this event while you can.  There are only ".$rsvp_countdown." days left to RSVP to this event.";
}else{
$rsvp_text="There is not much time left at all to RSVP to this event.  You need to act quickly";
}
}else{
$rsvp_text="Unfortunately the deadline to RSVP to this event has passed.  Contact the event host if need further assistance.";
}

//create the attendance list
if($attend_vis == 1){
$attend_list="This event does not have a public attendance list";
}elseif($attend_vis == 0){
$sql=@mysql_query("SELECT name, guest_of, user_id FROM event_rsvp
WHERE event_id = '$event_id' ORDER BY rsvp_id ASC") or die (mysql_error());
if(!$sql){
echo 'Error getting event information: '.mysql_error();
} else {
  while($row = mysql_fetch_array($sql)){
    stripslashes(extract($row));
If(isset($user_id)){
$attend_list.= $name."<br />";
}else{
$attend_list.=  "- Guest of ".$guest_of."<br />";
}
}
}
}else{
$attend_list='An Error Occured';
}

//determien the event hosts name
$sql = mysql_query("SELECT first_name, last_name, email_address AS host_email FROM users WHERE
id ='$event_host'")
//id ='15'")//
or die (mysql_error());
if(!$sql){
        echo 'Error getting determining event host: '.
              mysql_error();
      } else {
while($row = mysql_fetch_array($sql)){
stripslashes(extract($row));
$event_host = $first_name.' '.$last_name;
}
}

//we set variables here for the contacts

$_SESSION['host_name']= $event_host;
$_SESSION['host_email']= $host_email;
$_SESSION['subject']= "Re: SBQA Event ".$title;

//the form where all data is dumped
include $_SERVER['DOCUMENT_ROOT'].'/sbqa/html/event_view.htm';
}
}
footer();
break;

default:
    //myheader("smile");
include $_SERVER['DOCUMENT_ROOT'].'/sbqa/html/6_month.htm';
footer();
break;

/*


include $_SERVER['DOCUMENT_ROOT'].'/sbqa/html/day_view.htm';
footer();*/
}
?>
[/code]

Share this post


Link to post
Share on other sites
the ONLY thing that could possibly make sense is that the SQL query that runs on that page that returns variables with the same names as those that were set in the session way back is what is causeing it to change but it shouldnt because....

[code]case "validate":
//ensure they are not already logged in//
if($_SESSION['login'] != TRUE){

$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
    $validate = mysql_query("SELECT * FROM users
                          WHERE username='$username'
                          AND password = md5('$password')
                          AND verified='1'  AND disabled='0'
                          ") or die (mysql_error());
                         
  if(mysql_num_rows($validate) == 1){
      while($row = mysql_fetch_assoc($validate)){
        $_SESSION['login'] = true;
        $_SESSION['userid'] = $row['id'];
        $_SESSION['first_name'] = $row['first_name'];
        $_SESSION['last_name']  = $row['last_name'];
        $_SESSION['email_address'] = $row['email_address'];
$_SESSION['username'] = $row['username'];
        $_SESSION['cid'] = $row['cart_id'];
        setcookie('cid', $unique_cid, time()+24*3600*60);
[/code]

it shouldnt ever set those variable unless you arent logged in  and the session id never changes

Share this post


Link to post
Share on other sites
Thanks, looks like sessions are getting crossed somehow.  Can you also echo phpsessid();

I noticed it changed in the session as well.  That helps a bit.  I also noticed that all of your variables are & variables.  I don't know if this is normal or what it means (well, I do know that it is a pass by reference, but I don't know if that always happens in a var_dump($_SESSION); or not).  I'm looking into that. 

Can you also echo session_id();

That should stay the same throughout. 
I noticed that the username changes when you go to a page with anther user's name on it.  Are you setting $_SESSION['firstname'] on every page?

Share this post


Link to post
Share on other sites
the session is is what appears on the second line... it goes

SESSION NAME
SESSION ID

SESSION VAR DUMP

it appears to be staying the same... also see above for the session setting code...

Share this post


Link to post
Share on other sites
of course.  Sorry.
Again, check to make sure that you aren't setting $_SESSION['first_name'] anywhere else.  possibly do a find on all pages if your dev environment supports it $_SESSION['first_name'] = .

It has to be setting it somewhere, it doesn't just change like magic.

Share this post


Link to post
Share on other sites
and thats why im puzzled because it is...  you can see above and see all the code that is being called on that page and nowhere on there is a sesssion variable being changed.... the only thing i did was add 3 new variables.....

Share this post


Link to post
Share on other sites
i added [code]if($_SESSION['login'] != TRUE){
echo "i ran again cause i suck";
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);[/code] to make sure that the session isnt being set every time a page changes and those variables are only being set by that script a single time (because i dont see the i ran again message)

Share this post


Link to post
Share on other sites
i thoguht about that as well which is why i did the above... furthermore when i watch the ["login"]=> &bool(true)  it doesnt change....

Share this post


Link to post
Share on other sites
whats also puzzling is that it changes those variable but it doesnt change like teh email address...

Share this post


Link to post
Share on other sites
[quote author=markbett link=topic=110549.msg447105#msg447105 date=1160024092]
i thoguht about that as well which is why i did the above... furthermore when i watch the ["login"]=> &bool(true)  it doesnt change....
[/quote]

right, but it depends on where you are dumping it, right?

Share this post


Link to post
Share on other sites
well if the bool is changed after you dump it, or you execute the login then dump it and it sets it to true again, that wouldn't show up.  I would try doing an echo inside the login part, so when the login part is executed, you know and know if that is the problem.

Share this post


Link to post
Share on other sites
ok i dump varibles on the page throughout it and it changes them from after teh session stuff is done to when the data is being put in that page... now WHY WHY WHY

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.