Jump to content

Really odd php-mysql-session interaction


blacknight

Recommended Posts

so i work on wowroster.net making upgrades to roster

i have created a user lib for the sit and im now adding sessions but im getten some odd issues....

 

this is one of the inserts and sent to mysql_query

example

UPDATE `roster_sessions` SET 
`session_user_id` = '0', 
`session_last_visit` = '1331544818', 
`session_browser` = '', 
`session_ip` = '127.0.0.1', 
`session_time` = '1331545718',
`session_page` = 'p=guild-main&a=g:1'
WHERE `session_id` = '6m7js82r848kk2s90sjfmuj325'

YET.. this is what i get in my database

sql dump from my admin

INSERT INTO `roster_sessions` (`sess_id`, `session_id`, `session_user_id`, `session_last_visit`, `session_start`, `session_time`, `session_ip`, `session_browser`, `session_forwarded_for`, `session_page`, `session_viewonline`, `session_autologin`, `session_admin`) VALUES
('5764d5713a7f24c82b30d271460bf68c', '6m7js82r848kk2s90sjfmuj325', '3', 0, 1331544818, 1331545718, '127.0.0.1', '', '', 'addons-main-images-shadow', 0, 0, 0);

 

any clue at all...

 

Link to comment
Share on other sites

		$xsql = "UPDATE `". $roster->db->table('sessions') ."` SET	`session_user_id` = '".$this->uid."', `session_last_visit` = '".time()."', `session_browser` = '', `session_ip` = '".$this->getIP()."', `session_time` = '".(time()+60*15)."',`session_page` = '".nl2br($page)."' WHERE `session_id` = '" . session_id() . "'";
		$rx = $roster->db->query($xsql);
		if (!$rx) {
			$message  = 'Invalid query: ' . mysql_error() . "\n";
			$message .= 'Whole query: ' . $xsql;
			die($message);
		}
		$roster->db->free_result($rx);

is the update query i free every query result in the script after its used..

Link to comment
Share on other sites

yeah, we'll need to see enough of the code to establish where the INSERT query is coming from, and why your code thinks that it should be running that rather than the UPDATE.  I'm not sure what you're reffering to by "manualy freeing query results" either as neithter UPDATE nor INSERT produce a result set of any consiquence.

Link to comment
Share on other sites

the whole function

function UserTracker ($table="UTracker",$cookie="roster_hash",$minutes=15)
{
	global $roster;

	if($minutes<15)
		$minutes=15;
	$this->expireTime=$minutes;
	$this->cookieName=$cookie;
	$this->time_now				= time();
	$this->cookie_data			= array('u' => '', 'k' => '');

	$this->browser				= (!empty($_SERVER['HTTP_USER_AGENT'])) ? htmlspecialchars((string) $_SERVER['HTTP_USER_AGENT']) : '';
	$this->referer				= (!empty($_SERVER['HTTP_REFERER'])) ? htmlspecialchars((string) $_SERVER['HTTP_REFERER']) : '';
	$this->forwarded_for		= (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) ? htmlspecialchars((string) $_SERVER['HTTP_X_FORWARDED_FOR']) : '';

	$this->host					= $this->extract_current_hostname();
	$this->page					= $this->extract_current_page($roster->config['website_address']);


	//remove all the expired sessions . no need to keep them . cookies are long gone anyway .
	$queryd="DELETE FROM `".$roster->db->table('sessions')."` WHERE `session_time`  <= '".(time())."'";
	//echo $queryd.'<br>';
	$resultd = $roster->db->query($queryd);
	$roster->db->free_result($resultd);

	$this->trackerID= (isset($this->uuid) ? $this->uuid : md5($_SERVER["HTTP_USER_AGENT"].$_SERVER["REMOTE_ADDR"]) );

	$aquery="SELECT * FROM `".$roster->db->table('sessions')."` WHERE `session_id`='".session_id()."'";

	$result = $roster->db->query($aquery);

	$rows = $roster->db->num_rows($result);
	$rec = array();
	if ($rows == 1)
	{
		$rec = $roster->db->fetch($result);
	}
	$roster->db->free_result($result);

	if(isset($rec['session_id']) && $rec['session_id'] == session_id())
	{

		$page = implode('-',$roster->pages);
		//make the life of the cookie longer and update time and IP .
		$xsql = "UPDATE `". $roster->db->table('sessions') ."` SET	`session_user_id` = '".$this->uid."', `session_last_visit` = '".time()."', `session_browser` = '".$this->browser."', `session_ip` = '".$this->getIP()."', `session_time` = '".(time()+60*15)."',
		`session_page` = '".substr($this->page['page'], 0, 199)."' WHERE `session_id` = '" . session_id() . "'";
		$rx = $roster->db->query($xsql);
		$roster->db->free_result($rx);

		$this->newSession=0;
		return true;
	}
	else if ($rows == 0)
	{
		$domain = $_SERVER['HTTP_HOST'];
		$url = "http://" . $_SERVER['HTTP_HOST']  . $_SERVER['REQUEST_URI'];
		$p = parse_url($url);
		$page = $p['query'];
		$xsql_ary = array(
			'sess_id'				=> $this->trackerID,
			'session_id'				=> session_id(),
			'session_user_id'		=> $this->uid,
			'session_start'			=> (int) time(),
			'session_last_visit'	=> (int) $this->data['session_last_visit'],
			'session_time'			=> (int) time()+(60*15),
			'session_page'			=> substr($this->page['page'], 0, 199),
			'session_browser'		=> (string) trim(substr($this->browser, 0, 149)),
			'session_forwarded_for'	=> (string) $this->forwarded_for,
			'session_ip'			=> (string) $this->getIP(),
			'session_autologin'		=> ($session_autologin) ? 1 : 0,
			'session_admin'			=> ($set_admin) ? 1 : 0,
			'session_viewonline'	=> ($viewonline) ? 1 : 0,
		);

		// this allways errors out because the session exists... i hate this class....
		$sql = 'REPLACE INTO `' . $roster->db->table('sessions') . '` ' . $roster->db->build_query('INSERT', $xsql_ary);
		$s = $roster->db->query($sql);
		$qry1 = "UPDATE `" . $roster->db->table('user_members') . "` SET `online` = '1' WHERE `id` = '".$sql_ary['session_user_id']."'";
		$q = $roster->db->query($qry1);

		$this->newSession=1;
		return true;
	}
	else
	{
		$roster->set_message( ' An erroro has occured in your session it will now be reset', 'Sessions', 'notice' );
	}
}

Link to comment
Share on other sites

			// this allways errors out because the session exists... i hate this class....
		$sql = 'REPLACE INTO `' . $roster->db->table('sessions') . '` ' . $roster->db->build_query('INSERT', $xsql_ary);
		$s = $roster->db->query($sql);
		$qry1 = "UPDATE `" . $roster->db->table('user_members') . "` SET `online` = '1' WHERE `id` = '".$sql_ary['session_user_id']."'";
		$q = $roster->db->query($qry1);

Somethings not working in your record existance check, have you done any var_dump()'s on these to double check that they are what they should be?

Ones to focus on:

if(isset($rec['session_id']) && $rec['session_id'] == session_id())

$rows = $roster->db->num_rows($result);

 

Link to comment
Share on other sites

this is teh funny part..

Array ( [0] => 5b526b535b979265ee138cd3ade1c085 
[sess_id] => 5b526b535b979265ee138cd3ade1c085 
[1] => 6m7js82r848kk2s90sjfmuj325 
[session_id] => 6m7js82r848kk2s90sjfmuj325 
[2] => 0 
[session_user_id] => 0 
[3] => 0 
[session_last_visit] => 0 
[4] => 1331567561 
[session_start] => 1331567561 
[5] => 1331568461 
[session_time] => 1331568461 
[6] => 127.0.0.1 
[session_ip] => 127.0.0.1 
[7] => Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
[session_browser] => Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) 
[8] => 
[session_forwarded_for] => 
[9] => index.php 
[session_page] => index.php 
[10] => 0 
[session_viewonline] => 0 
[11] => 0 
[session_autologin] => 0 
[12] => 0 
[session_admin] => 0 )

the var dump is normal the insert is normal the data mutates after entry

Link to comment
Share on other sites

It's hard to say.

 

Can you isolate the issue down to a stand-alone session class with database structure?

 

Something I can copy and paste to my local server, run, and be able to replicate your results.

Link to comment
Share on other sites

the thing is the session_user_id should be 0 because of it being a guest session but its using 3 and its not set any where in the script and its not posted from any where... im at aloss i think i have a temp fix im running the query directly in the query() insted of using a var..

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.