Weird Session Anomaly

[NomadicJosh]

I am having this weird session anomaly. When logged is as a regular user, all is well until I get to this one page in particular. Once I click the link to get to this page, I become logged in as someone else. The domain is consistent across, and session_start(); is present on all pages. Is there some check that I can use to figure out why this happens every time? Thanks.

[premiso]

We cannot help without some code where you think the problem may be coming from, unfortunately.

[NomadicJosh]

Here is some code, but it is going to be long.

 

project.php

<?php 
// Starts the session.
session_start();
define('access',true);
include(dirname(dirname(__FILE__)) . '/config.inc.php');
include(PM_DIR . 'pm-includes/global.inc.php');
require(PM_DIR . 'pm-includes/functions.php');

// Checks if user is logged in; if not redirect to login page.
if($current_user->hasPermission('access_site') != true) { pm_redirect(PM_URI . '/index.php'); }
is_id_set( $_GET['p_id'], get_project_meta($_GET['p_id'],'p_id'), '/projects/list_projects.php' );

include(PM_DIR . 'pm-includes/header.php');

// Enable for error checking and troubleshooting.
# display_errors();

$sql = pmdb::connect()->select( DB . 'projects', '*', 'p_id = "' . $_GET['p_id'] . '"', null ) or die(pmdb::connect()->is_error());

while($row = $sql->fetch_array()) {
?>

			<div id="page-title">
				<img src="<?php _e( PM_URI ); ?>/images/projects.png" alt="" />
				<h1>
					<?php _e(get_project_meta($_GET['p_id'],'project_name')); ?>
					<?php if($current_user->hasPermission('edit_projects')) { _e( '<span id="header-link"><a href="edit_project.php?p_id=' . $_GET['p_id'] . '">Edit Project</a></span>' ); } ?>
				</h1>
			</div>

			<?php _e( get_project_tabs() ); ?>

			<div id="middle">
			<div id="groups-page"> 
				<table cellspacing="0" cellpadding="0">
					<tr class="list">
						<th scope="row"><span class="list-name"><?php _e( _( 'Description' ) ); ?></span></th>
						<td><?php _e( $row['project_description'] ); ?></td>
					</tr>

					<tr class="list">
						<th scope="row"><span class="list-name"><?php _e( _( 'Contact Email' ) ); ?></span></th>
						<td><a href="mailto:<?php _e( $row['contact_email'] ); ?>"><?php _e( $row['contact_email'] ); ?></a></td>
					</tr>

					<tr class="list">
						<th scope="row"><span class="list-name"><?php _e( _( 'Members' ) ); ?></span></th>
						<td>This project has <?php get_project_member_count(); ?> members</td>
					</tr>
				</table>

			</div>
			</div>
<?php } ?>


<?php include(PM_DIR . 'pm-includes/footer.php');

 

functions-projects.php

<?php

function get_project_tabs() {
	$pmem = pmdb::connect()->select( DB . 'project_members', '*', 'pp_id = "' . $_GET['p_id'] . '" AND pm_user = "' . is_session_set('username') . '"', null ) or die(pmdb::connect()->is_error());
	$plead = pmdb::connect()->select( DB . 'project_leaders', '*', 'p_id = "' . $_GET['p_id'] . '" AND pl_user = "' . is_session_set('username') . '"', null ) or die(pmdb::connect()->is_error());
	if($pmem->num_rows != 0 || $plead->num_rows != 0) {
	?>

			<div id="tabs">
				<ul>
					<li <?php if (active_link() == "project.php?p_id=".$_GET['p_id']) _e( "class='active_link'" );?>>
						<a href="<?php _e( PM_URI ); ?>/projects/project.php?p_id=<?php _e( $_GET['p_id'] ); ?>"><span><?php _e( _( 'Project' ) ); ?></span></a>
					</li>
					<li <?php if (active_link() == "discussions.php?p_id=".$_GET['p_id']) _e( "class='active_link'" );?>
						<?php if (active_link() == "add_ptopic.php?p_id=".$_GET['p_id']) _e( "class='active_link'" );?>>
						<a href="<?php _e( PM_URI ); ?>/projects/forum/discussions.php?p_id=<?php _e( $_GET['p_id'] ); ?>"><span><?php _e( _( 'Forum' ) ); ?></span></a>
					</li>
					<li <?php if (active_link() == "contact.php?p_id=".$_GET['p_id']) _e( "class='active_link'" );?>>
						<a href="<?php _e( PM_URI ); ?>/projects/contact.php?p_id=<?php _e( $_GET['p_id'] ); ?>"><span><?php _e( _( 'Email' ) ); ?></span></a>
					</li>
					<li <?php if (active_link() == "filemanager.php?p_id=".$_GET['p_id']) _e( "class='active_link'" );?>>
						<a href="<?php _e( PM_URI ); ?>/projects/filemanager.php?p_id=<?php _e( $_GET['p_id'] ); ?>"><span><?php _e( _( 'Docs' ) ); ?></span></a>
					</li>
					<li <?php if (active_link() == "project_members.php?p_id=".$_GET['p_id']) _e( "class='active_link'" );?>>
						<a href="<?php _e( PM_URI ); ?>/projects/project_members.php?p_id=<?php _e( $_GET['p_id'] ); ?>"><span><?php _e( _( 'Members' ) ); ?></span></a>
					</li>
				</ul>
			</div>

<?php
	}
}

function get_project_member_count() {
	$pm = pmdb::connect()->select( DB . 'project_members', 'COUNT(pm_user)', 'pp_id = "' . $_GET['p_id'] . '"', null ) or die(pmdb::connect()->is_error());

	while($rpm = $pm->fetch_array()) {
		if($rpm['COUNT(pm_user)'] > 0) {
			echo "<font color='#f00'>". $rpm['COUNT(pm_user)']."</font>"; 
		} else {
			echo $rpm['COUNT(pm_user)'];
		}
	}
}

function get_project_meta($id,$field) {
        $result = pmdb::connect()->query("SELECT " . $field . " FROM " . DB . "projects WHERE p_id = '" . $id . "'") or die(pmdb::connect()->is_error());
       		while($r = $result->fetch_object()) {
               $info = $r->$field;
       		return $info;
    	}
}

function get_project_leader_meta($field) {
	$result = pmdb::connect()->query("SELECT" . $field . " FROM " . DB . "project_leaders WHERE p_id = '" . $_GET['p_id'] . "'") or die(pmdb::connect()->is_error());
		while($r = $result->fetch_object()) {
               $plead = $r->$field;
       		echo $plead;
    	}
}

function getFileType($extension) {
	$images = array('jpg', 'gif', 'png', 'bmp');
	$docs 	= array('txt', 'rtf', 'doc', 'pdf');
	$apps 	= array('zip', 'rar', 'tar');

	if(in_array($extension, $images)) return "Images";
	if(in_array($extension, $docs)) return "Documents";
	if(in_array($extension, $apps)) return "Applications";
	return "";
}

function formatBytes($bytes, $precision = 2) { 
    	$units = array('B', 'KB', 'MB', 'GB', 'TB'); 
   
    	$bytes = max($bytes, 0); 
    	$pow = floor(($bytes ? log($bytes) : 0) / log(1024)); 
    	$pow = min($pow, count($units) - 1); 
   
    	$bytes /= pow(1024, $pow); 
   
    	return round($bytes, $precision) . ' ' . $units[$pow]; 
}

function is_id_set($id, $getID, $redirect) {
	if(!isset($id) || $id != $getID) {
		 pm_redirect( PM_URI . $redirect );
	}
}

 

Here is the login function and I am using PHPass:

<?php
function pm_login($username, $password, $remember = NULL) {

	//$hasher = new PasswordHash(8, FALSE);

	$user = strtolower(pmdb::connect()->escape($username));
	$pass = pmdb::connect()->escape($password);

	$results = pmdb::connect()->get_row( "SELECT * FROM ". DB ."members WHERE username = '$user'" );

	// Use to set cookie session for domain.
	$cookiedomain = $_SERVER['SERVER_NAME']; 
	$cookiedomain = str_replace('www.', '', $cookiedomain);

		if(isset($_POST['login'])) {
			if(pm_check_password( $pass, $results->password, $results->username )) {

			do_action( 'pm_login_form_script' );
			session_start();
			$_SESSION['logged'] = 1; // Sets the session.
			$_SESSION['username'] = $results->username; // Sets the username session.
			$_SESSION['userID'] = $results->user_id;
			$_SESSION['remember_me'] = $remember; // Sets a remember me cookie if remember me is checked.

		if(isset($remember)){
      			setcookie("pm_cookname", $user, time()+60*60*24*120, "/", $cookiedomain);
      			setcookie("pm_cookpass", pm_hash_password($pass), time()+60*60*24*120, "/", $cookiedomain);
   			}
			pm_redirect(PM_URI . "/index.php");

			} else {

			setcookie("pm_cookname", $user, time()+3600*24);
      			setcookie("pm_cookpass", pm_hash_password($pass), time()+3600*24);
		}
			pm_redirect(PM_URI . "/index.php");
	}
      return apply_filter( 'login', $username, $password, $remember );
 }

 

And last pm-logout.php

<?php

session_start();
session_unset();

session_destroy();
header('Location: pm-login.php');

[joecooper]

I did have some simular problem with some code I used. Trying desperatly to remember what was wrong.

 

Which is the page that causes it to display you as another user?

[NomadicJosh]

I did have some simular problem with some code I used. Trying desperatly to remember what was wrong.

 

Which is the page that causes it to display you as another user?

 

The page that is the issue is project.php. But when you click the link it will take you to project.php?p_id=[project_id]. If the id is not set or does not exist, it will redirect the user to list_projects.php. You can see tabs in the functions-projects.php above.

[premiso]

Can you also post this function: pm_check_password

[NomadicJosh]

Can you also post this function: pm_check_password

 

Sure, please see below. Also, when just using md5 without PHPass or any of the functions related to it, the same anomaly occurs.

 

<?php
function pm_hash_password($password) {
	// By default, use the portable hash from phpass
	$pm_hasher = new PasswordHash(8, FALSE);

		return $pm_hasher->HashPassword($password);
}

 function pm_check_password($password, $hash, $username) {

	// If the hash is still md5...
	if ( strlen($hash) <= 32 ) {
		$check = ( $hash == md5($password) );
	if ( $check && $username ) {
		// Rehash using new hash.
		pm_set_password($password, $username);
		$hash = pm_hash_password($password);
	}

	return apply_filter('check_password', $check, $password, $hash, $username);
	}

	// If the stored hash is longer than an MD5, presume the
	// new style phpass portable hash.
	$pm_hasher = new PasswordHash(8, FALSE);

	$check = $pm_hasher->CheckPassword($password, $hash);

		return apply_filter('check_password', $check, $password, $hash, $username);
}

 function pm_set_password( $password, $username ) {

	$hash = pm_hash_password($password);
	pmdb::connect()->update( DB . 'members', array( 'password' => $hash ), array( 'username', $username ));

}

[PFMaBiSmAd]

What exactly is the relationship between the correct logged in user and this other user you get switched to when you go to a specific page? Is this other user one that you have previously logged in as or is it something like the first or last user stored in your database table?

[NomadicJosh]

What exactly is the relationship between the correct logged in user and this other user you get switched to when you go to a specific page? Is this other user one that you have previously logged in as or is it something like the first or last user stored in your database table?

 

Here is what is in the database so far in this order (user_id, username, first_name, last_name)

 

1, danielparker, Daniel, Parker

5, joshmac3, Joshua Parker, Null

 

And the passwords for both users are the same.

[PFMaBiSmAd]

That's not an answer to the question that was asked.

 

The reason we ask specific questions is because we are not standing right next to you and don't know how you got to this point or what you observed in front of you. When you don't supply the information that is asked for, there's little chance of anyone helping you.

[NomadicJosh]

That's not an answer to the question that was asked.

 

The reason we ask specific questions is because we are not standing right next to you and don't know how you got to this point or what you observed in front of you. When you don't supply the information that is asked for, there's little chance of anyone helping you.

 

Oh, sorry if I misunderstood your question, but I found the issue. Thanks.