Urgent Problem - Is my host screwed up?

[calabiyau]

Okay I've taken out a trouble ticket with my host but haven't heard anything back yet.  I have a user area that uses sessions to store the username and password. I've echoed these values in many places throughout the script and they are always what they are supposed to be, except at one point they magically turn into my database name and database password.  I'm positive it's not something in my code.  The only time I mention database is when I actually connect to it.  Has anyone ever encountered anything like this before.  Is this some kind of system malfunction?

[john010117]

I've never heard that happening before. Check your script again.

[ataria]

Post your script, let us see if you made an error or something.

[ToonMariner]

as a security measuer you should never store usernames and passwords in a session.

 

but otherwise seacrh all your code for where these variables are set (easy enough with dream weaver) and see what is happening.

[kenrbnsn]

Is register_globals enabled? If it is, this could be causing your problem.

 

Ken

[calabiyau]

 

<?php

//This is if client wants to download a file that cannot be shown in the browser

if ($_GET['action']=='download')

	{

//need to clear the ob, or previous html will be included in downloaded file
//since this is actually an include.

	ob_get_clean();

	$location = "../ext_client_doc/".$_GET['user']."/".$_GET['doc'];
	$fd = fopen($location, 'rb');
   		header("Cache-Control: ");
   		header("Pragma: ");
   		header("Content-Type: application/octet-stream");
   		header("Content-Length: " .(string)(filesize($location)) );
   		header('Content-Disposition: attachment; filename="'.$_GET['doc'].'"');
   		header("Content-Transfer-Encoding: binary\n");

	ob_flush();
   		flush();

   		while(!feof($fd)) {
    
              	$buffer = fread($fd, 2048);
              	print $buffer;
        	}


    
        	fclose ($fd);
       	exit;

	}

//This is for client to view an html page


if ($_GET['action']=='stream')

	{




	ob_get_clean();




	$location = "../ext_client_doc/".$_SESSION['new_user']."/".$_GET['doc'];

	$fd = fopen($location, 'rb');
 
	header("Content-Type: text/html");



	ob_flush();
   		flush();

        	while(!feof($fd)) {
    
              	$buffer = fread($fd, 2048);
              	print $buffer;

        	}


    
        	fclose ($fd);
   

       	exit;
	}




if ($_GET['action'] == 'logout')
{

session_unset();
session_destroy();
$current_url = "http://".$_SERVER['HTTP_HOST'];
header("$current_url");
}

include('../connections.php');

$page = $_GET['page'];
$user = $_POST['user'];
$password = $_POST['password'];
$user = quote_smart($user);
$password = quote_smart($password);



if ($_POST['log_attempt']=='true')

{
$query = "SELECT * FROM ext_client_users WHERE user='".$user."' AND password='".$password."'";
$result = mysql_query($query,$connect);
$num_rows = mysql_num_rows($result);

if ($num_rows>0)

{
$_SESSION['logged'] = 'true';
}

else {echo "I'm sorry either the username or password is incorrect";}

while ($row=mysql_fetch_array($result))

{
$user_id = $row['user_id'];
$user_name  = $row['user'];
$user_password = $row['password'];
$_SESSION['user_id']= $row['user_id'];
$_SESSION['user'] = $row['user'];
$_SESSION['password'] = $row['password'];
echo $row['user']."<br/>".$_SESSION['user'];
}


}

if (!isset($_SESSION['logged']))

{

echo '<form action="index.php?page='.$page.'" method="post">';
echo 'Username:<br/><input type="text" name="user"/><br/>';
echo 'Password:<br/><input type="text" name="password"/><br/>';
echo '<input type="hidden" name="log_attempt" value="true"/>';
echo '<input style="background: orange; color: white;" type="submit" value="Log In"/>';
echo '</form>';

}


if (isset($_SESSION['logged']))

{




echo "<h3>User Area for: ".$_SESSION['user']."</h3>";
echo '<h4><a href="index.php?page='.$page.'&action=logout" style="color: black;">Log Out</a></h4>';
echo "<h4>Files available for web browser viewing:</h4><ul>";

$query = "SELECT * FROM ext_client_protected WHERE user_id='".$_SESSION['user_id']."' AND visibility='2'";
$result = mysql_query($query,$connect);
while ($row = mysql_fetch_array($result))

	{

	echo '<li><a href="index.php?page='.$page.'&doc='.$row['doc_name'].'&action=stream&user='.$_SESSION['user'].'"
	style="color: black;">'.$row['doc_name'].'</a><br/>'.$row['notes'].'</li>';

	}

echo "</ul><h4>Files available for download:</h4><ul>";

$query = "SELECT * FROM ext_client_protected WHERE user_id='".$_SESSION['user_id']."' AND visibility='3'";
$result = mysql_query($query,$connect);
while ($row = mysql_fetch_array($result))

	{
	echo '<li><a href="index.php?page='.$page.'&doc='.$row['doc_name'].'&action=download&user='.$_SESSION['user'].'" 
		style="color: black;">'.$row['doc_name'].'</a>
		<br/>'.$row['notes'].'</li>';







	}
echo "</ul>";

}



?>

[calabiyau]

I realize there are many holes in this script but i'm just trying to get one thing working at at time.  I'm still not exactly sure what kind of mechanism to use with sessions and log ins.  Any suggestions?