Jump to content

Urgent Problem - Is my host screwed up?


calabiyau

Recommended Posts

Okay I've taken out a trouble ticket with my host but haven't heard anything back yet.  I have a user area that uses sessions to store the username and password. I've echoed these values in many places throughout the script and they are always what they are supposed to be, except at one point they magically turn into my database name and database password.  I'm positive it's not something in my code.  The only time I mention database is when I actually connect to it.  Has anyone ever encountered anything like this before.  Is this some kind of system malfunction?

Link to comment
Share on other sites

 

<?php

//This is if client wants to download a file that cannot be shown in the browser

if ($_GET['action']=='download')

	{

//need to clear the ob, or previous html will be included in downloaded file
//since this is actually an include.

	ob_get_clean();

	$location = "../ext_client_doc/".$_GET['user']."/".$_GET['doc'];
	$fd = fopen($location, 'rb');
   		header("Cache-Control: ");
   		header("Pragma: ");
   		header("Content-Type: application/octet-stream");
   		header("Content-Length: " .(string)(filesize($location)) );
   		header('Content-Disposition: attachment; filename="'.$_GET['doc'].'"');
   		header("Content-Transfer-Encoding: binary\n");

	ob_flush();
   		flush();

   		while(!feof($fd)) {
    
              	$buffer = fread($fd, 2048);
              	print $buffer;
        	}


    
        	fclose ($fd);
       	exit;

	}

//This is for client to view an html page


if ($_GET['action']=='stream')

	{




	ob_get_clean();




	$location = "../ext_client_doc/".$_SESSION['new_user']."/".$_GET['doc'];

	$fd = fopen($location, 'rb');
 
	header("Content-Type: text/html");



	ob_flush();
   		flush();

        	while(!feof($fd)) {
    
              	$buffer = fread($fd, 2048);
              	print $buffer;

        	}


    
        	fclose ($fd);
   

       	exit;
	}




if ($_GET['action'] == 'logout')
{

session_unset();
session_destroy();
$current_url = "http://".$_SERVER['HTTP_HOST'];
header("$current_url");
}

include('../connections.php');

$page = $_GET['page'];
$user = $_POST['user'];
$password = $_POST['password'];
$user = quote_smart($user);
$password = quote_smart($password);



if ($_POST['log_attempt']=='true')

{
$query = "SELECT * FROM ext_client_users WHERE user='".$user."' AND password='".$password."'";
$result = mysql_query($query,$connect);
$num_rows = mysql_num_rows($result);

if ($num_rows>0)

{
$_SESSION['logged'] = 'true';
}

else {echo "I'm sorry either the username or password is incorrect";}

while ($row=mysql_fetch_array($result))

{
$user_id = $row['user_id'];
$user_name  = $row['user'];
$user_password = $row['password'];
$_SESSION['user_id']= $row['user_id'];
$_SESSION['user'] = $row['user'];
$_SESSION['password'] = $row['password'];
echo $row['user']."<br/>".$_SESSION['user'];
}


}

if (!isset($_SESSION['logged']))

{

echo '<form action="index.php?page='.$page.'" method="post">';
echo 'Username:<br/><input type="text" name="user"/><br/>';
echo 'Password:<br/><input type="text" name="password"/><br/>';
echo '<input type="hidden" name="log_attempt" value="true"/>';
echo '<input style="background: orange; color: white;" type="submit" value="Log In"/>';
echo '</form>';

}


if (isset($_SESSION['logged']))

{




echo "<h3>User Area for: ".$_SESSION['user']."</h3>";
echo '<h4><a href="index.php?page='.$page.'&action=logout" style="color: black;">Log Out</a></h4>';
echo "<h4>Files available for web browser viewing:</h4><ul>";

$query = "SELECT * FROM ext_client_protected WHERE user_id='".$_SESSION['user_id']."' AND visibility='2'";
$result = mysql_query($query,$connect);
while ($row = mysql_fetch_array($result))

	{

	echo '<li><a href="index.php?page='.$page.'&doc='.$row['doc_name'].'&action=stream&user='.$_SESSION['user'].'"
	style="color: black;">'.$row['doc_name'].'</a><br/>'.$row['notes'].'</li>';

	}

echo "</ul><h4>Files available for download:</h4><ul>";

$query = "SELECT * FROM ext_client_protected WHERE user_id='".$_SESSION['user_id']."' AND visibility='3'";
$result = mysql_query($query,$connect);
while ($row = mysql_fetch_array($result))

	{
	echo '<li><a href="index.php?page='.$page.'&doc='.$row['doc_name'].'&action=download&user='.$_SESSION['user'].'" 
		style="color: black;">'.$row['doc_name'].'</a>
		<br/>'.$row['notes'].'</li>';







	}
echo "</ul>";

}



?>

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.