Jump to content


Photo

SESSION changes username when clicking on a link


  • Please log in to reply
10 replies to this topic

#1 shocker-z

shocker-z
  • Members
  • PipPipPip
  • Advanced Member
  • 864 posts
  • LocationNottingham

Posted 24 March 2006 - 11:16 PM

I have a issue after logging into my site and click a link it changes the username to the last user to log onto the site.. I have deleted the session files but no diffrence.. i have also user diffrent PC's and browsers but same issue! getting me stressed! it's got to be sumet simple im missing but really can't understand!

index.php
[a href=\"http://blucode.sytes.net/ukchat/index.phps\" target=\"_blank\"]http://blucode.sytes.net/ukchat/index.phps[/a]

profiles/login.php
[a href=\"http://blucode.sytes.net/ukchat/profiles/upload.phps\" target=\"_blank\"]http://blucode.sytes.net/ukchat/profiles/upload.phps[/a]

You can test this @ [a href=\"http://blucode.sytes.net/ukchat/\" target=\"_blank\"]http://blucode.sytes.net/ukchat/[/a]
user: test
pass: user

Please let me in on any ideas you have!

Regards
Liam
www: www.ukchat.ws | irc: irc.ukchat.ws chan: #blufudge

#2 shocker-z

shocker-z
  • Members
  • PipPipPip
  • Advanced Member
  • 864 posts
  • LocationNottingham

Posted 25 March 2006 - 07:27 AM

Please help i've no clue on this one and is the sortathing i will get boredof and leave lol any guru's?
www: www.ukchat.ws | irc: irc.ukchat.ws chan: #blufudge

#3 Barand

Barand
  • Moderators
  • Sen . ( ile || sei )
  • 18,017 posts

Posted 25 March 2006 - 12:32 PM

The first thing that struck me when I looked at your files was the lack of "session_start()" at the begining.
If you are still using mysql_ functions, STOP! Use mysqli_ or PDO. The longer you leave it the more you will have to rewrite.

Donations gratefully received






moon.png

|baaGrid| easy data tables - and more
|baaChart| easy line, column and pie charts

#4 shocker-z

shocker-z
  • Members
  • PipPipPip
  • Advanced Member
  • 864 posts
  • LocationNottingham

Posted 25 March 2006 - 01:59 PM

sorry.. that's in the profiles/header.php page that i included at the start..
It oviusly has it else i wouldn't have set any session in the first place, any othe rideas?
www: www.ukchat.ws | irc: irc.ukchat.ws chan: #blufudge

#5 Barand

Barand
  • Moderators
  • Sen . ( ile || sei )
  • 18,017 posts

Posted 25 March 2006 - 02:36 PM

[!--quoteo(post=358209:date=Mar 25 2006, 01:59 PM:name=shocker-z)--][div class=\'quotetop\']QUOTE(shocker-z @ Mar 25 2006, 01:59 PM) View Post[/div][div class=\'quotemain\'][!--quotec--]
sorry.. that's in the profiles/header.php page that i included at the start..

[/quote]

Only in one of the files in that case
If you are still using mysql_ functions, STOP! Use mysqli_ or PDO. The longer you leave it the more you will have to rewrite.

Donations gratefully received






moon.png

|baaGrid| easy data tables - and more
|baaChart| easy line, column and pie charts

#6 Barand

Barand
  • Moderators
  • Sen . ( ile || sei )
  • 18,017 posts

Posted 25 March 2006 - 02:52 PM

Where do you set the $_SESSION['username'] ?
If you are still using mysql_ functions, STOP! Use mysqli_ or PDO. The longer you leave it the more you will have to rewrite.

Donations gratefully received






moon.png

|baaGrid| easy data tables - and more
|baaChart| easy line, column and pie charts

#7 shocker-z

shocker-z
  • Members
  • PipPipPip
  • Advanced Member
  • 864 posts
  • LocationNottingham

Posted 25 March 2006 - 05:35 PM

Sorry my bad i put the upload.phps instead of the actual login.php that deals with the username/password..

[a href=\"http://blucode.sytes.net/ukchat/profiles/login.phps\" target=\"_blank\"]http://blucode.sytes.net/ukchat/profiles/login.phps[/a]

*SLAPS HEAD*
www: www.ukchat.ws | irc: irc.ukchat.ws chan: #blufudge

#8 Barand

Barand
  • Moderators
  • Sen . ( ile || sei )
  • 18,017 posts

Posted 25 March 2006 - 06:57 PM

I haven't seen anything obvious yet.

I would change this bit though

if ($password !== $user['password']) {
$error="Password invalid for $username";
header("location: ../index.php");
}

Remove the header() line. You redirect to index.php at the end of the script. If you do it there then the session error message doesn't get set.
If you are still using mysql_ functions, STOP! Use mysqli_ or PDO. The longer you leave it the more you will have to rewrite.

Donations gratefully received






moon.png

|baaGrid| easy data tables - and more
|baaChart| easy line, column and pie charts

#9 shocker-z

shocker-z
  • Members
  • PipPipPip
  • Advanced Member
  • 864 posts
  • LocationNottingham

Posted 26 March 2006 - 09:20 AM

ok will do.. i think im gonna have to strip this down and kind of rebuild it because im totaly baffled by how it uses another session after files have been deleted!
www: www.ukchat.ws | irc: irc.ukchat.ws chan: #blufudge

#10 Barand

Barand
  • Moderators
  • Sen . ( ile || sei )
  • 18,017 posts

Posted 26 March 2006 - 09:48 AM

After the session_start() in the login page I'd put

$_SESSION['username'] = $_SESSION['logged_in'] = NULL;

As new values are only set if the login is valid, this should ensure they are cleared if it fails.
If you are still using mysql_ functions, STOP! Use mysqli_ or PDO. The longer you leave it the more you will have to rewrite.

Donations gratefully received






moon.png

|baaGrid| easy data tables - and more
|baaChart| easy line, column and pie charts

#11 shocker-z

shocker-z
  • Members
  • PipPipPip
  • Advanced Member
  • 864 posts
  • LocationNottingham

Posted 27 March 2006 - 08:26 AM

hmmm any idea how this fixed it? i change $username to $imgusername and now it's all working.. i had noticed that what ever username was in the profiles list on the left hand side thats what username the session changed too... how could setting $username='matthew'; change a $_session['username'] ???
www: www.ukchat.ws | irc: irc.ukchat.ws chan: #blufudge




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users