Jump to content

Archived

This topic is now archived and is closed to further replies.

shocker-z

SESSION changes username when clicking on a link

Recommended Posts

I have a issue after logging into my site and click a link it changes the username to the last user to log onto the site.. I have deleted the session files but no diffrence.. i have also user diffrent PC's and browsers but same issue! getting me stressed! it's got to be sumet simple im missing but really can't understand!

index.php
[a href=\"http://blucode.sytes.net/ukchat/index.phps\" target=\"_blank\"]http://blucode.sytes.net/ukchat/index.phps[/a]

profiles/login.php
[a href=\"http://blucode.sytes.net/ukchat/profiles/upload.phps\" target=\"_blank\"]http://blucode.sytes.net/ukchat/profiles/upload.phps[/a]

You can test this @ [a href=\"http://blucode.sytes.net/ukchat/\" target=\"_blank\"]http://blucode.sytes.net/ukchat/[/a]
user: test
pass: user

Please let me in on any ideas you have!

Regards
Liam

Share this post


Link to post
Share on other sites
Please help i've no clue on this one and is the sortathing i will get boredof and leave lol any guru's?

Share this post


Link to post
Share on other sites
The first thing that struck me when I looked at your files was the lack of "session_start()" at the begining.

Share this post


Link to post
Share on other sites
sorry.. that's in the profiles/header.php page that i included at the start..
It oviusly has it else i wouldn't have set any session in the first place, any othe rideas?

Share this post


Link to post
Share on other sites
[!--quoteo(post=358209:date=Mar 25 2006, 01:59 PM:name=shocker-z)--][div class=\'quotetop\']QUOTE(shocker-z @ Mar 25 2006, 01:59 PM) [snapback]358209[/snapback][/div][div class=\'quotemain\'][!--quotec--]
sorry.. that's in the profiles/header.php page that i included at the start..

[/quote]

Only in one of the files in that case

Share this post


Link to post
Share on other sites
Sorry my bad i put the upload.phps instead of the actual login.php that deals with the username/password..

[a href=\"http://blucode.sytes.net/ukchat/profiles/login.phps\" target=\"_blank\"]http://blucode.sytes.net/ukchat/profiles/login.phps[/a]

*SLAPS HEAD*

Share this post


Link to post
Share on other sites
I haven't seen anything obvious yet.

I would change this bit though

[code]if ($password !== $user['password']) {
$error="Password invalid for $username";
header("location: ../index.php");
} [/code]

Remove the header() line. You redirect to index.php at the end of the script. If you do it there then the session error message doesn't get set.

Share this post


Link to post
Share on other sites
ok will do.. i think im gonna have to strip this down and kind of rebuild it because im totaly baffled by how it uses another session after files have been deleted!

Share this post


Link to post
Share on other sites
After the session_start() in the login page I'd put

[code]$_SESSION['username'] = $_SESSION['logged_in'] = NULL;[/code]

As new values are only set if the login is valid, this should ensure they are cleared if it fails.

Share this post


Link to post
Share on other sites
hmmm any idea how this fixed it? i change $username to $imgusername and now it's all working.. i had noticed that what ever username was in the profiles list on the left hand side thats what username the session changed too... how could setting $username='matthew'; change a $_session['username'] ???

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.