graham23s Posted August 1, 2007 Share Posted August 1, 2007 Hi Guys, i did some testing with session authentication a few days ago what i had was this: login_check.php <?php session_start(); mysql_connect("localhost", "root", "xxxxx"); mysql_select_db("xxxxx"); $username = $_POST['username']; $password = $_POST['password']; $sql = "SELECT * FROM `users` WHERE `username`='$username' AND `password`='$password'"; $result = mysql_query($sql); if (mysql_num_rows($result) == 0) { echo "Sorry username and password combination not found."; } else { while($row = mysql_fetch_array($result)) { $_SESSION['username'] = $row['username']; } header("location:members.php"); } ?> and to authenticate at the top of every page: <?php session_start(); if (!isset($_SESSION['username'])) { ## Not logged in, redirect to login page ########################################### header("login.php"); } ## a variable for quick access ##################################################### $logged_in_user = $_SESSION['username']; echo "You are logged in successfully ($logged_in_user)"; ?> it worked fine, if i logged in with a different username, it displayed: echo "You are logged in successfully (WHATEVER THE USERNAME IS)"; but then i noticed if i logged in as graham and visited another profile , when i went back to the welcome page it displayed that users name instead of the one i logged in with, have i fogotten to do something with the code above at all? thanks guys Graham Quote Link to comment https://forums.phpfreaks.com/topic/62801-solved-testing-with-sessions-problem/ Share on other sites More sharing options...
btherl Posted August 1, 2007 Share Posted August 1, 2007 Is register_globals on? You can check by creating a script that calls phpinfo() The impact is that with register_globals on, $username is registered as a global variable. That means that if you set $username later in your script, you will be modifying the session value. Quote Link to comment https://forums.phpfreaks.com/topic/62801-solved-testing-with-sessions-problem/#findComment-312626 Share on other sites More sharing options...
graham23s Posted August 1, 2007 Author Share Posted August 1, 2007 Hi Mate, did the check, egister_globals is off on localhost but on , on my server does that sound ok? cheers Graham Quote Link to comment https://forums.phpfreaks.com/topic/62801-solved-testing-with-sessions-problem/#findComment-312724 Share on other sites More sharing options...
mrjcfreak Posted August 1, 2007 Share Posted August 1, 2007 Errum, in a word, no. This page has a good summary of the whats and whys better than I could explain briefly: http://uk.php.net/register_globals If the server is yours and you can configure it, a good idea would be to turn it off, unless older scripts depend on it. Quote Link to comment https://forums.phpfreaks.com/topic/62801-solved-testing-with-sessions-problem/#findComment-312738 Share on other sites More sharing options...
graham23s Posted August 1, 2007 Author Share Posted August 1, 2007 so basically off is good on is bad lol im on shared server ill see if i can get them to switch it off lol cheers guys cleared a few things up. Graham Quote Link to comment https://forums.phpfreaks.com/topic/62801-solved-testing-with-sessions-problem/#findComment-312978 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.