Jump to content

Recommended Posts

Hi GUys,

 

just found a problem with my login, when i login to my site , it displays all my information like it should, but if i view another members profile THEN go back to my control panel i take on there session and see all they're information instead of my own! i dont know what is doing this

 

logincheck.php

 

<?php
  require("includes/db_connection.php");
  
  ## The all important post variables
  $var_username = mysql_real_escape_string(trim($_POST['username']));
  $var_password = mysql_real_escape_string(trim($_POST['password']));
  
  ## blank submission
  if(empty($var_username) || empty($var_password)) {
  
  echo '<div align="center" style="border: 1px solid black;padding:10px; background: yellow; color: #000000; font-size: 14px;"><b>You never filled in both fields, please fill them both in.</b></div><br />';
  exit;	
  
  }
  
  $q = "SELECT `id`,`username`,`password` FROM `users` WHERE `username`='$var_username' AND `password`='$var_password' LIMIT 1";
  $r = mysql_query($q);
  $row = mysql_fetch_array($r);
  
  $any_results = mysql_num_rows($r);
  
  if($any_results != 1) {
  
  echo '<div align="center" style="border: 1px solid black;padding:10px; background: yellow; color: #000000; font-size: 14px;"><b>We can\'t find that username/password combination in the database, please re-check your login details.</b></div><br />';
  exit;	
     
 } else {

  ## update the login timer
  $var_update_time_query = mysql_query("UPDATE `users` SET `last_login` = now() WHERE `username`='$var_username' AND `password`='$var_password'");

  ## There was a result back
  session_start(); 
  $_SESSION['id'] = $row['id'];
  $_SESSION['username'] = $row['username'];
  $_SESSION['loggedin'] = 'yes'; 
  
  ## redirect to members page
  header("Location:myaccount.php"); 

  }
?>

 

sessions.php

 

<?php
session_start(); 
  header("Cache-control: private");
  if($_SESSION['loggedin'] != 'yes') { 
    header("Location: login.php"); 
    exit; 
} 
  ## a variable for easier access
  $var_loggedinuserid = $_SESSION['id'];
  $var_loggedinuser = $_SESSION['username'];
?>

 

the code above is what i use as an include at the top of every page, can anyone see what i have done wrong?

 

thanks guys

 

Graham

Link to comment
https://forums.phpfreaks.com/topic/76850-sessions-problem/
Share on other sites

sure, it's after visiting this page that everything goes wrong.

 

profile.php

 

<?php
  ## The id of the user in the address bar
  $recipientsid = $_GET['id'];
  
  ## First of all update the profile views
  $var_profileviews = mysql_query("UPDATE `users` SET `profileviews`= profileviews+1 WHERE `id`='$recipientsid'");
  
  ## Get some user details from mysql
  $querydetails = "SELECT * FROM `users` WHERE `id`='$recipientsid'";
  $resultsdetails = mysql_query($querydetails) or die (mysql_error());
  $row = mysql_fetch_array($resultsdetails) or die (mysql_error());
  $username = $row['username'];
  $email = $row['email'];
  $thumb = $row['thumbnail'];
  $yearborn = $row['year'];
  $firstname = $row['fname'];
  $lastname = $row['lname'];
  $gender = $row['gender'];
  $ethnicity = $row['ethnic'];
  $country = $row['country'];
  $haircolor = $row['hair'];
  $eyecolor = $row['eye_c'];
  $build = $row['build'];
  $publicemail = $row['publicemail'];
  
  ## age calculations
  $thisyear = date('Y');
  
  if(empty($yearborn)) {
   
   $profileyear = "<b>N/A</b>";
    
    } else {
  
    $profileyear;
  
  }
   
  ## Year calculation
  $profileyear = $yearborn - $thisyear;
  
  ## Get rid of the - sign
  $profileyear = str_replace("-"," ", $profileyear);
  
  if(empty($yearborn)) {
   
   $profileyear = "<b>N/A</b>";
    
  } 
  
   ## Ternary operators 
  $profilefirstname = (!empty($firstname) ? "$firstname" : "N/A");
   $profilelastname = (!empty($lastname) ? "$lastname" : "N/A");
     $profilegender = (!empty($gender) ? "$gender" : "N/A");
  $profileethnicity = (!empty($ethnicity) ? "$ethnicity" : "N/A");
    $profilecountry = (!empty($country) ? "$country" : "N/A");
       $profilehair = (!empty($haircolor) ? "$haircolor" : "N/A");
       $profileeyes = (!empty($eyecolor) ? "$eyecolor" : "N/A");
      $profilebuild = (!empty($build) ? "$build" : "N/A");
      
     
  ## quick elseif for gender
  if(($gender) == 'M') {
  
  $profilegender = "Male";
  
  } elseif($gender == 'F') {
  
  $profilegender = "Female";  
  
  }
  
  ## Private email
  if($publicemail == 'Yes') {
  
  $profileemail = $email;
  
  } elseif($profileemail == 'No') {
  
  $profileemail = '<i><b>Private</b></i>';
  
  } else {
  
  $profileemail = '<i><b>Private</b></i>';
  
  }
  
  ## Create page layout
  echo ("<table class=\"tables\" align=\"left\" width=\"300\" border=\"0\" cellpadding=\"5\" cellspacing=\"0\">");
  echo ("<tr>");
  echo ("<td colspan=\"2\" class=\"header_boxes\" align=\"center\"><span class=\"prof_head\">$username's Vital Statistics</span></td>");
  echo ("</tr>");
  echo ("<tr>");
  echo ("<td class=\"prof_bgcolor\" align=\"center\">");
  if(empty($thumb)) {
  
  echo ("<img src=\"images/no_headshot_uploaded.bmp\" alt=\"$username\"></td>");
  
  } else {
  
  echo '<img src="thumbs/'.$thumb.'" alt="'.$username.'">';
  
  }
  echo ("</td>");
  echo ("</tr>");
  echo ("<tr>");
  echo ("<td align=\"center\"><b>View My: <a class=\"foot_links\" href=\"\">Photos (0)</a> | <a class=\"foot_links\" href=\"\">Videos (0)</a></b></td>");
  echo ("</tr>");
  echo ("<tr>"); 
  echo ("<td>");
  echo ("<table align=\"left\" width=\"300\" border=\"0\" cellpadding=\"5\" cellspacing=\"0\">");
  echo ("<tr>");
  echo ("<td class=\"prof_bgcolor\" width=\"50%\" align=\"right\">Age:</td><td class=\"prof_bgcolor\" width=\"50%\" align=\"left\"><b>$profileyear</b></td>");
  echo ("</tr>");
  echo ("<tr>");
  echo ("<td bgcolor=\"\" width=\"50%\" align=\"right\">First Name:</td><td width=\"50%\" align=\"left\"><b>$profilefirstname</b></td>");
  echo ("</tr>");
  echo ("<tr>");
  echo ("<td class=\"prof_bgcolor\" width=\"50%\" align=\"right\">Last Name:</td><td class=\"prof_bgcolor\" width=\"50%\" align=\"left\"><b>$profilelastname</b></td>");
  echo ("</tr>");
  echo ("<tr>");
  echo ("<td bgcolor=\"\" width=\"50%\" align=\"right\">Gender:</td><td width=\"50%\" align=\"left\"><b>$profilegender</b></td>");
  echo ("</tr>");
  echo ("<tr>");
  echo ("<td class=\"prof_bgcolor\" width=\"50%\" align=\"right\">Ethnicity:</td><td class=\"prof_bgcolor\" width=\"50%\" align=\"left\"><b>$profileethnicity</b></td>");
  echo ("</tr>");
  echo ("<tr>");
  echo ("<td bgcolor=\"\" width=\"50%\" align=\"right\">Country:</td><td width=\"50%\" align=\"left\"><b>$profilecountry</b></td>");
  echo ("</tr>");
  echo ("<tr>");
  echo ("<td class=\"prof_bgcolor\" width=\"50%\" align=\"right\">Hair Color:</td><td class=\"prof_bgcolor\" width=\"50%\" align=\"left\"><b>$profilehair</b></td>");
  echo ("</tr>");
  echo ("<tr>");
  echo ("<td bgcolor=\"\" width=\"50%\" align=\"right\">Eye Color:</td><td width=\"50%\" align=\"left\"><b>$profileeyes</b></td>");
  echo ("</tr>");
  echo ("<tr>");
  echo ("<td class=\"prof_bgcolor\" width=\"50%\" align=\"right\">Build:</td><td class=\"prof_bgcolor\" width=\"50%\" align=\"left\"><b>$profilebuild</b></td>");
  echo ("</tr>");
  echo ("<tr>");
  echo ("<td width=\"50%\" align=\"right\">E-Mail:</td><td width=\"50%\" align=\"left\"><b>$profileemail</b></td>");
  echo ("</tr>");
  echo ("<tr>");
  echo ("<td class=\"prof_bgcolor\" colspan=\"2\" bgcolor=\"\" width=\"50%\" align=\"center\"><form action=\"sendmessage.php?id=$recipientsid\" method=\"post\"><input type=\"submit\" name=\"sendmessage\" value=\"Contact $username\"></form></td>");
  echo ("</tr>");
  echo ("<tr>");
  echo ("<td class=\"prof_bgcolor\" valign=\"middle\" colspan=\"2\" bgcolor=\"\" width=\"50%\" align=\"center\"><form action=\"sendemail.php?id=$recipientsid\" method=\"post\"><input type=\"submit\" name=\"sendemail\" value=\"E-Mail $username\"></form></td>");
  echo ("</tr>");
  echo ("</table>"); 
  echo ("</td>");
  echo ("</table>");
?>

 

thanks mate

 

Graham

Link to comment
https://forums.phpfreaks.com/topic/76850-sessions-problem/#findComment-389080
Share on other sites

Yes.. but i am guessing the problem is because of them..

they cause lots of problems..

 

Just an idea.. change $_SESSION['id'] to $_SESSION['UserLoginID'] everywhere

 

make a backup first

 

now i assume you don't use UserLoginID anywhere

 

BUT: don't set UserLoginID an ANYTHING else ie no $UserLoginID no $_COOKE['UserLoginID'] no form post values etc

Link to comment
https://forums.phpfreaks.com/topic/76850-sessions-problem/#findComment-389106
Share on other sites

No probs MT will do small update:

 

i think i see the problem-ish, after i view a profile THEN go back to myaccount.php thats where the change of sessions seems to appear:

 

myaccount.php (part of)

 

<?php
###################################################
# myaccount.php                                   #
###################################################
  ## Debugging
  echo $var_loggedinuser;

  ## Grab some basic fields from mysql
  $queryfields = "SELECT `id`,`username`,`thumbnail`,`profileviews` FROM `users` WHERE `username`='$var_loggedinuser'";
  $resultsfields = mysql_query($queryfields);
  $rowfields = mysql_fetch_array($resultsfields);
  
  ## Vars
  $var_id = $rowfields['id'];
  $var_username = $rowfields['username'];
  $var_views = $rowfields['profileviews'];
  $thumnail = $rowfields['thumbnail'];
  
  ## Grab messages from mysql
  $querypms = "SELECT `recipientid` FROM `privatemessages` WHERE `recipientid`='$var_id'";
  $resultpms = mysql_query($querypms);
  $numpms = mysql_num_rows($resultpms);
  
  if($numpms > 0) {
  
  $numpms = "<font color=\"#8f0002\">$numpms</font>";
  
  } 

 

the "$var_loggedinuser" variable changes to whoevers profil i last visited, could that be the problem?

 

cheers

 

Graham

Link to comment
https://forums.phpfreaks.com/topic/76850-sessions-problem/#findComment-389108
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.