Jump to content

session getting altered somehow


mikefrederick

Recommended Posts

I have $_SESSION['mls'] set and working but somehow when i go to the following page it always gets altered. Let me know if you see any reason why:

 

 

<?php

session_start();
include("include/common.php");
include("$config[template_path]/user_top.html");
global $conn, $lang, $config, $HTTP_GET_VARS;
$debug_GET = True;
$guidestring = "";
$guidestring_with_sort = "";
// Save GET
foreach ($_GET as $k => $v)
{
	if ($v && $k != 'cur_page' && $k != 'PHPSESSID' && $k != 'sortby' && $k != 'sorttype' && $k != 'imagesOnly')
	{
		if (is_array($v))
		{
			foreach ($v as $vitem)
			{
			$guidestring .= '&' . urlencode("$k") . '[]=' . urlencode("$vitem");
			}
		}
		else
		{
			$guidestring .= '&' . urlencode("$k") . '=' . urlencode("$v");
		}
	}
}
$sql = "drop table IF EXISTS " . $config[table_prefix] . "temp";
$recordSet = $conn->Execute($sql);
	if ($recordSet === false)
	{
		log_error($sql);
	}
$sql = "CREATE TABLE " . $config[table_prefix] . "temp SELECT " . $config[table_prefix] . "listingsDB.ID, " . $config[table_prefix] . "listingsDB.Title, " . $config[table_prefix] . "listingsDB.user_ID, " . $config[table_prefix] . "listingsDBElements.field_name, " . $config[table_prefix] . "listingsDBElements.field_value FROM " . $config[table_prefix] . "listingsDB, " . $config[table_prefix] . "listingsDBElements WHERE (" . $config[table_prefix] . "listingsDBElements.listing_id = " . $config[table_prefix] . "listingsDB.ID) AND ";
if ($config[use_expiration] == "yes")
{
	$sql .= "(" . $config[table_prefix] . "listingsDB.expiration > ".$conn->DBDate(time()).") AND ";
}
$sql .= "(" . $config[table_prefix] . "listingsDB.active = 'yes')";
$recordSet = $conn->Execute($sql);
	if ($recordSet === false)
	{
		log_error($sql);
	}
if ($config[manage_index_permissions] == 'Yes')
{
	$sql = "create index idx_listingid on " . $config[table_prefix] . "temp (ID)";
	$recordSet = $conn->Execute($sql);
	if ($recordSet === false)
	{
		log_error($sql);
	}
	$sql = "create index idx_listingname on " . $config[table_prefix] . "temp (field_name(10))";
	$recordSet = $conn->Execute($sql);
	if ($recordSet === false)
	{
		log_error($sql);
	}
}
reset ($HTTP_GET_VARS);
foreach ($_GET as $ElementIndexValue => $ElementContents) {
	if ($ElementIndexValue == "sortby")
	{
		$guidestring_with_sort = "$ElementIndexValue=$ElementContents";
	}
	elseif ($ElementIndexValue == "sorttype")
	{
			$guidestring_with_sort = "$ElementIndexValue=$ElementContents&";
	}
	elseif ($ElementIndexValue == "cur_page")
	{
	}
	elseif ($ElementIndexValue == "PHPSESSID")
	{
	}
	elseif ($ElementIndexValue == "user_ID")
	{
			$sql = "DELETE FROM " . $config[table_prefix] . "temp WHERE User_ID <> $ElementContents";
			$recordSet = $conn->Execute($sql);
	}
	elseif ($ElementIndexValue == "imagesOnly")
	{
		$guidestring .= "$ElementIndexValue=$ElementContents&";
		if ($ElementContents == "yes")
		{
			$whilecount = 0;
			$delete_string = "DELETE FROM " . $config[table_prefix] . "temp WHERE (1=1)";
			$sql = "SELECT " . $config[table_prefix] . "temp.ID, COUNT(" . $config[table_prefix] . "listingsImages.file_name) AS imageCount FROM " . $config[table_prefix] . "listingsImages," . $config[table_prefix] . "temp WHERE (" . $config[table_prefix] . "listingsImages.listing_id = " . $config[table_prefix] . "temp.ID) GROUP BY " . $config[table_prefix] . "listingsImages.listing_id";
			$recordSet = $conn->Execute($sql);
				if ($recordSet === false)
				{
					log_error($sql);
				}
			while (!$recordSet->EOF)
			{
				$whilecount = $whilecount + 1;
				$listingID = $recordSet->fields[iD];
				$imageCount = $recordSet->fields[imageCount];
				$delete_string .= " AND ";
				$delete_string .= "(ID <> $listingID)";
				$recordSet->MoveNext();
			} // end while
			$recordSet = $conn->Execute($delete_string);
				if ($recordSet === false)
				{
					log_error($delete_string);
				}
		}
	} // end elseif ($ElementIndexValue == "imagesOnly")
	elseif (is_array($ElementContents))
	{
		//echo $ElementIndexValue.': array found<br>';
		//echo count($ElementContents).'Elements found in array<br>';
		$skip = False;
		foreach($ElementContents as $a)
		{
			if (!$a)
			{
				$skip = True;
			}
			//echo '|'.$a.'|';
		}
		if ($skip == True)
		{
			continue;
		}
		reset($ElementContents);
		echo '<br><br>';
		$sql_ElementIndexValue = make_db_safe($ElementIndexValue);
		$r = $conn->getOne("select search_type from " . $config[table_prefix] . "listingsFormElements where field_name = ".$sql_ElementIndexValue);
		if (($r == 'optionlist') || ($r == 'fcheckbox'))
		{
			$recordSet = $conn->Execute($sql);
			$sql = "select count(t2.field_name) as cnt, t1.id as id from " . $config[table_prefix] . "temp t1 left join " . $config[table_prefix] . "listingsDBElements t2 on t1.id = t2.listing_id and t1.field_name = $sql_ElementIndexValue group by t1.id";
			$res = $conn->Execute($sql);
			while (!$res->EOF)
			{
				if ($res->fields['cnt'] == 0)
				{
					$conn->execute("delete from " . $config[table_prefix] . "temp where id = " . $res->fields['id']);
				}
				else
				{
					$value = $conn->getOne("select field_value from " . $config[table_prefix] . "temp where id = " . $res->fields['id'] . " and field_name = $sql_ElementIndexValue");
					$delete = 1;
					foreach ($ElementContents as $e)
					{
						if (!strstr($value, $e)) 
						{
							$conn->execute("delete from " . $config[table_prefix] . "temp where id = " . $res->fields['id']);
						}
					}
				}
				$res->moveNext();
			}
		}
		else
		{
			$whilecountTwo = 0;
			$select_statement = "SELECT ID FROM " . $config[table_prefix] . "temp WHERE ( (field_name=$sql_ElementIndexValue) AND ";
			while (list($featureValue, $feature_item) = each ($ElementContents))
			{
				$whilecountTwo = $whilecountTwo + 1;
				if ($whilecountTwo > 1)
				{
					$select_statement .= " OR ";
				}
				$sql_feature_item = make_db_safe($feature_item);
				$select_statement .= "(field_value = $sql_feature_item)";
			}
			$select_statement .= ")";
			$recordSet = $conn->Execute($select_statement);
			if ($recordSet === false)
			{
				log_error($select_statement);
			}
			$save_array = array();
			while (!$recordSet->EOF)
			{
				$save_ID = $recordSet->fields[iD];
				$save_array[] = "$save_ID";
				$recordSet->MoveNext();
			} // end while
			$num_to_delete = $recordSet->RecordCount();
			if ($num_to_delete > 0)
			{
				$delete_string = "DELETE FROM " . $config[table_prefix] . "temp WHERE ";
				while (list($IndexValue,$ElementContents) = each($save_array))
				{
					if ($IndexValue > 0)
					{
						$delete_string .= " AND ";
					}
					$sql_ElementContents = make_db_safe($ElementContents);
					$delete_string .= "(ID <> $sql_ElementContents)";
				} // end while
				$recordSet = $conn->Execute($delete_string);
					if ($recordSet === false)
					{
						log_error($delete_string);
					}
			} // ($num_to_delete > 0)
			elseif ($num_to_delete == 0)
			{
				$delete_string = "DELETE FROM " . $config[table_prefix] . "temp";
				$recordSet = $conn->Execute($delete_string);
					if ($recordSet === false)
					{
						log_error($delete_string);
					}
			} // end elseif ($num_to_delete = 0)
		} // end optionlist check
	} // end elseif (is_array($ElementContents))
	else
	{
		if (!$ElementContents) continue;
			$val = $ElementContents;
			$ElementContents = make_db_safe($ElementContents);
			$l3 = substr($ElementIndexValue, strlen($ElementIndexValue) - 3);
			if ($l3 == 'min' OR $l3 == 'max')
			{
				$col = strtok($ElementIndexValue, '-');
				$sql = "select id, field_value as v from " . $config[table_prefix] . "temp where field_name = '$col'";
				$rs = $conn->Execute($sql);
				$del_id = array();
				while (!$rs->EOF) {
					if ($l3 == 'min' AND $val)
					{
					$min1=$val;
						if ($rs->fields['v'] < $val)
						{
							$del_id[] = $rs->fields['id'];
						}
					}
					if ($l3 == 'max' AND $val)
					{
						$max1=$val;
						if ($rs->fields['v'] > $val)
						{
							$del_id[] = $rs->fields['id'];
						}
					}
					$rs->MoveNext();
				}
				$sql = "delete from " . $config[table_prefix] . "temp where id in (" . implode(',', $del_id) . ")";
				if (sizeof($del_id))
				{
					$conn->execute($sql);
				}
				continue;
			}
		$l7 = substr($ElementIndexValue, strlen($ElementIndexValue) - 7);
		if ($l7 == 'mindate' OR $l7 == 'maxdate')
		{
			if (($time = strtotime($val)) > 1)
			{
				$col = strtok($ElementIndexValue, '-');
				$sql = "select id, field_value as v from " . $config[table_prefix] . "temp where field_name = '$col'";
				$rs = $conn->Execute($sql);
				$del_id = array();
				while (!$rs->EOF)
				{
					$db_time = strtotime($rs->fields['v']);
					if ($l7 == 'mindate' AND $val)
					{
						if ($db_time < $time)
						{
							$del_id[] = $rs->fields['id'];
						}
					}
					if ($l7 == 'maxdate' AND $val)
					{
						if ($db_time > $time)
						{
							$del_id[] = $rs->fields['id'];
						}
					}
					if ($db_time < 1 or !$val)
					{
						$del_id[] = $rs->fields['id'];
					}
					$rs->MoveNext();
				}
				$sql = "delete from " . $config[table_prefix] . "temp where id in (" . implode(',', $del_id) . ")";
				if (sizeof($del_id))
				{
					$conn->execute($sql);
				}
				continue;
			}
		}
	if (!$ElementContents) continue;
		$ElementIndexValue = make_db_safe($ElementIndexValue);
		$select_statement = "SELECT ID FROM " . $config[table_prefix] . "temp WHERE ( (field_name = $ElementIndexValue) AND (field_value = $ElementContents) )";
		$recordSet = $conn->Execute($select_statement);
			if ($recordSet === false)
			{
				log_error($select_statement);
			}
		$save_array = array();
		while (!$recordSet->EOF)
		{
			$save_ID = $recordSet->fields[iD];
			$save_array[] = "$save_ID";
			$recordSet->MoveNext();
		} // end while
		$num_to_delete = $recordSet->RecordCount();
		if ($num_to_delete > 0)
		{
			$delete_string = "DELETE FROM " . $config[table_prefix] . "temp WHERE ";
			while (list($IndexValue,$ElementContents) = each($save_array))
			{
				if ($IndexValue > 0)
				{
					$delete_string .= " AND ";
				}
				$delete_string .= "(ID <> $ElementContents)";
			}
			$recordSet = $conn->Execute($delete_string);
				if ($recordSet === false)
				{
					log_error($delete_string);
				}
		} // end ($num_to_delete > 0)
		elseif ($num_to_delete == 0)
		{
			$delete_string = "DELETE FROM " . $config[table_prefix] . "temp";
			$recordSet = $conn->Execute($delete_string);
				if ($recordSet === false)
				{
					log_error($delete_string);
				}
		} // end elseif ($num_to_delete = 0)
	} // end else
} // end while
	$sortby="price";
	if ($sortby == "")
	{
		$sort_text = "";
		$order_text = "ORDER BY ID DESC";
	}
	elseif ($sortby == "listingname")
	{
		$sort_text = "";
		$order_text = "ORDER BY Title $sorttype";
	}
		elseif ($sortby == "price")
	{
		$sortby = make_db_extra_safe($sortby);
		$sort_text = "WHERE (field_name = $sortby)";
		$order_text = "ORDER BY field_value +0 $sorttype";
	}
	else
	{
		$sortby = make_db_extra_safe($sortby);
		$sort_text = "WHERE (field_name = $sortby)";
		$order_text = "ORDER BY field_value $sorttype";
	}
	if (($sorttype == "") || ($sorttype == "ASC"))
	{
		$sorttype = "DESC";
	}
	else
	{
		$sorttype = "ASC";
	}
	$guidestring_with_sort = $guidestring_with_sort.$guidestring;
	$sql1="SELECT ID FROM " . $config[table_prefix] . "temp WHERE ((field_name = 'status') AND (field_value = 'Sold'))";
	$rs=$conn->Execute($sql1);
	if ($rs === false)
	{
		log_error($sql1);
	}
	while (!$rs->EOF)
	{
	$id=$rs->fields[iD];
	$sql2="DELETE FROM " . $config[table_prefix] . "temp WHERE ID=$id";
		$rs2=$conn->Execute($sql2);
	$rs->MoveNext();
	}
	$sql = "SELECT * from " . $config[table_prefix] . "temp $sort_text GROUP BY ID $order_text";
	$recordSet = $conn->Execute($sql);
	if ($recordSet === false)
	{
		log_error($sql);
	}

	$num_rows = $recordSet->RecordCount();
	if ($num_rows > 0)
	{
		$limit_str = $cur_page * $config[listings_per_page];
		$resultRecordSet = $conn->Execute($sql);
			if ($resultRecordSet === false)
			{
				log_error($sql);
			}
		$min2 = money_formats(international_num_format($min1));
		$max2 = money_formats(international_num_format($max1));
		if ($max2=="$0")
		{
		$max2="and up";
		}
		?>

<!-- CONTENT -->

<?php if ($city === 'Vancouver Island')
	{
		if ($type == '')
			{
				echo '<h1>Current Listings: ' . $city . '</h1>';
			}
			else
			{
				echo '<h1>Current Listings: ' . $city . ' » ' . $type . '</h1>';
			}
	}

	else {
?>

<h1>Current Listings: <?PHP echo $city;?> <?PHP echo $type;?></h1>

<?php } ?>

<?php if ($city === 'Vancouver Island')
	{
		echo '<h2>Browse ' . $city . ' by property type: ';
	}

	else {
?>

<h2>Browse <?PHP echo $city;?> listings by property type: 

Link to comment
Share on other sites

If the code on that page is not directly setting $_SESSION['mls'], then it is likely that register globals are on and there is a program/post/get/cookie variable with the same name - mls.

 

If the above is true, turn register globals off or use unique names for all variables so that there is no overlap due to register globals.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.