...

View Full Version : Sessions Problem



graham23s
11-11-2007, 01:12 PM
Hi Guys,

just found a problem with my login, when i login to my site , it displays all my information like it should, but if i view another members profile THEN go back to my control panel i take on there session and see all they're information instead of my own! i dont know what is doing this

logincheck.php


<?php
require("includes/db_connection.php");

## The all important post variables
$var_username = mysql_real_escape_string(trim($_POST['username']));
$var_password = mysql_real_escape_string(trim($_POST['password']));

## blank submission
if(empty($var_username) || empty($var_password)) {

echo '<div align="center" style="border: 1px solid black;padding:10px; background: yellow; color: #000000; font-size: 14px;"><b>You never filled in both fields, please fill them both in.</b></div><br />';
exit;

}

$q = "SELECT `id`,`username`,`password` FROM `users` WHERE `username`='$var_username' AND `password`='$var_password' LIMIT 1";
$r = mysql_query($q);
$row = mysql_fetch_array($r);

$any_results = mysql_num_rows($r);

if($any_results != 1) {

echo '<div align="center" style="border: 1px solid black;padding:10px; background: yellow; color: #000000; font-size: 14px;"><b>We can\'t find that username/password combination in the database, please re-check your login details.</b></div><br />';
exit;

} else {

## update the login timer
$var_update_time_query = mysql_query("UPDATE `users` SET `last_login` = now() WHERE `username`='$var_username' AND `password`='$var_password'");

## There was a result back
session_start();
$_SESSION['id'] = $row['id'];
$_SESSION['username'] = $row['username'];
$_SESSION['loggedin'] = 'yes';

## redirect to members page
header("Location:myaccount.php");

}
?>

sessions.php


<?php
session_start();
header("Cache-control: private");
if($_SESSION['loggedin'] != 'yes') {
header("Location: login.php");
exit;
}
## a variable for easier access
$var_loggedinuserid = $_SESSION['id'];
$var_loggedinuser = $_SESSION['username'];
?>

the code above is what i use as an include at the top of every page, can anyone see what i have done wrong?

thanks guys

Graham

CFMaBiSmAd
11-11-2007, 02:22 PM
My guess is that your "view profile" code is setting the session variables to the values it is getting from the database for that person. You would need to post the "view profile" code to get any help with what it is doing.

graham23s
11-11-2007, 08:11 PM
Hi Mate,

Thanks for the help i solved it can you believe it was because register_globals was on in my server.

cheers

Graham



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum