...

View Full Version : Website randomly choosing logged in user in status bar.



makko
10-19-2009, 07:42 PM
Hi There,

I worked on a site a while back as part of a college project. It was a great success and worked well on my development and home server for demonstration purposes.

I've since moved it to my main host to be part of my portfolio. This host seems to be using a different (newer) version of php which threw header already sent errors. I fixed these but now I'm having a weird issue where if you log into the site and browse to the member list "People". If you choose to view a users profile page then it will take you there but the navbar will tell you that you are logged in as somebody else. If you continue to navigate around the site this currently logged in user will randomly change to other registered users.

There seems to be some order to the randomness of the users being selected but I can't put my hand on it.

The faulty site is:here (http://www.conorhackett.com/iflicks)
The working site is:here (http://conorh.comli.com/iflicks)

You can log in as user:pass->guest:guest (both sites)

I should probably post some code but to be honest i'm not really sure where to start.

I have a navbar section that determines which user is logged in so I suppose i'll start there.

Header.php from conorhackett.com:
Please note: The code here is quite nasty looking as this was our first big project. I also feel the need to say I didn't code this navbar. If I did then I would have used only one block of dynamic html.


<?php
session_start();
?>
// Some html import declarations here.
<?php
//not logged in navbar
if (empty($_SESSION['username'])){
echo'
<div id="navigation_container">
<div id="picture_roll_out"></div>
<div id="logo_area">
<a href="index.php"></a>
</div>
<div id="low_nav">
<div class="logged_details"><a href="login.php">Login</a> | <a href="registration.php">Register</a></div>
</div>
</div>
';
}


else if(isset($_SESSION['administrator']) && $_SESSION['administrator'] == 1)
{
//administration navbar
echo'
<div id="navigation_container">
<div id="edit">
<a href="admin.php">Administration</a>
</div>
<div id="picture_roll"></div>
<div id="logo_area">
<a href="index.php"></a>
</div>
<div id="low_nav">
<div class="logged_details">You are signed in as '.$_SESSION['username'].' | <a href="logout.php">Logout</a></div>
<div id="low_nav_links">
<a href="home.php">Home</a> | <a href="profile.php?userId='.$_SESSION['userId'].'">Profile</a> |
<a href="user_albums.php?userId='. $_SESSION['userId'] .'">Albums</a> |
<a href="upload.php">Upload a Photo</a> |
<a href="edit_account.php">Account</a> |
<a href="user_list.php">People</a>
</div>
</div>
</div>
';

}


//normal user navbar
else{
echo'
<div id="navigation_container">
<div id="edit">
</div>
<div id="picture_roll_out"></div>
<div id="logo_area">
<a href="index.php"></a>
</div>
<div id="low_nav">
<div class="logged_details">You are signed in as '.$_SESSION['username'].' | <a href="logout.php">Logout</a></div>
<div id="low_nav_links">
<a href="home.php">Home</a> | <a href="profile.php?userId='.$_SESSION['userId'].'">Profile</a> |
<a href="user_albums.php?userId='. $_SESSION['userId'] .'">Albums</a> |
<a href="upload.php">Upload a Photo</a> |
<a href="edit_account.php">Account</a> |
<a href="user_list.php">People</a>
</div>
</div>
</div>
';
}
?>


Any advice greatly appreciated as I need to have this site in a fully working state for my portfolio, thanks..

met
10-19-2009, 08:01 PM
that code isn't what you need to provide ^-^

please post any code where you actually set $_SESSION['username'];

but I agree it's a strange bug.

mlseim
10-19-2009, 08:10 PM
It's gotta be related to the SESSION path on the particular server ... some PHP setting.

Probably a good idea to save the script below as "phpinfo.php" and upload to
your website and run it. Print it out and run it on your other server and compare.

save this is "phpinfo.php" or "test.php" and run it on your webhost:


<?php
phpinfo();
?>

makko
10-19-2009, 10:39 PM
Hi guys, thanks for the input and speedy replies!!

You can get the server php info at:www.conorhackett.com/info.php i'm sure there session section will be a lot more meaningful to you guys..:o

Here is the code where I set $_SESSION['username']. The only area is in a script called login.php

From the code you will be able to see where I patched the problem with the session headers already sent error.
I used:


echo "<script type=\"text/javascript\">window.location = \"home.php\"</script>";

instead of something like:


header("LOCATION: home.php")


I don't think that change would have any negative effect though.



// Check to see if account has been suspended
if($result['suspend'] == 1)
{
echo '<p class="error">Your account has been suspended, please contact the support team to rectify this.</p>';
}
else if($result['administrator'] == 0) // If user is not an admin
{
// DB Disconnect
dbDisconnect($connection);

// Login by setting session variables
$_SESSION['username'] = $_POST['username'];
$_SESSION['userId'] = $result['user_id'];
$_SESSION['administrator'] = $result['administrator'];
// Send user to home.php
echo "<script type=\"text/javascript\">window.location = \"home.php\"</script>";
}
else // User is admin
{
// DB Disconnect
dbDisconnect($connection);

// Login by setting session variables
$_SESSION['username'] = $_POST['username'];
$_SESSION['userId'] = $result['user_id'];
$_SESSION['administrator'] = $result['administrator'];
// Send user to home.php
echo "<script type=\"text/javascript\">window.location = \"admin.php\"</script>";
}



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum