Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3
  1. #1
    Regular Coder
    Join Date
    Jul 2007
    Location
    Scotland
    Posts
    134
    Thanks
    12
    Thanked 0 Times in 0 Posts

    Sessions Problem

    Hi Guys,

    just found a problem with my login, when i login to my site , it displays all my information like it should, but if i view another members profile THEN go back to my control panel i take on there session and see all they're information instead of my own! i dont know what is doing this

    logincheck.php

    PHP Code:
    <?php
      
    require("includes/db_connection.php");
      
      
    ## The all important post variables
      
    $var_username mysql_real_escape_string(trim($_POST['username']));
      
    $var_password mysql_real_escape_string(trim($_POST['password']));
      
      
    ## blank submission
      
    if(empty($var_username) || empty($var_password)) {
      
      echo 
    '<div align="center" style="border: 1px solid black;padding:10px; background: yellow; color: #000000; font-size: 14px;"><b>You never filled in both fields, please fill them both in.</b></div><br />';
      exit;    
      
      }
      
      
    $q "SELECT `id`,`username`,`password` FROM `users` WHERE `username`='$var_username' AND `password`='$var_password' LIMIT 1";
      
    $r mysql_query($q);
      
    $row mysql_fetch_array($r);
      
      
    $any_results mysql_num_rows($r);
      
      if(
    $any_results != 1) {
      
      echo 
    '<div align="center" style="border: 1px solid black;padding:10px; background: yellow; color: #000000; font-size: 14px;"><b>We can\'t find that username/password combination in the database, please re-check your login details.</b></div><br />';
      exit;    
             
         } else {
         
      
    ## update the login timer
      
    $var_update_time_query mysql_query("UPDATE `users` SET `last_login` = now() WHERE `username`='$var_username' AND `password`='$var_password'");
         
      
    ## There was a result back
      
    session_start(); 
      
    $_SESSION['id'] = $row['id'];
      
    $_SESSION['username'] = $row['username'];
      
    $_SESSION['loggedin'] = 'yes'
      
      
    ## redirect to members page
      
    header("Location:myaccount.php"); 
         
      }
    ?>
    sessions.php

    PHP Code:
    <?php
    session_start
    (); 
      
    header("Cache-control: private");
      if(
    $_SESSION['loggedin'] != 'yes') { 
        
    header("Location: login.php"); 
        exit; 

      
    ## a variable for easier access
      
    $var_loggedinuserid $_SESSION['id'];
      
    $var_loggedinuser $_SESSION['username'];
    ?>
    the code above is what i use as an include at the top of every page, can anyone see what i have done wrong?

    thanks guys

    Graham

  • #2
    Senior Coder CFMaBiSmAd's Avatar
    Join Date
    Oct 2006
    Location
    Denver, Colorado USA
    Posts
    3,026
    Thanks
    2
    Thanked 315 Times in 307 Posts
    My guess is that your "view profile" code is setting the session variables to the values it is getting from the database for that person. You would need to post the "view profile" code to get any help with what it is doing.
    If you are learning PHP, developing PHP code, or debugging PHP code, do yourself a favor and check your web server log for errors and/or turn on full PHP error reporting in php.ini or in a .htaccess file to get PHP to help you.

  • #3
    Regular Coder
    Join Date
    Jul 2007
    Location
    Scotland
    Posts
    134
    Thanks
    12
    Thanked 0 Times in 0 Posts
    Hi Mate,

    Thanks for the help i solved it can you believe it was because register_globals was on in my server.

    cheers

    Graham


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •