Sessions Problem

graham23s · 11-11-2007, 01:12 PM

Hi Guys,

just found a problem with my login, when i login to my site , it displays all my information like it should, but if i view another members profile THEN go back to my control panel i take on there session and see all they're information instead of my own! i dont know what is doing this

logincheck.php

PHP Code:


			
<?php

  require("includes/db_connection.php");

  

  ## The all important post variables

  $var_username = mysql_real_escape_string(trim($_POST['username']));

  $var_password = mysql_real_escape_string(trim($_POST['password']));

  

  ## blank submission

  if(empty($var_username) || empty($var_password)) {

  

  echo '<div align="center" style="border: 1px solid black;padding:10px; background: yellow; color: #000000; font-size: 14px;"><b>You never filled in both fields, please fill them both in.</b></div><br />';

  exit;    

  

  }

  

  $q = "SELECT `id`,`username`,`password` FROM `users` WHERE `username`='$var_username' AND `password`='$var_password' LIMIT 1";

  $r = mysql_query($q);

  $row = mysql_fetch_array($r);

  

  $any_results = mysql_num_rows($r);

  

  if($any_results != 1) {

  

  echo '<div align="center" style="border: 1px solid black;padding:10px; background: yellow; color: #000000; font-size: 14px;"><b>We can\'t find that username/password combination in the database, please re-check your login details.</b></div><br />';

  exit;    

         

     } else {

     

  ## update the login timer

  $var_update_time_query = mysql_query("UPDATE `users` SET `last_login` = now() WHERE `username`='$var_username' AND `password`='$var_password'");

     

  ## There was a result back

  session_start(); 

  $_SESSION['id'] = $row['id'];

  $_SESSION['username'] = $row['username'];

  $_SESSION['loggedin'] = 'yes'; 

  

  ## redirect to members page

  header("Location:myaccount.php"); 

     

  }

?>

sessions.php

PHP Code:


			
<?php

session_start(); 

  header("Cache-control: private");

  if($_SESSION['loggedin'] != 'yes') { 

    header("Location: login.php"); 

    exit; 

} 

  ## a variable for easier access

  $var_loggedinuserid = $_SESSION['id'];

  $var_loggedinuser = $_SESSION['username'];

?>

the code above is what i use as an include at the top of every page, can anyone see what i have done wrong?

thanks guys

Graham

CFMaBiSmAd · 11-11-2007, 02:22 PM

My guess is that your "view profile" code is setting the session variables to the values it is getting from the database for that person. You would need to post the "view profile" code to get any help with what it is doing.

graham23s · 11-11-2007, 08:11 PM

Hi Mate,

Thanks for the help i solved it can you believe it was because register_globals was on in my server.

cheers

Graham