PHP Help -- Output buffering & mod rewrite

[Ray]

Hello..

I scripted a login system using a class i found (http://bubble.ro/Creating_a_customized_session_handling_system_in_PHP__part_II.html)

Everything was working fine until i started using mod rewrite. (using sql session injection removes the phpsesid=123 out of the url)

Anyways, when i get to the members area it via main.php?id=pagename the class works fine, however when i go via melgurt.com./pagename/ it says im logged out. I think it has something to do with the mod_rewrite.

Output buffering is turned on it the server..

main.php
----------

	<?php


require ("testing/iSQL.php");
include ("testing/iSession.php");

global $sql; $sql = new iSQL();

$session = new iSession();
$logged_in = $session->get_var("logged_in");
$un = $session->get_var("user_id");


if($logged_in=="1"){
$sin="1";
}
else{
$sin="0";
}
$session->session_end();



include("..h23.php");            //modified for security
$filename = $_GET['id'];        
$function1 = $_GET['id2'];     
$function2 = $_GET['id3'];     
$function3 = $_GET['id4'];     

if (file_exists("---")) {     //removed for security
   include("---");             //removed for security
   } else {
    include("--"); //removed for security

    }
  include("....f23php"); //modified for security


?>

h.php = header file
f23php = footer file

 

[Peter]

what is the content of the mod rewrite?

 

[Ray]

Administrator: Please Mark Resolved
----------------------

I have firqured out a work around with the session database by using the ip address and a single cookie, and have created a function called user_hash which is generated uniqely by the userid original session key at user ip which will check against the database if the refer is the login page...

It all works out fine, however i dont know how secure it is..


Options +FollowSymLinks
RewriteEngine On
RewriteRule ^([^/]*)/$ /main.php?id=$1 [L]
RewriteRule ^([^/]*)/([^/]*)/$ /main.php?id=$1&id2=$2 [L]
rewritecond %{http_host} ^http://melgurt.com [nc]
rewriterule ^([^/]*)/$ http://www.melgurt.com/ [r=301,nc]

So basically.. thus far is what im gathering is that the rewrite is closing my session and cause me to open up a new one

added QSA to the rewrite rules, no luck, however im not passing sessions through the url, rather through a cookie