Dynadot โ€” .com Registration $8.99

Session problem

Spaceship Spaceship
Watch
S

SiKing

Registered MemberEstablished Member
โ˜… 20 โ˜…
Impact
6
I have a real nasty problem with my sessions. If I log into my website with any user and go to view another users website, the session switches to the profile owner's session.

http://www.darkfx.co.uk (go to 'profiles')

I don't know where to begin in debugging this thing! Thanks for any help :td:
 
Reply
0
0 Like
0 Thanks
•••
The views expressed on this page by users and staff are their own, not those of NamePros.
GoDaddyGoDaddy
Sort by date Sort by points
How are you getting the session id when you go to the "other" user's page? I.e., when the profile page loads, where does it get the session id?
 
Reply
0
0 Like
0 Thanks
•••
slantednet said:
How are you getting the session id when you go to the "other" user's page? I.e., when the profile page loads, where does it get the session id?
Click to expand...
Yep, its most likely a session passing problem. You should look at the "Post" and "Session" headers and see what information is really getting passed from page to page.

-Steve
 
Reply
0
0 Like
0 Thanks
•••
PHP: 
<?php
session_start();
if (!isset($_SESSION['logged_in'])
    || $_SESSION['logged_in'] !== true) {
    header('Location: signin.php?auth=2');
    exit;
}

?>

Could this be what you mean?
 
Reply
0
0 Like
0 Thanks
•••
Please can anybody help?
 
Reply
0
0 Like
0 Thanks
•••
I dont think it is switching sessions, i think it is more of a case you are retrieving the information without checking the authenticity of the person.
 
Reply
0
0 Like
0 Thanks
•••
I should I resolve that?
 
Reply
0
0 Like
0 Thanks
•••
cant really tell without knowing how you are using the sessions etc within the script and how you are retrieving data based on that session.
 
Reply
0
0 Like
0 Thanks
•••
well all (except 2) of my pages require the "head.php". This script begins with..

PHP: 
session_start();

The error occurs when somebody logs in with this script (login.php):

PHP: 
...
// Registering the variables uname and pwd
session_register("username", "password", "id", "account");

//Check user exists in database
$sql = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password' LIMIT 1");

//Using mysql_num_rows we count the number of rows matching username and password which should be 1 if true and 0 if false
$login_check = mysql_num_rows($sql);

if ($login_check == "1") {
$_SESSION['logged_in'] = true;
include ("membersarea.php");
}
else {
include("includes/head.php");
session_unset();
echo "<h1>Error</h1><p>Your attempt at logging in failed. If you feel as if there is
a problem, email the administrator at [email protected] or use the contact form</p>";
include("includes/foot.php");
}
...

Then views somebody elses profile and then views somebody elses profile. The session switches to the first profile they viewed. I'll just make that less confusing:

1. User signs in
2. Views "Admin"'s profile
3. Views "miseria"'s profile
4. Session switches to "Admin"'s session



Here's part of the "view_profile.php" script which calls the username:

PHP: 
$sessionusername=$HTTP_SESSION_VARS['username'];

All help is appreciated :)
 
Reply
0
0 Like
0 Thanks
•••
need the code that you use to retireve the users info
 
Reply
0
0 Like
0 Thanks
•••
PHP: 
<?php 
	$sessionusername=$HTTP_SESSION_VARS['username'];
	
	
	
include($_SERVER['DOCUMENT_ROOT'] . "/studios/includes/config.php");
$query = mysql_query( "SELECT id FROM users WHERE username='$sessionusername'" ) or die("SELECT Error: " .mysql_error());

$i=0;
while ($i < $num) {
$authorid=mysql_result($query,$i,"id");
$i++;
}
	
	
  if (isset($_SESSION['logged_in'])) {
   echo "Hello <a href='/studios/view_profile.php?profile_id=$id'>$sessionusername</a>. Click here to <a href='/studios/logout.php'>sign out</a>
   or visit the <a href='/studios/membersarea.php'>member's area</a>";
}
else {
echo "Hello, please <a href='/studios/signin.php'>sign in</a> or <a href='/studios/register.php'>register</a>!";
}
	
	?>

I'm not sure if that's what you meant. But that is where the problem is evident. (Where the username switches). Information about the user is gathered with...

PHP: 
<?php
session_start();
if (!isset($_SESSION['logged_in'])
    || $_SESSION['logged_in'] !== true) {
    header('Location: signin.php?auth=2');
    exit;
}

session_start(); 
include("includes/head.php");
include("includes/config.php"); 
include("points.php");

$sessionusername=$HTTP_SESSION_VARS['username'];
$sessionid=$HTTP_SESSION_VARS['id'];

$query="SELECT * FROM users WHERE username='$username'";
    $sql = mysql_query($query)or die(msql_error());
    $obj = mysql_fetch_object($sql);
    $email = $obj->email;
    $firstname = $obj->firstname;
	$id = $obj->id;
    $username = $obj->username;
	$points = $obj->points;
?>
 
Reply
0
0 Like
0 Thanks
•••
ok with a quick glance the only problem I can see is that you are switching between $HTTP_SESSION_VARS and $_SERVER all of the time.

$HTTP_SESSION_VARS is deprecated (which could result in php dropping it in future versions) now so best not to use it.

However this should not really cause the problems you are experiencing. Regardless try changing them just to rule it out.

I have registered with the username testing but could not replicate your problem, it always stayed in my session.
 
Reply
0
0 Like
0 Thanks
•••
Thanks. Did you try going to "profiles", then click a username, then back and select another username?

Thanks very much for your help
 
Reply
0
0 Like
0 Thanks
•••
ahh sorry yes I see your problem now.

What is your coding like in view_profile.php
 
Reply
0
0 Like
0 Thanks
•••
Code: 
<?php 
session_start(); 
if (!isset($_SESSION['logged_in']) 
    || $_SESSION['logged_in'] !== true) { 
    header('Location: signin.php?auth=2'); 
    exit; 
} 

>>>>>>>>session_start(); 
include("includes/head.php"); 
include("includes/config.php"); 
include("points.php"); 

$sessionusername=$HTTP_SESSION_VARS['username']; 
$sessionid=$HTTP_SESSION_VARS['id']; 

$query="SELECT * FROM users WHERE username='$username'"; 
    $sql = mysql_query($query)or die(msql_error()); 
    $obj = mysql_fetch_object($sql); 
    $email = $obj->email; 
    $firstname = $obj->firstname; 
    $id = $obj->id; 
    $username = $obj->username; 
    $points = $obj->points; 
?>

you dont have to define session_start(); twice
 
Reply
0
0 Like
0 Thanks
•••
Removed one of the "session_start()"s but understandably, the problem still exists. Thanks for the help though.

view_profile.php:

PHP: 
<?php session_start();
include ("includes/head.php");
include ("includes/config.php");

$sessionusername=$HTTP_SESSION_VARS['username'];





$profile_id = $_GET['profile_id'];

$sql = mysql_query("SELECT * FROM users WHERE id='$profile_id'");

//$i=0;
//while ($i < $num) {

$id=mysql_result($sql,$i,"id");
$username=mysql_result($sql,$i,"username");
$firstname=mysql_result($sql,$i,"firstname");
$lastname=mysql_result($sql,$i,"lastname");
$lastupdated=mysql_result($sql,$i,"lastupdated");
$points=mysql_result($sql,$i,"points");
$dob=mysql_result($sql,$i,"dob");
$status=mysql_result($sql,$i,"status");
$occupation=mysql_result($sql,$i,"occupation");
$details=mysql_result($sql,$i,"details");
$picture=mysql_result($sql,$i,"picture");
$band=mysql_result($sql,$i,"band");
$otherbands=mysql_result($sql,$i,"otherbands");

//$i++;
//}

$detailsbr=nl2br($details);
$otherbandsbr=nl2br($otherbands);


echo "<div id='whatis'><h1><center>$username (<a href='store.php'>$points</a>)</center></h1></div>
<table width='100%'  border='0'>
  <tr>
    <td width='27%' height='89'><img src='profileimages/nia.gif'></td>
    <td width='3%'>ย </td>
    <td width='70%'>
	  					<table width='80%'  border='0'>
      					<tr>
        					<td class='qs'>Name</td>
        					<td>$firstname $lastname</td>
      					</tr>
      					<tr>
        					<td class='qs'>Date of birth</td>
        					<td>$dob</td>
      					</tr>
     					 <tr>
       						 <td class='qs'>Marital status</td>
       						 <td>$status</td>
      					</tr>
      					<tr>
        					<td class='qs'>Occupation</td>
        					<td>$occupation</td>
      					</tr>
      					</table>
	
	</td>
  </tr>
  <tr>
    <td>ย </td>
    <td>ย </td>
    <td>ย </td>
  </tr>
  <tr>
    <td class='qs'>Favourite band</td>
    <td>ย </td>
    <td>$band</td>
  </tr>
  <tr>
    <td class='qs'>Favourite things</td>
    <td>ย </td>
    <td>$otherbandsbr</td>
  </tr>
  <tr>
    <td class='qs'>ย </td>
    <td>ย </td>
    <td>ย </td>
  </tr>
  <tr>
    <td colspan='3'></td>
  </tr>
  <tr>
    <td colspan='3'>$detailsbr</td>
  </tr>
  
</table><br><br>";

if ($username==$sessionusername) {echo "<center><a href='editprofile.php' style='font-size:12px'>EDIT</a></center>"; }
// else {echo "<center><a href='editprofile.php' style='font-size:12px'>ADD THIS USER TO MY FRIENDS LIST </a></center>"; }

echo "<hr>
<font size='1' color='#dddddd'>Last updated: $lastupdated</font>";


include ("includes/foot.php");
?>

Removed one of the "session_start()"s but understandably, the problem still exists. Thanks for the help though.

view_profile.php:

PHP: 
<?php session_start();
include ("includes/head.php");
include ("includes/config.php");

$sessionusername=$HTTP_SESSION_VARS['username'];





$profile_id = $_GET['profile_id'];

$sql = mysql_query("SELECT * FROM users WHERE id='$profile_id'");

//$i=0;
//while ($i < $num) {

$id=mysql_result($sql,$i,"id");
$username=mysql_result($sql,$i,"username");
$firstname=mysql_result($sql,$i,"firstname");
$lastname=mysql_result($sql,$i,"lastname");
$lastupdated=mysql_result($sql,$i,"lastupdated");
$points=mysql_result($sql,$i,"points");
$dob=mysql_result($sql,$i,"dob");
$status=mysql_result($sql,$i,"status");
$occupation=mysql_result($sql,$i,"occupation");
$details=mysql_result($sql,$i,"details");
$picture=mysql_result($sql,$i,"picture");
$band=mysql_result($sql,$i,"band");
$otherbands=mysql_result($sql,$i,"otherbands");

//$i++;
//}

$detailsbr=nl2br($details);
$otherbandsbr=nl2br($otherbands);


echo "<div id='whatis'><h1><center>$username (<a href='store.php'>$points</a>)</center></h1></div>
<table width='100%'  border='0'>
  <tr>
    <td width='27%' height='89'><img src='profileimages/nia.gif'></td>
    <td width='3%'>ย </td>
    <td width='70%'>
	  					<table width='80%'  border='0'>
      					<tr>
        					<td class='qs'>Name</td>
        					<td>$firstname $lastname</td>
      					</tr>
      					<tr>
        					<td class='qs'>Date of birth</td>
        					<td>$dob</td>
      					</tr>
     					 <tr>
       						 <td class='qs'>Marital status</td>
       						 <td>$status</td>
      					</tr>
      					<tr>
        					<td class='qs'>Occupation</td>
        					<td>$occupation</td>
      					</tr>
      					</table>
	
	</td>
  </tr>
  <tr>
    <td>ย </td>
    <td>ย </td>
    <td>ย </td>
  </tr>
  <tr>
    <td class='qs'>Favourite band</td>
    <td>ย </td>
    <td>$band</td>
  </tr>
  <tr>
    <td class='qs'>Favourite things</td>
    <td>ย </td>
    <td>$otherbandsbr</td>
  </tr>
  <tr>
    <td class='qs'>ย </td>
    <td>ย </td>
    <td>ย </td>
  </tr>
  <tr>
    <td colspan='3'></td>
  </tr>
  <tr>
    <td colspan='3'>$detailsbr</td>
  </tr>
  
</table><br><br>";

if ($username==$sessionusername) {echo "<center><a href='editprofile.php' style='font-size:12px'>EDIT</a></center>"; }
// else {echo "<center><a href='editprofile.php' style='font-size:12px'>ADD THIS USER TO MY FRIENDS LIST </a></center>"; }

echo "<hr>
<font size='1' color='#dddddd'>Last updated: $lastupdated</font>";


include ("includes/foot.php");
?>

Many thanks
 
Reply
0
0 Like
0 Thanks
•••
The problem is still happening on my new site at http://www.darkfx.co.uk

Sorry, I've tried everything and looked everywhere but can't find anything.
 
Reply
0
0 Like
0 Thanks
•••
PROBLEM SOLVED (for now :p lol). So for future reference: I located the problem to be within the "profiles.php" file. Where the script gathered the information from the database, it registered the last username into the session. So where I assigned the variable for $username. I just simply changed the name of the variable, if that makes sense. Thank you very much for helping me :]
 
Reply
0
0 Like
0 Thanks
•••
ok lol :)
 
Reply
0
0 Like
0 Thanks
•••
Log in or sign up to reply here.

  1. Olivair.com

    • Make Offer

  2. ChampBio.com

    • Make Offer

  3. Coded.co

    • Make Offer

  4. AhToDo.com

    • Make Offer

  5. Topside.co

    • Make Offer

  6. betterly.net

    • Make Offer

  7. infoFlyers.com

    • Make Offer

  8. krex.co.uk

    • Make Offer

  9. FortLeeLocksmith.com

    • Make Offer

  10. ServiceTastic.com

    • Make Offer

Similar threads

M
Session data and subdomains
0 replies
887 views
.:Mammoth261:.
M
RLW
Sub-domain PHP Session Question
6 replies
2K views
tinaCEO
T
W
Working with sessions
3 replies
1K views
web guru
W
N
Last PHP Question - I promise
5 replies
711 views
xemiterx
xemiterx
pixelbypixel
Php Sessions - Can't spot my problem.
6 replies
1K views
CrackFeed.Com
CrackFeed.Com
Appraise.net

We're social

Escrow.com

New posts โž”

Spaceship

Auction activity โž”

Unstoppable Domains

How do you think a potential buyer first checks if your domain is for sale?

Polls of interest โž”

CryptoExchange.com

Hot this week โž”

Domain Recover

Community favorite โž”

Trustap

Hot this month โž”

DomainEasy โ€” Zero Commission

Blog favorites

DomDB

  1. Olivair.com

    • Make Offer

  2. ChampBio.com

    • Make Offer

  3. Coded.co

    • Make Offer

  4. AhToDo.com

    • Make Offer

  5. Topside.co

    • Make Offer

  6. betterly.net

    • Make Offer

  7. infoFlyers.com

    • Make Offer

  8. krex.co.uk

    • Make Offer

  9. FortLeeLocksmith.com

    • Make Offer

  10. ServiceTastic.com

    • Make Offer
  • The sidebar remains visible by scrolling at a speed relative to the pageโ€™s height.
Back