Session problems

ibanez270dx · 10-20-2005

Hey guys,
I have a membership system on my website, and I currently am having some difficulty with the sessions. They work fine, however, when I go to the "edit accounts" page, which displays all the user accounts, the session gets its f_name and l_name changed! I can tell this from when I go back to the welcome page. Here is the exact story:

I log in - it brings me to a welcome page which says "Welcome, Jeff Miller!" (f_name l_name). I can go to different pages on the website and return to the welcome page, and the name stays the same, as it should. However, when I go to the "edit accounts" page then try to go back to the welcome page, the name all of a sudden changes! It changes to the last full name on the "edit accounts" list, which is organized alphabetically. It seems like something on that page changes the name in my session! What the heck!?!? Here is my code:

The PHP part of the login page:

PHP Code:


			
<?

session_start();  

header("Cache-control: private"); 

 

if ((!$_POST[username]) || (!$_POST[password])) {

    header( "Location: index.html");

    exit;

}



$table_name = "auth_users";



include("dbfactors.inc");



    $connection = mysql_connect("$host", "$db_user", "$db_password")

        or die(mysql_error());



    $db = @mysql_select_db($db_name, $connection) or die(mysql_error());





$sql = "SELECT * FROM $table_name WHERE username = '$_POST[username]'

    AND password = password('$_POST[password]')";



$result = mysql_query($sql, $connection) or die(mysql_error());



$num = mysql_num_rows($result);



$row = mysql_fetch_array($result,MYSQL_ASSOC);



$user = $row['username'];

$first = $row['f_name'];

$last = $row['l_name'];

$auth = $row['auth_type'];





if ($num != 0) {



    $_SESSION["online"] = "granted";

    $_SESSION["username"] = "$user"; 

    $_SESSION["auth_type"] = "$auth"; 

    $_SESSION["f_name"] = "$first"; 

    $_SESSION["l_name"] = "$last"; 

          

    header( "Location: index2.php");

    exit;

} else {

    $msg = "Either your username or password is incorrect. Please try again.";

}



?>

the PHP part of the welcome page:

PHP Code:


			
<?php



session_start();

header("Cache-control: private"); 



if($_SESSION["online"] = "granted")

{

 



$msg = "$_SESSION[f_name] $_SESSION[l_name]";



}



?>

and the infamous "edit accounts" page:

PHP Code:


			
<?

session_start();



if($_SESSION["auth_type"] != "admin" || $_SESSION["online"] != "granted")    

    {

         echo '<script>alert("Your account is not authorized to access this area.");</script>';

        echo '<script>history.back(1);</script>';

}



$table_name = "auth_users";



include("dbfactors.inc");



    $connection = mysql_connect("$host", "$db_user", "$db_password")

        or die(mysql_error());



    $db = @mysql_select_db($db_name, $connection) or die(mysql_error());



$sql = "SELECT f_name, l_name, id FROM $table_name ORDER BY f_name";



$result = @mysql_query($sql,$connection) or die(mysql_error());



while ($row = mysql_fetch_array($result)) {





$f_name = stripslashes($row['f_name']);

$l_name = stripslashes($row['l_name']);



$fullname = trim("$f_name $l_name");



$id = $row['id'];



$display_block .= "<option value=$id>$fullname</option>";



}



?>

any help is very much appreciated!!

Thanks!
- Jeff Miller

ParaSnake · 10-20-2005

i`m sorry that i dont have enough tike to track the codes for you,but this i what i will do if i were you :
- as i`ve read above,the problem must come from edit_account.php , so open it
- if you dont have any debugger,then go tracking the edit_account.php manually,the file is short,it wont cost u much time,and u are the best peron to do this(u wrote all of this

).Try to orbit some part to see how the codes work.
- soon you will find wheres the problem and how to fix it.

GoldNetX · 10-20-2005

As you traverse this loop you are grabbing all of the names in the database.

Code:

while ($row = mysql_fetch_array($result)) {


$f_name = stripslashes($row['f_name']);
$l_name = stripslashes($row['l_name']);

$fullname = trim("$f_name $l_name");

$id = $row['id'];

$display_block .= "<option value=$id>$fullname</option>";

}

There may be some problem here where you are messing up the session l_name and f_name by using them as variables here. Try changing the variable names and see if it makes a difference. Like this:

Code:

while ($row = mysql_fetch_array($result)) {


$thefirstname = stripslashes($row['f_name']);
$thelastname = stripslashes($row['l_name']);

$fullname = trim("$thefirstname $thelastname");

$id = $row['id'];

$display_block .= "<option value=$id>$fullname</option>";

}

Not sure if that will work, haven't done sessions in a while. But you can give it a try.

ibanez270dx · 10-22-2005

awesome guys! Thanks for the help!