Page 1 of 1

Im back again.. User problems

Posted: Thu Dec 10, 2009 2:17 pm
by synical21
Hello PHP gods,

I have an issue which i dont think you can fix but i am hoping you can tell me how to debug it. Now the problem:

1) I log in as user A, browse around the site and execute a couple of processes updating the DB (EG form data)

2) I then log in as user B and do the same kind of activities such as updating DB with form information,

Then after that process of updating DB with form information they are directed back to a page. The problem is after this process has run and they are redirceted back to the myaccount page for example they will be logged in as user A... how? i dont have a clue. But all the session data such as username and real name etc will be of User A indercating they are now logged into a different user. Big problem and im pretty clueless about how to fix.

When i switch from user A to B i logout which destroys the session. So how do i end up with another users session... This problem has worried me for a while now and i was hoping i would come across a fix but i have had no luck. :banghead:

Re: Im back again.. User problems

Posted: Thu Dec 10, 2009 3:22 pm
by AlanG
Can you post the code for the myaccount page?

Can you throw in the script that updates the database too.

Re: Im back again.. User problems

Posted: Thu Dec 10, 2009 3:59 pm
by synical21
Here is the myaccount page, just as a note it does not depend on which page is used when redirected after a process.

Code: Select all

<?php 
include 'dbc.php';
page_protect();
 
session_regenerate_id();
 
# connect to the database
mysql_c------------------------
 
$result = mysql_query("SELECT * FROM `proof` WHERE userproof_id='$_SESSION[user_id]' AND proof.clickstatus= 1 LIMIT 5") or die( mysql_error() );
 
?>
 
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<style type="text/css">
table.sample5 {
    border-width: 0px 0px 0px 0px;
    border-spacing: 0px;
    border-style: none none none none;
    border-color: white white white white;
    border-collapse: collapse;
    background-color: white;
}
table.sample5 th {
    border-width: 1px 1px 1px 1px;
    padding: 5px 35px 5px 35px;
    border-style: none none none none;
    border-color: white white white white;
    background-color: white;
    -moz-border-radius: 0px 0px 0px 0px;
}
table.sample5 td {
    border-width: 1px 1px 1px 1px;
    padding: 5px 5px 5px 5px;
    border-style: none none none none;
    border-color: white white white white;
    background-color: white;
    -moz-border-radius: 0px 0px 0px 0px;
}
</style>
<title>- My Account</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
 
<meta name="keywords" content="" />
<meta name="description" content="" />
<!-- TemplateEndEditable --><!-- TemplateBeginEditable name="head" --><!-- TemplateEndEditable -->
<style type="text/css" media="all">
<!--
@import url("styles.css");
* {/* for demo only*/
    margin:0;
    padding:0
}
html, body {
    height:100%;/* needed to base 100% height on something known*/
    text-align:center;
}
body {
    background:#333
}
#outer {
    width:890px;
    background:#fff;
    margin:auto;
    min-height:100%;
    margin-top:-59px;/*footer height - this drags the outer 40px up through the top of the monitor */
    text-align:left;
}
#header {
    border-top:59px solid #fff;
}
#outerWrapper {
    margin: 0 auto;
    text-align: left;
    width: 790px;
    background-color: #FFF;
}
#outerWrapper #footer {/* footer now sits at bottom of window*/
    width:770px;
    margin:auto;
    height:58px;/* must match negative margin of #outer */
    clear:both;
    border-top:1px solid #fff;
    background-color: #fff;
    padding: 30px 60px 0px 10px;
    background: url(images/footer-bg.png) no-repeat top;
    color: #ffffff;
    text-align: left;
    line-height: 22px;
    background-repeat: no-repeat;
    background-position: left top;
    vertical-align: bottom;
}
/*Opera Fix*/
body:before {/* thanks to Maleika (Kohoutec)*/
    content:"";
    height:100%;
    float:left;
    width:0;
    margin-top:-32767px;/* thank you Erik J - negate effect of float*/
}
.redtext {
    color: #F00;
}
-->
</style>
<!--[if IE 5]>
<style type="text/css"> 
#outerWrapper #contentWrapper #leftColumn1 {
  width: 170px;
}
#outerWrapper #contentWrapper #rightColumn1 {
  width: 170px;
}
</style>
<![endif]-->
<!--[if IE]>
<style type="text/css"> 
#outerWrapper #contentWrapper #content-left, #outerWrapper #contentWrapper #content-right {
  zoom: 1;
}
</style>
<![endif]-->
<script language="JavaScript">
    
    function show5()
    {
        d = document.getElementById("formpart"); 
        d.style.display = "";
        d.style.visibility = "";
        return;
    }
    function show7()
    {
        d = document.getElementById("employer2"); 
        d.style.display = "";
        d.style.visibility = "";
        return;
    }
 
</script>
 
</head>
<body>
<div id="outer">
<div id="header">
  <div id="headlinks"> <a href="index.php">Home</a>&nbsp;&nbsp;|&nbsp;&nbsp;<a href="#">Forums</a>&nbsp;&nbsp;|&nbsp;&nbsp;<a href="#">Help</a></div>
<img src="images/logonoblock.png" width="195" height="58" alt="logo" /></div>
<div id="topinfo-noimage"></div>
<div id="outerWrapper">
  <div id="contentWrapper">
    <div id="leftColumn1"><!-- TemplateBeginEditable name="leftsidebar" --><strong>Workers Menu</strong>
        <ul>
          <li></li>
          <li><a href="jobs.php">Available Jobs</a></li>
          <li><a href="finished.php">Finished Jobs</a></li>
          <li><a href="myaccount.php">My Account</a></li>
          <li><a href="logout.php">Logout</a></li>
          <li><a href="Templates/rightnav-noheader.html"> Withdraw Money</a></li>
      </ul>
      <div id="leftColumnContent"> <strong> Employers Menu</strong>
             <ul>
          <li></li>
          <li><a href="job_create.php">Create Jobs</a></li>
          <li><a href="myjobs.php">My Jobs</a></li>
          <li><a href="myaccount.php">My Account</a></li>
          <li><a href="Templates/rightnav-noheader.html"> Deposit Money</a></li>
        </ul>
        <div class="sidebarbox">
          <div class="sidebarboxtop">
            <p><strong>Your Account</strong>:</p>
            <p><p><font color="#336600">Name:</font>  <? echo $_SESSION['user_realname'];?></p>
            <p><font color="#336600">Jobs Completed:</font><? echo $_SESSION['jobs_completed'] ;?></p>
            <p><font color="#336600">Earnings:</font> $<? echo $_SESSION['user_earning'] ;?><br />
            <p><font color="#336600">Deposited:</font> $<? echo $_SESSION['user_money'] ;?>
            </p>
            <p><br />
            </p>
          </div>
          <div class="sidebarboxbottom"></div>
        </div>
        <div class="sidebarbox">
          <div class="sidebarboxtop">
        <?php 
    
        $query2 =("SELECT * FROM `messages` WHERE `to` ='$_SESSION[user_id]' and `to_viewed` = 0") or die( mysql_error() );
        $result2 = mysql_query($query2);
   $num_rows2 = mysql_num_rows($result2);
   if ($num_rows2 > 0){echo("<a href ='inbox.php'>You have a new message!</a><br/><img src='images/mail.jpg' width='98' height='41'></img>");
    }else {
    echo "<a href ='inbox.php'>Inbox</a> has no new messages received.";
    }
      
      ?>
      </div>
          <div class="sidebarboxbottom"></div>
        </div>
      </div>
          <!-- TemplateEndEditable --></div>
    <div id="content-right"><!-- TemplateBeginEditable name="maincontent" -->
     
      <table width="100%" border="0" cellspacing="0" cellpadding="5" class="main">
  <tr> 
    <td colspan="3"><h1>My Account</h1></td>
   </tr>
  <tr> 
    <td width="17" valign="top">
 <? 
 
if (isset($_SESSION['user_id'])) {?>
      <? } 
 
?> <td width="457" valign="top">
      <h3 class="titlehdr"> Welcome <? echo $_SESSION['user_realname'] ;?></h3>  
      <?    
      if (isset($_GET['msg'])) {
      echo "<div class=\"error\">$_GET[msg]</div>";
      }
          
      ?>
      </table>
      
      <br/><p class="sidebarlt">Welcome to your account page, look at an overview of your activties as well as change settings.
        </p>
      <p>
      <p><br />
      <table class="" width="100%" border="0" cellpadding="0" cellspacing="0">
       <tr>
       <td width="3%"></td>
     <td width="6%"><img src="images/settings-icon.jpg" width="48" height="48" /></td>
      <td width="29%"><a href>Account Settings </a></td>
      <td width="6%"><img src="images/Mail-icon.jpg" width="48" height="48" /></td>
      <td width="22%"><a href>Your Inbox</a></td>
      <td width="6%"><img src="images/spanner.jpg" width="48" height="48" /></td>
      <td width="28%"><a href="report.php">Report A Problem</a></td>
     </tr>
     </table>
      
     
       <p>&nbsp;</p>
       <p><br />
       </p>
<h3>Working Information:</h3>
      </p>
             <div class="sidebarbox">
          <div class="sidebarboxtop">
  <p><font color="#009900">Jobs Completed</font>: <? echo $_SESSION['jobs_completed'] ;?> <br/>
  <font color="#009900">Jobs Failed</font>: <? echo $_SESSION['jobs_failed'] ;?>  <br/>
  <font color="#009900">Money Earned</font>: $<? echo $_SESSION['user_earning'] ;?>  
      </div>
          <div class="sidebarboxbottom"><br />
 
      </p>
      </div>
       </div>
            <p>&nbsp;</p>
            <p>&nbsp;</p>
            <p><br />
            </p>
<h6>Featured Jobs</h6>
<p>&nbsp;</p>
<p>
<? echo $_SESSION['user_id'] ;?>
  <?
 
 $result3 = mysql_query("SELECT * FROM `fulldata` WHERE feature= 1 AND amountworkers > 0") or die( mysql_error() );
 $i=1;
  // START AN OUTPUT TABLE
echo "<table class='sample' width='100%'>";  
 
// IF NO RESULTS
if (!mysql_num_rows($result3)) 
{
    echo "<tr><td colspan='8'><font color='green'><u>Their are no featued jobs at this time.</u></font></td></tr>";
 
}
// IF WE HAVE RESULTS
else
{
 
// TITLE FOR COLUMNS
    echo "<tr><td nowrap><b><u></u></b></td><td align='Left'><b>Job Title</b></th><td align='center'><b><u>Cash</u></b></th></tr>";
echo "<tr><td colspan='5'> <img src='images/breaker.gif' width='580' height='2'></img></tr><td>";
// ITERATE OVER THE RESULTS SET
    while ($line = mysql_fetch_assoc($result3)) 
    {
// GET EASY-TO-READ LOCAL VARIABLES    
        foreach ($line as $key => $val) { $$key = htmlentities($val); }
// CREATE THE ROW OF DATA
$color = ($i % 2) ? "#EEFDEC" : "#FFFFFF";
 
        echo "<tr>";
        echo "<td style='background-color:$color' width='5%' align='left'><img src ='images/star.png'></img></td>\n";
        $i++;
        echo "<td style='background-color:$color' width='70%' align='left'><a href='jobinfo.php?ID=$job_id'>" . substr($title,0,45) . "</a></td>\n";
        $i++;
        echo "<td style='background-color:$color' width='10%' align='center'>$" . $perperson . "</td>\n";
        $i++;
        echo "</tr>\n";
       
    } // END WHILE ITERATOR
    echo "<tr><td colspan='5'> <img src='images/breaker.gif' width='580' height='2'></img></tr><td>";
    echo "</table>\n";
} // END IF/ELSE
 
 
?>  
<p>&nbsp;</p>
 
Are you an employer creating jobs? <a href="changestyle.php">Click here</a> to change your account page to employer style.
      
  </table></p><!-- TemplateEndEditable -->
      <p>
     
       <p>
              
    </div>
    <br class="clearFloat" />
  </div>
</div
></div>
  <div style="width: 890px; background: #fff; margin:  auto; padding: 0; position: relative;"> 
<div id="outerWrapper">
<div id="footer">
    <p><a href="#">Home</a>| <a href="#">Services</a> | <a href="#">About Us</a> | <a href="#">Contact Us</a> | <a href="#">Terms & Conditons</a> | <a href="#">Privacy</a></p>
    <p>This site is copyright © 2009 </p>
  
  
</div>
</div>
</div>
</body>
</html>
Messy i know but this is first site i ever made :P

Now for a process i have seen this happen on:

Code: Select all

 
<?php
 
 
 
// Connect to server and select database.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");
 
$total_cost = round(($_POST['amountworkers'] * $_POST['perperson']) * 1.05, 2);
$user_cost = $_SESSION['user_money'];
$userid2 = $_SESSION['user_id'];
 
 try {
        if ($total_cost > $user_cost) {
         throw new Exception("You have insufficient funds to create this job, please allow room for a 5% charge onto your job total cost.");
       }
 
else{
    $_SESSION['user_money'] = round($user_cost - $total_cost, 2);
 
     
      $sql = "UPDATE `users`
    SET users.user_money = round($user_cost - $total_cost, 2)
  WHERE users.id = '$_SESSION[user_id]'";
 $result = mysql_query($sql)
     or die('Invalid query: ' . $sql . ' - Error is ' . mysql_error());
}
 
 
 
 
 
//Function definition
function onlyLetters($str){
   $text = str_replace("\n", "xyxy", $str);
   $pattern = '/[^0-9a-zA-Z-. "]*/';
   $text = preg_replace($pattern, '', $text);
   return str_replace("xyxy", "<br />\n", $text);
}
function onlyNumbers($str){
        $pattern = '/[^0-9.]*/';
        return preg_replace($pattern, '', $str);
}
 
 
// Get and strip values  from form 
$title=onlyLetters($_POST['title']);
$descript=onlyLetters($_POST['descript']);
$proof=onlyLetters($_POST['proof']);
$min=onlyNumbers($_POST['min']);
$amountworkers=onlyNumbers($_POST['amountworkers']);
$perperson=onlyNumbers($_POST['perperson']);
$createuser_id=onlyLetters($_POST['createuser_id']);
$user_name=onlyLetters($_POST['user_name']);
$ujob_id=onlyNumbers($_POST['id']);
 
// Insert data into mysql 
$sql= mysql_query("INSERT INTO $tbl_name(job_id, title, descript, proof, min, amountworkers, perperson, createuser_id, user_name, date)VALUES('$ujob_id', '$title', '$descript', '$proof', '$min', '$amountworkers', '$perperson', '$createuser_id', '$user_name',now())") or die( mysql_error() );
 
 
// if successfully insert data into database, displays message "Successful". 
if($sql){
echo "Thank you for submiting your job, our team will now take a look and approve very soon ";
echo "<BR>";
echo "<a href='http:///jobs.php'>Click here to go back to</a>";
}
 
else {
echo "ERROR";
}
 
} catch (Exception $e) {
     
    // There has been an error
    echo "You have insufficient funds to create this job, please allow room for a 5% charge onto your job total cost.";
    }
    
      
?>
 
You may need to see this to dbc.php its the page protect function ( I did not make this script):

Code: Select all

 
<?php
 
 
// INITIAL SETTINGS //
// JUST COMPLETE WHEREVER MARKED XXXXXXXXXXXXXXXXXXX
 
/************* MYSQL DATABASE SETTINGS *****************/
// Enter database name.
// Note: If you use cpanel, the name will be like account_database
$dbname = '1';
// Change the 2nd and 3rd parameters in inside $link and the user should have ALL previleges assigned to databse
$link = mysql_connect("************") or die("Couldn't make connection.");
$db = mysql_select_db($dbname, $link) or die("Couldn't select database");
 
//ADMIN SECTION PASSWORD
 
$admin_user = '*****';
$admin_pass = '******';
 
/*************** reCAPTCHA KEYS****************/
$publickey = "******";
$privatekey = "*****";
 
function page_protect() {
session_start();
 
//check for cookies
 
if(isset($_COOKIE['user_id']) && isset($_COOKIE['user_name'])){
      $_SESSION['user_id'] = $_COOKIE['user_id'];
      $_SESSION['user_name'] = $_COOKIE['user_name'];
      $_SESSION['user_earning'];
      $_SESSION['jobs_failed'];
      $_SESSION['jobs_completed'];
      $_SESSION['user_money'];
      $_SESSION['user_realname'];
   }
 
 
if (!isset($_SESSION['user_id']))
{
header("Location: login.php");
}
/*******************END********************************/
}
 
 
function makecomma($input)
{
    // This function is written by some anonymous person - I got it from Google
    if(strlen($input)<=2)
    { return $input; }
    $length=substr($input,0,strlen($input)-2);
    $formatted_input = makecomma($length).",".substr($input,-2);
    return $formatted_input;
}
 
function india($num){
    // This is my function
    $pos = strpos((string)$num, ".");
    if ($pos === false) { $decimalpart="00";}
    else { $decimalpart= substr($num, $pos+1, 2); $num = substr($num,0,$pos); }
 
    if(strlen($num)>3 & strlen($num) <= 12){
                $last3digits = substr($num, -3 );
                $numexceptlastdigits = substr($num, 0, -3 );
                $formatted = makecomma($numexceptlastdigits);
                $stringtoreturn = $formatted.",".$last3digits ;
    }elseif(strlen($num)<=3){
                $stringtoreturn = $num;
    }elseif(strlen($num)>12){
                $stringtoreturn = number_format($num, 2);
    }
 
    if(substr($stringtoreturn,0,2)=="-,"){$stringtoreturn = "-".substr($stringtoreturn,2 );}
 
    return $stringtoreturn;
}
 
 
 
function EncodeURL($url)
{
$new = strtolower(ereg_replace(' ','_',$url));
return($new);
}
 
function DecodeURL($url)
{
$new = ucwords(ereg_replace('_',' ',$url));
return($new);
}
 
function ChopStr($str, $len) 
{
    if (strlen($str) < $len)
        return $str;
 
    $str = substr($str,0,$len);
    if ($spc_pos = strrpos($str," "))
            $str = substr($str,0,$spc_pos);
 
    return $str . "...";
}   
?>