Need urgent help - Session username wrong!
Posted: Sun Jan 31, 2010 1:58 pm
Hello Guru's for the secound time today
Ever since my site was created I kept the users username is a session, this was never utilized until today when i tried to use it. To my shock when I echo'd the username session i got the wrong username!
I tested it on another user and the same problem happened although it is not a different username depending on the user it is the same one username which must be in every users session. Why is the same username in everyones username session when it should be their own username? That is my question as i have tried to fix it but i can not see the problem. Let me show you how the session is created.
Login.php
As you can see their is an included file which could be the problem so ill show you it aswell.
dbc.php
The dbc page is a page used to protect every page of my site from users not logged in. It contains mainly functions which i use through out the site but there is also some session data which could be the problem. Im pretty sure its one of these two pages causing my problem but i dont see the problem. I really hope you can 
Ever since my site was created I kept the users username is a session, this was never utilized until today when i tried to use it. To my shock when I echo'd the username session i got the wrong username!
Login.php
Code: Select all
include 'dbc.php';
// use filter where $data where post used.
foreach($_POST as $key => $value) {
$data[$key] = filter($value);
}
if ($_POST['doLogin']=='Login')
{
$user_email = mysql_real_escape_string($_POST['usr_email']);
$md5pass = hash('sha256',$data['pwd']);
if (strpos($user_email,'@') === false) {
$user_cond = "user_name='$user_email'";
} else {
$user_cond = "user_email='$user_email'";
}
$sql = "SELECT `id`,`full_name`,`approved`,`user_name`,`user_money`,`jobs_completed`,`jobs_failed`,`user_earning`,`banned` FROM users WHERE
$user_cond
AND `pwd` = '$md5pass' AND `banned` = '0'
";
$result = mysql_query($sql) or die (mysql_error());
$num = mysql_num_rows($result);
// Match row found with more than 1 results - the user is authenticated.
if ( $num > 0 ) {
list($id,$full_name,$approved,$user_name,$user_money,$jobs_completed,$jobs_failed,$user_earning) = mysql_fetch_row($result);
if(!$approved) {
$msg = "Account not activated. Please check your email for activation code";
header("Location: login.php?msg=$msg");
exit();
}
// this sets session and logs user in
session_start();
// this sets variables in the session
$_SESSION['user_id']= $id;
$_SESSION['user_realname'] = $full_name;
$_SESSION['user_name'] = $user_name;
$_SESSION['user_money'] = $user_money;
$_SESSION['jobs_completed'] = $jobs_completed;
$_SESSION['jobs_failed'] = $jobs_failed;
$_SESSION['user_earning'] = $user_earning;
//set a cookie witout expiry until 60 days
if(isset($_POST['remember'])){
setcookie("user_id", $_SESSION['user_id'], time()+60*60*24*60, "/");
setcookie("user_name", $_SESSION['user_name'], time()+60*60*24*60, "/");
}
session_write_close();
header("Location: http://url/user.php");
}
else
{
$msg = urlencode("Invalid Login. Please try again with correct username and password. ");
header("Location: login.php?msg=$msg");
}
}
dbc.php
Code: Select all
function page_protect() {
session_start();
//check for cookies && isset($_COOKIE['user_name'])
if(isset($_COOKIE['user_id'])&& isset($_COOKIE['user_name'])){
$_SESSION['user_id'] = $_COOKIE['user_id'];
$_SESSION['user_name'] = $_COOKIE['user_name'];
$_SESSION['user_earning'];
$_SESSION['jobs_failed'];
$_SESSION['jobs_completed'];
$_SESSION['user_money'];
$_SESSION['user_realname'];
}
session_write_close();
if (!isset($_SESSION['user_id']))
{
header("Location: login.php");
}
/*******************END********************************/
}
function filter($data) {
$data = trim(htmlentities(strip_tags($data)));
if (get_magic_quotes_gpc())
$data = stripslashes($data);
$data = mysql_real_escape_string($data);
return $data;
}
function EncodeURL($url)
{
$new = strtolower(ereg_replace(' ','_',$url));
return($new);
}
function DecodeURL($url)
{
$new = ucwords(ereg_replace('_',' ',$url));
return($new);
}
function ChopStr($str, $len)
{
if (strlen($str) < $len)
return $str;
$str = substr($str,0,$len);
if ($spc_pos = strrpos($str," "))
$str = substr($str,0,$spc_pos);
return $str . "...";
}
function isEmail($email){
return preg_match('/^\S+@[\w\d.-]{2,}\.[\w]{2,6}$/iU', $email) ? TRUE : FALSE;
}
function isUserID($username)
{
if (preg_match('/^[a-z\d_]{5,20}$/i', $username)) {
return true;
} else {
return false;
}
}
function isURL($url)
{
if (preg_match('/^(http|https|ftp):\/\/([A-Z0-9][A-Z0-9_-]*(?:\.[A-Z0-9][A-Z0-9_-]*)+):?(\d+)?\/?/i', $url)) {
return true;
} else {
return false;
}
}
function checkPwd($x,$y)
{
if(empty($x) || empty($y) ) { return false; }
if (strlen($x) < 4 || strlen($y) < 4) { return false; }
if (strcmp($x,$y) != 0) {
return false;
}
return true;
}