PHP Session - Logging into wrong account
Posted: Mon Apr 18, 2011 1:45 pm
Hi
My mate has a website and she has found recently that every now and then a user complains saying they have logged into the site but it logs them into another users account.
The script used is:
<?
require_once("conn.php");
$q1 = "SELECT * FROM members WHERE email='$email' AND password=SHA('$password') AND active =''";
$r1 = mysql_query($q1) or die(mysql_error());
if(mysql_num_rows($r1) == '1')
{
//ok
$a1 = mysql_fetch_array($r1);
$_SESSION[id] = $a1[id];
$_SESSION[email] = $a1[email];
$_SESSION[username] = $a1[username];
if(!empty($remember)){
setcookie("copname", $_SESSION['username'], time()+60*60*24*300, "/");
setcookie("coppass", $_SESSION['id'], time()+60*60*24*300, "/");
$set='yes';
}
if($a1[proscore]==0){
header("location:index.php?m=l&set=$set&ne=y");
}else{
header("location:$page?m=l&set=$set&ne=y");
}
exit();
}
else
{
header("location:$page?m=n");
exit();
}
Can anyone help with this issue please, I'd really appreciate it?
Cheers
My mate has a website and she has found recently that every now and then a user complains saying they have logged into the site but it logs them into another users account.
The script used is:
<?
require_once("conn.php");
$q1 = "SELECT * FROM members WHERE email='$email' AND password=SHA('$password') AND active =''";
$r1 = mysql_query($q1) or die(mysql_error());
if(mysql_num_rows($r1) == '1')
{
//ok
$a1 = mysql_fetch_array($r1);
$_SESSION[id] = $a1[id];
$_SESSION[email] = $a1[email];
$_SESSION[username] = $a1[username];
if(!empty($remember)){
setcookie("copname", $_SESSION['username'], time()+60*60*24*300, "/");
setcookie("coppass", $_SESSION['id'], time()+60*60*24*300, "/");
$set='yes';
}
if($a1[proscore]==0){
header("location:index.php?m=l&set=$set&ne=y");
}else{
header("location:$page?m=l&set=$set&ne=y");
}
exit();
}
else
{
header("location:$page?m=n");
exit();
}
Can anyone help with this issue please, I'd really appreciate it?
Cheers