Anything wrong with this session?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
beloveddoll
Forum Commoner
Posts: 40
Joined: Sat Jul 14, 2007 6:18 pm

Anything wrong with this session?

Post by beloveddoll »

Code: Select all

<?
 	// Defines
 
 	DEFINE('SESSION_MAGIC','sadhjasklsad2342');

 	// Initialization
 	@session_start();
 	@ob_start();
  
 
    /*
      Redirects to another page
    */
    function Redirect($to) {

	   @session_write_close();
	   @ob_end_clean();
	   @header("Location: $to");
    } 
 
     /*
        Deletes existing session
    */
	function RemoveSession() {
		$_SESSION = array();
		if (isset($_COOKIE[session_name()])) {
		   @setcookie(session_name(), '', time()-42000, '/');
		}
	}
    
	/*
	  Checks if user is logged in
	*/ 
	function isLoggedIn() {
		
		return(isset($_SESSION['magic']) && ($_SESSION['magic']==SESSION_MAGIC));
	}
	
    /*
      Terminates an existing session
    */
    function Logout() {
	    @RemoveSession();
	    @session_destroy();
    }
 
    /* 
      read message count
    */
    function CountMessages($id) {
	    
	   if ($res=mysql_query("SELECT * FROM messagedata WHERE recBoxID=$id AND isNew=1"))
	   {
		   $count=mysql_num_rows($res);
		   mysql_free_result($res);	   
		   return($count);
	   }
	   return 0; 
    }
    
    /*
      Go login go!
    */
    function Login($username,$password) {
	   
	    global $nmsg, $rows;
	   
	   $ok=false;	
	   if ($res=mysql_query("SELECT id,level,mailNum, echo_count, status FROM userdata WHERE login='$username' AND password='$password'"))
	   {
		   if ($rows=mysql_fetch_row($res)) {
			    $_SESSION['sess_name'] = $username;
				$_SESSION['pass'] = $password;
				$_SESSION['gal'] = $rows[0];
				$_SESSION['mail'] = $rows[2];
				$_SESSION['level2'] = $rows[1];	
				$_SESSION['echos'] = $rows[3];
				$_SESSION['status'] = $rows[4];
			    $_SESSION['magic'] = SESSION_MAGIC;
			    $_SESSION['rows'] = $rows; /* stupid stupid hack */
			    $nmsg = CountMessages($rows[0]);
			    $ok=true;
		   } else {
			   include('login_failed.php');
		   }
		   mysql_free_result($res);
	   }
	   return($ok);
   }

    /*
      Escape array using mysql
    */   
	function Escape(&$arr)
	{
	 if (Count($arr)>0) {
		    foreach($arr as $k => $v) {
		        if (is_array($v)) {
		            Escape($arr[$k]);
		        }
		        else {
		            if (function_exists('get_magic_quotes')) {
		                if(!get_magic_quotes_gpc()) {
		                    $arr[$k] = stripslashes($v);
		                }
		            }
		            $arr[$k] = mysql_real_escape_string($v);
		        }
		   }
      }
	}

// -----------------------------------------------    
// Main
// -----------------------------------------------    

   Escape($_POST);
   Escape($_GET);
   Escape($_COOKIE);
   Escape($_REQUEST);
   Escape($_GLOBALS);
   Escape($_SERVER);
   
?>
For the most part it works but it seems to not want to do some things. Like if the person moves on to a new page, the new message is lost and if another user adds echos to this user, it is not shown (the database will have this info but it is not getting displayed).
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

I don't see how this applies to Code Critique; moved to PHP - Code.
Post Reply