session problem

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
shivam0101
Forum Contributor
Posts: 197
Joined: Sat Jun 09, 2007 12:09 am

session problem

Post by shivam0101 »

I have 3 pages. on each page there are text links which links to other page.

home
products
profile

the members login through login page.

login code.

Code: Select all

$query_member_details=mysql_query("SELECT * FROM members WHERE member_email_id='$member_email_id' AND member_password='$member_password' AND member_flag=1 AND confirm_flag='YES'");
	  if(mysql_num_rows($query_member_details) > 0)
          {
            $fetch_member_details=mysql_fetch_array($query_member_details);
            $member_id=$fetch_member_details['member_id'];
                 
            session_start();
            $_SESSION['member_id']=$member_id;
                 
            header("Location:".SITE_URL);
                 
          }
          else
          {
             $message='Invalid Login';
          }


on each page i am getting the session value,

Code: Select all

<?php
require_once('general/require_once.php');

session_start();
$member_id=$_SESSION['member_id'];

//rest of the code

If i login as 'member_a' (assume member exists) and echo the id, i am getting the correct id of member_a. If i do not signout and go to admin and delete member_a and if i refresh member_a's page the first member's id is displayed. How to solve this.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Echo the query. I suspect you may have a flaw in the logic or may need logic added to it.
shivam0101
Forum Contributor
Posts: 197
Joined: Sat Jun 09, 2007 12:09 am

Post by shivam0101 »

Code: Select all

$query_member_details=mysql_query("SELECT * FROM members WHERE member_email_id='$member_email_id' AND member_password='$member_password' AND member_flag=1 AND confirm_flag='YES'");
echo output:

Code: Select all

SELECT * FROM members WHERE member_email_id='shivam0101@gmail.com' AND member_password='shivam' AND member_flag=1 AND confirm_flag='YES'
The problem is in other pages. Once i login and go to a page, then delete the user by either opening another window or manually in the database and then i refresh the page i am getting the first members id (i can understand since i deleted i wont be able to see my id, but why i am seeing other member id in session?)

For example:
1. member_a id is 10
2. member_a logs in - he is able to see his id - 10.
3. Opens another window and login as admin and delete member_a OR delete member_a directly by opening DB
4. Refresh member_a's home page or any other page - the member id is some other person's member_id (first member's)
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

What does the query look like when you experience this "bug?"
User avatar
Kieran Huggins
DevNet Master
Posts: 3635
Joined: Wed Dec 06, 2006 4:14 pm
Location: Toronto, Canada
Contact:

Post by Kieran Huggins »

try:

Code: Select all

$query_member_details=mysql_query("SELECT * FROM members WHERE member_email_id='$member_email_id' AND member_password='$member_password' AND member_flag=1 AND confirm_flag='YES'") or die(MySQL_error());
Post Reply