Page 1 of 1

session problem

Posted: Sat Nov 03, 2007 1:55 pm
by shivam0101
I have 3 pages. on each page there are text links which links to other page.

home
products
profile

the members login through login page.

login code.

Code: Select all

$query_member_details=mysql_query("SELECT * FROM members WHERE member_email_id='$member_email_id' AND member_password='$member_password' AND member_flag=1 AND confirm_flag='YES'");
	  if(mysql_num_rows($query_member_details) > 0)
          {
            $fetch_member_details=mysql_fetch_array($query_member_details);
            $member_id=$fetch_member_details['member_id'];
                 
            session_start();
            $_SESSION['member_id']=$member_id;
                 
            header("Location:".SITE_URL);
                 
          }
          else
          {
             $message='Invalid Login';
          }


on each page i am getting the session value,

Code: Select all

<?php
require_once('general/require_once.php');

session_start();
$member_id=$_SESSION['member_id'];

//rest of the code

If i login as 'member_a' (assume member exists) and echo the id, i am getting the correct id of member_a. If i do not signout and go to admin and delete member_a and if i refresh member_a's page the first member's id is displayed. How to solve this.

Posted: Sat Nov 03, 2007 2:16 pm
by feyd
Echo the query. I suspect you may have a flaw in the logic or may need logic added to it.

Posted: Sat Nov 03, 2007 2:47 pm
by shivam0101

Code: Select all

$query_member_details=mysql_query("SELECT * FROM members WHERE member_email_id='$member_email_id' AND member_password='$member_password' AND member_flag=1 AND confirm_flag='YES'");
echo output:

Code: Select all

SELECT * FROM members WHERE member_email_id='shivam0101@gmail.com' AND member_password='shivam' AND member_flag=1 AND confirm_flag='YES'
The problem is in other pages. Once i login and go to a page, then delete the user by either opening another window or manually in the database and then i refresh the page i am getting the first members id (i can understand since i deleted i wont be able to see my id, but why i am seeing other member id in session?)

For example:
1. member_a id is 10
2. member_a logs in - he is able to see his id - 10.
3. Opens another window and login as admin and delete member_a OR delete member_a directly by opening DB
4. Refresh member_a's home page or any other page - the member id is some other person's member_id (first member's)

Posted: Sat Nov 03, 2007 3:12 pm
by feyd
What does the query look like when you experience this "bug?"

Posted: Sat Nov 03, 2007 4:51 pm
by Kieran Huggins
try:

Code: Select all

$query_member_details=mysql_query("SELECT * FROM members WHERE member_email_id='$member_email_id' AND member_password='$member_password' AND member_flag=1 AND confirm_flag='YES'") or die(MySQL_error());