Page 1 of 1

Some session trouble

Posted: Mon Mar 03, 2008 12:03 pm
by krept
Hi there, I'm grateful for discovering this forum, and I hope you guys can help me solve a few problems here.
I've got a script on my website http://www.criticaldepth.net where users can upload their original music, through the site, it automatically renames the filename and adds it to a mysql database which an embedded flash mp3 player will play the songs. I've also created a delete music option where the members can delete certain songs they want to. My problem is, the page they visit to delete the songs lists all of there songs as a link with "Delete" at the end of the link.
This works fine when you login and visit the page, but say i was to visit another person's profile. These profiles are in the format of http://www.criticaldepth.net/index.php? ... ile&uid=25
Somehow this seems to be setting the userid to 25 or whatever you click on. Which means, when someone is logged in on their own user account and want to delete a song, it displays the songs from userid 25. This is not acceptable, as they're accessing other people's music.

The delete music code can be found here:

Code: Select all

<?php include ('../includes/DBConnect.php'); 
$userid = $_SESSION['userid'];
 
echo ("<strong>");
echo $_SESSION['artist_name'];
echo (" Delete tracks: <br /><br /></strong>");
if(!isset($cmd)) 
{
 
   $result = mysql_query("select * from tracks where userid='$userid' order by title"); 
 
   while($r=mysql_fetch_array($result)) 
   { 
 
      $title=$r["title"];
      $trackid=$r["trackid"];
     
 
      echo "<a href='editmusic.php?cmd=delete&trackid=$trackid'>$title - Delete</a>";
      echo "<br>";
    }
}
 
?>
<?
if($_GET["cmd"]=="delete")
{
 
$creator = mysql_result(mysql_query("Select creator from tracks where trackid = $trackid;"),'creator');
$title = mysql_result(mysql_query("Select title from tracks where trackid = $trackid;"),'title');
$filepath = "audio/uploads";
$buffer = $filepath."/".$creator."-".$title.".mp3";
$buffer = str_replace(" ", "", $buffer );
 
chmod($buffer,0777);
if(is_writable($buffer)){ unlink($buffer); } else { echo 'cannot delete file'; }
 
$sql = "DELETE FROM tracks WHERE trackid=$trackid";
$result = mysql_query($sql);
 
echo "Song Deleted!";
} ?>
 

I also have a profile page which seems to be setting the global userid variable which can be found here:

Code: Select all

$userid = $_GET['uid'];
 
 
include ('../includes/DBConnect.php'); 
 
$userprofile = mysql_fetch_array(mysql_query("Select * from users where userid='$userid'"));
 
if (!$userid) { header( 'Location: http://www.criticaldepth.net/music.php' ) ;}
And then the music page:

Code: Select all

<?
include ('../includes/DBConnect.php'); 
$usernames = mysql_query("Select userid,username,artist_name from users where user_level > 1 Order by username");
if ($username = mysql_fetch_array($usernames))
{
do
{
$usernameURL=str_replace(' ','_',str_replace("'",'',str_replace('&','and',$username['username'])));
echo '<a href="http://www.criticaldepth.net/index.php?page=profile&uid='.$username['userid'].'">'.$username['artist_name'].'</a><br />';
} while ($username = mysql_fetch_array($usernames));
}
?>
I can explain in much more detail and give more examples if need be, please help me out as this site is taking a long time to complete and I'm very close to finishing. Thanks for the help!
Kevin

Re: Some session trouble

Posted: Mon Mar 03, 2008 12:39 pm
by Christopher
You need to have called session_start() before you can use $_SESSION.

Re: Some session trouble

Posted: Mon Mar 03, 2008 12:54 pm
by krept
yes, session_start(); is called in my index page

Re: Some session trouble

Posted: Mon Mar 03, 2008 1:10 pm
by kryles
It has to be used in every page you want sessions to be used.

Re: Some session trouble

Posted: Mon Mar 03, 2008 1:22 pm
by krept
when i put session_start(); on this page i get a white page.

Re: Some session trouble

Posted: Mon Mar 03, 2008 1:25 pm
by krept
ok i take that back, had a different error causing that, but it still won't display the correct titles when session_start(); is included.

Re: Some session trouble

Posted: Mon Mar 03, 2008 1:52 pm
by kryles
I know other people may not like the idea but can you post the complete page with the html/php? I'm curious :D

Re: Some session trouble

Posted: Mon Mar 03, 2008 2:17 pm
by krept

Code: Select all

<?php
$title = 'edit music'; ?>
<?php
 session_start(); 
 
$nav = '<div id="navigation" style="margin-left: 10px;"><br /><ul id="navigation">
 
    <li id="home"><a href="index.php?page=home"><span>home</span></a></li>
 
    <li id="about"><a href="index.php?page=about"><span>about</span></a></li>
 
    <li id="music"><a href="index.php?page=music" class="on"><span>music</span></a></li>
 
    <li id="press"><a href="index.php?page=press"><span>press</span></a></li>
 
    <li id="links"><a href="index.php?page=links"><span>links</span></a></li>
 
    <li id="contact"><a href="index.php?page=contact"><span>contact</span></a></li>
 
</ul></div>'; ?>
 
<?php
session_start();
include ('header.php'); 
?>
</div>
 
<div class="musicid"><img src="images/music.png" alt="home" height="66" /></div>
<div class="content" id="content"><div class="contrest" id="contrest"><br />
<strong>Edit Music</strong><br/>
<?php include ('../includes/DBConnect.php'); 
$userid = $_SESSION['userid'];
 
echo ("<strong>");
echo $_SESSION['artist_name'];
echo (" Delete tracks: <br /><br /></strong>");
if(!isset($cmd)) 
{
 
   $result = mysql_query("select * from tracks where userid=".intval($_SESSION['userid'])." order by title");
 
   while($r=mysql_fetch_array($result)) 
   { 
 
      $title=$r["title"];
      $trackid=$r["trackid"];
     
 
      echo "<a href='editmusic.php?cmd=delete&trackid=$trackid'>$title - Delete</a>";
      echo "<br>";
    }
}
 
?>
<?
if($_GET["cmd"]=="delete")
{
 
$creator = mysql_result(mysql_query("Select creator from tracks where trackid = $trackid;"),'creator');
$title = mysql_result(mysql_query("Select title from tracks where trackid = $trackid;"),'title');
$filepath = "audio/uploads";
$buffer = $filepath."/".$creator."-".$title.".mp3";
$buffer = str_replace(" ", "", $buffer );
 
chmod($buffer,0777);
if(is_writable($buffer)){ unlink($buffer); } else { echo 'cannot delete file'; }
 
$sql = "DELETE FROM tracks WHERE trackid=$trackid";
$result = mysql_query($sql);
 
echo "Song Deleted!";
}
?>
            </div>
<br><br>
</div></div>
 
<?php
include ('footer.php');
?>
 
there it is :)

Re: Some session trouble

Posted: Mon Mar 03, 2008 2:19 pm
by SpecialK
I can't outright see any problem, but the fact that you are using $userid as both a session login and a uid may be some of the area of problem.

On another note "editmusic.php?cmd=delete&trackid=$trackid'" doesn't look to be stopped if someone was to just put in a number. It won't output the list of files to delete, but then if the cmd is set, like it is to delete, then it appears to delete the file outside of the validation of the user session. I think that needs to be protected as a querystring change could delete someone elses file without that validation.

Re: Some session trouble

Posted: Mon Mar 03, 2008 2:28 pm
by krept
i agree, i'm not exactly the most knowledgeable programmer, i'm just a musician trying to hack up a site :( any help would be greatly appreciated

Re: Some session trouble

Posted: Mon Mar 03, 2008 2:37 pm
by Zoxive

Code: Select all

<?php
$title = 'edit music'; ?>
<?php
session_start();
Why do you close php, then open it up again? This could be causing white space to be sent before sesison_start is called, and sesison_start needs to be called before anything is output to the browser.

Code: Select all

<?php
$title = 'edit music';
 
session_start();

Error Reporting Is your Friend.

Code: Select all

ini_set('display_errors',true);
error_reporting(E_ALL);
 

Re: Some session trouble

Posted: Mon Mar 03, 2008 3:20 pm
by krept
i've narrowed the problem down to just being the userid set by clicking on that link
even now when i
echo $_SESSION['userid'];

it doesn't show the userid logged in the session, it shows the userid of whatever profile you just clicked on.