Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.
Hi all,
I think i'm always new to php because i got lots of things to learn.
So i have a problem.
I have two separate systems and different users logs in to this systems.When i opens those two systems and type different user names and passwords for those systems. Site 1:user name-ABC
Site 2:user name-XYZ
After some times,I log off from the site 2,and when i checks the site 1,it's uesrname has changed in to XYZ.when i click on a page in site 1,site 1's session are expired and directs me to the index page.
i think that is a problem when we come to the real world.
So is there any way to prevent that???
Hope everyone got the idea...
Waiting for your quick reply.Thanks in advance
<?php
if (!isset($_SESSION)) {
session_start();
}
require_once('library/myconn.php');
require_once('library/functions.php');
// *** Validate request to login to this site.
$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
$_SESSION['PrevUrl'] = $_GET['accesscheck'];
}
if (isset($_POST['uname'])) {
$loginUsername=$_POST['uname'];
$password=$_POST['pword'];
/*$redirectLoginSuccess_sadmin = "user/sadmin_home.php";
$redirectLoginSuccess_admin = "user/home.php";
$redirectLoginSuccess_user = "user/user_home.php";
$redirectLoginSuccess_client = "user/client_home.php";*/
$redirectLoginSuccess_sadmin = "import/add_job.php";
$redirectLoginFailed = "index.php";
$LoginRS__query=sprintf("SELECT * FROM tbl_com_user WHERE user_uname=%s AND user_pword=%s",GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text"));
$LoginRS = mysql_query($LoginRS__query, $myconn) or die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
//$rowent = mysql_fetch_array($LoginRS);
//$user_level=$rowent[8];
//Get the user level
if ($loginFoundUser) {
$r=mysql_fetch_assoc($LoginRS);
//declare session variables and assign them
$_SESSION['s_username'] = $r['user_uname'];
$_SESSION['s_userpword'] = $r['user_pword'];
$_SESSION['s_mytimezone'] = $r['user_timezone'];
$_SESSION['s_user_id']= $r['user_id'];
$_SESSION['s_my_com_id']= $r['my_com_id'];
$_SESSION['s_user_email']= $r['user_email'];
$_SESSION['s_user_level']= $r['user_level'];
$_SESSION['s_user_tel']= $r['user_tel'];
header("Location: ". $redirectLoginSuccess_sadmin);
/*if($_SESSION['s_user_level']=="sadmin"){
header("Location: ". $redirectLoginSuccess_sadmin);
}
if($_SESSION['s_user_level']=="admin"){
header("Location: ". $redirectLoginSuccess_admin);
}
if($_SESSION['s_user_level']=="user"){
header("Location: ". $redirectLoginSuccess_user);
}
if($_SESSION['s_user_level']=="client"){
header("Location: ". $redirectLoginSuccess_client);
}*/
}
else {
header("Location: ". $redirectLoginFailed );
//header("Location: import/add_job.php");
}
}
?>
This part is the functionality part.when i log off from the site1,site 2's sessions are get crashed.What will happen if we use separate company id to track the session??
I'm just asking.......
please help me to solve this up
Thanks in advance