Expand|Select|Wrap|Line Numbers
- ob_start();
- session_start();
When I login these sessions are set:
Expand|Select|Wrap|Line Numbers
- $query = "SELECT *
- FROM users
- WHERE (email='$e' AND pass=SHA('$p'))
- AND active IS NULL";
- $result = mysql_query ($query);
- if (@mysql_num_rows($result) == 1) {
- $row = mysql_fetch_array ($result, MYSQL_NUM);
- $_SESSION['user_id'] = $row[0];
- $_SESSION['display_name'] = $row[3];
- // Start defining the URL.
- $url = './../members/main.php';
- ob_end_clean(); // Delete the buffer.
- header("Location: $url");
- exit();
- }
Next to Martha's name is a link that says Click Here to see all my recipes. Here's the link:
Expand|Select|Wrap|Line Numbers
- <a href='all_user_recipes.php?file=$user_id'>Click Here</a>
The user_id is set in the users table when the person registered. The user_id is entered into most of the tables on this website.
Here's where things get screwy.
When I click on the link to see all of Martha's recipes, a query is ran that pulls all the recipes from the database that correlates with Martha's user_id. At the same time - my session is now populated with Martha's information. At the top of the screen where it used to say Hello, David P (my display_name, which was set in a session when I log in) --- now says, "Hello, Martha". When I go to the user Control Panel it is Martha's account that I'm in. I can change her password and delete all her recipes if I had a mind to.
I can change from Martha to someone else just by clicking on the link to see all of their recipes. It's as if the page variable ($user_id) is changing the session variable ($_SESSION['user_id']).
My server uses PHP Version 4.4.9
On the same page that displays the recipe along with the link to see all that person's recipes, is a link that allows me to add that recipe to my "favorite recipes box". This is just a table (favorite_recipes) that has 2 rows - recipe_id and user_id.
How it is suppose to work is that when I click on the "Add to Favorite Recipe Box" a page opens that takes my user_id ($_SESSION['user_id']) and that recipe's recipe_id ($recipe_id) and inserts it into the favorite_recipe table and gives me a happy message saying it's been added:
Expand|Select|Wrap|Line Numbers
- $recipe_id = $_GET['recipe_id'];
- $query = "INSERT INTO favorite_recipes (user_id, recipe_id)
- VALUES ('".$_SESSION['user_id']."', '$recipe_id')";
- $result = mysql_query($query);
- if ($result) {
- echo "Hurray! The recipe is added!";
- } else {
- echo "Too Bad. Recipe not added.";
- }
So, it seems that whenever I click on a link my session changes. I don't get this. Any ideas?