473,396 Members | 2,052 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > php > questions > sessions gone wild

Join Bytes to post your question to a community of 473,396 software developers and data experts.

sessions gone wild

155 100+
I start sessions on all pages with:
Expand|Select|Wrap|Line Numbers
  1. ob_start();
  2. session_start();
at the top of the page before anything else.

When I login these sessions are set:
Expand|Select|Wrap|Line Numbers
  1. $query = "SELECT *
  2. FROM users
  3. WHERE (email='$e' AND pass=SHA('$p'))
  4. AND active IS NULL";
  5. $result = mysql_query ($query);
  6. if (@mysql_num_rows($result) == 1) {
  7. $row = mysql_fetch_array ($result, MYSQL_NUM);
  8. $_SESSION['user_id'] = $row[0];
  9. $_SESSION['display_name'] = $row[3];
  10.  
  11. // Start defining the URL.
  12. $url = './../members/main.php';
  13.  
  14. ob_end_clean(); // Delete the buffer.
  15. header("Location: $url");
  16. exit();
  17. }
OK, I'm logged in. It's a recipe website and I migrate to a page that has a list of Beef recipes. I click on one and on the page displaying the recipe it shows the person who submitted the recipe's display name, e.g. Martha

Next to Martha's name is a link that says Click Here to see all my recipes. Here's the link:
Expand|Select|Wrap|Line Numbers
  1. <a href='all_user_recipes.php?file=$user_id'>Click Here</a>
To display the recipe a query is ran that pulls the recipe from the recipes table: recipe_id, c_id, user_id, recipe_title, ingredients, directions, notes, viewed, r_allow, submitted

The user_id is set in the users table when the person registered. The user_id is entered into most of the tables on this website.

Here's where things get screwy.

When I click on the link to see all of Martha's recipes, a query is ran that pulls all the recipes from the database that correlates with Martha's user_id. At the same time - my session is now populated with Martha's information. At the top of the screen where it used to say Hello, David P (my display_name, which was set in a session when I log in) --- now says, "Hello, Martha". When I go to the user Control Panel it is Martha's account that I'm in. I can change her password and delete all her recipes if I had a mind to.

I can change from Martha to someone else just by clicking on the link to see all of their recipes. It's as if the page variable ($user_id) is changing the session variable ($_SESSION['user_id']).

My server uses PHP Version 4.4.9

On the same page that displays the recipe along with the link to see all that person's recipes, is a link that allows me to add that recipe to my "favorite recipes box". This is just a table (favorite_recipes) that has 2 rows - recipe_id and user_id.

How it is suppose to work is that when I click on the "Add to Favorite Recipe Box" a page opens that takes my user_id ($_SESSION['user_id']) and that recipe's recipe_id ($recipe_id) and inserts it into the favorite_recipe table and gives me a happy message saying it's been added:
Expand|Select|Wrap|Line Numbers
  1. $recipe_id = $_GET['recipe_id'];
  2. $query = "INSERT INTO favorite_recipes (user_id, recipe_id)
  3. VALUES ('".$_SESSION['user_id']."', '$recipe_id')";
  4. $result = mysql_query($query);
  5. if ($result) {
  6. echo "Hurray! The recipe is added!";
  7. } else {
  8. echo "Too Bad. Recipe not added.";
  9. }
What actually happens is that the recipe owner's user_id is entered instead of my session user_id and it changes my current session ($_SESSION['user_id']) and ($_SESSION['display_name']) - be it me or the person who I viewed all their recipes -- to the person whose recipe I just saved in my favorite recipe box. I am now them and when I go to the control panel I am in their account and once again can do mischief if I've a mind to.

So, it seems that whenever I click on a link my session changes. I don't get this. Any ideas?
Dec 9 '09 #1
4 1706
Atli
5,058 Expert 4TB
Hey.

None of the code you posted looks like it is causing this, and I can't spot anything that could be.

Are there any global includes in your PHP files? Something that could be interfering with the sessions?

Try searching all the files involved for "$_SESSION['user_id'] =". Just in case there was a copy/paste malfunction, or something like that.

Also, a couple of things you should consider.
  • Using the SHA function inside a MySQL query is inadvisable. Under certain circumstances the MySQL server may log the raw query, which would then contain the plain-text password. Kind of defeats the purpose of the whole thing.
    It's better to use PHP to hash things and pass the hashes into the queries.
  • Your "Add recipe" code is wide open to SQL Injection.
    Always use the mysql_real_escape_string function on data before inserting it into a MySQL query. In the case of numbers, the intval and floatval functions can also be used.
  • My server uses PHP Version 4.4.9
    A fan of antiques, are you? :P
Dec 9 '09 #2
DavidPr
155 100+
When you say SQL Injection I guess you're referring to this:
Expand|Select|Wrap|Line Numbers
  1. $recipe_id = $_GET['recipe_id'];
I changed to this:
Expand|Select|Wrap|Line Numbers
  1. $recipe_id = escape_data($_GET['recipe_id']);
  2. $user_id = escape_data($_SESSION['user_id']);
  3.  
  4. $query = "INSERT INTO favorite_recipes (user_id, recipe_id) VALUES ('$user_id', '$recipe_id')";
I have an escape_data function in my database connection include that handles mysql_real_escape_string.

I thought I read someplace that a page variable $user_id could change the session user_id when passed through the address bar such as with this:
Expand|Select|Wrap|Line Numbers
  1. <a href='see_all_user_recipes.php?file=$user_id'>SEE ALL</a>
Is this possible or no?

I don't see any buggered up session user_id's on any of the pages. The session system I'm using is the one found in Larry Ulman's book Chp13.

I'm not sure how I would implement the PHP hash that you spoke of. I'll have to read up on that.

No matter what link I click on, my session information changes to someone else. Even this:
Expand|Select|Wrap|Line Numbers
  1. <a href='see_list.php?file=$c_id'>$c_name</a>
c_id and c_name is the recipe category id and name. I click on this and I'm suddenly someone else.
Dec 9 '09 #3
DavidPr
155 100+
See any reason why this would not display even though the session user_id is set and the recipe_id hasn't been added already? I have the user_id echo-ed above this script (as a test) to make sure that it is set and it is. I can't figure out why it isn't working.

Expand|Select|Wrap|Line Numbers
  1. if (isset($_SESSION['user_id']))
  2. {
  3.  
  4. include('dbconnect.php');
  5.  
  6. $query = "SELECT recipe_id
  7. FROM favorite_recipes
  8. WHERE favorite_user_id='" . $_SESSION['user_id'] . "'";
  9. $result = mysql_query ($query);
  10.  
  11. // Make sure this user hasn't already added this recipe to their favorites
  12. if (mysql_num_rows($result) == 0)
  13. {
  14.  
  15. while($row = mysql_fetch_array($result))
  16. {
  17. $recipe_id = $row['recipe_id'];
  18.  
  19. echo "
  20. <tr><td>
  21. <a href='add_favorite.php?recipe_id=$recipe_id'>Add to Favorites</a>
  22. </td></tr>
  23. ";
  24. }
  25. }
  26. }
Dec 9 '09 #4
DavidPr
155 100+
OK, I found the problem with that which I posted above. The query should have been this:
Expand|Select|Wrap|Line Numbers
  1. $query = "SELECT recipe_id
  2. FROM favorite_recipes
  3. WHERE favorite_user_id='" . $_SESSION['user_id'] . "'
  4. AND recipe_id='$recipe_id'";
  5. $result = mysql_query ($query);
What this query was doing was checking to see if the user had already added this recipe into their favorites. If so, this section was to be ignored. If they had not, then show this section and give the user the option of adding it to their favorites folder. I failed to check it against the recipe_id of the current recipe.
Dec 9 '09 #5

Sign in to post your reply or Sign up for a free account.

Similar topics

1
sessions dropping
by: Shawn Wilson | last post by:
Hi, I've been having some trouble with sessions. I have a pw-protected section of my website where members can log in and use tools to edit their websites. The problem is sessions seem to...
PHP
19
Get the number of sessions going on now.
by: Jeff Clark | last post by:
Hiya! How would i get this number? thanks!
ASP / Active Server Pages
6
Sessions Problem
by: Paul | last post by:
Hi all, I seem to been having a problem with sessions. I have a session in the login page Session("UserLevel") = (MM_rsUser.Fields.Item("Accesslevel").Value) which doesn't seem to be visible...
ASP / Active Server Pages
7
sessions vs cookies
by: Atte André Jensen | last post by:
Hi I'm developing a site where I'd like to store information during a users visit. So far I've been using sessions, but as far as I can tell it's not possible to control for how long a session...
PHP
2
Sessions Information
by: Coder | last post by:
Hello, I am developing a dating site, What I am trying to do is; When one of my members logins, should see how many users online, and should see which users online when searching and listing...
ASP.NET
4
PHP zombie sessions
by: ctclibby | last post by:
Hi All Seem to be getting zombie sessions. /tmp/sess_ exist and are owned by daemon. I am guessing and these could come from brower crashes, networks gone down ... etc ... even from stuff that...
PHP
2
detecting session timeout or tracking concurrent sessions
by: runner7 | last post by:
Can anyone tell me if there is a way in PHP to determine when a session times out on the server or how many concurrent sessions there are in your application?
PHP
7
Subform Cursor Gone Wild
by: mmckinnon | last post by:
Hi All, I have a mainform that hold a template for house remodeling. Then I have a subform that holds the tasks needed to accomplish the house remodel. The subfrom is a list of continuous...
Microsoft Access / VBA
0
Database gone a bit wild
by: jac43 | last post by:
Hi all just recently a large postgres database that has been happily chugging away with no problems has gone a bit wild. It is in the ~/data/base/16450 directory were there are suddenly since Oct...
PostgreSQL Database
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice
0
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...
Microsoft Access / VBA

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!