ok we have got our sessions setup but somethings not right we keep getting errors where it doesnt keep the session and other bits like that !
PHP Code:
include_once "includes.php";
if (! isset($_SESSION['id'])){
if ($_POST["login_username"] != "" and $_POST["login_password"] != ""){
$username = $_POST["login_username"];
$password = $_POST["login_password"];
$result = mysql_query("select id from user where username='$username' and password='$password'")or die(mysql_error());
if (mysql_numrows($result) == 1){
$_SESSION['id'] = mysql_result($result,0, "id");
} else {
echo "Wrong username or password";
exit;
}
} else {
header("location:index.php");
exit;
}
} else {
}
$data = mysql_query("Select * from stats where id=$_SESSION[id]")or die(mysql_error());
thats from our home.php and it uses a session.controller.inc.php
PHP Code:
<?
function mysql_session_open($session_path,$session_name){
mysql_pconnect("host","user","pass")or die("Can't connect to MySQL server!");
mysql_select_db("db_name")or die("Can't connect to MYSQL server!");
}
function mysql_session_close(){
return 1;
}
function mysql_session_select($SID) {
$query = "select value from sessionInfo where SID = '$SID' and expiration > ". time();
$result = mysql_query($query);
if(mysql_num_rows($result)){
$row = mysql_fetch_assoc($result);
$value = $row['value'];
return $value;
} else {
return "";
}
}
function mysql_session_write($SID, $value){
$lifetime = get_cfg_var("session.gc_maxlifetime");
$expiration = time() + $lifetime;
$query = "insert into sessionInfo values('$SID','$expiration','$value')";
$result = mysql_query($query);
if(! $result){
$query = "UPDATE sessionInfo set expiration = '$expiration',value='$value' where SID = '$SID' and expiration >". time();
$result = mysql_query($query)or die(mysql_error());
}
}
function mysql_session_destroy($SID){
$query = "DELETE FROM sessionInfo where SID = '$SID'";
$result = mysql_query($query);
}
function mysql_session_garbage_collect($lifetime){
$lifetime = get_cfg_var("session.gc_maxlifetime");
$time = time() - $lifetime;
$query = "DELETE FROM sessionInfo where expiration < ".$time;
$result = mysql_query($query);
return mysql_affected_rows($result);
}
?>
can you see any errors in this or give any info on why its not working
Just had a quick glance over it. I noticed this line
PHP Code:
$data = mysql_query("Select * from stats where id=$_SESSION[id]")or die(mysql_error());
//TRY IT AS $data = mysql_query("Select * from stats where id={$_SESSION['id']}")or die(mysql_error());
I'm not too sure with your sessions, but most have session_start() at the top of the scripts. you may also want to google 'mysql injection' too, since your code is susceptible to it
Linear Mode
