Owkee here goes:
* Removing the foreach loop only supplied me with not being able to log
in.
But again I dunnot think this is the problem.
The variables are stored correctly.
At certain times the user_id sessions were just swapped...
* Now I've seen that
session_register('email');
$_SESSION['email'] = $email;
Did not supply any output when listing my session variables with
echo "<pre>\n";
print_r($_SESSION);
echo "</pre>\n";
When I removed this line (and I am testing 2 hours already now) I have
not ecountered any problems so far.
Could this be logical?
Could a session variable with no value at all cause the earlier
mentioned problems?
* Also when a file was uploaded and it's parameters were inputed in the
database I used this code to do it:
//get the id of the current logged in user
$submit_user_id=$_SESSION['user_id'];
//set the file url
$url= ("documents/".$file_name);
$sql4 = "insert into documents (document_name,
document_description, document_submit_date,
document_submitter_user_id, document_folder_id, document_url,
document_ext, document_author) values ('$_POST [documentname]',
'$_POST[documentdescription]', '$inputdate', '$submit_user_id',
'$_POST[folderid]', '$url', '$ext', '$_POST[documentauthor]' )";
Which I now changed into:
//get the id of the current logged in user
//$submit_user_id=$_SESSION['user_id'];
//set the file url
$url= ("documents/".$file_name);
$sql4 = "insert into documents (document_name,
document_description, document_submit_date,
document_submitter_user_id, document_folder_id, document_url,
document_ext, document_author) values ('$_POST [documentname]',
'$_POST[documentdescription]', '$inputdate', $_SESSION['user_id'],
'$_POST[folderid]', '$url', '$ext', '$_POST[documentauthor]' )";
Maybe for some bizarre reason sometimes the value of the last
$submit_user_id was given to $_SESSION[user_id].
As you can see I'm getting very suspecious about everything hehe.
* Secondly I now use this:
$sql = mysql_query("SELECT * FROM users WHERE
username='$username' AND password='$password' AND activated='1'");
$login_check = mysql_num_rows($sql);
if($login_check > 0){
while($row = mysql_fetch_array($sql)){
foreach( $row AS $key => $val ){
$$key = stripslashes( $val );
}
// Register some session variables!
session_register('user_id');
$_SESSION['user_id'] = $user_id;
session_register('first_name');
$_SESSION['first_name'] = $first_name;
session_register('last_name');
$_SESSION['last_name'] = $last_name;
//session_register('email');
//$_SESSION['email'] = $email;
session_register('user_level');
$_SESSION['user_level'] = $user_level;
}
should it be better when I use this??
$sql = mysql_query("SELECT * FROM users WHERE
username='$username' AND password='$password' AND activated='1'");
$login_check = mysql_num_rows($sql);
if($login_check > 0){
while($row = mysql_fetch_array($sql)){
// Register some session variables!
session_register('user_id');
$_SESSION['user_id'] = $row->user_id;
session_register('first_name');
$_SESSION['first_name'] = $row->first_name;
session_register('last_name');
$_SESSION['last_name'] = $row->last_name;
//session_register('email');
//$_SESSION['email'] = $email;
session_register('user_level');
$_SESSION['user_level'] = $row->user_level;
}
* last question.
Very soon I will need a good and secure usersystem preferabbly with no
cookies. So I think sessions are the way to go.
Maybe you can supply me with some good tutorials or scripts which can
help me create a well closed usersystem.
After these encounters with security problems, I'm not really sure no
more what to use or to do.
Thx again for all the efforts you are doing to help me out.
It's highly appreciated (if I would be a girl I would give you a kiss).
Greetings,
Reinhart Viane
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
