Finding ID

Ask about a PHP problem here.
Post Reply
User avatar
jacek
Site Admin
Posts: 3262
Joined: Thu May 05, 2011 1:45 pm
Location: UK
Contact:

Re: Finding ID

Post by jacek »

What URL do you get sent to after clicking on one of the links ?
Image
User avatar
jacek
Site Admin
Posts: 3262
Joined: Thu May 05, 2011 1:45 pm
Location: UK
Contact:

Re: Finding ID

Post by jacek »

If you add
var_dump(fetch_users());
somewhere, do you get the ids from that ?
Image
User avatar
jacek
Site Admin
Posts: 3262
Joined: Thu May 05, 2011 1:45 pm
Location: UK
Contact:

Re: Finding ID

Post by jacek »

hmm...

can you make sure you have error_reporting set to E_ALL, the problem is most likely a misspelled variable and enabling E_NOTICE level messages will show you that right away instead of trying to guess.
Image
User avatar
jacek
Site Admin
Posts: 3262
Joined: Thu May 05, 2011 1:45 pm
Location: UK
Contact:

Re: Finding ID

Post by jacek »

the error_reposting() line should be the first thing in the script :)
Image
User avatar
jacek
Site Admin
Posts: 3262
Joined: Thu May 05, 2011 1:45 pm
Location: UK
Contact:

Re: Finding ID

Post by jacek »

Well that tells you that you can remove the session_start line ;)

But you are looking in the wrong file, the problem has to be in the "page where you choose an account:" file as the $_GET variable is not set right in the URL you post a few posts ago. Also you can remove the session_start in both pages as it is in the init.inc.php file.
Image
User avatar
jacek
Site Admin
Posts: 3262
Joined: Thu May 05, 2011 1:45 pm
Location: UK
Contact:

Re: Finding ID

Post by jacek »

Try setting error_reporting to E_ALL for this file.
Image
User avatar
Temor
Posts: 1186
Joined: Thu May 05, 2011 8:04 pm

Re: Finding ID

Post by Temor »

It's probably nothing, but in Line 50
<?php $_GET['$uid']; 
Is it supposed to have a $ in it? :S
Torniquet
Posts: 52
Joined: Sun Jun 19, 2011 8:10 am
Contact:

Re: Finding ID

Post by Torniquet »

nevermind, i think i had the wrong end of the stick lol
User avatar
jacek
Site Admin
Posts: 3262
Joined: Thu May 05, 2011 1:45 pm
Location: UK
Contact:

Re: Finding ID

Post by jacek »

jacek wrote:Try setting error_reporting to E_ALL for this file.
Please try this.
Image
User avatar
jacek
Site Admin
Posts: 3262
Joined: Thu May 05, 2011 1:45 pm
Location: UK
Contact:

Re: Finding ID

Post by jacek »

On the page that shows the error, do you have a uid variable in the URL ?
Image
Torniquet
Posts: 52
Joined: Sun Jun 19, 2011 8:10 am
Contact:

Re: Finding ID

Post by Torniquet »

on the latest pages you have there, you are calling for $user['acc_id'] when you are setting it as $user['id']

That one is straight forward enough.

I have tested your coding on my machine, and it seems to work fine. I have looked for the above error in the origional script, and i cant see anything wrong anywhere.
User avatar
jacek
Site Admin
Posts: 3262
Joined: Thu May 05, 2011 1:45 pm
Location: UK
Contact:

Re: Finding ID

Post by jacek »

uhshosting wrote:no ever since i done the e_all on the one page i had an error on the account page that was trying to fix
Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in /home/thailand/public_html/account/core/user.inc.php on line 79
This is a SQL injection vulnerability, essentially, the quotes in the URL are being treated as part of the query, making it's syntax invalid.
uhshosting wrote:so my url is
http:/.com/account/admin/accounts/account.php?uid=%3Cbr%20/%3E%3Cb%3ENotice%3C/b%3E:%20%20Undefined%20index:%20%20acc_id%20in%20%3Cb%3E/home/public_html/account/admin/accounts/index.php%3C/b%3E%20on%20line%20%3Cb%3E51%3C/b%3E%3Cbr%20/%3E
the undefined index here means that the link you are clicking uses a variable that is not defined, as the person above this said ;)
Image
User avatar
jacek
Site Admin
Posts: 3262
Joined: Thu May 05, 2011 1:45 pm
Location: UK
Contact:

Re: Finding ID

Post by jacek »

uhshosting wrote:thank you i got it working.
Good news, but you also need to make sure you address
jacek wrote:This is a SQL injection vulnerability
Depending on how this is used in the query somebody may be able to use it to steal all of your data.
Image
User avatar
jacek
Site Admin
Posts: 3262
Joined: Thu May 05, 2011 1:45 pm
Location: UK
Contact:

Re: Finding ID

Post by jacek »

my SQL injection one should tell you how :
Image
Post Reply