BetterPHP

The non-existent community
https://betterphp.co.uk/board/

Major Session Issues

https://betterphp.co.uk/board/viewtopic.php?t=686

Page 1 of 1

Major Session Issues

Posted: Mon Oct 03, 2011 11:55 pm
by LiquidFusi0n
OK, so I am writing a security challenge and am encountering a load of session issues. This spans across several files so it would be best to upload a zip. But for now I'll just post the code. 
if($login_count == 1)
{
        session_start();
        $_SESSION['username'] = $username;
        $_SESSION['password'] = $password;
        header("location:members.php");
}
That is the login part... it works. 
if(isset($_SESSION['username']) && isset($_SESSION['password']))
        {   
                $profile_id = $_SESSION['username'];
                $profile_id_cleaned = mysql_real_escape_string($profile_id);
                $_SESSION['username'] = $username;
                $_SESSION['password'] = $password;
                header("location:profile.php?page=" . htmlentities($profile_id_cleaned));
        }
The session here is not being passed although they are set because we are being redirected :?:

Onto profile.php :P 
<?php 
session_start();

if(session_is_registered($_SESSION['username']) == false) //Checking is session for username is set 
{
        echo "Please ensure that cookies are enabled!";
}
else
{
        $username = $_SESSION['username'];
}
?>
All I get is that the session is not set, and the error message is given?

Now to the profile info update page. 
$title = $_POST['title'];
$f_name = $_POST['f_name'];
$l_name = $_POST['l_name'];
$email = $_POST['email'];
$age = $_POST['age'];
$personal_text = $_POST['personal_text'];

validate($title, $f_name, $l_name, $email, $age, $personal_text);

if(isset($_POST['submit']) || isset($_POST['upload']))
{
     
        $_SESSION['title'] = $title;
        $_SESSION['f_name'] = $f_name;
        $_SESSION['l_name'] = $l_name;
        $_SESSION['email'] = $email;
        $_SESSION['age'] = $age;
        $_SESSION['personal_text'] = $personal_text;
     
}
This also isn't being passed, sure I know I could do this much easier... but what is the problem with the sessions?

Also session_start() is present in all scripts.... If you want a ZIP upload to better understand just ask :)

Thanks
--LiquidFusi0n

Re: Major Session Issues

Posted: Tue Oct 04, 2011 11:09 am
by EcazS
Didn't check too much but the session_start as to be before any output. So make sure it's at the top of your script, nothing above it. Just to make sure.

Re: Major Session Issues

Posted: Wed Oct 05, 2011 4:56 pm
by jacek
You are using session_is_registered wrongly, to quote php.net
This function has been DEPRECATED as of PHP 5.3.0. Relying on this feature is highly discouraged.
so you should not really use it anyway.

A simple isset will do 
if (isset($_SESSION['username'])){
    // things.
}
for example :D
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited