login problem..

[iGuest 3]

Hi. My login script is annoying me and i wonder if you could help. I will be very very greatful if you can

The following is a part of it that registers the session variables. Its these that keep changing.

Each user has a home page..when i log in and view someone elses, then for some reason the session registers as though that person is logged in, whichever userpage is accessed.

If you could explain to me how this little bit of code works i would be very greatful too:

  session_register('first_name');  $_SESSION['first_name'] = $first_name;  session_register('last_name');  $_SESSION['last_name'] = $last_name;  session_register('username');  $_SESSION['username'] = $username;  session_register('userid');  $_SESSION['userid'] = $userid;  session_register('email_address');  $_SESSION['email_address'] = $email_address;  session_register('special_user');  $_SESSION['user_level'] = $user_level;  session_register('userid');  $_SESSION['userid'] = $userid;

This section of the page is the only bit that has that sort of coding - is there another way to register a session that i might have done somewhere and need to look out for? and could you explain to me what 'session_register' does? - is it a requirement to register a session? - because it doesnt seem to be. Ive looked through the code and this bit of coding is only ever accessed immediately after login - and doesnt loop. So i dont see how they change.


The following is the section of the login script that this is contained in:

if($a == secure){echo "Welcome ". $_SESSION['first_name'] ." ". $_SESSION['last_name'] ."! You have made it to the members area!<br /><br />";echo "Your user level is ". $_SESSION['user_level']." which enables you access to the following areas: <br /><br />";$username = $_SESSION['username'];if($_SESSION['user_level'] > 0){	echo "userlevel1 commands";}if($_SESSION['user_level'] > 1){	echo "userlevel2 commands";}if($_SESSION['user_level'] > 2){	echo "user level 3 commands";}}///////////////} else {$loginusername = $_POST['username'];$loginpassword = $_POST['password'];if((!$loginusername) || (!$loginpassword)){  echo "<center><font color=red><strong>Please enter ALL of the information!</strong></font></center><br />";  echo "<center><strong>Login:</strong></center><br />";print $login_form;print "<br>";//	exit();} else {//////////////////// Convert password to md5 hash$loginpassword = md5($loginpassword);// check if the user info validates the db$sql = mysql_query("SELECT * FROM users WHERE username='$loginusername' AND password='$loginpassword' AND activated='1'");$login_check = mysql_num_rows($sql);//////////////////////if($login_check > 0){	while($row = mysql_fetch_array($sql)){	foreach( $row AS $key => $val ){  $$key = stripslashes( $val );	}  // Register some session variables!  session_register('first_name');  $_SESSION['first_name'] = $first_name;  session_register('last_name');  $_SESSION['last_name'] = $last_name;  session_register('username');  $_SESSION['username'] = $username;  session_register('userid');  $_SESSION['userid'] = $userid;  session_register('email_address');  $_SESSION['email_address'] = $email_address;  session_register('special_user');  $_SESSION['user_level'] = $user_level;  session_register('userid');  $_SESSION['userid'] = $userid;  $last_login = mysql_query("SELECT last_login FROM users WHERE userid='$userid'");while($last=mysql_fetch_array($last_login)) {if(empty($last["last_login"])) {  print "This is the first time you have logged in, If you have any questions or suggestions dont hesitate to email me at webmaster@jesus-freaks.co.uk";} else {  print "you last logged in: ". $last["last_login"] ."<br/>If this is wrong please contact the webmaster<br/><br/>";}}  $time = time();$time = $time+18000;	  mysql_query("UPDATE users SET last_login=FROM_UNIXTIME($time) WHERE userid='$userid'");////////////////////////////////////////////////////echo "Welcome ". $_SESSION['first_name'] ." ". $_SESSION['last_name'] ."! You can now access the members area!<br /><br />";echo "Your user level is ". $_SESSION['user_level']."<br />";echo "<a href=?page=secure&a=secure>Click here to see what you can do</a><br />";////////////////////////////////////////////////////	}} else {	echo "You could not be logged in! Either the username and password do not match or you have not validated your membership!<br />	Please try again!<br />";  echo "<center><font color=red><strong>You are not logged In!</strong></font></center><br />";  echo "<center><strong>Login:</strong></center><br />";print $login_form;print "<br>";}//////////////////}//////////////////}

The session variables change to that of the last visited user page when i do 2 things.

1) log out but dont confirm:

if($a == logout){	echo "<center>Are you sure you want to logout?</center><br />";	echo "<center><a href=?page=secure&a=logmeout>Yes</a> | <a href=javascript:history.back()>No</a>";}if($a == logmeout){	session_destroy();	if(!session_is_registered('first_name')){  echo "<center><font color=red><strong>You are now logged out!</strong></font></center><br />";  echo "<center><strong>Login:</strong></center><br />";print $login_form;print "<br>";	}

2) visit a user page:

The code for this is huge...the relevant bit is this:

if ($username == $_SESSION['username']) {print "<br /><a href=?page=secure&a=edit>Edit User page</a>";}

that comes at the top of this page...and always displays. Somehow the session username changes...and i dodnt undderstand sessions well enough to know why.

[iGuest 3]

When you click on to view the users page I bet the variable to fetch that users page is called "username" when that happens it changes the global variable "username" from your name to the name of the page clicked on.

[iGuest 3]

found it..thanks for pointing me in the right directioncan admin lock?thanks

[iGuest 3]

why do people always want to lock a topic after they solved the problem...