SESSION broked

[aram]

Hi my admin pages has been accessed by someone and i think he/she could break my session, because when a registered one accesses my admin pages and edites or adds an article or anything his/her name will write with the article but this one has no any name, is that possible? please someone help im in a big problem.

[jeffman]

If you are doing nothing to protect against SQL Injection, this might not be a session problem. Are you running data through mysql_escape_string before adding it to the database?To find out if it's a session problem, you'll need to show us the login code AND the code that accepts data from registered users.

[aram]

im useing those

$name=htmlspecialchars($name);$pass=htmlspecialchars($pass);$name=stripcslashes($name);$pass=stripcslashes($pass);$name=mysql_real_escape_string($name);$pass=mysql_real_escape_string($pass);

[jeffman]

I think we'll need to see the rest of the code. Maybe you can post only the sections that are relevant to the problem.

[aram]

my login page:

<form name="form1" method="post" action="check.php"><td><table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#eeeeee"><tr><td colspan="3"><strong>Login:</strong></td></tr><tr><td>Name:</td><td><input name="name" type="text" id="name"></td></tr><tr><td>password:</td><td><input name="pass" type="password" id="pass"></td></tr><tr><td>language:</td><td><select name="language"><option value="kurdish">kurdish</option><option value="arabic">arabic</option><option value="english">english</option></select></td></tr><tr><td><input type="submit" name="submit" value="Log in"></td></tr></table></td></form>

Check page:

<?phpob_start();$host="host";$username="username";$password="password";$db_name="databse";$tbl_name="login";$tbl_name1="users";mysql_connect("$host", "$username", "$password");mysql_select_db("$db_name");$name=$_POST['name'];$pass=$_POST['pass'];$language=$_POST['language'];$dateTime = new DateTime("now", new DateTimeZone('Asia/Aden'));$dateTime= $dateTime->format("Y-m-d H:i:s");$sqlu="INSERT INTO $tbl_name1 (ip, datet, page)VALUES('".$_SERVER['REMOTE_ADDR']."','$dateTime','login page')";mysql_query($sqlu);$name=htmlspecialchars($name);$pass=htmlspecialchars($pass);$name=stripcslashes($name);$pass=stripcslashes($pass);$name=mysql_real_escape_string($name);$pass=mysql_real_escape_string($pass);if($language==kurdish){$sql="SELECT * FROM $tbl_name WHERE name='$name' AND pass='$pass' AND language='$language'";$result=mysql_query($sql);$count=mysql_num_rows($result);IF($count==1){	session_start();	$_SESSION['kurdish'] =$name;	header("location:kurdishadmin.php");	}	else{	header("location:login.php");	}	}		if($language==arabic){		$sql="SELECT * FROM $tbl_name WHERE name='$name' AND pass='$pass' AND language='$language'";		$result=mysql_query($sql);		$count=mysql_num_rows($result);IF($count==1){	session_start();	$_SESSION['arabic'] =$name;	header("location:arabicadmin.php");	}	else{	header("location:login.php");	}	}		if($language==english){		$sql="SELECT * FROM $tbl_name WHERE name='$name' AND pass='$pass' AND language='$language'";		$result=mysql_query($sql);		$count=mysql_num_rows($result);IF($count==1){	session_start();	$_SESSION['english'] =$name;	header("location:english.php");	}	else{	header("location:login.php");			}	}ob_end_flush();?>

Kurdishadmin top:

<?PHPsession_start();if (!(isset($_SESSION['kurdish']) && $_SESSION['kurdish'] != '')) {header ("Location:login.php");}$user=$_SESSION['kurdish'];?>

[aram]

I think we'll need to see the rest of the code. Maybe you can post only the sections that are relevant to the problem.

Thats my codes: please some helpis there anything wrong with my code my friend?

[jeffman]

Show us the registration code. I wonder if it is possible for someone to register with a username that is 0 characters long.

[aram]

Show us the registration code. I wonder if it is possible for someone to register with a username that is 0 characters long.

im adding the names by my self directly in databse because its for a company, there is no registration page

[justsomeguy]

Is the problem that no name appears on the article? If so, then show the relevant code for that.

[aram]

no the problem is only three persons has accsess to the admin page, its not a comunity, but he/she accesses the admin page and deletes and edites and ads things.

[justsomeguy]

And you are absolutely sure that this person is not using a username and password to log in? Why are you sure of that?

[aram]

Thats what i think because this three persons has names in database when they add and edit anything there names will be write beside, but this persons when he/she add edit things the name field will be nothing.

[thescientist]

is the name dynamically added by the code, or is it up to the user to fill in their name whenever they make a change? again, showing the relevant pieces of the code (i.e. the admin section for articles) is going to help us out more than a longwinded Q/A session..

[aram]

no my codes dynamically add the names beside the articles. depends on his/her name when he/she iogs in

[thescientist]

no my codes dynamically add the names beside the articles.

can you just show us how? Maybe there's something on the page that isn't checking for $_SESSION status or something, and somehow people are using a bookmark for this. code is king (in case you haven't got the hint).

[aram]

session_start();if (!(isset($_SESSION['kurdish']) && $_SESSION['kurdish'] != '')) {header ("Location:login.php");}$user=$_SESSION['kurdish'];?>

in the 5th line im getting the username that he/she loged in with

[jeffman]

Post the rest of that script. I'd like to see every reference to $user .

[aram]

The arrest of the code is for addnig and editing or deleteing the articles its too much

[aram]

im afraid the problem would be in the SESSION, you mean theres no problem with it

[jeffman]

The code in Post #16 looks like it will do the job.

[justsomeguy]

Other than using an undefined variable in one of your queries, I don't see any obvious problems. But you can replace this line:if (!(isset($_SESSION['kurdish']) && $_SESSION['kurdish'] != '')) {with this:if (empty($_SESSION['kurdish']))They do the same thing.

[aram]

can you tell me how to fix it?

[aram]

Other than using an undefined variable in one of your queries, I don't see any obvious problems. But you can replace this line:if (!(isset($_SESSION['kurdish']) && $_SESSION['kurdish'] != '')) {with this:if (empty($_SESSION['kurdish']))They do the same thing.

Where is this undefined variable? can you tell me?is it stronger? or its the same because if its the same why do i have to change it?

[ShadowMage]

Any code following a header() call will still be executed. So if this was accessed through a bookmark or something and the user hasn't logged in before, the script could still make changes to the database.Try adding an exit statement right after your header:

if (!(isset($_SESSION['kurdish']) && $_SESSION['kurdish'] != '')) {   header ("Location:login.php");   exit; //This should halt the script and redirect the browser to the login page}

[aram]

Any code following a header() call will still be executed. So if this was accessed through a bookmark or something and the user hasn't logged in before, the script could still make changes to the database.Try adding an exit statement right after your header:

if (!(isset($_SESSION['kurdish']) && $_SESSION['kurdish'] != '')) {   header ("Location:login.php");   exit; //This should halt the script and redirect the browser to the login page}

isnt it the same?

session_start();if (!(isset($_SESSION['kurdish']) && $_SESSION['kurdish'] != '')) {header ("Location:login.php");}$user=$_SESSION['kurdish'];?>