Mr_Cat - 2:28 pm on Feb 20, 2012 (gmt 0)

Hi folks,

I recieved an error report from a friend of mine the other day, nobody else testing my site has had this, so I've no idea why.

Here's my 'verify' that lives on the top of every page in the site.


// let's call the database connection

include ($_SERVER['DOCUMENT_ROOT'] . "/db_code/db_connect.php");

$document = $_SERVER['PHP_SELF'];
$host = $_SERVER['HTTP_HOST'];
$querystring = '?'.$_SERVER['QUERY_STRING'];
$fullpath = $host.$document.$querystring;

session_start();

$user_check = $_SESSION['login_user'];
$_SESSION['referer'] = $fullpath;

$ses_query = mysql_query("SELECT member_name, member_ID, member_email FROM members WHERE member_name = '$user_check' ");

$row = mysql_fetch_array($ses_query);

$member_name = $row['member_name'];
$member_ID = $row['member_ID'];
$member_email = $row['member_email'];

if(!isset($member_name))
{
header("Location: http://www.site.com/login/login.php");
}


then there's 'Login' page;


include ($_SERVER['DOCUMENT_ROOT'] . "/db_code/db_connect.php");

session_start();

if($_SERVER["REQUEST_METHOD"] == "POST"){

// username and password sent from Form

$myusername = addslashes($_POST['username']);
$mypassword = addslashes($_POST['password']);

$query = "SELECT member_ID FROM members WHERE member_name = '$myusername' and member_pw = '$mypassword'";
$result = mysql_query($query);
$row = mysql_fetch_array($result);

// $active = $row['active'];
$count = mysql_num_rows($result);
$member_ID = $row['member_ID'];

// if login is good, update the members_log table

$update_memlog = "UPDATE members_log";
$update_memlog.= " SET log_logintime = NOW(), log_activecheck = NOW(), log_isonline = 'y'";
$update_memlog.= " WHERE log_mem_ID = '$member_ID'";

// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
session_register("myusername");
$_SESSION['login_user'] = $myusername;

mysql_query($update_memlog);


// Sending them to index.php is rubbish. Chances are they came here from an email link, let's put them where they want to be
header("location: http://".$_SESSION['referer']);


} // end if
else{

$error = "Your Login Name or Password is invalid";
} // end else
} // end if



then there's 'log out' which runs this script;


include ($_SERVER['DOCUMENT_ROOT'] . "/login/verify.php"); // this sets up $member_name and $member_ID

// Ther're leaving, update their last online time

$update = "UPDATE members_log";
$update.= " SET log_lastonline = log_activecheck,";
$update.= " log_isonline = 'n'";
$update.= " WHERE log_mem_ID = '$member_ID'";
mysql_query($update);

// LOG OUT

session_start();

if(session_destroy())
{
header("Location: login.php");
}


As said, this seems to work for most people but a new tester emailed me to say this;

"When I try to log off it takes me to log in and when I fill it in it says

Warning: Unknown: Your script possibly relies on a session side-effect which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data, unless register_globals is enabled. You can disable this functionality and this warning by setting session.bug_compat_42 or session.bug_compat_warn to off, respectively. in Unknown on line 0

"

Obviously being taken to login is fine and I just need to add a new page saying you've been logged off, well done or whatever :) but I don't understand that error or why it occurs just for that one user?

Has it got anything to do with my $_SERVER document root wich I use to find the files properly from any page in the site, or perhaps somethng else...My only other thought so far s that it's to do with my 'referer' method of sending them back to a certain page and the way in which I've implimented it.

Any thoughts very much appreciated,
Cheers