I mean, the get forum Brad -----Original Message----- From: Brad Sumrall [mailto:Brads@xxxxxxxxx] Sent: Saturday, April 28, 2007 7:02 PM To: ceo@xxxxxxxxx Cc: php-general@xxxxxxxxxxxxx Subject: RE: phpbb / sessionid nightmare Oops! Maybe not. You were right! SFC = stupid flippn' coder = me! I see where you are going with this! if(isset($_SESSION['userid']) && $_SESSION['userid']!="") Not set! Duhhh! The if(isset($_SESSION['userid']) && $_SESSION['userid']!="") Was a silly attempt of mine earlier to force a session. Gone now, Let me follow your lead on your suggestions though for a few. I know just enough about php to be dangerous! I will definitely keep in mind the mysql inject problem. This could be an issue, but for now, just trying to get it to work! Thanks, Brad -----Original Message----- From: Richard Lynch [mailto:ceo@xxxxxxxxx] Sent: Saturday, April 28, 2007 3:43 PM To: Brad Sumrall Cc: php-general@xxxxxxxxxxxxx Subject: Re: phpbb / sessionid nightmare On Sat, April 28, 2007 11:03 am, Brad Sumrall wrote: > Users log into web site in a sudo phpbb login which works fine. > > Users are able to browse around phpbb and a sudo phpbb program called > photopost. > > > > But when the goto a differen't part of the site which is not phpbb > related, > the sessionid does not carry over. > > > > The other pages are calling on the same isset variable??? > > This is blowing my mind for weeks now!!! > > Would some kind code help a frazzed brother out? Check the parameters for the cookie. If they limit the cookie to, say: http://example.com/phpbb/ instead of the whole site: http://example.com/ then your cookie isn't there, and the session will get lost with it. Probably a set_cookie_params() call somewhere in your phpbb mess. if(isset($_SESSION['userid']) && $_SESSION['userid']!="") What is this? Is the whole rest of the site passing around a ?forum=1 parameter in all its URLs? Probably not. Only phpbb is doing that. So then you never even GET to the $_SESSION check. > > { > > if(!isset($_SESSION["userid"])) > > { > <?php if(!isset($_SESSION['userid']) && $_SESSION['userid'] == > "") This is daft. !isset($x) && $x == "" If $x isn't even set, then why test it for being == to the empty string? > <?php if($_POST['hiddensubmit']){ And here you're not using isset(), so are generating E_NOTICE messages, most likely. > $get_count5 = mysql_query("SELECT * FROM `contest_stories` > WHERE > contest_id = '".$_POST['cid']."' AND year='2007' AND username > ='".$_SESSION["userid"]."'"); Splicing POST data directly into a query is a giant security SQL Injection attack hole. Stop coding NOW and start reading and re-reading here until you understand why: http://phpsec.org Unless you WANT your entire database wiped out or even stolen by a meanie. > echo "<font color=\"red\">You can only submit 3 stories per > contest.</a><br>"; And you might as well not bother to have a contest, as the meanie can rig it to win using the SQL injection above... Sorry to be the bearer of Bad News... -- Some people have a "gift" link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php