Sessions Conflicting....

HansonHQ

Hi,
i am making a website for someone and i have a problem with some sessions on a login script, the admin section & the members section have the IDENTICAL login script accept working from different database's however when i login 2 members it also sets a session and administration to my website is ALSO gained access to,

can someone help me out the script is too big to post the whole thing here but ill add them both as attchments.

Thank You,

INDEX.PHP (MEMBERS LOGIN)

<?php

$login_page = true;

require 'config.php';
require 'cdb.php';
require 'adminconfig.php';

$db = new cDB();
if( !$db->connect(
                $config['db_name'],
                $config['db_host_port'],
                $config['db_user'],
                $config['db_pswd'] )) {
  die ("Cannot connect to the DB!");
}

// Check if user not logged in and request to login
if( (!isset($session['authenticated']) || !$session['authenticated']) &&
    ($_GET['action'] == 'login') ) {
  // User not authorized, login requested

  $login = addslashes(trim($_GET['login']));
  $pswd = md5($_GET['pswd']);

  if( $db->query("select id from php_members where userid='$login' and pass='$pswd'") ) {
    if( $db->rows() > 0 ) {
      $res = $db->fetch_array();
      $session['authenticated'] = true;
      $session['active_user'] = $login;
      $session['active_user_id'] = (int)$res['id'];
    }
  }
}

if( isset($session['authenticated']) && $session['authenticated'] ) {
  // User authorized - show the rest of the admin.php page
?>
<html>

<head><title>Members Login</title>
</head>

<body><center><table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" width="25%" id="AutoNumber1" bgcolor="#FFFFCC" bordercolor="#000000">
  <tr>
    <td width="100%">
    <p align="center"><b><font face="Tahoma" size="2">Website Members Login</font></b></p>
<p align="center"><font face="Tahoma" size="2">Thank You,<br>
Please Click The Continue Link Below To Proceed To The Members Section.<br>
<br>
</font>
<a href="members.php"><font face="Tahoma" size="3"><i><b>(Continue)</b></i></font></a></p>
<p align="center"><font face="Tahoma" size="2">

<?php
echo "You are currently Logged in as <b>".$session['active_user']."</b><br>\n</font></b>";
echo "<p align='center'>
<font face='Tahoma' size='2'>User Authorized !<br>
</font></p>
  </table>
";
} else {
//User not authorized - show login form
?>
<html>

<head><title>Members Login</title>
</head>

<body><center><table border="2" cellpadding="0" cellspacing="0" style="border-collapse: collapse" width="25%" id="AutoNumber1" bgcolor="#FFFFCC" bordercolor="#000000">
  <tr>
    <td width="100%">
    <p align="center"><b><font face="Tahoma" size="2">Website Member Login</font></b></p>
<form method="GET">
<input type=hidden name="action" value="login">

<p align="center">
      <font face="Tahoma">
      <font size="2">Username: </font>

<font face="Verdana" size="1">
<input type=text name="login" size="20" style="background-color: #FFFFCC; font-family: Verdana; font-size: 12px; color: #000000; font-weight: bold; border: 1px solid #000000; padding-left: 4; padding-right: 4; padding-top: 1; padding-bottom: 1"></font></font></p>
      <p align="center"><font face="Tahoma"><font size="2">Password: </font>

<font face="Verdana" size="1">
<input type=password name="pswd" size="20" style="background-color: #FFFFCC; font-family: Verdana; font-size: 12px; color: #000000; font-weight: bold; border: 1px solid #000000; padding-left: 4; padding-right: 4; padding-top: 1; padding-bottom: 1"></font></font></p>
      <p align="center">
      <font face="Tahoma">
      <input type="submit" value="Login" name="B1" style="background-color: #FFFFCC; border-style: solid; border-width: 5; padding-left: 4; padding-right: 4; padding-top: 1; padding-bottom: 1"></font></p>
    </form>
    </td>
  </tr>
</table></center>
</body>

</html>
<?php

}

?>

INDEX.PHP (ADMIN LOGIN)

<?php

$login_page = true;

require 'config.php';
require 'cdb.php';
require 'adminconfig.php';

$db = new cDB();
if( !$db->connect(
                $config['db_name'],
                $config['db_host_port'],
                $config['db_user'],
                $config['db_pswd'] )) {
  die ("Cannot connect to the DB!");
}

// Check if user not logged in and request to login
if( (!isset($session['authenticated']) || !$session['authenticated']) &&
    ($_GET['action'] == 'login') ) {
  // User not authorized, login requested

  $login = addslashes(trim($_GET['login']));
  $pswd = md5($_GET['pswd']);

  if( $db->query("select id from php_admins where userid='$login' and pass='$pswd'") ) {
    if( $db->rows() > 0 ) {
      $res = $db->fetch_array();
      $session['authenticated'] = true;
      $session['active_user'] = $login;
      $session['active_user_id'] = (int)$res['id'];
    }
  }
}

if( isset($session['authenticated']) && $session['authenticated'] ) {
  // User authorized - show the rest of the admin.php page
?>
<html>

<head><title>Members Login</title>
</head>

<body><center><table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" width="25%" id="AutoNumber1" bgcolor="#FFFFCC" bordercolor="#000000">
  <tr>
    <td width="100%">
    <p align="center"><b><font face="Tahoma" size="2">Website Administrator Login</font></b></p>
<p align="center"><font face="Tahoma" size="2">Thank You,<br>
Please Click The Continue Link Below To Proceed To The Administration Section.<br>
<br>
</font>
<a href="admin.php"><font face="Tahoma" size="3"><i><b>(Continue)</b></i></font></a></p>
<p align="center"><font face="Tahoma" size="2">

<?php
echo "You are currently Logged in as <b>".$session['active_user']."</b><br>\n</font></b>";
echo "<p align='center'>
<font face='Tahoma' size='2'>User Authorized !<br>
</font></p>
  </table>
";
} else {
//User not authorized - show login form
?>
<html>

<head><title>Administrator Login</title>
</head>

<body><center><table border="2" cellpadding="0" cellspacing="0" style="border-collapse: collapse" width="25%" id="AutoNumber1" bgcolor="#FFFFCC" bordercolor="#000000">
  <tr>
    <td width="100%">
    <p align="center"><b><font face="Tahoma" size="2">Website Administrator Login</font></b></p>
<form method="GET">
<input type=hidden name="action" value="login">

<p align="center">
      <font face="Tahoma">
      <font size="2">Username: </font>

<font face="Verdana" size="1">
<input type=text name="login" size="20" style="background-color: #FFFFCC; font-family: Verdana; font-size: 12px; color: #000000; font-weight: bold; border: 1px solid #000000; padding-left: 4; padding-right: 4; padding-top: 1; padding-bottom: 1"></font></font></p>
      <p align="center"><font face="Tahoma"><font size="2">Password: </font>

<font face="Verdana" size="1">
<input type=password name="pswd" size="20" style="background-color: #FFFFCC; font-family: Verdana; font-size: 12px; color: #000000; font-weight: bold; border: 1px solid #000000; padding-left: 4; padding-right: 4; padding-top: 1; padding-bottom: 1"></font></font></p>
      <p align="center">
      <font face="Tahoma">
      <input type="submit" value="Login" name="B1" style="background-color: #FFFFCC; border-style: solid; border-width: 5; padding-left: 4; padding-right: 4; padding-top: 1; padding-bottom: 1"></font></p>
    </form>
    </td>
  </tr>
</table></center>
</body>

</html>
<?php

}

?>

CAN SOMEONE PLEASE HELP ME HERE BECAUSE THIS PUTS MY SECURE LOGIN DOWN TO THE LEST SECURE EVER !

drew010

as far as i can tell you aren't using real php sessions. you need to use $_SESSION and call session_start() at the top of the page.
btw, did you get the other problem worked out with the script list?

HansonHQ

hi drew, thanks for replying....AGAIN

yes i did get the other problem sorted by php freaks forums someone in there sorted it for me, anyway as ive said before i dont know anything about seeking & replacing so can anyone put the codes togeather for me please?