I have hanving a problem with this learning log system I am coding for my Web Publishing Class. The problem is when a user views another classmates' learning log it changes their session data to that of student they just viewed....
Example:
user1:
id = 1
f_name = bobby
l_name = joe
period = 2
username = user1
user2:
id = 2
f_name = billy
l_name = bob
period = 2
username = user2
When user1 views the learning log of user2, user2's session data gets changed to user1's session data. As you can see this is a huge security risk.
The strange thing is that in the scripts it doesnt change any of the session data. So I dont know where to fix it.
Here are a few of scripts:
show_log.inc:
http://rafb.net/paste/results/yRPqwf63.html
user_menu.inc:
http://rafb.net/paste/results/eqdnuI84.html
user1 log:
<?
#####log.inc#####
session_start();
?>
<? include 'head.inc'; ?>
<? include 'log_w.inc'; ?>
<? include 'foot.inc'; ?>
user2 log:
<?
#####log.inc#####
session_start();
?>
<? include 'head.inc'; ?>
<? include 'log_w.inc'; ?>
<? include 'foot.inc'; ?>
head.inc:
<h1><? echo "$_SESSION[v_fname] $_SESSION[v_lname]'s Learning Log"; ?></h1><br>
<table cellpadding="5" cellspacing="3" border="2">
foot.inc:
</table>
login.inc:
http://rafb.net/paste/results/IiSSTD42.html
check_login:
http://rafb.net/paste/results/gKBJz079.html
~ROSEBLOOD
