ID: 27471 User updated by: wxjasp02 at smumn dot edu Reported By: wxjasp02 at smumn dot edu Status: Open Bug Type: Session related Operating System: RedHat Linux 9.0 PHP Version: Irrelevant New Comment:
i will post some sample code by midnight CST Previous Comments: ------------------------------------------------------------------------ [2004-03-03 12:59:04] wxjasp02 at smumn dot edu http://www.mytoast.net/phpinfo.php register_globals is ON. ------------------------------------------------------------------------ [2004-03-03 04:44:47] [EMAIL PROTECTED] Thank you for this bug report. To properly diagnose the problem, we need a short but complete example script to be able to reproduce this bug ourselves. A proper reproducing script starts with <?php and ends with ?>, is max. 10-20 lines long and does not require any external resources such as databases, etc. If possible, make the script source available online and provide an URL to it here. Try avoid embedding huge scripts into the report. Also fill in your PHP version number, which IS relevant and add a link to your phpinfo(); output. ------------------------------------------------------------------------ [2004-03-03 02:50:14] [EMAIL PROTECTED] What is register_globals set to? ------------------------------------------------------------------------ [2004-03-02 20:30:32] wxjasp02 at smumn dot edu i altered the URL to my bug, as it was kinda hard to properly see the script as it is, the new one is: http://www.mytoast.net/phpbug.txt ------------------------------------------------------------------------ [2004-03-02 20:23:28] wxjasp02 at smumn dot edu Description: ------------ Whenever i use a variable declared $group or $username in a function or part of a script, and $_SESSION['group'] or $_SESSION['username'] are in a valid session, the $group or $username variables ALTER the respective $_SESSION variable by the time the script ends. This should NEVER occur. Reproduce code: --------------- http://www.mytoast.net/phpbug.html Expected result: ---------------- It should complete all the if () statements safely, and execute them as if I were of the correct group type. Actual result: -------------- Basically, a $_SESSION['group'] is written to a session when a user logs in to my site. The form above, allows administrators of my site to alter user permissions and whatnot, but it seems if $group is a variable in the script, (and set), the $_SESSION['group'] gets altered to whatever that value is, and the real administrator loses all their admin privileges until they login again. This is extremely annoying. I found a workaround for the time being, but i don't like making more code than i have to... ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=27471&edit=1