The cookie it's self says 

When I go to the jacked up page, I pickup this one

In the directory structure, I have gone from

Is the Path or the fact that I am going to to have
anything to do with it?

If so, how do I address it?


-----Original Message-----
From: Richard Lynch [mailto:[EMAIL PROTECTED] 
Sent: Saturday, April 28, 2007 3:43 PM
To: Brad Sumrall
Subject: Re: [PHP] phpbb / sessionid nightmare

On Sat, April 28, 2007 11:03 am, Brad Sumrall wrote:
> Users log into web site in a sudo phpbb login which works fine.
> Users are able to browse around phpbb and a sudo phpbb program called
> photopost.
> But when the goto a differen't part of the site which is not phpbb
> related,
> the sessionid does not carry over.
> The other pages are calling on the same isset variable???
> This is blowing my mind for weeks now!!!
> Would some kind code help a frazzed brother out?

Check the parameters for the cookie.

If they limit the cookie to, say:
instead of the whole site:
then your cookie isn't there, and the session will get lost with it.

Probably a set_cookie_params() call somewhere in your phpbb mess.

> if(isset($_GET["forum"]))

What is this?

Is the whole rest of the site passing around a ?forum=1 parameter in
all its URLs?

Probably not.

Only phpbb is doing that.

So then you never even GET to the $_SESSION check.

> {
>       if(!isset($_SESSION["userid"]))
>       {

>       <?php if(!isset($_SESSION['userid']) && $_SESSION['userid'] ==
> "")

This is daft.

!isset($x) && $x == ""

If $x isn't even set, then why test it for being == to the empty string?

>                     <?php if($_POST['hiddensubmit']){

And here you're not using isset(), so are generating E_NOTICE
messages, most likely.

>             $get_count5 = mysql_query("SELECT * FROM `contest_stories`
> contest_id = '".$_POST['cid']."' AND year='2007'  AND username
> ='".$_SESSION["userid"]."'");

Splicing POST data directly into a query is a giant security SQL
Injection attack hole.

Stop coding NOW and start reading and re-reading here until you
understand why:

Unless you WANT your entire database wiped out or even stolen by a

> echo "<font color=\"red\">You can only submit 3 stories per
> contest.</a><br>";

And you might as well not bother to have a contest, as the meanie can
rig it to win using the SQL injection above...

Sorry to be the bearer of Bad News...

Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some indie artist.
Yeah, I get a buck. So?

PHP General Mailing List (
To unsubscribe, visit:

Reply via email to