I understand where you are going with the mysql injection. It would appear as though the entire session is being dictated by this _utmX session which I have never seen before.
It would appear as though the /index.php sets this java bases session variable and since phpbb does not use this, it never even tries to set or look at the java session. I guess the key question here is; 1 What is the _utmX session, I find little on google, other than "it uses it"? 2 How to teach phpbb to use it? Brad Check the parameters for the cookie. If they limit the cookie to, say: http://example.com/phpbb/ instead of the whole site: http://example.com/ then your cookie isn't there, and the session will get lost with it. > if(isset($_GET["forum"])) What is this? Is the whole rest of the site passing around a ?forum=1 parameter in all its URLs? Probably not. Only phpbb is doing that. So then you never even GET to the $_SESSION check. > > { > > if(!isset($_SESSION["userid"])) > > { > <?php if(!isset($_SESSION['userid']) && $_SESSION['userid'] == > "") This is daft. !isset($x) && $x == "" If $x isn't even set, then why test it for being == to the empty string? > <?php if($_POST['hiddensubmit']){ And here you're not using isset(), so are generating E_NOTICE messages, most likely. > $get_count5 = mysql_query("SELECT * FROM `contest_stories` > WHERE > contest_id = '".$_POST['cid']."' AND year='2007' AND username > ='".$_SESSION["userid"]."'"); Splicing POST data directly into a query is a giant security SQL Injection attack hole. Stop coding NOW and start reading and re-reading here until you understand why: http://phpsec.org Unless you WANT your entire database wiped out or even stolen by a meanie. > echo "<font color=\"red\">You can only submit 3 stories per > contest.</a><br>"; And you might as well not bother to have a contest, as the meanie can rig it to win using the SQL injection above... Sorry to be the bearer of Bad News... -- Some people have a "gift" link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
