www.webdeveloper.com
Results 1 to 7 of 7

Thread: [RESOLVED] site security puzzler

Threaded View

  1. #1
    Join Date
    Feb 2010
    Location
    Grantham, UK
    Posts
    103

    resolved [RESOLVED] site security puzzler

    Hi. I am have a members site with 2 databases. This is working perfectly in normal use, however, I am now trying to make it bullet-proof by adding a few security features (ie - if they hit F5)

    I am using this to see if the person has applied :

    Code:
    ...
    			$_SESSION[exists] = "0";
    			mysql_select_db("applydb", $con);
    			$result = mysql_query("SELECT email FROM apply
    				WHERE email = '$_SESSION[email]' LIMIT 1");
    			while($row = mysql_fetch_array($result))
    			{
    				$_SESSION[exists] = "1";
    			}
    			mysql_close($con);
    ...
    If the user exists, they are added to members db, then deleted from the "applied" db. As I have said, this is working fine - am following the info in the database through each step. However, after the member has been deleted from this db, if they hit F5, or call the php file from the browser, $_SESSION[exists] still returns as 1.

    If I put two echo statements for $_SESSION[exists] = "1"; , one at beginning and one at end, it returns 0, 1. - even though there is no member in the db anymore.

    Help....lol. I have solved a lot of other issues myself, blocking pages if not authorised and the like, but this has me completely stumped.

    nb - this only occurs after a successful membership app. All other times, it is working as it should. Have also checked that $_SESSION[email] is retaining correct email address.
    Last edited by max2474; 05-09-2012 at 08:58 PM. Reason: clarity

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles