[RESOLVED] site security puzzler
Hi. I am have a members site with 2 databases. This is working perfectly in normal use, however, I am now trying to make it bullet-proof by adding a few security features (ie - if they hit F5)
I am using this to see if the person has applied :
If the user exists, they are added to members db, then deleted from the "applied" db. As I have said, this is working fine - am following the info in the database through each step. However, after the member has been deleted from this db, if they hit F5, or call the php file from the browser, $_SESSION[exists] still returns as 1.
$_SESSION[exists] = "0";
$result = mysql_query("SELECT email FROM apply
WHERE email = '$_SESSION[email]' LIMIT 1");
while($row = mysql_fetch_array($result))
$_SESSION[exists] = "1";
If I put two echo statements for $_SESSION[exists] = "1"; , one at beginning and one at end, it returns 0, 1. - even though there is no member in the db anymore.
Help....lol. I have solved a lot of other issues myself, blocking pages if not authorised and the like, but this has me completely stumped.
nb - this only occurs after a successful membership app. All other times, it is working as it should. Have also checked that $_SESSION[email] is retaining correct email address.
Last edited by max2474; 05-09-2012 at 08:58 PM.
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)