need help

alcapone · 04-13-2005, 02:21 AM

have a php game code where it keeps you logged in and the next person to go there will beable to use your name so keeps you logged in

help please

CreativeLogic · 04-13-2005, 02:30 AM

I'm not sure exactly what you're saying? Can you explain further?

alcapone · 04-13-2005, 02:33 AM

ok lets say you go to my game and sign in to the game
ok me being that its my game im admin well if i logout when some one goes to the page all they need to do is hit play and they in the game under my account so it keeps you logged in the game at all times

CreativeLogic · 04-13-2005, 02:40 AM

Are you using cookies, sessions or some other type of authentication and login management? Still need more information. I'm not sure how exactly you login or keep control of your users?

alcapone · 04-13-2005, 03:04 AM

ok here are the files

CreativeLogic · 04-13-2005, 03:19 AM

I have no idea what the problem is. It none of those files does it set the $id variable. Although it uses it through the html.php file. Possibly attach setup.php file also. The only thing that I saw for user authentication was if the username and password were both set. Then it checked for a match via the database. It only set one cookie after that which to be honest, I have no reason why it did that. It set the 'code' held in the database in the cookie. First off, this is a bad procedure because many people could by pass this if they knew this 'code'. Anyways, I need to figure out where the $id variable is being set and setup.php is the only file I think that would have a possibility at this point, unless there are more files included in the setup.php file.

By the way, this script is full of SQL injection. If I were you I would pay a programmer or go through all the files yourself and try to fix those problems. You could run into a problem depending on your php installation. :(

alcapone · 04-13-2005, 03:32 AM

here is the setup.php file

CreativeLogic · 04-13-2005, 03:34 AM

Ok, I deleted your file though as it includes things that you probably don't want everyone to know. I'm looking at the file now.

CreativeLogic · 04-13-2005, 03:38 AM

Ok, try upload this setup.php file and give me the url to the site. I'm going to run a few tests on it and see what is causing the problem.

Let me know when you download the file so I can delete it so no one steals your information.

alcapone · 04-13-2005, 03:41 AM

ok have file and uploaded

www.pimpvalley.com

CreativeLogic · 04-13-2005, 03:43 AM

Ok, try this file now.

Again, let me know when you have it.

CreativeLogic · 04-13-2005, 03:49 AM

Ok, I noticed you uploaded it. Here's my last idea. This query is being ran when every someone goes to the site:

PHP Code:


			
SELECT id FROM $tab[user] WHERE code='$trupimp'

So basically it looks like they are being logged in as admin every time. Run this query in phpMyAdmin and tell me what it returns:

PHP Code:


			
SELECT code FROM users WHERE username = 'admin'

CreativeLogic · 04-13-2005, 03:51 AM

By the way here is your fixed setup.php file that you can reupload.

alcapone · 04-13-2005, 04:01 AM

sorry i added the name manually so no code that was the prob thank you so much four the help

CreativeLogic · 04-13-2005, 04:01 AM

No problem. I noticed it was working correctly so yes, that was the problem! :)

Veolus · 04-13-2005, 07:30 AM

I can see your a really nice and helping guy, Ryan :)

If i have any problems with PHP i will be sure to post them at TalkPHP ;)

CreativeLogic · 04-13-2005, 07:51 AM

Thanks for the kind words! :)