PHP security issues (lost beginner here)

Beginners - Learning PHP
#1

Howdy, (first of all, sorry if not well explained) I’m a pretty new in php.

Let me explain my issue. I using a free help desk code in PHP in 3 different folders, same domain:

ie
website com/folder1
website com/folder2
website com/folder3

each domain has it own approved users (login). I’ve found that if an approved user has logged in website.com/folder1 if he change the URL to website/folder2 he will keep logged (despite he’s not an approved user to website/folder2, if you know what I mean. It’s like the code does not validate the session in folder/path. I’ve read a lot of PHP tutorial but I’m seriously lost.

On login.PHP I have this var:
//record some details about this login
$lastip = $_SERVER[‘REMOTE_ADDR’];

Than on session.php (I think this is the right one) I have this code.

<?php
//check to make sure the session variable is registered
if(isset($_SESSION['user_id'])){
	$user_name = $_SESSION['user_name'];
	$user_id = $_SESSION['user_id'];
	$user_level = $_SESSION['user_level'];
	$take_email = $_SESSION['user_email'];
	}
	else{
	echo "<script>document.location.href='/?e=1'</script>";
	exit;
	}
?>

I have tried a lot of and everything I try, it simply does not work (the website turn into a blank page, can’t figure out what is wrong).
I think this is related to session_get_cookie_params(), store the path and do a check (session.php?).

#2

It’s a bad idea to put sensitive information in sessions as that can easily be hacked. The only thing that should go into sessions is the user id where the rest can be pulled from a database table. The script doesn’t show how the data is assigned to a session’s variables in the first place? I am assuming it’s someone where else?

and the else statement should be something like:

header("Location: login.php");
exit();
1 Like
#3

“sensitive information” you mean $lastip right? that was a bad example. In fact I’ll try to check the user. So I must do something like on session.php right?

include("includes/ez_sql_core.php");
include("includes/ez_sql_mysqli.php");
$db = new ezSQL_mysqli(db_user,db_password,db_name,db_host);
$num = $db->get_var("select count(user_id) from site_users where $checkusing = '$user_name';");
if ($num <> 1){
	echo "<div class='alert alert-danger'>Login incorrect</div>";
	include("includes/footer.php");
	exit;
}

oh I feel so noob on this Thanks for your kindly help.

#4

Sessions are stored across the whole domain, which means they are available to any script on that domain - no matter what folder it’s in.

The normal solution to this would be to only store the user id in the session, and everything else in a database. You can include stuff like which folders the user can access in the database.

Sponsor our Newsletter | Privacy Policy | Terms of Service