are those log messages from both the one that was failing and the one that worked? its hard to tell
IF the only thing you call in the working example is manageusers::OpenConnection() then why you you expect $manageusers::LoggedOn_user_id to be anything but zero? So You have yet to prove that you are actually setting $manageusers::LoggedOn_user_id by code that is being run anywhere. Show us all of the subroutines that contain the following code and any subroutines they call
In particular where $uid gets set before you run $LoggedOn_user_id = $uid;.New login warn("Hash evaluation succeded - $passhash = $passhash1 : $sessiondata +2 = $sessiondata2md5p"); my $timein = time(); $session->param('user_id',$uid); $session->param('username',$username); $session->param('forename', $forename); $session->param('lastname', $lastname); $session->param('timein', $timein); $session->param('timeout', 0); $session->param('attempts',0); $session->param('isloggedin',1); $session->expires('+7d'); $LoggedOn_user_id = $uid; #$session->param("user_id"); [download] Already logged on if ($status == 1) { warn("Process Login returning after confirmed already logged in: s +tatus: '$status' sessionname: '$sessionname' SID: '$sid'"); my $username1 = $session->param("user_id"); warn("username1 : '$username1'"); $LoggedOn_user_id = $username1; warn("Already logged on LoggedOn_user_id : '$LoggedOn_user_id'");
and i can become any user i want to be by manipulating the user_id parm i send back to you, that doesnt seem very secure does it? It is easy to create code that sends back any value i want in the user_id field
In reply to Re^18: global var
by huck
in thread global var
by tultalk
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |