Talking about user logins and such in one of the previous posts, I thought this would be an interesting blunder to share on my behalf. It was on a personal site, so nobody was hurt.
To check if someone's logged in, you check some variable like $_SESSION['user'], or something on that order. This was back when I was using session_register (a very dumb function, in my option). The code was something like this:
When the user sucessfully logged in, you're set the session variable to their id, or an array with their info, etc. etc. Me, being the fledgling programmer I was, didn't know much about register_globals. Long story short, if you visited the address of website.com?user=7 before sessions had been started for the first time, 7 would be assigned the the user's session info, hence logging them in. Once I discovered this, I turned off register_globals ^_^
Ah yes, the follys of youth.
To check if someone's logged in, you check some variable like $_SESSION['user'], or something on that order. This was back when I was using session_register (a very dumb function, in my option). The code was something like this:
if (!$PHPSESSID) {
session_register('user');
} elseif (!$user) {
session_register('user');
}When the user sucessfully logged in, you're set the session variable to their id, or an array with their info, etc. etc. Me, being the fledgling programmer I was, didn't know much about register_globals. Long story short, if you visited the address of website.com?user=7 before sessions had been started for the first time, 7 would be assigned the the user's session info, hence logging them in. Once I discovered this, I turned off register_globals ^_^
Ah yes, the follys of youth.