|
Membre éclairé
Inscription : octobre 2004 Messages : 362 Détails du profil  Informations forums : Inscription : octobre 2004 Messages : 362 Points : 325 Points : 325
|
[Sécurité] Problème de session qui disparait
je développe un petit forum sans prétention, hebergé chez free (  ) et d'une page à l'autre j'ai ma session qui disparait.
C'est propre à free, j'ai installé wamp avec l'add-on php4 et je switch d'une version à l'autre en local il n'y a aucun soucis. passé sous free ma sesison disparait. E t toujours au même endroit.
voici le code (c pas optimisé, c pas objet, c pas top)
page forum :
Code :
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
|
<?php
session_start();
if( !isset($_SESSION['user']))
header("Location:index.php");
include_once('header.php');
include_once('init.php');
?>
<script type="text/javascript">
//<![CDATA[
var gSections = new Array();
var gOldId = <?php echo( isset( $_GET['id']) ? $_GET['id'] : '0'); ?>;
<?php
$sql = 'SELECT id FROM section';
$result = mysql_query($sql);
$i = 1;
while( $section = mysql_fetch_assoc($result)) {
echo('
gSections[\''.$i.'\'] = \''.$section['id'].'\';
');
$i = $i + 1;
}
?>
function affichSection(id) {
var Fil = 'Fil'+id;
var AjouterBtn = 'AjouterBtn'+id;
for( i = 1; i < gSections.length; i++) {
var FilBis = 'Fil'+gSections[i];
var AjouterBtnBis = 'AjouterBtn'+gSections[i];
document.getElementById(FilBis).style.display = 'none';
document.getElementById(AjouterBtnBis).style.display = 'none';
}
if( document.getElementById(Fil).style.display == 'none') {
document.getElementById(Fil).style.display = 'block';
document.getElementById(AjouterBtn).style.display = 'block';
}
else {
document.getElementById(Fil).style.display = 'none';
document.getElementById(AjouterBtn).style.display = 'none';
}
if( gOldId == id) {
document.getElementById(Fil).style.display = 'none';
document.getElementById(AjouterBtn).style.display = 'none';
gOldId = 0;
} else
gOldId = id;
}
//]]>
</script>
<div id="Main">
<div class="MenuButton" style="width:682px;height:520px;cursor:default;text-align:center;">
<h3>Le forum</h3>
<div style="border:1px solid #000;margin:auto;width:600px;padding:0 15px 0 15px;cursor:default;text-align:left;margin-bottom:5px;background-color:#EEF;">
<?php
$sql = 'SELECT pseudo FROM usr WHERE admin ORDER BY pseudo';
$result = mysql_query($sql);
$admins = array();
while( $user = mysql_fetch_assoc($result)) {
$admins[] = '<span style="color:#3A6;">'.$user['pseudo'].'</span>';
}
echo('Modérateurs : '.implode(', ', $admins));
?>
</div>
<?php
$sql = 'SELECT * FROM section';
$result = mysql_query($sql);
$premier = true;
while( $row = mysql_fetch_assoc($result)) {
$sql2 = 'SELECT count(M.id) FROM message M, fil F WHERE M.fil_id = F.id AND F.section_id = '.$row['id'];
$result2 = mysql_query($sql2);
$count = mysql_fetch_assoc($result2);
echo('
<div class="Section" onclick="affichSection('.$row['id'].')" style="'.($premier ? 'border-top:1px solid #000;' : '').'"
onmouseover="this.style.backgroundColor = \'#EEF\'; this.style.color = \'#66F\';"
onmouseout="this.style.backgroundColor = \'#ACF\'; this.style.color = \'#666\';">
<span style="font-size:12pt;font-weight:bold;color:#666;float:left;margin-top:6px;width:100px;">'.$row['nom'].'</span>
<span style="font-weight:normal;color:#666;float:left;margin-top:10px;margin-left:0px;margin-left:10px;">'.$count['count(M.id)'].' message'.($count['count(M.id)'] > 1 ? 's' : '').'</span>
<div class="MenuButton" id="AjouterBtn'.$row['id'].'" style="display:none;float:right;text-align:center;display:'.( (isset($_GET['id']) && ($_GET['id'] == $row['id'])) ? 'block' : 'none').'"
onmouseover="this.style.backgroundColor = \'#EEF\'; this.style.color = \'#66F\'; this.style.border = \'1px solid #CDF\';"
onmouseout="this.style.backgroundColor = \'#CDF\'; this.style.color = \'#666\'; this.style.border = \'1px solid #36C\';"
onclick="window.location = \'nouveauMessage.php?id='.$row['id'].'\'">Nouveau message</div>
</div>
<div class="Fil" id="Fil'.$row['id'].'" style="display:'.( (isset($_GET['id']) && ($_GET['id'] == $row['id'])) ? 'block' : 'none').';overflow:scroll;">');
unset($sql2);
unset($result2);
$sql2 = 'SELECT U.pseudo, M.id, M.sujet, M.creation, M.fil_id, F.clos FROM fil F, message M, section S, usr U WHERE M.user_id = U.id AND S.id = '.$row['id'].' AND S.id = F.section_id AND M.fil_id = F.id AND premier = 1 GROUP BY M.fil_id ORDER BY M.id DESC';
$result2 = mysql_query($sql2);
while( $row2 = mysql_fetch_assoc($result2)) {
unset($sql3);
unset($result3);
$sql3 = 'SELECT count(id) FROM message WHERE fil_id = '.$row2['fil_id'].' AND premier = 0';
$result3 = mysql_query($sql3);
$nbRep = mysql_fetch_assoc($result3);
$nbRep = $nbRep['count(id)'];
unset($sql3);
unset($result3);
$sql3 = 'SELECT U1.pseudo FROM usr U1 WHERE U1.id = (SELECT user_id FROM message WHERE fil_id = '.$row2['id'].' AND NOT premier ORDER BY id DESC LIMIT 1)';
$result3 = mysql_query($sql3);
$dernier = mysql_fetch_assoc($result3);
$dernier = $dernier['pseudo'];
echo('
<div style="height:15px;cursor:pointer;width:610px;'.($row2['clos'] ? 'background-color:#FDC;' : '').'" '.($row2['clos'] ? 'title="Sujet clos par un administrateur"' : '').'
onmouseover="this.style.backgroundColor = '.($row2['clos'] ? '\'#FEE\'' : '\'#EFF\'').'; this.style.color = '.($row2['clos'] ? '\'#F66\'' : '\'#66F\'').';"
onmouseout="this.style.backgroundColor = '.($row2['clos'] ? '\'#FDC\'' : '\'#CDF\'').'; this.style.color = \'#666\';"
onclick="window.location = \'lireMessage.php?id='.$row2['id'].'\';">
<div class="MsgSujet">
'.$row2['sujet'].'
</div>
<div class="MsgNbRep" title="'.($nbRep == 0 ? 'Aucune réponse à ce sujet' : $nbRep.' réponses à ce sujet').'">
'.$nbRep.' rép.
</div>
<div class="MsgCreateur" title="Créé par '.$row2['pseudo'].'">
'.$row2['pseudo'].'
</div>
<div class="MsgCreation" title="Créé le '.substr($row2['creation'], 8, 2).'/'.substr($row2['creation'], 5, 2).'/'.substr($row2['creation'], 0, 4).'">
'.substr($row2['creation'], 8, 2).'/'.substr($row2['creation'], 5, 2).'/'.substr($row2['creation'], 0, 4).'
</div>
<div class="MsgDernier" title="'.( $dernier ? 'Dernière réponse par '.$dernier : 'Aucune réponse').'">
'.( $dernier ? $dernier : 'Aucune réponse').'
</div>
</div>
');
}
echo('</div>');
if( $premier) $premier = false;
}
?>
</div>
</div>
<?php include_once('footer.html');
echo ('toto');
print_r($_SESSION['user']); ?> |
page lireMessage :
Code :
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
| <?php
session_start();
echo ('toto');
print_r($_SESSION);
if( !isset( $_GET['id'])) header("Location:index.php");
if( !isset( $_SESSION['user']))
header("Location:index.php");
include_once('header.php');
include_once('init.php');
?>
<div id="Main">
<script type="text/javascript">
//<![CDATA[
var gFirst = false;
function control() {
var check = true;
if( gFirst) {
document.getElementById('FormErrors').innerHTML = '';
document.getElementById('FormErrors').style.display = 'none';
if( document.getElementById('sujet').value == '') {
document.getElementById('FormErrors').innerHTML = document.getElementById('FormErrors').innerHTML + 'Sujet obligatoire<br />';
document.getElementById('FormErrors').style.display = 'block';
check = false;
} else {
if( document.getElementById('sujet').value.length > 30) {
document.getElementById('FormErrors').innerHTML = document.getElementById('FormErrors').innerHTML + 'Votre sujet est trop long<br />';
document.getElementById('FormErrors').style.display = 'block';
document.getElementById('sujet').value = document.getElementById('sujet').value.substring(0, 30);
check = false;
}
}
if( document.getElementById('message').value == '') {
document.getElementById('FormErrors').innerHTML = document.getElementById('FormErrors').innerHTML + 'Message obligatoire<br />';
document.getElementById('FormErrors').style.display = 'block';
check = false;
}
return check;
}
}
//]]>
</script>
<form name="frm" action="xt_nouveauMessage.php" method="post" onsubmit=" return control()">
<div class="MenuButton" style="width:682px;height:520px;cursor:default;text-align:center;">
<h3>Lire le message</h3>
<div style="width:600px;padding:0 15px 0 15px;height:100px;margin:auto;">
<?php
$sql = 'SELECT M.*, U.pseudo, S.id as section_id, F.clos FROM message M, usr U, fil F, section S WHERE M.fil_id = F.id AND F.section_id = S.id AND U.id = M.user_id AND M.id = '.$_GET['id'];
$result = mysql_query($sql);
$message = mysql_fetch_assoc($result);
?>
<div class="MsgLireSujet">
<?php echo nl2br($message['sujet']); ?>
</div>
<div class="MsgLireCreation">
<?php echo('Créé par '.$message['pseudo'].' le '.substr($message['creation'], 8, 2).'/'.substr($message['creation'], 5, 2).'/'.substr($message['creation'], 0, 4)) ?>
</div>
<div class="MsgLireMsg">
Message :
<div style="padding:0 10px 0 10px;">
<?php echo(( $_SESSION['user']['admin'] ? '<a href="editerMessage.php?id='.$message['id'].'" title="Editer le message">' : '').nl2br($message['message']).($_SESSION['user']['admin'] ? '</a>' : '')); ?>
</div>
</div>
</div>
<?php
unset($result);
$sql = 'SELECT M.*, U.pseudo FROM message M, usr U where M.user_id = U.id AND fil_id = '.$message['fil_id'].' AND premier = 0 ORDER BY id';
$result = mysql_query($sql);
$reponses = array();
while( $reponse = mysql_fetch_assoc($result)) {
$reponses[] = $reponse;
}
?>
<div style="width:600px;padding:0 15px 0 15px;height:150px;margin:auto;">
<div class="MsgLireSujet" style="border-right:1px solid #36C;border-top:0;width:575px;">
<div style="float:left;">
<?php echo sizeof($reponses).' réponse'.(sizeof($reponses) > 1 ? 's' : ''); ?>
</div>
<img src="images/boutons/retour_off.gif" alt="retour" title="Retour au forum" style="cursor:pointer;float:right;"
onmouseover="this.src = 'images/boutons/retour_on.gif';"
onmouseout="this.src = 'images/boutons/retour_off.gif';"
onclick="window.location = 'forum.php?id=<?php echo $message['section_id'] ?>';" />
<!--
<div class="MenuButton" style="float:right;margin-top:0px;"
onmouseover="this.style.backgroundColor = '#EEF'; this.style.color = '#66F'; this.style.border = '1px solid #CDF';"
onmouseout="this.style.backgroundColor = '#CDF'; this.style.color = '#666'; this.style.border = '1px solid #36C';"
onclick="window.location = 'forum.php?id=<?php echo $message['section_id'] ?>';">
Retour
</div>
-->
<img src="images/boutons/rep_off.gif" alt="répondre" title="Répondre au message" style="cursor:pointer;float:right;margin-right:5px;"
onmouseover="this.src = 'images/boutons/rep_on.gif';"
onmouseout="this.src = 'images/boutons/rep_off.gif';"
onclick="window.location = 'repondreMessage.php?id=<?php echo $message['fil_id'] ?>';" />
<!--
<div class="MenuButton" style="float:right;margin-top:0px;margin-right:5px;display:<?php echo($message['clos'] ? 'none' : 'block'); ?>"
onmouseover="this.style.backgroundColor = '#EEF'; this.style.color = '#66F'; this.style.border = '1px solid #CDF';"
onmouseout="this.style.backgroundColor = '#CDF'; this.style.color = '#666'; this.style.border = '1px solid #36C';"
onclick="window.location = 'repondreMessage.php?id=<?php echo $message['fil_id'] ?>';">
Répondre
</div>
-->
<?php
if( $message['clos'] && !$_SESSION['user']['admin']) {
echo('
<div class="MenuButton" style="float:right;margin-top:0px;margin-right:5px;background-color:#FDC;cursor:default;">
Clos
</div>
');
}
if( $_SESSION['user']['admin']) {
if( $message['clos']) {
echo('
<!--
<div class="MenuButton" style="float:right;margin-top:0px;margin-right:5px;background-color:#FDC;"
onmouseover="this.style.backgroundColor = \'#FEE\'; this.style.color = \'#F66\'; this.style.border = \'1px solid #FDC\';"
onmouseout="this.style.backgroundColor = \'#FDC\'; this.style.color = \'#666\'; this.style.border = \'1px solid #36C\';"
onclick="window.location = \'xt_statutMessage.php?id='.$message['id'].'\';">
Réouvrir
</div>
-->
<img src="images/boutons/deverouill_off.gif" alt="Clore" title="Réouvrir le message" style="cursor:pointer;float:right;margin-right:5px;"
onmouseover="this.src = \'images/boutons/deverouill_on.gif\';"
onmouseout="this.src = \'images/boutons/deverouill_off.gif\';"
onclick="window.location = \'xt_statutMessage.php?id='.$message['id'].'\';" />
');
} else {
echo('
<!--
<div class="MenuButton" style="float:right;margin-top:0px;margin-right:5px;"
onmouseover="this.style.backgroundColor = \'#EEF\'; this.style.color = \'#66F\'; this.style.border = \'1px solid #CDF\';"
onmouseout="this.style.backgroundColor = \'#CDF\'; this.style.color = \'#666\'; this.style.border = \'1px solid #36C\';"
onclick="window.location = \'xt_statutMessage.php?id='.$message['id'].'\';">
Clore le sujet
</div>
-->
<img src="images/boutons/verouill_off.gif" alt="Clore" title="Clore le message" style="cursor:pointer;float:right;margin-right:5px;"
onmouseover="this.src = \'images/boutons/verouill_on.gif\';"
onmouseout="this.src = \'images/boutons/verouill_off.gif\';"
onclick="window.location = \'xt_statutMessage.php?id='.$message['id'].'\';" />
');
}
echo('
<!--
<div class="MenuButton" style="float:right;margin-top:0px;margin-right:5px;"
onmouseover="this.style.backgroundColor = \'#EEF\'; this.style.color = \'#66F\'; this.style.border = \'1px solid #CDF\';"
onmouseout="this.style.backgroundColor = \'#CDF\'; this.style.color = \'#666\'; this.style.border = \'1px solid #36C\';"
onclick="window.location = \'xt_supprimerMessage.php?id='.$message['id'].'&f=1\';">
Supprimer
</div>
-->
<img src="images/boutons/suppr_off.gif" alt="Supprimer" title="Supprimmer le message" style="cursor:pointer;float:right;margin-right:5px;"
onmouseover="this.src = \'images/boutons/suppr_on.gif\';"
onmouseout="this.src = \'images/boutons/suppr_off.gif\';"
onclick="window.location = \'xt_supprimerMessage.php?id='.$message['id'].'&f=1\';" />
<img src="images/boutons/edit_off.gif" alt="Editer le message" title="Editer le message" style="cursor:pointer;float:right;margin-right:5px;"
onmouseover="this.src = \'images/boutons/edit_on.gif\';"
onmouseout="this.src = \'images/boutons/edit_off.gif\';"
onclick="window.location = \'editerMessage.php?id='.$message['id'].'\';" />
');
}
?>
</div>
<div style="border:1px solid #36C;border-top:0;width:595px;height:300px;float:left;overflow:scroll;display:<?php echo(sizeof($verouillonses) == 0 ? 'none' : 'block'); ?>">
<?php
foreach($reponses as $reponse) {
echo('
<div style="float:left;width:150px;padding:0 10px 0 10px;border-bottom:1px solid #36C;border-right:1px solid #36C;text-align:left;background-color:#EEF;">
'.substr($reponse['creation'], 8, 2).'/'.substr($reponse['creation'], 5, 2).'/'.substr($reponse['creation'], 0, 4).' - '.$reponse['pseudo'].'
</div>');
if( $_SESSION['user']['admin']) {
echo('
<div style="float:left;width:15px;border-bottom:1px solid #36C;border-right:1px solid #36C;background-color:#FDC;cursor:pointer;"
title="Supprimer le message"
onmouseover="this.style.backgroundColor = \'#FEE\'; this.style.color = \'#F66\';"
onmouseout="this.style.backgroundColor = \'#FDC\'; this.style.color = \'#666\';"
onclick="window.location = \'xt_supprimerMessage.php?id='.$reponse['id'].'&f=0\';">
X
</div>
<div style="float:left;width:15px;border-bottom:1px solid #36C;border-right:1px solid #36C;background-color:#FDC;cursor:pointer;"
title="Editer le message"
onmouseover="this.style.backgroundColor = \'#FEE\'; this.style.color = \'#F66\';"
onmouseout="this.style.backgroundColor = \'#FDC\'; this.style.color = \'#666\';"
onclick="window.location = \'editerMessage.php?id='.$reponse['id'].'\';">
!
</div>
');
}
echo('
<div style="float:right;width:200px;padding:0 10px 0 10px;border-bottom:1px solid #36C;border-left:1px solid #36C;text-align:left;background-color:#EEF;display:'.($reponse['sujet'] != '' ? 'block' : 'none').'">
'.$reponse['sujet'].'
</div>
<div style="float:left;width:535px;border-bottom:1px solid #36C;padding:10px 20px 10px 20px;font-weight:normal;text-align:justify;color:#000;">
'.$reponse['message'].'
</div>
');
}
?>
</div>
</div>
</div>
<input type="hidden" name="section_id" value="<?php echo $_GET['id'] ?>" />
</form>
</div>
<?php include_once('footer.html'); ?> |
j'effectue un print_r() de ma session en dernière instruction de la page forum et en première de ma page lecture de message et entre temps la session user s'est volatilisée...
qqun a une idée que je n'aurais pas exlpoité ou vu une boulette sur laquelle je serais passé trop vite?
|
04/04/2006, 14h44
00
