ID: 27471 User updated by: wxjasp02 at smumn dot edu Reported By: wxjasp02 at smumn dot edu Status: Open Bug Type: Session related Operating System: RedHat Linux 9.0 PHP Version: Irrelevant New Comment:
i altered the URL to my bug, as it was kinda hard to properly see the script as it is, the new one is: http://www.mytoast.net/phpbug.txt Previous Comments: ------------------------------------------------------------------------ [2004-03-02 20:23:28] wxjasp02 at smumn dot edu Description: ------------ Whenever i use a variable declared $group or $username in a function or part of a script, and $_SESSION['group'] or $_SESSION['username'] are in a valid session, the $group or $username variables ALTER the respective $_SESSION variable by the time the script ends. This should NEVER occur. Reproduce code: --------------- http://www.mytoast.net/phpbug.html Expected result: ---------------- It should complete all the if () statements safely, and execute them as if I were of the correct group type. Actual result: -------------- Basically, a $_SESSION['group'] is written to a session when a user logs in to my site. The form above, allows administrators of my site to alter user permissions and whatnot, but it seems if $group is a variable in the script, (and set), the $_SESSION['group'] gets altered to whatever that value is, and the real administrator loses all their admin privileges until they login again. This is extremely annoying. I found a workaround for the time being, but i don't like making more code than i have to... ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=27471&edit=1
