Let's try to make a long story short.
I'm writing a (not too complex) system visible to authorized users only. My
users are stored in a MySQL database table with "usr_id" and "usr_typ" (user
type) among other fields.
When a user logs in, I retrieve those values from the database and store them
into separate session variables:
$_SESSION["usr_id"] = $rs["usr_id"];
$_SESSION["usr_typ"] = $rs["usr_typ"];
When the user visits a restricted page, I read those session variables to
validate the user. So far so good. Problem started when I added a new script
named "usr_frm.php".
This page accepts the user's id and type from the query string, like this:
$id = (integer)$HTTP_GET_VARS["id"];
$usr_typ = (integer)$HTTP_GET_VARS["typ"];
The call comes from a list of users displayed by another script, "usr_lst.php",
like this (within a loop, of course):
print("<a
href='usr_frm.php?id=".$row["usr_id"]."&typ=".$row["usr_typ"]."'>");
Problem is, that, once the page "usr_frm.php" have been hit, the session
variable $_SESSION["usr_type"] gets changed (unexpectedly) to exactly the same
value passed to the script via GET variable "typ".
But even worse: this code works perfectly well on my developer machine
(Windows) but in doesn't on the actual server (Linux).
I realized that the server uses a different PHP configuration, specially:
"register_globals" set to ON. I already got them to change this value to OFF...
but this did not solve the problem.
I will appreciate any help, suggestion, idea.... currently I am (honestly) clue
less...
Thank you in advance.
--Armando--.
