$_SESSION['SecurityAssist_UserID = 1
Every different userID and Password combination (This was UserID 15) on the security assist login page results in the $_SESSION['SecurityAssist_UserID = 1.
I believe it was working at some point but, I probably changed something. Any ideas of what I did?
FROM LOGIN.PHP
<?php
if ((isset($_POST["LogIn_submit"]) || isset($_POST["LogIn_submit_x"]))) {
$WAFV_Redirect = "".($_SERVER["REQUEST_URI"]) ."?invalid=true";
$_SESSION['WAVT_login_Errors'] = "";
if ($WAFV_Redirect == "") {
$WAFV_Redirect = $_SERVER["PHP_SELF"];
}
$WAFV_Errors = "";
$WAFV_Errors .= WAValidateRQ((isset($_POST["Log_In_group_2_Password"])?$_POST["Log_In_group_2_Password"]:"") . "",true,1);
$WAFV_Errors .= WAValidateEL((isset($_POST["Log_In_group_2_Password"])?$_POST["Log_In_group_2_Password"]:"") . "",6,500,true,2);
if ($WAFV_Errors != "") {
PostResult($WAFV_Redirect,$WAFV_Errors,"login");
}
}
?>
<?php
$Authenticate = new WA_MySQLi_Auth($nmedia3_mysqli);
$Authenticate->Action = "authenticate";
$Authenticate->Trigger = ($_SERVER["REQUEST_METHOD"] === "POST");
$Authenticate->Name = "authenticate";
$Authenticate->Table = "pcms2_users";
$Authenticate->addFilter("UserEmail", "=", "s", "".((isset($_POST["Log_In_group_Email"]))?$_POST["Log_In_group_Email"]:"") ."");
$Authenticate->addFilter("UserPassword", "=", "s", "".((isset($_POST["Log_In_group_2_Password"]))?$_POST["Log_In_group_2_Password"]:"") ."");
$Authenticate->storeResult("UserID", "SecurityAssist_UserID");
$Authenticate->RememberMe = (isset($_POST["Log_In_group_3_Remember_my_information"]));
$Authenticate->SaveLogin = (isset($_POST["Log_In_group_4_Log_me_in_automatically"]));
$Authenticate->AutoLogin = true;
$Authenticate->AutoReturn = true;
$SuccessRedirect = "index.php";
$FailedRedirect = "login.php?failedLogin=1";
if (function_exists("rel2abs")) $SuccessRedirect = $SuccessRedirect?rel2abs($SuccessRedirect,dirname(__FILE__)):"";
if (function_exists("rel2abs")) $FailedRedirect = $FailedRedirect?rel2abs($FailedRedirect,dirname(__FILE__)):"";
$Authenticate->SuccessRedirect = $SuccessRedirect;
$Authenticate->FailRedirect = $FailedRedirect;
$Authenticate->execute();
?>
RESULTS FROM INDEX.PHP
$_SESSION['SecurityAssist_UserID = 1
Dump Sessions
array(4) { ["WAENCRYPTEDRETURNUSED"]=> bool(false) ["WAENCRYPTEDRETURNSUCCESS"]=> bool(false) ["WA_AUTH_authenticate"]=> array(1) { [0]=> string(21) "SecurityAssist_UserID" } ["SecurityAssist_UserID"]=> int(1) }
FROM INDEX.PHP
<?php require_once('../Connections/XXXXXXX_mysqli.php'); ?>
<?php require_once('../webassist/mysqli/rsobj.php'); ?>
<?php require_once( "../webassist/security_assist/helper_php.php" ); ?>
<?php
if (!WA_Auth_RulePasses("Logged in to pcms2_users")){
WA_Auth_RestrictAccess("login.php");
}
?>
<?php @session_start(); ?>
<?php
$orbUser = $_SESSION['SecurityAssist_UserID'];
$Recordset1 = new WA_MySQLi_RS("Recordset1",$nmedia3_mysqli,0);
$Recordset1->setQuery("SELECT DISTINCT partnerID, pName, pLogo,pID FROM postView WHERE partnerID=$orbUser ORDER BY pName ASC");
$Recordset1->execute();
?>
<!doctype HTML>
Thanks,