Solved

Domain Masking is canceling my php session variables

Posted on 2008-10-13
2
456 Views
Last Modified: 2013-12-13
K so i have a php script, here it is minus the database info

<?PHP
session_start();
//require_once($_SERVER['DOCUMENT_ROOT'] . "/include/database.class.php");

//require("/home//public_html/include/database.class.php");

$username_lookup = rtrim($_SERVER['REDIRECT_URL'],'/');
preg_match('/\/[A-Za-z0-9_\- ]+$/', $_SERVER['REDIRECT_URL'], $matches);
$username_lookup = substr(trim($matches[0]),1);

if($username_lookup){
      //$db = new database();
      //$db = new database();
      //$db = new database();
      
      $ho =
   $us =
   $pa =
   $dbName =

   // connect and select the database
   $conn = mysql_connect($ho, $us, $pa) or die(mysql_error());
   $db = mysql_select_db($dbName, $conn) or die(mysql_error());
      //$db = new database

      unset($_SESSION["user"]);
$a = 1;
$b = 5;
      
      if($a<$b){
            $_SESSION["user"]["username"] = strtolower($username_lookup);
      }
      
      if($username_lookup == 'clearsession'){
            unset($_SESSION["user"]);
      }
}

if(!$_SESSION["user"]["username"]){
      header("Location: /real404.php");
}else{
      //header("Location: /index.php");
      include('index.php');
}

echo "<!--" . @$_SESSION["user"]["username"] . "-->";
?>


Basically it uses a 404 error when someone types in a web address say www.cool.com/4356 it searches the database to see if there is a 4356 and displays it as a replicated site if there is and returns a 404 error if it doesnt.  Everything works great.  People can put links into their site as well say www.cool.com/4356 .   Problem is people are getting there own domain names say www.irock.com and forward it with domain masking to www.cool.com/4356 .  In firefox it works fine but in IE it is not setting the session variables.  Has anyone heard of this bug before or any way around it?
0
Comment
Question by:Brant Snow
  • 2
2 Comments
 
LVL 40

Accepted Solution

by:
RQuadling earned 500 total points
ID: 22709448
My first step would be to make sure you are using clean browsers - clear cache and cookies - obviously this isn't what you would want to do on your live machine, so a Virtual Machine is probably the real first step. By using a VM, you can present a 100% clean environment each time.

Secondly, I'd use WireShark to watch the requests and see what cookies are passed around to see if there is really an issue.

Also, make sure your header('Location: xxxx'); is a fully qualified address ... http://www.somesite.com/page.ext. That is the correct way. Sure, browsers accept relative addresses, but, just maybe, you've got an edge-case.

Bypass that possibility by obeying the standard.


With WireShark can you tell us what cookies are being received and sent?
0
 
LVL 40

Expert Comment

by:RQuadling
ID: 22986335
What was the solution?
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I annotated my article on ransomware somewhat extensively, but I keep adding new references and wanted to put a link to the reference library.  Despite all the reference tools I have on hand, it was not easy to find a way to do this easily. I finall…
SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …
This Micro Tutorial will demonstrate how nuggets on the Web are formatted by using Chrome Developer Tools. These tools would not only view the site's CSS but it can also modify it and save the CSS to use on your own site.

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now