The secure CMS.

Welcome to Geeklog, Anonymous Sunday, December 22 2024 @ 10:58 am EST

Geeklog Forums

Corrupted SID

 New Topic  Post Reply
 02/21/03 09:38am (Read 1,513 times)  
Status: offline

squatty

Forum User
Full Member
Registered: 01/21/02
Posts: 269
I've got a funky issue on my site that I can't for the life of me figure out. Granted, I was fiddling around with some code last night. I did however roll-back all my changes. Here's the scenario. All comments are being posted with a "corrupted" SID. The form values are showing up as follows: <input type="hidden" name="sid" value="5745f09c7691470ed1d549c2e76205c6"> In addition, other pages that reference SID, such as /admin/story.php also have the same SID issue. It appears to be a site wide corruption? I've managed to get comment.php working again by chaning the post value in commentform.thtml to: <form action="{site_url}/comment.php?sid={sid}" method="post"> and then adding the following to each function call in comment.php: global $HTTP_GET_VARS; $sid = $HTTP_GET_VARS['sid']; Has anyone seen this before?
In a world without walls and fences, who needs Windows and Gates?
 Quote
 02/21/03 10:45am  
Status: offline

squatty

Forum User
Full Member
Registered: 01/21/02
Posts: 269
To add a bit.... The interesting thing is that at some point the SID is correct. I just can't figure out where it becomes corrupted? Take for example, posting a new comment. If I follow the logic, when clicking on the "Post a comment" link the SID is past correctly in the query string: http://www.squatty.com/comment.php?sid=20030221070345318&pid=0&type=article However, viewing the form field results in : <input type="hidden" name="sid" value="5745f09c7691470ed1d549c2e76205c6"> So the question is what happens between the time I click "Post a comment" to the time the comment form gets built to corrupt the SID? I'm at a loss?---Danny @ squatty.com
In a world without walls and fences, who needs Windows and Gates?
 Quote
 02/21/03 11:03am  

Anonymous

Anonymous
really don't understand the corruption part it looks like it's being encrypted to me. But then I'm no guru either.
 Quote
 02/21/03 12:48pm  

Anonymous

Anonymous
I don't think it's encrypted. What it looks like is the number is being replaced with a computer generated session number -- it's 32 in length with numbers and letters intermixed. I'm not familiar with how Geeklog handles sessions in its code, but that may be where it's going screwy.
 Quote
 02/21/03 01:23pm  
Status: offline

tomw

Forum User
Full Member
Registered: 08/12/02
Posts: 300
Did you clear your cookies? I bet you have a cookie with sid as one of its variables. Cookie variables override both post and get vars. TomW
 Quote
 02/21/03 01:41pm  
Status: offline

squatty

Forum User
Full Member
Registered: 01/21/02
Posts: 269
That was it! Thanks Tom!---Danny @ squatty.com
In a world without walls and fences, who needs Windows and Gates?
 Quote
 New Topic  Post Reply
All times are EST. The time is now 10:58 am.
  • Normal Topic
  • Sticky Topic
  • Locked Topic
  • New Post
  • Sticky Topic W/ New Post
  • Locked Topic W/ New Post
  •  View Anonymous Posts
  •  Able to post
  •  Filtered HTML Allowed
  •  Censored Content