User Session Problems in PHP

Asked

Viewed 65 times

0

I own a betting system, in that system I have dealers to sell the bets, and they get commission for it.

The problem is: When many dealers are online selling and registering the bets in the system, at some point the dealer’s 1 betting sale is registered to the dealer 5.

The fact is that this doesn’t make any sense, I’ve read the code several times and I don’t find the problem.. Maybe the people here in the community can help me out

public function logar($cpf, $senha, $con)
    {
        // Prepara Query for Update Login
        $query = "UPDATE `user` SET `last_login`  = NOW() WHERE `cpf` = '$cpf'";

        // executa a query
        $dados = mysqli_query($con, $query) or die(mysqli_error($con));

        // Prepara Query
        $query = "SELECT * FROM `user` WHERE `cpf`  = '$cpf' AND `senha` = '$senha'";

        // executa a query
        $dados = mysqli_query($con, $query) or die(mysqli_error($con));

        // 20/10/14 - Essa Linha Chama o primeiro registro, então na consulta só mostra do segundo valor em diante
        $linha = mysqli_fetch_assoc($dados);

        // transforma os dados em um array
        /* 20/10/14 - Essa Linha Reseta as Chamadas para poder exibir do primeiro em Diante */
        mysqli_data_seek($dados, '0');

        // calcula quantos dados retornaram no total
        $total = mysqli_num_rows($dados);

        if ($total == 1) {
            $_SESSION["id"] = $linha["id"];
            $_SESSION["nome"] = $linha["nome"];
            $_SESSION["cpf"] = $linha["cpf"];
            $_SESSION["nivel"] = $linha["nivel"];


            if ($linha['nivel'] == 2){
                header("Location: ../colab_dash.php");
            }
            elseif ($linha['nivel'] == 1){
                header("Location: ../op_dash.php");
            }
            elseif ($linha['nivel'] == 3){
                header("Location: ../adm_dash.php");
            }
        }
        else
            echo "<div class='alert alert-warning'>
                <button type='button' class='close' data-dismiss='alert' aria-hidden='true'>&times;</button>
                <strong>CPF ou Senha Inválidos</strong> Verifique suas informações e tente novamente
            </div>";

    }

Edited: Function that registers the bets sold;

public function setBet($punter_name, $punter_phone, $value, $colab_id, $array_match_and_bet, $status_bet, $con)
    {
        $query = "SET TIME_ZONE = '-03:00';";
        $con->query($query) or die('Erro na definição da timezone, tente mais tarde');
        // Cadastrar Cabeçalho e Pegar ID Aposta
        $query = "INSERT INTO bet(id, punter_name, punter_phone, value, colab_id, date_time, possible_prize, status_bet) values(NULL, '$punter_name', '$punter_phone', '$value', '$colab_id', now(), 0, $status_bet);";
        $data = $con->query($query) or die('Erro na inserção, tente mais tarde');
        $last_id = $con->insert_id; // aqui guarda este e só este id, desta conecção que inseriu o novo dado

            // Hora de cadastrar as partidas selecionadas Bitch
            sort($array_match_and_bet);
            $count = count($array_match_and_bet);
            for ($i=0; $i < $count ; $i++) { 
                $match_and_bet = explode('-', $array_match_and_bet[$i]);
                // var_dump($match_and_bet);
                $id_match = $match_and_bet[0];
                $type_bet = $match_and_bet[1];
                $odd_at_time = $match_and_bet[2];
                // Vetor para ser utilizado no calculo do premio possivel
                $odds[] = $match_and_bet[2];
                $query = "INSERT INTO `bet_matches` SET match_id = $id_match, type_bet = '$type_bet', bet_id = $last_id, datetime_add = now(), odd_at_time = $odd_at_time";
                // var_dump($query);
                $data = mysqli_query(Conexao::conectar(), $query);
                if (!$data) {
                    exit();
                }
            }
            // Calcula a cotacao
            $possible_prize = Bet::calcBetPossiblePrize($odds) * $value;
            // Guarda o Premio Possivel
            Bet::setPossiblePrize($possible_prize, $last_id);

            if ($data) {
                    header("Location: ../bet_details.php?bet_id=".$last_id."&msg=betMakeSuccess");
                }
                else{
                    header("Location: ../bet_details.php?bet_id=".$last_id."&msg=betMakeDuplicate");
                }
    }
  • 1

    This always happens to the same dealers?

  • Always with the same

  • 1

    By chance these resellers access different accounts through the same browser?

  • Yes, they access different accounts via Chrome, but each with their own device

  • That’s not what I meant, I want to know if they access from the same browser on the same machine. Kind by different tabs, but in the same browser and PC.

  • @Fleuquerlima the devices are different, and now the dealer 2 also ended up accessing the login of the 5 ... It must have something to do with the passwords not being on md5 ?

  • This password fact does not interfere.. It is accessing someone else’s login or registering in place of someone else’s?

Show 2 more comments
No answers

Browser other questions tagged

You are not signed in. Login or sign up in order to post.