I realise that this might be a VERY obscure question but it's driving me mad, I have 5 extra characters being inserted into the URL while navigating between the pages on my site. (eg. http://track.chhs.nsw.edu.au/UXTWP/userAccount.php?) The UXTWP is being added and I'm not sure where from but it is breaking the navigation randomly.
The site is hosted on goDaddy. It contains HTML CSS PHP JavaScript and mySQL. Everything was working well until I added a "fix" in PHP to stop a potential 'hack' that would use an id being passed in the URL to switch the viewed content. I'm not sure this was the problem but that was the most recent change before the errors started occurring.
this is the site I also looked to place the code up on phpfiddle but I'm not sure what to add?
if(isset($_GET['a'])){
if(strpos($userRow['sID'], $_GET['a']) !== false) {
$_SESSION['student']=$_GET['a'];
$tempArray = db_select("SELECT * FROM student WHERE sID ='".$_SESSION['student']."'");
$studentRow = array_shift($tempArray);
$_SESSION['impactTool'] =$studentRow['impactAssToolID'];
$SName = $studentRow['sName'];
$SDOB = $studentRow['dob'];
$SFormDate = $studentRow['formDate'];
$prevInf = $studentRow['prevInfo'];
$famInf = $studentRow['famInfo'];
$contInf = $studentRow['contextInfo'];
$impactIDMsg = "?z=".$_SESSION['impactTool'];
$btnFlag = true;
}else{
header("Location:logout.php");
}
The intention is to dump the user back to the login screen via logout if they attempt to access a student's detail that doesn't belong to them.
Thanks in advance for any help provided.
