sessions issue

[mrweirdo]

hello I am having a little problem with sessions in my login script and admin area script. The actual login and then verification works fine on both scripts. What doesnt seem to want to work is a second session that i want to hold the username so i can then get it and use it later in certain areas of the admin script.

here is the login script(index.php):

PHP Code:

<?
session_start();
// gets db conection info and function
require 'common.php';
$username = $_POST['username'];
$password = $_POST['password'];
$password = md5($password);

// Prepeare the query
$dbcnx = dbopen();
$sql = "SELECT user_id, user_password FROM users WHERE username = '$username' AND  user_password = '$password' AND  user_level = '1'";

// Exec the query
if ( $result = mysql_query($sql) ) {
  // Get user's id and password
  list($userid, $real_password) = mysql_fetch_row($result);

    // check user iputed password between db user password
    if ($userid > 0 && md5($_POST['password'] ) == $real_password ) {
      // If userid is bigger then 0 then test the password
      // If encrypted passwords match, set the sesssion
      // variable and redirect the user.
      $_SESSION['user_logged_in'] = $userid;
      $_SESSION['username'] = $username;
      header('location: index2.php');
    }
    else {
      // Else just complain about bad combo.
      include'../templates/admin/login.inc.php';
  }
}
else {
  // Bad mysql query.
  // Remove this when going public or just
  // replace it with some simple echo.
  trigger_error(mysql_error(), E_USER_ERROR);
}
mysql_close($dbcnx);
?>

I was able to coment out the header(); and put an echo above that for example echo'welcome ' . $_SESSION['username'] . ' to the site';
and that worked ok.

now on to the admin area were the real problem shows.
(index2.php)

PHP Code:

<?
require 'common.php';
$username=$_SESSION['username'];

if(!$_SESSION['user_logged_in'] > 0){
    $index = 'selected';
    //:: Redirect To Do Setting Editing
    if (!isset($_GET['do']) || $_GET['do'] == '') {
        @header('Location: index2.php?do=index');
    }
    elseif ($_GET['do'] == 'index') {
        echo '<html><head><title>Admin Pannel</title></head>
        <frameset cols="138,*" frameborder="NO" border="0" framespacing="0" rows="*">
        <frame name="leftFrame" scrolling="NO" noresize src="index2.php?do=nav">
        <frame name="mainFrame" src="index2.php?do=welcome">
        </frameset>
        <noframes>
        <body bgcolor="#FFFFFF" text="#000000">
        </body>
        </noframes>';
    }
    elseif ($_GET['do'] == 'nav') {
        @include'../templates/admin/nav.inc.php';
    }
    elseif ($_GET['do'] == 'welcome') {
        echo 'Welcome ' . $username . ' to the Admin Pannel Area for Team Members only';
    }
} else {
@header('location: index.php');
}
?>

This is were if I try to print out the session username it will not show up.

Any ideas on how i can fix this? using php version 4.2.2 on a redhat 9 box with register globals off if that makes any difference. *Note that stuff canot be changed like globals turned on, etc.

[industry]

try to use $_SESSION['username'] instead.

[mrweirdo]

isnt that what i allready have in there ?

[N9ne]

I think he means to print out $_SESSION['username']

[nabeel]

what i did was include one session.php file which handled all of the sessions and a seperate login script.

but oh yeah
on top of index2.php
add a session_start()

[weirdbeardmt]

you'll need session_start(); at the top of your index2.php

[mrweirdo]

ok i have added session_start(); at the top of index2.php. Now the login doesnt work at all. But if i remove it again it will allow me to log in again
Any Ideas ?

[nabeel]

what is your sql query returning? and what do you mean doesnt work at all?

[mrweirdo]

by doesnt work at all I mean after submiting the login form it just returns you right back to it and doesnt allow you to login.

I found a sessions tutorial at http://plebian.com/news.php?artc=30 for register globals being off. So anyways i tryed adding the line session_name('user_logged_in');
above session_start();
and now the login portion is working again i can one again log back in from the login form under index.php and get into the admin panel at index2.php. But still no luck with geting the username to show up like before or after adding aouther line session_name('username');
above
above session_start();

I am wondering if i have to have those in the index2.php page as well.
*edit*
I tryed adding it to the second page and still no luck geting the username to show up and in fact the entire login stoped working again and it was just sending me back to the login form.

[mrweirdo]

dont realy know what i did but i removed the session_name('user_logged_in');
session_name('username');
before session_start();
on both pages and then i removed the ! from if(!$_SESSION['user_logged_in'] > 0){
in index2.php and now both the login work and the username shows up

thanks for spending the time to try to help me out everyone that posted in this thread