SitePoint Sponsor

User Tag List

Results 1 to 7 of 7
  1. #1
    SitePoint Enthusiast
    Join Date
    Feb 2006
    Posts
    41
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    help session keeps timing out

    I have aproblem with one of my pages. When the page loads up it knows there is a session (user is logged) but when i click on a button (submit to update the sql) i get a redirected to my login screen. (the session is removed i think).

    This is my authentication page. (auth.php)

    PHP Code:
    <? 

    // Login & Session 
    // auth.php 

    // start session 
    session_start(); 

    // connect to database 
    require("connect.php"); 

    // convert username and password from _POST or _SESSION 
    if($_POST){ 
      
    $_SESSION['username']=$_POST["username"]; 
      
    $_SESSION['password']=$_POST["password"];   


    // query for a user/pass match 
    $result=mysql_query("select * from Admin where UserName='" $_SESSION['username'] . "' and Password='" $_SESSION['password'] . "'"); 

    // retrieve number of rows resulted 
    $num=mysql_num_rows($result);  

    // print login form and exit if failed. 
    if($num 1){ 
      echo 
    "You are not authenticated.  Please login.<br><br> 
       

      <form method=POST action=index.php> 
      username: <input type=text name=\"username\"> 
      password: <input type=password name=\"password\"> 
      <input type=submit> 
      </form>"

    echo 
    '<a href="forgot.php">Forgot Password</a><br>';
      exit; 


    ?>
    And this is the page which keeps getting the session problem when i click delete.
    PHP Code:
    <?php
        
    include("connect.php");
    // include auth and nav 
    require_once("auth.php"); 


        
    // initialization
        
    $result_array = array();
        
    $counter 0;
    $images_dir "../cars";

        
    $cid = (int)($_GET['cid']);
        
    $pid = (int)($_GET['pid']);

        
    // Full Size View of Photo
        
    if( $pid && $cid )

        {
            
    $result mysql_query"SELECT photo_caption,photo_filename FROM car_photos WHERE photo_id='".addslashes($pid)."' AND car_id='".addslashes($cid)."'" );

            list(
    $photo_caption$photo_filename) = mysql_fetch_array$result );
            
    $nr mysql_num_rows$result );
            
    mysql_free_result$result );    

            if( empty( 
    $nr ) )
            {
                
    $result_final "\t<tr><td>No Photo found</td></tr>\n";
            }
            else
            {
                
    $result_final .= "<tr>\n\t<td align='center'>
                        <br />
                        <img src='"
    .$images_dir."/".$photo_filename."' border='0' alt='".$photo_caption."' />
                        <br />
                        
    $photo_caption
                        </td>
                        </tr>"
    ;
            }
        }
        else
        {
            
    $result_final "\t<tr><td>No Photo found</td></tr>\n";
        }

    //code to delete image
    if(isset($submit))

    $result mysql_query("
       SELECT photo_filename
       FROM car_photos
       WHERE photo_id = '" 
    addslashes($pid) . "'");
    list(
    $filename) = mysql_fetch_array($result);
    mysql_free_result($result);

    unlink($images_dir '/' $filename);
    unlink($images_dir '/tb_' $filename);

    mysql_query("DELETE FROM car_photos WHERE photo_id=$pid");
    }
    //end delete code



    //code to edit caption
    if(isset($edit))
    {
    mysql_query"UPDATE car_photos SET photo_caption='".addslashes$caption )."' WHERE photo_id='".addslashes$pid )."'"  );
    }
    //end edit code


    // Final Output
    echo <<<__HTML_END
    __HTML_END;
    ?>

    <html>
    <head>
    <title>HiTechTune - Browse Image</title>
    <META HTTP-EQUIV="imagetoolbar" CONTENT="no">
    </script>
    </head>
    <body>
    <table border="0" width="100%" id="table1" height="619">
    <?php echo "$result_final"?>
    </table>
    <a href="javascript:window.close()">Close Window</a>
    <form method="post">
    <b>Update Caption:</b><br />
    Update Caption: <input type="text" name="caption" value="<?php echo "$photo_caption"?>" /><br />
    <input type="submit" value="Edit" name="edit" />
    </form>
    <form method="POST">
        <p><input type="submit" value="Delete Photo" name="submit" onCLick="return confirm('Are you SURE you want to delete this photo?')"></p>
    </form>
    </body>
    </html>
    any help will be appreciated.
    thanks

  2. #2
    SitePoint Evangelist ClickHeRe's Avatar
    Join Date
    Mar 2005
    Location
    Ottawa, Canada
    Posts
    580
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    what's in connect.php ?
    David

  3. #3
    SitePoint Member
    Join Date
    Feb 2006
    Posts
    7
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I could be wrong here, but:

    problem script
    Code:
        include("connect.php");
    // include auth and nav
    require_once("auth.php");
    and

    auth.php
    Code:
     
    // start session
    session_start();
    
    // connect to database
    require("connect.php");
    are where your problems lay.

    Notice that you are requiring auth.php into your problem script, which already has connect.php included already within the auth.php script. In essense, you are calling connect.php twice. Also, notice where your session_start() line comes into play with the location of your auth include statement within the problem script.

    Try this in your problem script:


    Remove:

    problem script
    Code:
        include("connect.php");
    // include auth and nav
    require_once("auth.php");
    from your top section in the problem code

    AND

    Replace with:
    Code:
    require_once("auth.php");
    into the top section of the problem code


    Problem script should now look like:

    Code:
    <?php
    
    require_once("auth.php");
    
    
        // initialization
        $result_array = array();
        $counter = 0;
    $images_dir = "../cars";
    
        $cid = (int)($_GET['cid']);
        $pid = (int)($_GET['pid']);
    
        // Full Size View of Photo
        if( $pid && $cid )
    
        {
            $result = mysql_query( "SELECT photo_caption,photo_filename FROM car_photos WHERE photo_id='".addslashes($pid)."' AND car_id='".addslashes($cid)."'" );
    
            list($photo_caption, $photo_filename) = mysql_fetch_array( $result );
            $nr = mysql_num_rows( $result );
            mysql_free_result( $result );    
    
            if( empty( $nr ) )
            {
                $result_final = "\t<tr><td>No Photo found</td></tr>\n";
            }
            else
            {
                $result_final .= "<tr>\n\t<td align='center'>
                        <br />
                        <img src='".$images_dir."/".$photo_filename."' border='0' alt='".$photo_caption."' />
                        <br />
                        $photo_caption
                        </td>
                        </tr>";
            }
        }
        else
        {
            $result_final = "\t<tr><td>No Photo found</td></tr>\n";
        }
    
    //code to delete image
    if(isset($submit))
    {
    $result = mysql_query("
       SELECT photo_filename
       FROM car_photos
       WHERE photo_id = '" . addslashes($pid) . "'");
    list($filename) = mysql_fetch_array($result);
    mysql_free_result($result);
    
    unlink($images_dir . '/' . $filename);
    unlink($images_dir . '/tb_' . $filename);
    
    mysql_query("DELETE FROM car_photos WHERE photo_id=$pid");
    }
    //end delete code
    
    
    
    //code to edit caption
    if(isset($edit))
    {
    mysql_query( "UPDATE car_photos SET photo_caption='".addslashes( $caption )."' WHERE photo_id='".addslashes( $pid )."'"  );
    }
    //end edit code
    
    
    // Final Output
    echo <<<__HTML_END
    __HTML_END;
    ?>
    
    <html>
    <head>
    <title>HiTechTune - Browse Image</title>
    <META HTTP-EQUIV="imagetoolbar" CONTENT="no">
    </script>
    </head>
    <body>
    <table border="0" width="100%" id="table1" height="619">
    <?php echo "$result_final"; ?>
    </table>
    <a href="javascript:window.close()">Close Window</a>
    <form method="post">
    <b>Update Caption:</b><br />
    Update Caption: <input type="text" name="caption" value="<?php echo "$photo_caption"; ?>" /><br />
    <input type="submit" value="Edit" name="edit" />
    </form>
    <form method="POST">
        <p><input type="submit" value="Delete Photo" name="submit" onCLick="return confirm('Are you SURE you want to delete this photo?')"></p>
    </form>
    </body>
    </html>

  4. #4
    SitePoint Enthusiast
    Join Date
    Feb 2006
    Posts
    41
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    this is my connect file.
    PHP Code:
    <?
    $db_host 
    "localhost";
    $db_username "xxx";
    $db_password "xxx";
    $db_name "xxxx";

    $connection mysql_connect($db_host$db_username$db_password) or die(mysql_error());
    $db mysql_select_db($db_name$connection);

  5. #5
    SitePoint Enthusiast
    Join Date
    Feb 2006
    Posts
    41
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    just a reminder.
    that the problem script opens up without any trouble. (so i believe it is getting validated to see if user has logged in)

    but when i click on a button thats when i get redirected to my login screen which should only happen when the user is not logged in.

    thanks

  6. #6
    SitePoint Member
    Join Date
    Feb 2006
    Posts
    7
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Well, one of the other problems is this:

    auth.php
    Code:
    if($_POST){
    Since you are including the auth.php file in the wrong manner, and have nothing set for the log in action but $_POST, when you "post" to delete, the included auth.php file picks it up and starts the log in process all over again, completely nullifying your delete statement of:

    if delete statement

    Code:
    if(isset($submit))
    It is important to make sure you have all include and require files in their proper places of order and only once as I suggested above, otherwise things like this can happen.

    I would try to add some type of statement to the login portion of your if statement in auth.php instead of using just $_POST. Something like:

    Code:
    if ($_POST['login']) {
    Then, make the changes I suggested above in a previous post, and then try it.

  7. #7
    SitePoint Enthusiast
    Join Date
    Feb 2006
    Posts
    41
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    thanks mate.
    worked like a charm.
    cheers


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •