SitePoint Sponsor

User Tag List

Results 1 to 25 of 25
  1. #1
    SitePoint Addict
    Join Date
    Mar 2011
    Location
    Manchester, UK
    Posts
    226
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    PHP - Sessions - Works & Doesnt Other Days

    On the admin pages Iíve done it so if an Admin session is not created then it takes them back to the login area. On the login area Iíve coded it so if the login details are correct then it creates the session:

    PHP Code:
    $_SESSION['AdminID']=$adminid
    Now below is the code I use to check if the session exists.

    PHP Code:
    if (isset($_SESSION["AdminID"])) {

    //code

    }
    else{
    //NO LOGIN - SEND TO LOGIN
    header('Location: http://www.***********.com/****/***/index.php'); 

    Now Iíve been having problems with this, for example today I cannot login and it takes me back to the login page, and on other days I can login fine. Why would it work some days and not work on other days, I need this fixed so your help is much appreciated. Is there a better way of protecting my admin pages?

    Thank you.
    You're Help Does Not Go Unnoticed, I have So Far Donated £25 GBP
    To Cancer Research UK As A Thank You To All The SitePoint
    Members That Have Helped Me In The PHP Forum Thank You!

  2. #2
    SitePoint Wizard silver trophybronze trophy Cups's Avatar
    Join Date
    Oct 2006
    Location
    France, deep rural.
    Posts
    6,869
    Mentioned
    17 Post(s)
    Tagged
    1 Thread(s)
    are you calling session_start() on every page?

  3. #3
    SitePoint Addict
    Join Date
    Mar 2011
    Location
    Manchester, UK
    Posts
    226
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yep session_start(); is on the second line of every page after <?php

    Thanks.
    You're Help Does Not Go Unnoticed, I have So Far Donated £25 GBP
    To Cancer Research UK As A Thank You To All The SitePoint
    Members That Have Helped Me In The PHP Forum Thank You!

  4. #4
    Keeper of the SFL StarLion's Avatar
    Join Date
    Feb 2006
    Location
    Atlanta, GA, USA
    Posts
    3,748
    Mentioned
    72 Post(s)
    Tagged
    0 Thread(s)
    more header redirects. Ew.

  5. #5
    SitePoint Addict
    Join Date
    Mar 2011
    Location
    Manchester, UK
    Posts
    226
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by StarLion View Post
    more header redirects. Ew.
    Haha sorry StarLion I'm still fairly new to PHP so any suggestions are welcomed
    You're Help Does Not Go Unnoticed, I have So Far Donated £25 GBP
    To Cancer Research UK As A Thank You To All The SitePoint
    Members That Have Helped Me In The PHP Forum Thank You!

  6. #6
    Keeper of the SFL StarLion's Avatar
    Join Date
    Feb 2006
    Location
    Atlanta, GA, USA
    Posts
    3,748
    Mentioned
    72 Post(s)
    Tagged
    0 Thread(s)
    Admin directory header.php:
    PHP Code:
    <?php
    session_start
    ();
    if(!isset(
    $_SESSION['AdminID'])) { ///Not logged in, eh?
     
    include_once('login.php'); //Here is my login form.
     
    die(); //Now stop processing.
    }

  7. #7
    SitePoint Guru r2d2's Avatar
    Join Date
    Dec 2003
    Location
    In my van, fool!
    Posts
    646
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Comment out the 'header' call, and put

    Code:
    var_dump($_SESSION);
    underneath it. This will help you discover more on what is going wrong.

  8. #8
    SitePoint Addict
    Join Date
    Mar 2011
    Location
    Manchester, UK
    Posts
    226
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    StarLion i tried your code and same thing was happening.

    R2D2 I've done what you said and here is the output:

    array(1) { ["AffID"]=> string(1) "4" }
    Now that AffID is the session from the members area, so I'm guessing the 2 sessions are conflicting each other. How do i get round this even though i've named the sessions differently?

    Thanks for the help so far guys!
    You're Help Does Not Go Unnoticed, I have So Far Donated £25 GBP
    To Cancer Research UK As A Thank You To All The SitePoint
    Members That Have Helped Me In The PHP Forum Thank You!

  9. #9
    Keeper of the SFL StarLion's Avatar
    Join Date
    Feb 2006
    Location
    Atlanta, GA, USA
    Posts
    3,748
    Mentioned
    72 Post(s)
    Tagged
    0 Thread(s)
    'named the sessions differently'???

    Sessions... dont have names?

  10. #10
    SitePoint Addict
    Join Date
    Mar 2011
    Location
    Manchester, UK
    Posts
    226
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Ah, well what's the $_SESSION['AdminID'] (AdminID) for then as i named them both differently?
    You're Help Does Not Go Unnoticed, I have So Far Donated £25 GBP
    To Cancer Research UK As A Thank You To All The SitePoint
    Members That Have Helped Me In The PHP Forum Thank You!

  11. #11
    SitePoint Guru r2d2's Avatar
    Join Date
    Dec 2003
    Location
    In my van, fool!
    Posts
    646
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    There is only one $_SESSION array. You are trying to create two different entries within the array. It should work as you expect it too, but something is obviously going wrong.

    How do you assign your `AffID`? Do you have anything else that is accessing $_SESSION?

  12. #12
    SitePoint Addict
    Join Date
    Mar 2011
    Location
    Manchester, UK
    Posts
    226
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Well this is the code i am using:

    PHP Code:
    <?
    session_start
    ();
    // Quote variable to make safe  
    function quote_smart($value)  
    {  
       
    // Stripslashes  
       
    if (get_magic_quotes_gpc()) {  
           
    $value stripslashes($value);  
       }  
       
    // Quote if not a number or a numeric string  
       
    if (!is_numeric($value)) {  
           
    $value "'" mysql_real_escape_string($value) . "'";  
       }  
       return 
    $value;  
    // end make safe


    /*Retrive Database Connection Login*/
    require("./databaseconnection.php");


    $email=$_POST['Email'];
    $adminpassword=$_POST['Password'];

    mysql_connect(localhost,$username,$password);

    @
    mysql_select_db($database) or die( "Oops theres an error, our highly trained monkeys have been notified.");


    $query sprintf("SELECT * FROM admins WHERE Email=%s and Password=%s",
                
    quote_smart($email),
                
    quote_smart($adminpassword));

    //echo $query;
    mysql_query($query);
    $result mysql_query($query);
    $count=mysql_num_rows($result);
    mysql_close();

    while(
    $row mysql_fetch_array($result))
      {
      
    //echo $row['Pixel'];
      
    $adminid=$row['AdminID'];
      }

    if(
    $count==1){
        
        
    // store session data
        
    $_SESSION['AdminID']=$adminid;
        
    //echo $_SESSION['AdminID'];
        
        
    header'Location: http://xxxxxxxxxx.com/xxxx/xxxxx/admin.php' ) ;
    }
    else {
    header'Location: http://xxxxxxxxx.com/xxxxxx/xxxxxx/index.php?s=failed' ) ;
    }

    ?>
    I know that they are being sent to admin.php as i can see this using a FireFox addon. But admin.php keeps sending me back to the login area as its saying the session doesnt exist. Any help would be great please.
    You're Help Does Not Go Unnoticed, I have So Far Donated £25 GBP
    To Cancer Research UK As A Thank You To All The SitePoint
    Members That Have Helped Me In The PHP Forum Thank You!

  13. #13
    Keeper of the SFL StarLion's Avatar
    Join Date
    Feb 2006
    Location
    Atlanta, GA, USA
    Posts
    3,748
    Mentioned
    72 Post(s)
    Tagged
    0 Thread(s)
    and on admin.php, line 1 is <?php,
    line 2 is session_start,
    line 3 is if (isset($_SESSION["AdminID"])) {
    ?

  14. #14
    SitePoint Addict
    Join Date
    Mar 2011
    Location
    Manchester, UK
    Posts
    226
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Correct:

    PHP Code:
    <?php
    session_start
    ();
    if (isset(
    $_SESSION["AdminID"])) { 
    //THEN
    You're Help Does Not Go Unnoticed, I have So Far Donated £25 GBP
    To Cancer Research UK As A Thank You To All The SitePoint
    Members That Have Helped Me In The PHP Forum Thank You!

  15. #15
    SitePoint Addict
    Join Date
    Mar 2011
    Location
    Manchester, UK
    Posts
    226
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    But then it cant be the admin page causing the problem is for some reason there is no session is being saved in the first place right? It has to be the login code but as you can see i am saving the session, so I'm all confused why its not working
    You're Help Does Not Go Unnoticed, I have So Far Donated £25 GBP
    To Cancer Research UK As A Thank You To All The SitePoint
    Members That Have Helped Me In The PHP Forum Thank You!

  16. #16
    Keeper of the SFL StarLion's Avatar
    Join Date
    Feb 2006
    Location
    Atlanta, GA, USA
    Posts
    3,748
    Mentioned
    72 Post(s)
    Tagged
    0 Thread(s)
    databaseconnection.php isnt destroying the session, is it?

  17. #17
    SitePoint Guru r2d2's Avatar
    Join Date
    Dec 2003
    Location
    In my van, fool!
    Posts
    646
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You're calling `mysql_close();` before you actually call ` mysql_fetch_array($result)`! There is probably an error being output when you try to do this or try to use `$adminid` - are you displaying errors? I guess not because the header call is working.

    Anyway, just take out the `mysql_close()` altogether - it'll get closed when the script finishes anyway.

  18. #18
    SitePoint Addict
    Join Date
    Mar 2011
    Location
    Manchester, UK
    Posts
    226
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by StarLion View Post
    databaseconnection.php isnt destroying the session, is it?
    Nope all thats in there is the following:

    PHP Code:
    <?
    /*DATABASE LOGIN INFORMATION*/
    $username="*******";
    $password="*******";
    $database="*******";

    /*DATABASE LOGIN INFORMATION*/
    $usernameadmin="*******";
    ?>
    You're Help Does Not Go Unnoticed, I have So Far Donated £25 GBP
    To Cancer Research UK As A Thank You To All The SitePoint
    Members That Have Helped Me In The PHP Forum Thank You!

  19. #19
    SitePoint Addict
    Join Date
    Mar 2011
    Location
    Manchester, UK
    Posts
    226
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by r2d2 View Post
    You're calling `mysql_close();` before you actually call ` mysql_fetch_array($result)`! There is probably an error being output when you try to do this or try to use `$adminid` - are you displaying errors? I guess not because the header call is working.

    Anyway, just take out the `mysql_close()` altogether - it'll get closed when the script finishes anyway.
    I've done and still the same problem

    Is there a better way of protecting my admin pages instead of sessions?
    You're Help Does Not Go Unnoticed, I have So Far Donated £25 GBP
    To Cancer Research UK As A Thank You To All The SitePoint
    Members That Have Helped Me In The PHP Forum Thank You!

  20. #20
    Keeper of the SFL StarLion's Avatar
    Join Date
    Feb 2006
    Location
    Atlanta, GA, USA
    Posts
    3,748
    Mentioned
    72 Post(s)
    Tagged
    0 Thread(s)
    Not really... but i dont see why what you have isnt working :/

  21. #21
    SitePoint Guru r2d2's Avatar
    Join Date
    Dec 2003
    Location
    In my van, fool!
    Posts
    646
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Try setting adminID to something more basic, eg:

    $_SESSION['AdminID']="1234";

    Also, try commenting out the header calls in the login script, and echo some info, so you can see what is going on, i.e. $count and $adminid.

  22. #22
    SitePoint Addict
    Join Date
    Mar 2011
    Location
    Manchester, UK
    Posts
    226
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    PHP Code:
    echo $_SESSION['AdminID']; 
    on the login page outputs the value 1 which is correct. So why when i go to admin.php is the session gone?
    You're Help Does Not Go Unnoticed, I have So Far Donated £25 GBP
    To Cancer Research UK As A Thank You To All The SitePoint
    Members That Have Helped Me In The PHP Forum Thank You!

  23. #23
    SitePoint Addict
    Join Date
    Mar 2011
    Location
    Manchester, UK
    Posts
    226
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Well this is weird, I'd like to say a big thanks to Dave Alongi for fixing my issue. The problem was on the location it needed to have www. in it.

    Not sure why but its done the trick

    Thanks for the help guys again!
    You're Help Does Not Go Unnoticed, I have So Far Donated £25 GBP
    To Cancer Research UK As A Thank You To All The SitePoint
    Members That Have Helped Me In The PHP Forum Thank You!

  24. #24
    Keeper of the SFL StarLion's Avatar
    Join Date
    Feb 2006
    Location
    Atlanta, GA, USA
    Posts
    3,748
    Mentioned
    72 Post(s)
    Tagged
    0 Thread(s)
    Because the domain of the session didnt match. Yet another reason I dont use header(Location) ! ;P

  25. #25
    SitePoint Member
    Join Date
    Sep 2011
    Posts
    5
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I think the names of variables change. Hopefully this problem is solved.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •