PHP - Sessions - Works & Doesnt Other Days

**AdWarm** · Sep 13, 2011 06:21

On the admin pages I’ve done it so if an Admin session is not created then it takes them back to the login area. On the login area I’ve coded it so if the login details are correct then it creates the session:

PHP Code:


$_SESSION['AdminID']=$adminid;

Now below is the code I use to check if the session exists.

PHP Code:


if (isset($_SESSION["AdminID"])) {



//code



}

else{

//NO LOGIN - SEND TO LOGIN

header('Location: http://www.***********.com/****/***/index.php'); 

}

Now I’ve been having problems with this, for example today I cannot login and it takes me back to the login page, and on other days I can login fine. Why would it work some days and not work on other days, I need this fixed so your help is much appreciated. Is there a better way of protecting my admin pages?

Thank you.

**Cups** · Sep 13, 2011 06:34

are you calling session_start() on every page?

**AdWarm** · Sep 13, 2011 06:37

Yep session_start(); is on the second line of every page after <?php

Thanks.

**StarLion** · Sep 13, 2011 06:45

more header redirects. Ew.

**AdWarm** · Sep 13, 2011 06:48

Originally Posted by StarLion

more header redirects. Ew.

Haha sorry StarLion I'm still fairly new to PHP so any suggestions are welcomed

**StarLion** · Sep 13, 2011 06:50

Admin directory header.php:

PHP Code:


<?php
session_start();
if(!isset($_SESSION['AdminID'])) { ///Not logged in, eh?
 include_once('login.php'); //Here is my login form.
 die(); //Now stop processing.
}

**r2d2** · Sep 13, 2011 06:53

Comment out the 'header' call, and put

Code:

var_dump($_SESSION);

underneath it. This will help you discover more on what is going wrong.

**AdWarm** · Sep 13, 2011 07:03

StarLion i tried your code and same thing was happening.

R2D2 I've done what you said and here is the output:

array(1) { ["AffID"]=> string(1) "4" }

Now that AffID is the session from the members area, so I'm guessing the 2 sessions are conflicting each other. How do i get round this even though i've named the sessions differently?

Thanks for the help so far guys!

**StarLion** · Sep 13, 2011 07:11

'named the sessions differently'???

Sessions... dont have names?

**AdWarm** · Sep 13, 2011 07:17

Ah, well what's the $_SESSION['AdminID'] (AdminID) for then as i named them both differently?

**r2d2** · Sep 13, 2011 07:21

There is only one $_SESSION array. You are trying to create two different entries within the array. It should work as you expect it too, but something is obviously going wrong.

How do you assign your `AffID`? Do you have anything else that is accessing $_SESSION?

**AdWarm** · Sep 13, 2011 07:29

Well this is the code i am using:

PHP Code:


<?
session_start();
// Quote variable to make safe  
function quote_smart($value)  
{  
   // Stripslashes  
   if (get_magic_quotes_gpc()) {  
       $value = stripslashes($value);  
   }  
   // Quote if not a number or a numeric string  
   if (!is_numeric($value)) {  
       $value = "'" . mysql_real_escape_string($value) . "'";  
   }  
   return $value;  
} // end make safe


/*Retrive Database Connection Login*/
require("./databaseconnection.php");


$email=$_POST['Email'];
$adminpassword=$_POST['Password'];

mysql_connect(localhost,$username,$password);

@mysql_select_db($database) or die( "Oops theres an error, our highly trained monkeys have been notified.");


$query = sprintf("SELECT * FROM admins WHERE Email=%s and Password=%s",
            quote_smart($email),
            quote_smart($adminpassword));

//echo $query;
mysql_query($query);
$result = mysql_query($query);
$count=mysql_num_rows($result);
mysql_close();

while($row = mysql_fetch_array($result))
  {
  //echo $row['Pixel'];
  $adminid=$row['AdminID'];
  }

if($count==1){
    
    // store session data
    $_SESSION['AdminID']=$adminid;
    //echo $_SESSION['AdminID'];
    
    header( 'Location: http://xxxxxxxxxx.com/xxxx/xxxxx/admin.php' ) ;
}
else {
header( 'Location: http://xxxxxxxxx.com/xxxxxx/xxxxxx/index.php?s=failed' ) ;
}

?>

I know that they are being sent to admin.php as i can see this using a FireFox addon. But admin.php keeps sending me back to the login area as its saying the session doesnt exist. Any help would be great please.

**StarLion** · Sep 13, 2011 07:36

and on admin.php, line 1 is <?php,
line 2 is session_start,
line 3 is if (isset($_SESSION["AdminID"])) {
?

**AdWarm** · Sep 13, 2011 07:38

Correct:

PHP Code:


<?php
session_start();
if (isset($_SESSION["AdminID"])) { 
//THEN

**AdWarm** · Sep 13, 2011 07:42

But then it cant be the admin page causing the problem is for some reason there is no session is being saved in the first place right? It has to be the login code but as you can see i am saving the session, so I'm all confused why its not working

**StarLion** · Sep 13, 2011 07:46

databaseconnection.php isnt destroying the session, is it?

**r2d2** · Sep 13, 2011 07:48

You're calling `mysql_close();` before you actually call ` mysql_fetch_array($result)`! There is probably an error being output when you try to do this or try to use `$adminid` - are you displaying errors? I guess not because the header call is working.

Anyway, just take out the `mysql_close()` altogether - it'll get closed when the script finishes anyway.

**AdWarm** · Sep 13, 2011 07:50

Originally Posted by StarLion

databaseconnection.php isnt destroying the session, is it?

Nope all thats in there is the following:

PHP Code:


<?
/*DATABASE LOGIN INFORMATION*/
$username="*******";
$password="*******";
$database="*******";

/*DATABASE LOGIN INFORMATION*/
$usernameadmin="*******";
?>

**AdWarm** · Sep 13, 2011 08:02

Originally Posted by r2d2

You're calling `mysql_close();` before you actually call ` mysql_fetch_array($result)`! There is probably an error being output when you try to do this or try to use `$adminid` - are you displaying errors? I guess not because the header call is working.

Anyway, just take out the `mysql_close()` altogether - it'll get closed when the script finishes anyway.

I've done and still the same problem

Is there a better way of protecting my admin pages instead of sessions?

**StarLion** · Sep 13, 2011 08:11

Not really... but i dont see why what you have isnt working :/

**r2d2** · Sep 13, 2011 08:25

Try setting adminID to something more basic, eg:

$_SESSION['AdminID']="1234";

Also, try commenting out the header calls in the login script, and echo some info, so you can see what is going on, i.e. $count and $adminid.

**AdWarm** · Sep 13, 2011 08:47

PHP Code:


echo $_SESSION['AdminID'];

on the login page outputs the value 1 which is correct. So why when i go to admin.php is the session gone?

**AdWarm** · Sep 13, 2011 09:30

Well this is weird, I'd like to say a big thanks to Dave Alongi for fixing my issue. The problem was on the location it needed to have www. in it.

Not sure why but its done the trick

Thanks for the help guys again!

**StarLion** · Sep 13, 2011 11:43

Because the domain of the session didnt match. Yet another reason I dont use header(Location) ! ;P

**muratbastas** · Sep 15, 2011 00:03

I think the names of variables change. Hopefully this problem is solved.

User Tag List

Thread: PHP - Sessions - Works & Doesnt Other Days

Thread Tools

Display

PHP - Sessions - Works & Doesnt Other Days

Bookmarks

Bookmarks

Posting Permissions