Need Help About $_SESSION

hi guys i need help how can i redirect session to usercp.php and admincp.php
i try all but i got failed any can help me on this

( this my Login code: )

<?php
session_start();
include('info.php');
$UserID = ms_escape_string($_POST['UserID']);
$Pw = ms_escape_string($_POST['Pw']);
$Error=0;

$res=odbc_exec($conn,"SELECT * FROM PS_UserData.dbo.Users_Master U
INNER JOIN PS_GameData.dbo.Chars UM ON UM.UserUID=U.UserUID
WHERE um.UserID COLLATE DATABASE_DEFAULT = '{$UserID}' 
AND  u.Pw COLLATE DATABASE_DEFAULT = '{$Pw}'");



$row=odbc_num_rows($res);
if ($row == 0) {
	$Error++;}
if ($Error != 0){die ('You cannot login without one character');}
else{
$_SESSION['UserID']=$UserID;
$_SESSION['user']=true;
$_SESSION['session_id']=createSession($UserID);
header('Location: usercp.php');
}else{
$_SESSION['UserID']=$UserID;
$_SESSION['admin']=true;
$_SESSION['session_id']=createSession($UserID);
header('Location: admincp.php');
}

?>

( this is my Info.php code )

<?php
//Custom functions
function ms_escape_string($data) {
        if ( !isset($data) or empty($data) ) return '';
        if ( is_numeric($data) ) return $data;

        $non_displayables = array(
            '/%0[0-8bcef]/',            // url encoded 00-08, 11, 12, 14, 15
            '/%1[0-9a-f]/',             // url encoded 16-31
            '/[\x00-\x08]/',            // 00-08
            '/\x0b/',                   // 11
            '/\x0c/',                   // 12
            '/[\x0e-\x1f]/'             // 14-31
        );
        foreach ( $non_displayables as $regex )
            $data = preg_replace( $regex, '', $data );
        $data = str_replace("'", "''", $data );
        return $data;
    }
	
function unsetSession ($SessionVariable) {
   unset($GLOBALS['_SESSION'][$SessionVariable]);
}

function createSession ($UserID){
	$md5 = md5($_SERVER['REMOTE_ADDR'].$UserID.$_SERVER['HTTP_USER_AGENT']);
	return $md5;
}

function checkSession ($Session,$UserID){
	$md5 = md5($_SERVER['REMOTE_ADDR'].$UserID.$_SERVER['HTTP_USER_AGENT']);
	if($Session != $md5){
	unsetSession('UserID');
	unsetSession('session_id');
	exit(header("location:index.php"));
	}else
	{
	return true;
	}
}

function checkEmail ($email) {
  if (!ereg("^[^@]{1,64}@[^@]{1,255}$", $email)) {
    return false;
  }
  $email_array = explode("@", $email);
  $local_array = explode(".", $email_array[0]);
  for ($i = 0; $i < sizeof($local_array); $i++) {
    if
(!ereg("^(([A-Za-z0-9!#$%&'*+/=?^_`{|}~-][A-Za-z0-9!#$%&
?'*+/=?^_`{|}~\.-]{0,63})|(\"[^(\\|\")]{0,62}\"))$",
$local_array[$i])) {
      return false;
    }
  }
  if (!ereg("^\[?[0-9\.]+\]?$", $email_array[1])) {
    $domain_array = explode(".", $email_array[1]);
    if (sizeof($domain_array) < 2) {
        return false; 
    }
    for ($i = 0; $i < sizeof($domain_array); $i++) {
      if
(!ereg("^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|
?([A-Za-z0-9]+))$",
$domain_array[$i])) {
        return false;
      }
    }
  }
  return true;
}

function checkUser ($Char,$User,$conn) {
	$Check = odbc_exec($conn,"SELECT UserID FROM PS_GameData.dbo.Chars WHERE CharID='".$Char."'");
	$User2 = odbc_result($Check,'UserID');
	if(odbc_num_rows($Check) != 1){return false;}
	if($User != $User2){return false;}
	return true;
}
?>

( In my usercp,php code session )

<?php

error_reporting(E_ALL);
//Setting informaton
include('info.php');
session_start();
if (!isset($_SESSION['session_id'])){header("location:index.php");}
checkSession($_SESSION['session_id'],$_SESSION['UserID']);

?>

( In my admincp,php code session )

<?php

error_reporting(E_ALL);
//Setting informaton
include('info.php');
session_start();
if (!isset($_SESSION['session_id'])){header("location:index.php");}
checkSession($_SESSION['session_id'],$_SESSION['UserID']);

?>

What does happen - is there an error?

Have you tried simplifying the code to the absolute basics and see what happens?

this code ok and worked the problem i cannot use else to redirect $_SESSION to Admincp,php

if i remove this code[quote=“wc_arnel, post:1, topic:291630”]
else{
$_SESSION[‘UserID’]=$UserID;
$_SESSION[‘admin’]=true;
$_SESSION[‘session_id’]=createSession($UserID);
header(‘Location: admincp.php’);
}
[/quote]

in this login.php its working but only in usercp.php then if i add this code with else its not working [quote=“wc_arnel, post:1, topic:291630”]
$row=odbc_num_rows($res);
if ($row == 0) {
$Error++;}
if ($Error != 0){die (‘You cannot login without one character’);}
else{
$_SESSION[‘UserID’]=$UserID;
$_SESSION[‘user’]=true;
$_SESSION[‘session_id’]=createSession($UserID);
header(‘Location: usercp.php’);
}else{
$_SESSION[‘UserID’]=$UserID;
$_SESSION[‘admin’]=true;
$_SESSION[‘session_id’]=createSession($UserID);
header(‘Location: admincp.php’);
}
[/quote]

Shouldn’t that be $_SESSION['sessionid']?

Just having a look at your code, if the field Pw is the user password, it would appear that you’re storing user passwords in plain text form. The storage of user passwords in plain text form is a huge security risk, if a hacker were to get the contents of the users table they could log-in as any user, so could potentially log-in as an admin and do things like ban all users, delete all users and would be able to do anything that an admin could do. Passwords should always be stored in hashed form, PHP has built in functions for dealing with hashing of passwords (what version of PHP are you running?)

Also avoid using SELECT * in a query, always specify just the fields that you want. If say a script that uses the dataset returned by the database expects say the 10th field to be a users email and one of the fields before gets deleted, the script might fall over or you might have unexpected affects.

Also the server-side language (in your case PHP) and the database might not be on the same physical server. Using a slightly extreme example if your table has say 25 fields and you need say just 5 fields, if you use the SELECT * then you’ve got 20 fields that are being returned each time the query is run even though they won’t be used. If there’s for example 50,000 records in that table, that’s a lot of unnecessary data transfer

yeah i got it what you pointing for i already md5 + salt in my database while u register its will auto hasting the password.

also my problem is my session its not working. that the only the problm on this script if i make else its cannot pass to Admincp.php

i use PHP 5.5

this the code:

<?php
session_start();
include('info.php');
$UserID = ms_escape_string($_POST['UserID']);
$Pw = ms_escape_string($_POST['Pw']);
$Error=0;

$res=odbc_exec($conn,"SELECT * FROM PS_UserData.dbo.Users_Master U
INNER JOIN PS_GameData.dbo.Chars UM ON UM.UserUID=U.UserUID
WHERE um.UserID COLLATE DATABASE_DEFAULT = '{$UserID}' 
AND  u.Pw COLLATE DATABASE_DEFAULT = '{$Pw}'");



$row=odbc_num_rows($res);
if ($row == 0) {
	$Error++;}
if ($Error != 0){die ('You cannot login without one character');}
else{
$_SESSION['UserID']=$UserID;
$_SESSION['session_id']=createSession($UserID);
header('Location: usercp.php');
}else{
$_SESSION['UserID']=$UserID;
$_SESSION['session_id']=createSession($UserID);
header('Location: Admincp.php');

}
?>

You have two else clauses for the same if:

if ($Error != 0)
  {die ('You cannot login without one character');}
else{
  $_SESSION['UserID']=$UserID;
  $_SESSION['session_id']=createSession($UserID);
  header('Location: usercp.php');
  }
else {
  $_SESSION['UserID']=$UserID;
  $_SESSION['session_id']=createSession($UserID);
  header('Location: Admincp.php');
}

On the face of it, I’d have expected a parse error. But what makes the choice between redirecting to usercp or Admincp?

Usercp.php if for user and Admincp.php for admin

i try also in database have status 0 for user and admin 14 but get also error i think this error come from on my session statement i will try again i will make another session. also i try else if or elseif its not worked also

i will try switch statement i will decoding now and try again

What I meant was, what in your code decides which redirect you want to do? There doesn’t seem to be anything there.

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.