Seeing If Session Exists - Not Working

Hi Guys,

For added security iv coded all my pages so that they can not be access unless there is a session created (successful login). Below is the code i am using when checks to see if the login details the user entered are correct.

if($count==1){
	session_start();
	// store session data
	$_SESSION['AdminID']=$adminid;
	//echo $_SESSION['AdminID'];
	header( 'Location: http://xxxxxxxxxxx/admin.php' ) ;
}
else {
header( 'Location: http:/xxxxxxxxxx/index.php?s=failed' ) ;
}

As you can see if MySQL returns 1 record then it will create the session called AdminID and give it the value of $adminid. Now iv done checks by echoing the value of the session to make sure a value is added and it exists and it works fine. Now the problem i have is when it takes me to admin.php as i have the following code:

session_start();
if (isset($_SESSION["AdminID"])) { 
//THEN

example code here

}
else{
//NO LOGIN - SEND TO LOGIN
header('Location: http://xxxxxxxxxxxxx/index.php'); 
}

But it keeps taking me back to index.php where i need to login again. Which means that the code is saying that the session does not exist but it does. Can anyone help me please?

Thank a lot guys!

If putting session_start() at the top of the page hasn’t fixed the problem then there is a problem somewhere else in your code that you haven’t posted.

And if the echo only outputs

$_SESSION["AdminID"] =

then there is no point saying

Which means that the code is saying that the session does not exist but it does
because it doesn’t.

I can’t see your updated code, so there isn’t much more I can do.

admin.php

<?
session_start();
echo '$_SESSION["AdminID"] = '.$_SESSION["AdminID"];
die();
if (isset($_SESSION["AdminID"])) { 
//THEN
	$adminid=$_SESSION['AdminID'];
	// Quote variable to make safe  
	function quote_smart($value)  
	{  
	   // Stripslashes  
	   if (get_magic_quotes_gpc()) {  
		   $value = stripslashes($value);  
	   }  
	   // Quote if not a number or a numeric string  
	   if (!is_numeric($value)) {  
		   $value = "'" . mysql_real_escape_string($value) . "'";  
	   }  
	   return $value;  
	} // end make safe
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
<link rel="stylesheet" type="text/css" href="anylinkcssmenu.css" />

<script type="text/javascript" src="anylinkcssmenu.js">

/***********************************************
* AnyLink CSS Menu script v2.0- © Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Project Page at http://www.dynamicdrive.com/dynamicindex1/anylinkcss.htm for full source code
***********************************************/

</script>

<script type="text/javascript">

//anylinkcssmenu.init("menu_anchors_class") ////Pass in the CSS class of anchor links (that contain a sub menu)
anylinkcssmenu.init("anchorclass")
</script>
<style type="text/css">
body {
	background-color: #28709a;
}
.tableheadertext {
	color: #FFF;
	text-align: right;
}
.menutext {
	font-weight: bold;
	text-align: center;
}
.menutext td {
	color: #FFF;
	font-family: "Trebuchet MS", Arial, Helvetica, sans-serif;
}
.campaignheader {
	color: #FFF;
	text-align: center;
}
.campaignheader td {
}
.activetxt {
	text-align: left;
	font-weight: bold;
	font-size: 24px;
	color: #FFF;
}
.campaignheader td {
	color: #000;
}
.moreurl {
	color: #000;
}
.accountfield {
	font-weight: bold;
	color: #FFF;
	text-align: right;
}
a:link {
	color: #FFF;
}
a:visited {
	color: #FFF;
}
a:hover {
	color: #F90;
}
a:active {
	color: #FFF;
}
</style>
</head>

<body>
<?php include("header.htm"); ?>




</body>
</html>
<?
}
else{
//NO LOGIN - SEND TO LOGIN
header('Location: xxxxxxxxxxxxxxxx/index.php'); 
}

?>

Attached are images for more information.

Both files are on the same server
Both files are in the same directory

Alright, lets check off a few things.

1. login.php is located in the same directory as admin.php, or admin.php is in a directory below login.php
2. the two files are on the same server.

Sanity check it.

In login, let’s try this.

while($row = mysql_fetch_array($result))
  {
  //echo $row['Pixel'];
  $adminid=$row['AdminID'];
  }

if($count==1){
    
    // store session data
    $_SESSION['AdminID']=$adminid;
    //echo $_SESSION['AdminID'];
    
    header( 'Location: xxxxxxxxxxxxxxx/admin.php' ) ;
}

=>

if(mysql_num_rows($result) == 1)
  {
  $row = mysql_fetch_assoc($result);

// store session data
    $_SESSION['AdminID']=$row['AdminID'];
    echo $_SESSION['AdminID'];
    
   // header( 'Location: xxxxxxxxxxxxxxx/admin.php' ) ; 
}

Note: I’ve disabled the redirection so that we can see that the value is being set. I’ve never been one for using the Header to bounce people around, personally.

Hi StarLion,

That works and so does my code as i said another post on here as when i echo the session the output is 1 which is correct. Its when it redirects to the admin.php that causes the problem and i dont know why

Thanks

You haven’t posted your updated code to the suggestion I made in post #5 so there is nothing more I can do.

Good luck

login

<?
session_start();
// Quote variable to make safe  
function quote_smart($value)  
{  
   // Stripslashes  
   if (get_magic_quotes_gpc()) {  
       $value = stripslashes($value);  
   }  
   // Quote if not a number or a numeric string  
   if (!is_numeric($value)) {  
       $value = "'" . mysql_real_escape_string($value) . "'";  
   }  
   return $value;  
} // end make safe


/*Retrive Database Connection Login*/
require("./databaseconnection.php");


$email=$_POST['Email'];
$adminpassword=$_POST['Password'];

mysql_connect(localhost,$username,$password);

@mysql_select_db($database) or die( "Oops theres an error, our highly trained monkeys have been notified.");


$query = sprintf("SELECT * FROM admins WHERE Email=%s and Password=%s",
			quote_smart($email),
			quote_smart($adminpassword));

//echo $query;
mysql_query($query);
$result = mysql_query($query);
$count=mysql_num_rows($result);
mysql_close();

while($row = mysql_fetch_array($result))
  {
  //echo $row['Pixel'];
  $adminid=$row['AdminID'];
  }

if($count==1){
	
	// store session data
	$_SESSION['AdminID']=$adminid;
	//echo $_SESSION['AdminID'];
	
	header( 'Location: xxxxxxxxxxxxxxx/admin.php' ) ;
}
else {
header( 'Location: xxxxxxxxxxxxxxxxx/index.php?s=failed' ) ;
}

?>

Please see my reply above yours, All the code is in login.php and if i place your code under where the session is created then it outputs the session fine. I’ve tried placing the session start right at the top of the page but same thing happens

Any help would be great.

Thanks

Hi,

Just to add sorry i do have session_start(); at the top of admin.php

$_SESSION[“AdminID”] =

Thats all its outputting

Thanks for the help so far.

If i add your code on the login.php then i get this output.

$_SESSION[“AdminID”] = 1

Which is what should be happening on admin.php but its not

if($count==1){ 
    session_start();

session_start() should really be at the very top of your php page before any output.

Which means that the code is saying that the session does not exist but it does
In admin.php insert this echo statement to see if the session variable really exists:

session_start(); 

echo '$_SESSION["AdminID"] = '.$_SESSION["AdminID"];
die();


if (isset($_SESSION["AdminID"])) {  
//THEN 

example code here 

} 
else{ 
//NO LOGIN - SEND TO LOGIN 
header('Location: http://xxxxxxxxxxxxx/index.php');  
}

Just to add sorry i do have session_start(); at the top of admin.php
No, I meant session_start() should be at the top of the page where this code is in:

if($count==1){ 
    session_start();

The echo is outputting nothing in admin.php because the session variable doesn’t exist and I suspect it doesn’t exist because the session in

if($count==1){ 
     session_start();

hasn’t been created because the session_start() failed because it is not at the top of the page where it normally should be.

If any output has occured (including blank lines) before session_start() is called, session_start() will fail.