Solved

session problem

Posted on 2008-09-29
4
213 Views
Last Modified: 2008-10-04
hi im having trouble with a simple if statement that uses a session

please see code snippets

Problem code:
so currently i am logged in as a userLevel User and the settings link is being displayed i echoed the session and its displaying Admin
even though i can garuntee the user currently logged has user level User

my login code and logout code are attached

ive logged out and echoed the userlevel session on a logged out page and nothing comes up so it seems the sessions have been dropped but when i log back in again its still Admin
#####Problem Code######
<?php 
    if ($_SESSION["UserLevel"] == "Admin") {
    echo '<li><a href="/admin/settings/default.php">Settings</a></li>'."\n";
	}
	echo $_SESSION["UserLevel"];
?>
#####Login Code#####
<?php include($_SERVER['DOCUMENT_ROOT'] . '/includes/connection.php');
session_start();
 
$strUserName = str_replace( "'", "''",$_POST["txtUserName"]); 
$OnlineUserIp = $_SERVER["REMOTE_ADDR"];
 
$result = mysql_query("SELECT * FROM tblAdmin WHERE UserName='$strUserName'") or die(mysql_error());
$row = mysql_fetch_array($result);
 
if (md5 ($_POST["txtPassword"]) == $row["UserPassword"]) {
	$_SESSION["UserAccess"] = 	True;
	$_SESSION["UserID"] 	= 	$row["UserID"];
	$_SESSION["UserLevel"] 	= 	$row["UserLevel"];
	$_SESSION["UserName"] 	= 	$row["UserName"];
 
	header("Location: /admin/admin.php");
}
else {
$_SESSION["UserAccess"] = "0";
header("Location: /admin/default.php?action=invalid");
}
mysql_close($con);
?>
#####Logout Code#####
<?php
session_start();
 
$_SESSION = array();
if (isset($_COOKIE[session_name()])) {
    setcookie(session_name(), '', time()-42000, '/');
}
session_destroy();
mysql_close($con);
header("Location: /admin/default.php");
?>

Open in new window

0
Comment
Question by:awilderbeast
  • 2
  • 2
4 Comments
 
LVL 17

Expert Comment

by:nanharbison
ID: 22595187
First of all, in lines 9 and 10, you should never have code above the session_start(), you have an include statement above it, which you should move.

After line 18, what does it say if you echo $row["UserLevel"] ?
0
 
LVL 1

Author Comment

by:awilderbeast
ID: 22595202
ok swapped those lines around, thanks for that

i used the below on the login, commented out the ridrection and echoed the user leve
it came up with "User"

but in the problem code it comes up Admin

i dont know how but i think its clinging to when i was looged in as UserLevel "Admin"

if (md5 ($_POST["txtPassword"]) == $row["UserPassword"]) {
	$_SESSION["UserAccess"] = 	True;
	$_SESSION["UserID"] 	= 	$row["UserID"];
	$_SESSION["UserLevel"] 	= 	$row["UserLevel"];
	$_SESSION["UserName"] 	= 	$row["UserName"];
 
	echo $_SESSION["UserLevel"];
 
	//header("Location: /admin/admin.php");
}

Open in new window

0
 
LVL 1

Accepted Solution

by:
awilderbeast earned 0 total points
ID: 22595225
figured it out, it was my header, i was using the same header for a logged in member of staff for a member that hasnt been logged in yet, so even though i was logged out, the header still was for a logged in memeber and it still had the session data in it
0
 
LVL 17

Expert Comment

by:nanharbison
ID: 22595238
great!
I also think you don't have to declare the session as an array:
$_SESSION = array();

The session variable are "built in" to PHP.
0

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Things That Drive Us Nuts Have you noticed the use of the reCaptcha feature at EE and other web sites?  It wants you to read and retype something that looks like this.Insanity!  It's not EE's fault - that's just the way reCaptcha works.  But it is …
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question