Solved

session problem

Posted on 2008-09-29
4
207 Views
Last Modified: 2008-10-04
hi im having trouble with a simple if statement that uses a session

please see code snippets

Problem code:
so currently i am logged in as a userLevel User and the settings link is being displayed i echoed the session and its displaying Admin
even though i can garuntee the user currently logged has user level User

my login code and logout code are attached

ive logged out and echoed the userlevel session on a logged out page and nothing comes up so it seems the sessions have been dropped but when i log back in again its still Admin
#####Problem Code######

<?php 

    if ($_SESSION["UserLevel"] == "Admin") {

    echo '<li><a href="/admin/settings/default.php">Settings</a></li>'."\n";

	}

	echo $_SESSION["UserLevel"];

?>

#####Login Code#####

<?php include($_SERVER['DOCUMENT_ROOT'] . '/includes/connection.php');

session_start();
 

$strUserName = str_replace( "'", "''",$_POST["txtUserName"]); 

$OnlineUserIp = $_SERVER["REMOTE_ADDR"];

 

$result = mysql_query("SELECT * FROM tblAdmin WHERE UserName='$strUserName'") or die(mysql_error());

$row = mysql_fetch_array($result);
 

if (md5 ($_POST["txtPassword"]) == $row["UserPassword"]) {

	$_SESSION["UserAccess"] = 	True;

	$_SESSION["UserID"] 	= 	$row["UserID"];

	$_SESSION["UserLevel"] 	= 	$row["UserLevel"];

	$_SESSION["UserName"] 	= 	$row["UserName"];
 

	header("Location: /admin/admin.php");

}

else {

$_SESSION["UserAccess"] = "0";

header("Location: /admin/default.php?action=invalid");

}

mysql_close($con);

?>

#####Logout Code#####

<?php

session_start();
 

$_SESSION = array();

if (isset($_COOKIE[session_name()])) {

    setcookie(session_name(), '', time()-42000, '/');

}

session_destroy();

mysql_close($con);

header("Location: /admin/default.php");

?>

Open in new window

0
Comment
Question by:awilderbeast
  • 2
  • 2
4 Comments
 
LVL 17

Expert Comment

by:nanharbison
Comment Utility
First of all, in lines 9 and 10, you should never have code above the session_start(), you have an include statement above it, which you should move.

After line 18, what does it say if you echo $row["UserLevel"] ?
0
 
LVL 1

Author Comment

by:awilderbeast
Comment Utility
ok swapped those lines around, thanks for that

i used the below on the login, commented out the ridrection and echoed the user leve
it came up with "User"

but in the problem code it comes up Admin

i dont know how but i think its clinging to when i was looged in as UserLevel "Admin"

if (md5 ($_POST["txtPassword"]) == $row["UserPassword"]) {

	$_SESSION["UserAccess"] = 	True;

	$_SESSION["UserID"] 	= 	$row["UserID"];

	$_SESSION["UserLevel"] 	= 	$row["UserLevel"];

	$_SESSION["UserName"] 	= 	$row["UserName"];
 

	echo $_SESSION["UserLevel"];
 

	//header("Location: /admin/admin.php");

}

Open in new window

0
 
LVL 1

Accepted Solution

by:
awilderbeast earned 0 total points
Comment Utility
figured it out, it was my header, i was using the same header for a logged in member of staff for a member that hasnt been logged in yet, so even though i was logged out, the header still was for a logged in memeber and it still had the session data in it
0
 
LVL 17

Expert Comment

by:nanharbison
Comment Utility
great!
I also think you don't have to declare the session as an array:
$_SESSION = array();

The session variable are "built in" to PHP.
0

Featured Post

Easy Project Management (No User Manual Required)

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Wordpress Query 1 29
lastpass auto fill login form 5 20
php documentation 4 19
Help cleaning out CSS 2 17
Introduction HTML checkboxes provide the perfect way for a web developer to receive client input when the client's options might be none, one or many.  But the PHP code for processing the checkboxes can be confusing at first.  What if a checkbox is…
Author Note: Since this E-E article was originally written, years ago, formal testing has come into common use in the world of PHP.  PHPUnit (http://en.wikipedia.org/wiki/PHPUnit) and similar technologies have enjoyed wide adoption, making it possib…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now