Solved

session problem

Posted on 2008-09-29
4
214 Views
Last Modified: 2008-10-04
hi im having trouble with a simple if statement that uses a session

please see code snippets

Problem code:
so currently i am logged in as a userLevel User and the settings link is being displayed i echoed the session and its displaying Admin
even though i can garuntee the user currently logged has user level User

my login code and logout code are attached

ive logged out and echoed the userlevel session on a logged out page and nothing comes up so it seems the sessions have been dropped but when i log back in again its still Admin
#####Problem Code######
<?php 
    if ($_SESSION["UserLevel"] == "Admin") {
    echo '<li><a href="/admin/settings/default.php">Settings</a></li>'."\n";
	}
	echo $_SESSION["UserLevel"];
?>
#####Login Code#####
<?php include($_SERVER['DOCUMENT_ROOT'] . '/includes/connection.php');
session_start();
 
$strUserName = str_replace( "'", "''",$_POST["txtUserName"]); 
$OnlineUserIp = $_SERVER["REMOTE_ADDR"];
 
$result = mysql_query("SELECT * FROM tblAdmin WHERE UserName='$strUserName'") or die(mysql_error());
$row = mysql_fetch_array($result);
 
if (md5 ($_POST["txtPassword"]) == $row["UserPassword"]) {
	$_SESSION["UserAccess"] = 	True;
	$_SESSION["UserID"] 	= 	$row["UserID"];
	$_SESSION["UserLevel"] 	= 	$row["UserLevel"];
	$_SESSION["UserName"] 	= 	$row["UserName"];
 
	header("Location: /admin/admin.php");
}
else {
$_SESSION["UserAccess"] = "0";
header("Location: /admin/default.php?action=invalid");
}
mysql_close($con);
?>
#####Logout Code#####
<?php
session_start();
 
$_SESSION = array();
if (isset($_COOKIE[session_name()])) {
    setcookie(session_name(), '', time()-42000, '/');
}
session_destroy();
mysql_close($con);
header("Location: /admin/default.php");
?>

Open in new window

0
Comment
Question by:awilderbeast
  • 2
  • 2
4 Comments
 
LVL 17

Expert Comment

by:nanharbison
ID: 22595187
First of all, in lines 9 and 10, you should never have code above the session_start(), you have an include statement above it, which you should move.

After line 18, what does it say if you echo $row["UserLevel"] ?
0
 
LVL 1

Author Comment

by:awilderbeast
ID: 22595202
ok swapped those lines around, thanks for that

i used the below on the login, commented out the ridrection and echoed the user leve
it came up with "User"

but in the problem code it comes up Admin

i dont know how but i think its clinging to when i was looged in as UserLevel "Admin"

if (md5 ($_POST["txtPassword"]) == $row["UserPassword"]) {
	$_SESSION["UserAccess"] = 	True;
	$_SESSION["UserID"] 	= 	$row["UserID"];
	$_SESSION["UserLevel"] 	= 	$row["UserLevel"];
	$_SESSION["UserName"] 	= 	$row["UserName"];
 
	echo $_SESSION["UserLevel"];
 
	//header("Location: /admin/admin.php");
}

Open in new window

0
 
LVL 1

Accepted Solution

by:
awilderbeast earned 0 total points
ID: 22595225
figured it out, it was my header, i was using the same header for a logged in member of staff for a member that hasnt been logged in yet, so even though i was logged out, the header still was for a logged in memeber and it still had the session data in it
0
 
LVL 17

Expert Comment

by:nanharbison
ID: 22595238
great!
I also think you don't have to declare the session as an array:
$_SESSION = array();

The session variable are "built in" to PHP.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Display images from mysql blob type (Not working) 9 39
Add email address from a web page to outlook 2010 contacts ? 8 40
Decrypt string by php 7 46
Ajax and PHP 9 29
Generating table dynamically is the most common issue faced by php developers.... So it seems there is a need of an article that explains the basic concept of generating tables dynamically. It just requires a basic knowledge of html and little maths…
Build an array called $myWeek which will hold the array elements Today, Yesterday and then builds up the rest of the week by the name of the day going back 1 week.   (CODE) (CODE) Then you just need to pass your date to the function. If i…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

792 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question