Solved

session problem

Posted on 2008-09-29
4
223 Views
Last Modified: 2008-10-04
hi im having trouble with a simple if statement that uses a session

please see code snippets

Problem code:
so currently i am logged in as a userLevel User and the settings link is being displayed i echoed the session and its displaying Admin
even though i can garuntee the user currently logged has user level User

my login code and logout code are attached

ive logged out and echoed the userlevel session on a logged out page and nothing comes up so it seems the sessions have been dropped but when i log back in again its still Admin
#####Problem Code######
<?php 
    if ($_SESSION["UserLevel"] == "Admin") {
    echo '<li><a href="/admin/settings/default.php">Settings</a></li>'."\n";
	}
	echo $_SESSION["UserLevel"];
?>
#####Login Code#####
<?php include($_SERVER['DOCUMENT_ROOT'] . '/includes/connection.php');
session_start();
 
$strUserName = str_replace( "'", "''",$_POST["txtUserName"]); 
$OnlineUserIp = $_SERVER["REMOTE_ADDR"];
 
$result = mysql_query("SELECT * FROM tblAdmin WHERE UserName='$strUserName'") or die(mysql_error());
$row = mysql_fetch_array($result);
 
if (md5 ($_POST["txtPassword"]) == $row["UserPassword"]) {
	$_SESSION["UserAccess"] = 	True;
	$_SESSION["UserID"] 	= 	$row["UserID"];
	$_SESSION["UserLevel"] 	= 	$row["UserLevel"];
	$_SESSION["UserName"] 	= 	$row["UserName"];
 
	header("Location: /admin/admin.php");
}
else {
$_SESSION["UserAccess"] = "0";
header("Location: /admin/default.php?action=invalid");
}
mysql_close($con);
?>
#####Logout Code#####
<?php
session_start();
 
$_SESSION = array();
if (isset($_COOKIE[session_name()])) {
    setcookie(session_name(), '', time()-42000, '/');
}
session_destroy();
mysql_close($con);
header("Location: /admin/default.php");
?>

Open in new window

0
Comment
Question by:awilderbeast
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 17

Expert Comment

by:nanharbison
ID: 22595187
First of all, in lines 9 and 10, you should never have code above the session_start(), you have an include statement above it, which you should move.

After line 18, what does it say if you echo $row["UserLevel"] ?
0
 
LVL 1

Author Comment

by:awilderbeast
ID: 22595202
ok swapped those lines around, thanks for that

i used the below on the login, commented out the ridrection and echoed the user leve
it came up with "User"

but in the problem code it comes up Admin

i dont know how but i think its clinging to when i was looged in as UserLevel "Admin"

if (md5 ($_POST["txtPassword"]) == $row["UserPassword"]) {
	$_SESSION["UserAccess"] = 	True;
	$_SESSION["UserID"] 	= 	$row["UserID"];
	$_SESSION["UserLevel"] 	= 	$row["UserLevel"];
	$_SESSION["UserName"] 	= 	$row["UserName"];
 
	echo $_SESSION["UserLevel"];
 
	//header("Location: /admin/admin.php");
}

Open in new window

0
 
LVL 1

Accepted Solution

by:
awilderbeast earned 0 total points
ID: 22595225
figured it out, it was my header, i was using the same header for a logged in member of staff for a member that hasnt been logged in yet, so even though i was logged out, the header still was for a logged in memeber and it still had the session data in it
0
 
LVL 17

Expert Comment

by:nanharbison
ID: 22595238
great!
I also think you don't have to declare the session as an array:
$_SESSION = array();

The session variable are "built in" to PHP.
0

Featured Post

Creating Instructional Tutorials  

For Any Use & On Any Platform

Contextual Guidance at the moment of need helps your employees/users adopt software o& achieve even the most complex tasks instantly. Boost knowledge retention, software adoption & employee engagement with easy solution.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Popularity Can Be Measured Sometimes we deal with questions of popularity, and we need a way to collect opinions from our clients.  This article shows a simple teaching example of how we might elect a favorite color by letting our clients vote for …
Foreword (July, 2015) Since I first wrote this article, years ago, a great many more people have begun using the internet.  They are coming online from every part of the globe, learning, reading, shopping and spending money at an ever-increasing ra…
The viewer will learn how to count occurrences of each item in an array.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question