Solved

session problem

Posted on 2008-09-29
4
215 Views
Last Modified: 2008-10-04
hi im having trouble with a simple if statement that uses a session

please see code snippets

Problem code:
so currently i am logged in as a userLevel User and the settings link is being displayed i echoed the session and its displaying Admin
even though i can garuntee the user currently logged has user level User

my login code and logout code are attached

ive logged out and echoed the userlevel session on a logged out page and nothing comes up so it seems the sessions have been dropped but when i log back in again its still Admin
#####Problem Code######
<?php 
    if ($_SESSION["UserLevel"] == "Admin") {
    echo '<li><a href="/admin/settings/default.php">Settings</a></li>'."\n";
	}
	echo $_SESSION["UserLevel"];
?>
#####Login Code#####
<?php include($_SERVER['DOCUMENT_ROOT'] . '/includes/connection.php');
session_start();
 
$strUserName = str_replace( "'", "''",$_POST["txtUserName"]); 
$OnlineUserIp = $_SERVER["REMOTE_ADDR"];
 
$result = mysql_query("SELECT * FROM tblAdmin WHERE UserName='$strUserName'") or die(mysql_error());
$row = mysql_fetch_array($result);
 
if (md5 ($_POST["txtPassword"]) == $row["UserPassword"]) {
	$_SESSION["UserAccess"] = 	True;
	$_SESSION["UserID"] 	= 	$row["UserID"];
	$_SESSION["UserLevel"] 	= 	$row["UserLevel"];
	$_SESSION["UserName"] 	= 	$row["UserName"];
 
	header("Location: /admin/admin.php");
}
else {
$_SESSION["UserAccess"] = "0";
header("Location: /admin/default.php?action=invalid");
}
mysql_close($con);
?>
#####Logout Code#####
<?php
session_start();
 
$_SESSION = array();
if (isset($_COOKIE[session_name()])) {
    setcookie(session_name(), '', time()-42000, '/');
}
session_destroy();
mysql_close($con);
header("Location: /admin/default.php");
?>

Open in new window

0
Comment
Question by:awilderbeast
  • 2
  • 2
4 Comments
 
LVL 17

Expert Comment

by:nanharbison
ID: 22595187
First of all, in lines 9 and 10, you should never have code above the session_start(), you have an include statement above it, which you should move.

After line 18, what does it say if you echo $row["UserLevel"] ?
0
 
LVL 1

Author Comment

by:awilderbeast
ID: 22595202
ok swapped those lines around, thanks for that

i used the below on the login, commented out the ridrection and echoed the user leve
it came up with "User"

but in the problem code it comes up Admin

i dont know how but i think its clinging to when i was looged in as UserLevel "Admin"

if (md5 ($_POST["txtPassword"]) == $row["UserPassword"]) {
	$_SESSION["UserAccess"] = 	True;
	$_SESSION["UserID"] 	= 	$row["UserID"];
	$_SESSION["UserLevel"] 	= 	$row["UserLevel"];
	$_SESSION["UserName"] 	= 	$row["UserName"];
 
	echo $_SESSION["UserLevel"];
 
	//header("Location: /admin/admin.php");
}

Open in new window

0
 
LVL 1

Accepted Solution

by:
awilderbeast earned 0 total points
ID: 22595225
figured it out, it was my header, i was using the same header for a logged in member of staff for a member that hasnt been logged in yet, so even though i was logged out, the header still was for a logged in memeber and it still had the session data in it
0
 
LVL 17

Expert Comment

by:nanharbison
ID: 22595238
great!
I also think you don't have to declare the session as an array:
$_SESSION = array();

The session variable are "built in" to PHP.
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Ajax and PHP 4 47
PHP: Filling Out/Creating a PDF 29 94
Date comparison to same 'wednesday' of previous year 3 28
php subtract from date 2 26
Build an array called $myWeek which will hold the array elements Today, Yesterday and then builds up the rest of the week by the name of the day going back 1 week.   (CODE) (CODE) Then you just need to pass your date to the function. If i…
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
The viewer will learn how to count occurrences of each item in an array.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question