Solved

session problem

Posted on 2008-09-29
4
218 Views
Last Modified: 2008-10-04
hi im having trouble with a simple if statement that uses a session

please see code snippets

Problem code:
so currently i am logged in as a userLevel User and the settings link is being displayed i echoed the session and its displaying Admin
even though i can garuntee the user currently logged has user level User

my login code and logout code are attached

ive logged out and echoed the userlevel session on a logged out page and nothing comes up so it seems the sessions have been dropped but when i log back in again its still Admin
#####Problem Code######
<?php 
    if ($_SESSION["UserLevel"] == "Admin") {
    echo '<li><a href="/admin/settings/default.php">Settings</a></li>'."\n";
	}
	echo $_SESSION["UserLevel"];
?>
#####Login Code#####
<?php include($_SERVER['DOCUMENT_ROOT'] . '/includes/connection.php');
session_start();
 
$strUserName = str_replace( "'", "''",$_POST["txtUserName"]); 
$OnlineUserIp = $_SERVER["REMOTE_ADDR"];
 
$result = mysql_query("SELECT * FROM tblAdmin WHERE UserName='$strUserName'") or die(mysql_error());
$row = mysql_fetch_array($result);
 
if (md5 ($_POST["txtPassword"]) == $row["UserPassword"]) {
	$_SESSION["UserAccess"] = 	True;
	$_SESSION["UserID"] 	= 	$row["UserID"];
	$_SESSION["UserLevel"] 	= 	$row["UserLevel"];
	$_SESSION["UserName"] 	= 	$row["UserName"];
 
	header("Location: /admin/admin.php");
}
else {
$_SESSION["UserAccess"] = "0";
header("Location: /admin/default.php?action=invalid");
}
mysql_close($con);
?>
#####Logout Code#####
<?php
session_start();
 
$_SESSION = array();
if (isset($_COOKIE[session_name()])) {
    setcookie(session_name(), '', time()-42000, '/');
}
session_destroy();
mysql_close($con);
header("Location: /admin/default.php");
?>

Open in new window

0
Comment
Question by:awilderbeast
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 17

Expert Comment

by:nanharbison
ID: 22595187
First of all, in lines 9 and 10, you should never have code above the session_start(), you have an include statement above it, which you should move.

After line 18, what does it say if you echo $row["UserLevel"] ?
0
 
LVL 1

Author Comment

by:awilderbeast
ID: 22595202
ok swapped those lines around, thanks for that

i used the below on the login, commented out the ridrection and echoed the user leve
it came up with "User"

but in the problem code it comes up Admin

i dont know how but i think its clinging to when i was looged in as UserLevel "Admin"

if (md5 ($_POST["txtPassword"]) == $row["UserPassword"]) {
	$_SESSION["UserAccess"] = 	True;
	$_SESSION["UserID"] 	= 	$row["UserID"];
	$_SESSION["UserLevel"] 	= 	$row["UserLevel"];
	$_SESSION["UserName"] 	= 	$row["UserName"];
 
	echo $_SESSION["UserLevel"];
 
	//header("Location: /admin/admin.php");
}

Open in new window

0
 
LVL 1

Accepted Solution

by:
awilderbeast earned 0 total points
ID: 22595225
figured it out, it was my header, i was using the same header for a logged in member of staff for a member that hasnt been logged in yet, so even though i was logged out, the header still was for a logged in memeber and it still had the session data in it
0
 
LVL 17

Expert Comment

by:nanharbison
ID: 22595238
great!
I also think you don't have to declare the session as an array:
$_SESSION = array();

The session variable are "built in" to PHP.
0

Featured Post

PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Author Note: Since this E-E article was originally written, years ago, formal testing has come into common use in the world of PHP.  PHPUnit (http://en.wikipedia.org/wiki/PHPUnit) and similar technologies have enjoyed wide adoption, making it possib…
Developers of all skill levels should learn to use current best practices when developing websites. However many developers, new and old, fall into the trap of using deprecated features because this is what so many tutorials and books tell them to u…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question