sessions

tuf-web_co_uk

hi, i have a sessions script for admin controls on my website

such as

<?
session_start()

$isAuth = false; //set to false originally

while($row = mysql_fetch_array($result))
{
    if($row['username'] == $username) // if true set $isAuth to true, if not it will stay false
    {
        $isAuth = true;
    }  
}  

if($isAuth)
{
$_SESSION['logged'] = true;

?>

when my admins log in and then do something like post a message, then return to the admin/index.php they have to log in again!

can somebody please help me, and tell me how to stop this

Thanks in advance

Jon

OhLordy

Are you using the sessions on every page?

NoFear

Originally posted by tuf-web.co.uk
hi, i have a sessions script for admin controls on my website

such as
<?
session_start()

$isAuth = false; //set to false originally

while($row = mysql_fetch_array($result))
{
    if($row['username'] == $username) // if true set $isAuth to true, if not it will stay false
    {
        $isAuth = true;
    }  
}  

if($isAuth)
{
$_SESSION['logged'] = true;

?>
when my admins log in and then do something like post a message, then return to the admin/index.php they have to log in again!

can somebody please help me, and tell me how to stop this

Thanks in advance

Jon [/B]

Hmm... let's see. First off, make sure you're using "session_start()" on every page.

Then, make a function to check if the user is confirmed.

function check_confirmed_user(){
     global $username;
     if(!session_is_registered($username)){
          echo "You Need to Log in";
          exit;
     }
}

call this function on every page.

When a user logs in, do like you're doing now, except make sure you register the session variable.

 session_register('username');

Weedpacket

Better yet, forget session_register() and session_is_registered() and have the function read

function check_confirmed_user(){
     if(!isset($_SESSION['username']){
          echo "You Need to Log in";
          exit;
     }
}

suntra

Originally posted by NoFear
When a user logs in, do like you're doing now, except make sure you register the session variable.
 session_register('username');
[/B]

That's a big mistake. PHP tells us NOT to mix $SESSION and session_register(). I alerady had trouble with that. If you use $SESSION["variable_name"] it will automatically be registered...

tuf-web_co_uk

ok, right this is all confusing, 3 different peeps telling me different things.

lets kinda start at the begining taking into account what you's have already advised.

i have these pages used for my admin (and some more which are the same) (so u can see my code and direct me better)

in order of use

http://www.theutherfish.com/admin/show/login.txt
http://www.theutherfish.com/admin/show/index.txt
http://www.theutherfish.com/admin/show/newmessage.txt
http://www.theutherfish.com/admin/show/submit.txt
http://www.theutherfish.com/admin/show/logout.txt

if i instead went to index.php again so that i could do something else like my first message said, then instead of having to log in again i didnt have to

thanks for the help again people!! 😉

suntra

Do you know if $submit is set ? I would tell you to use $_REQUEST["variable_name"] instead of $variable_name when it comes from a form or from the URL...

stolzyboy

or $_POST['variablename']

suntra

Yes... but $REQUEST contains $GET, $POST, $COOKIE and $_FILE... so it simplifies you life !

stolzyboy

yes....but then you are ensured and can keep straight where you are receiving your vars from and then simplifies your live

tuf-web_co_uk

where would i put $_REQUEST in my code?!

stolzyboy

if you don't have the problem worked out yet, i wouldn't worry about the $POST[''] or $REQUEST[''], as that is most likely not the problem, cuz you more than likely have register_globals on for any of that to work at all, it is just better to use them for securities sake, anyway get your problem sorted out, then you can convert your $vars to $POST or $GET vars