SESSION PROBLEM: variables not recognised on first logon but are on second logon

FiremanSam

I'm writing an application which has different levels of user access for each module contained within it. This access level is held within a session variable.

How it works:
Logon form passes username and password to authenticate.php which checks the database. (See Code below)

<< ### CODE: authenticate.php ###>>
<?php
require_once("database_connection.php");

// SEE IF USER EXISTS IN DATABASE
$q_ValidUser = "SELECT * FROM useraccounts WHERE username='".$POST['username']."' AND password='".$POST['password']."'";
$r_ValidUser = mssql_query($q_ValidUser);
if(mssql_num_rows($r_ValidUser) == 1)
{
// GET ALL NECCESSARY INFORMATION FROM DATABASE RECORD INTO SESSION PROFILE
$d_ValidUser = mssql_fetch_array($r_ValidUser);
$profile_id = trim($d_ValidUser['profile_id']);
$profile_name = trim($d_ValidUser['profile_name']);
$firstname = trim($d_ValidUser['firstname']);
$lastname = trim($d_ValidUser['lastname']);
$app_1 = trim($d_ValidUser['app_1']);
$app_2 = trim($d_ValidUser['app_2']);
$app_3 = trim($d_ValidUser['app_3']);

// REGISTER VARIABLES WITH SESSION
session_start();
$_SESSION['profile_id'] = $profile_id;
$_SESSION['profile_name'] = $profile_name;
$_SESSION['firstname'] = $firstname;
$_SESSION['lastname'] = $lastname;
$_SESSION['app_1'] = $app_1;
$_SESSION['app_2] = $app_2;
$_SESSION['app_3'] = $app_3;


?>
<meta http-equiv="refresh" content="0; url=applications/index.php">
<?php
exit;

}
else
{
$message = base64_encode("Sorry couldnt find your details in the database");
Header("Location: index.php?page=default&message=$message");
}
?>
<< ### END OF authenticate.php ### >>

This works fine. Now the user is looking at their homepage. This displays a drop down list of available applications. On selecting the application from the drop down menu, it redirects the user (using.window.location.href="applications/app1/index.php").

On the index.php page for each of the modules, there is a session script which checks their user level and makes sure they have access to the module.

<< ### CODE FOR application check ### >>
<?php
session_start();
/
echo "VALUES ARE:";
while(list($key,$value) = each($SESSION))
echo "<BR>$key=$value";
exit;
/
if(isset($SESSION))
{
if($SESSION["profile_id"] == "")
{
$message = base64_encode("You must sign in to view these pages. Authorised access only!");
?>
<meta http-equiv="refresh" content="0;url=../index.php?message=<?php echo $message;?>">
<?
}
else
{
// check access level
if($SESSION["$authorise"] == "")
{
$message = base64_encode("You do not have the privileges to access this application");
?>
<meta http-equiv="refresh" content="0;url=../index.php?message=<?php echo $message;?>">
<?php
exit;
}
}
}
else
{
$message = base64_encode("You must sign in to view these pages. Authorised access only!"); ?>
<meta http-equiv="refresh" content="0;url=../index.php?message=<?php echo $message;?>"><?
}
?>
<< END OF CODE >>

When I first try to access the module IN FULL SCREEN MODE it doesnt work and fires me out of the application saying "You must sign in to view these pages. Authorised access only!" and doesnt echo out any session variables. If I log into the application again and choose the module from the drop-down list it lets me in now problem and will echo out all the session variables set in authenticate.php

One of the requirements of the application is to run in full-screen mode. I tried it in a normal browser window and it works fine, just not within a full-screen window.

I am using PHP version 4.3.7 and IE 6 and MSSQL. If you need any further info, please ask and ANY help/advice much appreciated as I'm running out of ideas to try.

Thanks

chads2k2

Hey man what's up?

Here is what I have found so far:

$_SESSION['app_2] = $app_2;

should be:
$_SESSION['app_2'] = $app_2;

=========================
I found a lot of other problems. Try this code out for size and see if it works for you. There are tons of ways to do this. None work in all cases and none are "perfect". Also if you are in the states we spell Authroise as Authorize. Just FYI. Check this code out and see if it rolls for you.

<?php
session_start();
// ASSUME YOUR SESSION VARIABLES ARE SET.

if((isset($_SESSION['profile_id'])) || (isset($_SESSION['$authorise'])))
{
   echo "This is another way of doing session checking.<br>";
   if((strlen(trim($_SESSION['app_1'])) > 0)
   {
     if($_SESSION['$authorise'] > 1)
     {
        echo "This assumes that you are passing $authorise right and it is been set, and your checking to see if they have access.  If they do then $accessapp1 = 1";
        $accessapp1 = 1;
     }
   }
   // Loop from here to do all your apps you want to check.
}else{
   echo "You must sign in to view these pages. Authorised access only!";
   exit();
}
?>

Have a good day and keep coding, your doing good. Just need some different logic and experience. That is what this great board is all about. Learning, heck I do everyday from the great people on this board!

Chad R. Smith

FiremanSam

Hi Thanks.

Will give it a go. I'd be interested to hear about the 'other problems' too if you have time - advice much appreciated - I'm a self-taught php developer (for the past 3 years) so any technical tips greatly received.

Cheers