[RESOLVED] $_SESSION['user_name']

SoulAssassin

Hi guys

I have a session that holds my user's user_name, user_level, and some other info, and echo it on every page. But I have a problem when my Admin user changes another user's information in a form on my edit user page.
Once the form submits, my $_SESSION['user_name'] gets lost.
I know it's lots of code, but I want you to see my process.
I have left out the html href="stylesheet.css" and all that for easier reading.
Might be an obvious answer to my problem, but why do I loose this session?

<?
session_start();
include "../config.php";

if(isset($_POST['Amend'])) {
  $user_pass = md5($_POST[user_pass]);
 $user_email = $_POST['user_email'];
     $user_tel = $_POST['user_tel'];

if(empty($_POST['user_pass']))
{
$result = mysql_query("Update login_table set user_email='$user_email', user_tel='$user_tel' where userid=".$_POST['userid']);
}
else
{
$result = mysql_query("Update login_table set user_pass='$user_pass', user_email='$user_email', user_tel='$user_tel' where userid=".$_POST['userid']);
}
$msg = "User updated<br>";
$edit = "";
}

if ($order == "") {$order = "userid";}

$result = mysql_query("Select * from login_table WHERE com_usercode='".$_SESSION['com_usercode']."' ORDER BY '$order'",$con);
$num = mysql_num_rows($result);
$n = 0;
?>
  <div id="colTwo"> 
    <ul>
      <li> 
Your Detail
        <ul>
          <li> 
<font size="1">
<? echo "Username<ul><strong><font color=\"#000000\" size=\"2\">".$_SESSION['user_name']."</font></strong></ul>"; ?>
<? echo "Login Level<ul><strong><font color=\"#000000\" size=\"2\">".$_SESSION['level']."</font></strong></ul>"; ?>
<? echo "Company Code<ul><strong><font color=\"#000000\" size=\"2\">".$_SESSION['com_usercode']."</font></strong></ul>"; ?>
<? echo "E-Mail Address<ul><strong><font color=\"#000000\" size=\"2\">".$_SESSION['user_email']."</font></strong></ul>"; ?>
<? echo "Registered Date<ul><strong><font color=\"#000000\" size=\"2\">".$_SESSION['user_date']."</font></strong></ul>"; ?>
<a href="../search.php">Search</a>
 </font>
	</li>
       </ul>
     </li>
   </ul>
</div>

User Information
<table width="100%" border="0">
    <tr> 
      <td width="5%"><a href="users.php?order=userid">ID</a></td>
      <td width="16%"><a href="users.php?order=user_name">User Name</a></td>
      <td width="8%"><a href="users.php?order=user_level">Level</a></td>
      <td width="18%"><a href="users.php?order=user_email">E-Mail</a></td>
      <td width="17%"><a href="users.php?order=user_tel">Tel</a></td>
      <td width="14%"><a href="users.php?order=user_ip">User IP</a></td>
      <td width="22%"><a href="users.php?order=date">Date Registered</a></td>
    </tr>
    <?php while($row = mysql_fetch_array($result, MYSQL_ASSOC)){
$n++;
?>
    <tr> 
      <td width="5%"><?php echo $row['userid'];?></td>
      <td width="16%">
<?php
if($row['userid'] > "1") 
{ 
?>
<a href="users.php?edit=<? echo $row['userid']?>"><? echo $row['user_name']; ?></a>
<? 
} 
else
{
echo $row['user_name'];
}
?>
      </td>
      <td width="8%"><?php echo $row['user_level'];?></td>
      <td width="18%"><?php echo $row['user_email'];?></td>
      <td width="17%"><?php echo $row['user_tel'];?></td>
      <td width="14%"><?php echo $row['user_ip'];?></td>
      <td width="22%"><?php echo $row['date'];?></td>
    </tr>
<?php
}
?>
</table>
<?php 
if ($edit) 
{
$msg = "Edit record below";
if ($edit == "admin") 
{
$msg = "You cannot edit Admin"; 
exit ();
}
$result = mysql_query("Select * from login_table WHERE userid = '$edit'",$con);
$row = mysql_fetch_array($result);
?>
<br />
<br />
<form name="form2" method="post" action="">
 Edit User:
        <table width="101%">
          <tr> 
            <td width="11%">User Name</td>
            <td width="23%">Password</td>
            <td width="22%">E-Mail</td>
            <td width="20%">Tel</td>
          </tr>
          <tr> 
            <td><strong><?php echo $row['user_name'];?></strong></td>
            <td><input type="user_pass" name="user_pass" value=""></td>
            <td><input type="user_email" name="user_email" value="<?php echo $row['user_email']; ?>"></td>
            <td><input type="user_tel" name="user_tel" value="<?php echo $row['user_tel']; ?>"></td>
          </tr>
        </table>
  <input type="hidden" name="userid" value="<?php echo $row['userid'];?>">
  <input type="Submit" name="Amend" value="Update">
</form>
<?php 
}
?>

I've also tried to do this in the beginning:

$adminuser = $_SESSION['user_name'];

Then replacing all $_SESSION['user_name'] with $adminuser.

I couldn't find any thing on Session that gets lost through forms.
Thanks

codered27

I understand that each page that has the session_start() function retains all the information from the time a person logs in. maybe there is a problem with your session_register() function. I will check your code and get back to you soon.

timus

Hey

Are your other $_SESSION variables populated?

Check the script that sets the value for $_SESSION['user_name'] maybe by printing it out just after you've set the value?

You shouldn't need to use session register on the newer versions of PHP as far as I'm aware. $_SESSION['user_name'] = $row['user_name']; should be enough

Hope this helps

Tim

SoulAssassin

I understand your point, but my problem is this.

I have a user that is signed on, and the $SESSION['user_name'] is for him.
Now say this user need to change information for another user, the form somehow overwrites the $SESSION['user_name'], because of the $_POST['user_name'].

I can't have
$user_name = $SESSION['user_name']; // for the admin user
$user_name = $POST['user_name']; //for the user who's profile is getting changed

I've tried this
$admin_user = $SESSION['user_name'];
$user_name = $POST['user_name'];

But it still looses the $_SESSION['user_name'];

timus

Hey

I see what you're saying, but do any of your other $_SESSION vars work? I've seen a few post on here saying to check your session.save_path directory exists in your php.ini file by using phpinfo();

Also you can try a vardump($_SESSION) to see whats being stored

Hope this helps
Tim

SoulAssassin

OK, this is what I came to realize
I've changed the form so only the user_tel, and user_email can be changed.

<?php
session_start();

if(isset($_POST['Amend'])) 
{
$user_email = $_POST['user_email'];
$user_tel = $_POST['user_tel'];

$result = mysql_query("Update login_table set user_email='$user_email', user_tel='$user_tel' where userid=".$_POST['userid']);

if ($result)
{
echo "User Info Updated";
}
else
{
echo "Could Update";
}
}

//Should Print this doesn't matter what
echo "<br>";
echo "Username".$_SESSION['user_name']."";
echo "<br>";
echo "Login Level".$_SESSION['level']."";
echo "<br>";
echo "User Code".$_SESSION['com_usercode']."";
echo "<br>";
echo "E-Mail Address".$_SESSION['user_email']."" //this change to $_POST['user_email'] once $_POST['Amend']
echo "<br>";
echo "Telephone Number".$_SESSION['user_tel'].""; //this change to $_POST['user_tel'] once $_POST['Amend']
echo "<br>";
echo "Registered Date".$_SESSION['user_date']."";
echo "<br>";

$result = mysql_query("Select * from login_table WHERE userid = '1'",$con);
$row = mysql_fetch_array($result);
?>

<form name="edituser" method="post" action="">
Edit User:
<table>
 <tr>
  <td>User Name</td>
  <td>Level</td>
  <td>User Code</td>
  <td>E-Mail</td>
  <td>Tel</td>
 </tr>
 <tr>
  <td><?php echo $row['user_name']; ?></td>
  <td><?php echo $row['level']; ?></td>
  <td><?php echo $row['com_usercode']; ?></td>
  <td>
   <input type="user_email" name="user_email" value="<?php echo $row['user_email']; ?>">
  </td>
  <td>
   <input type="user_tel" name="user_tel" value="<?php echo $row['user_tel']; ?>">
  </td>
 </tr>
</table>
  <input type="hidden" name="userid" value="<?php echo $row['userid'];?>">
  <input type="Submit" name="Amend" value="Update">
</form>

Once the form submits, these don't change, and echo the correct session data.
$SESSION['user_name']
$SESSION['level']
$SESSION['com_usercode']
$SESSION['user_date']
this is because it doesn't POST with the form.

These change to the values posted by the form:
$SESSION['user_email']
$SESSION['user_tel']

basicly gets overwriten by:
$POST['user_email']
$POST['user_tel']

SoulAssassin

Ok, this is working, I obviously had something wrong earlier.

$adminuser = $_SESSION['user_name']; 
$adminlevel = $_SESSION['level'];
$admincom_usercode = $_SESSION['com_usercode'];
$adminuser_date = $_SESSION['user_date'];
$adminuser_email = $_SESSION['user_email'];
$adminuser_tel = $_SESSION['user_tel'];

echo "$adminuser";
echo "<br>";
echo "$adminlevel";
echo "<br>";
echo "$admincom_usercode";
echo "<br>";
echo "$adminuser_date";
echo "<br>";
echo "$adminuser_email";
echo "<br>";
echo "$adminuser_tel ";
?>

Would I loose my Sessions now if I go to another page?

timus

As long as you have session_start() at the top of each page it should be ok.

How are you storing the session_id? I think the default is with a cookie,

echo session_id(); should let you see that the id remains the same

SoulAssassin

echo session_id(); gives me a encoded string:
9bf12e5cffa054d56f3812ad9d86cef0

How do I know how I'm storing the session_id?
I just put
$SESSION['user_name'] = $POST['user_name'];
in my login page.

So you recon that if I have this
$adminuser = $_SESSION['user_name'];
and click on a link, my Session would still be valid if I have
session_start()
at the top of the new page?

timus

I'm pretty sure thats how it works. phpinfo() should tell you how you're storing your sessions

http://uk.php.net/manual/en/function.session-start.php

SoulAssassin

I thought it worked, because $POST didn't immediately replace the $SESSION once form has been submitted.
But as soon as I choose another user to edit, the SESSION change to the previous user's info.
I've debugged a little with print_r($_SESSION); , and it definitely changes when another user is selected.

This is my SESSION setup, does it look right?
I'm still running it locally.

session.save_handler = files
session.save_path = c:/apache/tmp
session.use_cookies = 1
session.name = PHPSESSID
session.auto_start = 0
session.cookie_lifetime = 0
session.cookie_path = /
session.cookie_domain =
session.serialize_handler = php
session.gc_probability = 1
session.gc_maxlifetime = 1440
session.referer_check =
session.entropy_length = 0
session.entropy_file =
session.cache_limiter = nocache
session.cache_expire = 180
session.use_trans_sid = 1

I've been sitting with this problem for 3 days, and it's delaying development.
Can someone please check the process sequence, and maybe suggest another place to define my Sessions, or a different method of storing it?
I'm obviously over complicating it in my own head.

Thanks

timus

Hey

It might be an idea to go back to basics and just check ur session exists between pages.

create 2 simple scripts, the first has

session_start();
$_SESSION['test'] = 'testing 123';

print 'Page 1 - ' . $_SESSION['test'];
print '<br>' . session_id();

have a link here for to page 2.

Page 2 has

session_start();

print 'Page 2 - ' . $_SESSION['test'];
print '<br>' . session_id();

According to your setup you should check that files with the same name as the session id are being created in c:/apache/tmp and that this folder exists.

If that all works then your sessions are set up correctly and you're somehow resetting the values in the session. If it doesn't then you have a problem with your setup and configuration

You're storing your session_id in a cookie, you dont have these disabled in your browser or anything do you?

Hope this helps
Tim

SoulAssassin

Yes, I have done all the testing of the Session, and checking if the session files exist in the c:/apache/tmp. The Session is setup correctly because when I do print_r($_SESSION); it shows the correct info.
Well, except once the session gets over written by the POST.

All my other pages holds the session correctly to.
Even once the Session has been changed, the new values goes through to the other pages.

Guess I'd just have to keep on trying different stuff till it's sorted.
Thanks for your time.

timus

If your session is holding the data between pages then its all set up fine.

At some point in part of your code you're setting $_SESSION['user_name'] = to $POST or session_register...

Sorry I couldn't be of more help

Tim