Sessions - Driving Me Crazy! - PHPBuilder Forums

Sessions - Driving Me Crazy!

micky007

Hi Guys,

I've built an affiliate system and I've used sessions on the affiliate (user) side of everything and that all works fine. I've been working on the admin side of things how ever i can not get sessions to work for the admin side and i have no idea why and its driving me crazy!

Whats supposed to happen is i login to an admin account, the script checks to make sure my login details return 1 record. If it does then it creates a session with the data as the admin ID number. and takes me to the admin page. Now on the admin page right at the top is some PHP code that checks to make sure that an admin session exists and if not it takes them to the login area.

Now I've been doing tests on the login script and echoing everything so i can see whats happening and its all fine, it works fine and is saving the session along with the data as i can echo it. How ever when it gets to the admin page it takes me right back to the login page. So on the admin page i checked to see if the session existed and outputted the data and for some reason there is no value in the session which is why its taking me back to the login page. I've gone over the code and can not find a problem and its driving me crazy so i am in need of some help please. Below i have pasted the login code and the admin code.

LOGIN CODE:

<?
session_start();
// Quote variable to make safe  

function quote_smart($value)  

{  

   // Stripslashes  

   if (get_magic_quotes_gpc()) {  

       $value = stripslashes($value);  

   }  

   // Quote if not a number or a numeric string  

   if (!is_numeric($value)) {  

       $value = "'" . mysql_real_escape_string($value) . "'";  

   }  

   return $value;  

} // end make safe


/*Retrive Database Connection Login*/
require("./databaseconnection.php");


$email=$_POST['Email'];
$adminpassword=$_POST['Password'];

mysql_connect(localhost,$username,$password);

@mysql_select_db($database) or die( "Oops theres an error, our highly trained monkeys have been notified.");


$query = sprintf("SELECT * FROM admins WHERE Email=%s and Password=%s",
            quote_smart($email),
            quote_smart($adminpassword));

//echo $query;
mysql_query($query);
$result = mysql_query($query);
$count=mysql_num_rows($result);
mysql_close();

while($row = mysql_fetch_array($result))
  {
  //echo $row['Pixel'];
  $adminid=$row['AdminID'];
  }

if($count==1){

// store session data
$_SESSION['AdminID']=$adminid;
//echo $_SESSION['AdminID'];

header( 'Location: xxxxxxxxxxxxxxx/admin.php' ) ;
}
else {
header( 'Location: xxxxxxxxxxxxxxxxx/index.php?s=failed' ) ;
}

?>

ADMIN CODE:

<?
session_start();
echo '$_SESSION["AdminID"] = '.$_SESSION["AdminID"];
die();
if (isset($_SESSION["AdminID"])) { 
//THEN
    $adminid=$_SESSION['AdminID'];
    // Quote variable to make safe  

    function quote_smart($value)  

    {  

       // Stripslashes  

       if (get_magic_quotes_gpc()) {  

           $value = stripslashes($value);  

       }  

       // Quote if not a number or a numeric string  

       if (!is_numeric($value)) {  

           $value = "'" . mysql_real_escape_string($value) . "'";  

       }  

       return $value;  

    } // end make safe
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
<link rel="stylesheet" type="text/css" href="anylinkcssmenu.css" />

<script type="text/javascript" src="anylinkcssmenu.js">

/***********************************************
* AnyLink CSS Menu script v2.0- © Dynamic Drive DHTML code library (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit Project Page at http://www.dynamicdrive.com/dynamicindex1/anylinkcss.htm for full source code
***********************************************/

</script>

<script type="text/javascript">

//anylinkcssmenu.init("menu_anchors_class") ////Pass in the CSS class of anchor links (that contain a sub menu)
anylinkcssmenu.init("anchorclass")
</script>
<style type="text/css">
body {
    background-color: #28709a;
}
.tableheadertext {
    color: #FFF;
    text-align: right;
}
.menutext {
    font-weight: bold;
    text-align: center;
}
.menutext td {
    color: #FFF;
    font-family: "Trebuchet MS", Arial, Helvetica, sans-serif;
}
.campaignheader {
    color: #FFF;
    text-align: center;
}
.campaignheader td {
}
.activetxt {
    text-align: left;
    font-weight: bold;
    font-size: 24px;
    color: #FFF;
}
.campaignheader td {
    color: #000;
}
.moreurl {
    color: #000;
}
.accountfield {
    font-weight: bold;
    color: #FFF;
    text-align: right;
}
a:link {
    color: #FFF;
}
a:visited {
    color: #FFF;
}
a:hover {
    color: #F90;
}
a:active {
    color: #FFF;
}
</style>
</head>

<body>
<?php include("header.htm"); ?>




</body>
</html>
<?
}
else{
//NO LOGIN - SEND TO LOGIN
header('Location: xxxxxxxxxxxxxxxx/index.php'); 
}

?>

I've also attached images to give you more details of whats happening. If anyone can help me out please that would be fantastic!

I'm really stuck here 🙁

djjjozsi

in yout queries, Password should be covered with `, password is a reserved field name.
test yout queries in phpmyadmin.

try to troubleshoot:

$result = mysql_query($query) or die(mysql_error());

set the error reporting ON while you troubleshooting.

micky007

djjjozsi;10987400 wrote:
in yout queries, Password should be covered with `, password is a reserved field name.
test yout queries in phpmyadmin.

try to troubleshoot:
$result = mysql_query($query) or die(mysql_error()); 
set the error reporting ON while you troubleshooting.

Hi,

Thanks for your comment, if you had read it all you would have known its not the MySQL Query that's the issue as gets the correct AdminID from the database and places it as in the session. Its only when it redirects you to the admin page that the session has gone.

The files are both on the same server and they are both in the same directory.

Any help would be great.

Thanks

djjjozsi

another idea:

	error_reporting(E_ALL);
ini_set("display_errors", 1);

with this code in the admin page you can test all the warnings.

for example: a wrong utf8 BOM character coding could make your header send failed.

is register globals set into 0 in your server ?