Page 1 of 1

[SOLVED] Session issues URGENT HELP NEEDED!

Posted: Wed Jun 23, 2004 10:21 am
by melindaSA
I have searced this forum, as well as read all the session information in the manual, and I still cannot get this to work right??

I have an application that is logging a user in with username, password and level. Depending on their level, the database is queried for specific information.

My login page:

Code: Select all

<?php
$target=$_SERVER["PHP_SELF"];
include("common.php");
if (isset($_SESSION['level'])) {
                if (isset($_POST['logout'])){
                        session_destroy;
                }else{
                   echo"
                        <form name=form1 method=post action=assets/logout.php>
                                <table border=0 cellspacing=0 cellpadding=0 class=content>
                                        <tr>
                                                <td >
                                                <input name=logout type=hidden value=logout>

                                                <input name=submit type=image src=logout.gif  border=0 >
                                                </td>
                                        </tr>
                                </table>
                        </form>";
                }
        } 
if (!isset($_SESSION['level'])) {
        if (isset($username)){
                $query = "SELECT level FROM users WHERE username='$username' AND password='$password'" or die("Wrong Password"); 
                $sql_results = mysql_query($query,$connection);
                        while ($row = mysql_fetch_array($sql_results)) {
                                $level = $row['level'];
                                        session_register("level");
                        }
        }
        if (isset($_SESSION['level'])) {
                   echo"
                        <form name=form1 method=post action=assets/logout.php>
                                <table border=0 cellspacing=0 cellpadding=0 class=content>
                                        <tr>
                                                <td >
                                                <input name=logout type=hidden value=logout>

                                                <input name=submit type=image src=logout.gif  border=0 >
                                                </td>
                                        </tr>
                                </table>
                        </form>";
        }else{
                echo"
                        <form name=form1 method=post action=../page1_login.php>
                                <table border=0 cellspacing=0 cellpadding=0 class=content>
                                        <tr>
                                                <td>username:</td>
                                        </tr>
                                        <tr>
                                                <td><input type=text name=username class=form></td>
                                        </tr>
                                        <tr>
                                                <td>password:</td>
                                        </tr>
                                        <tr>
                                                <td><input type=text name=password class=form></td>
                                        </tr>
                                        <tr>
                                                <td align=right><input type=hidden value=1 name=reload>
                                                <input name=submit type=image src=go.gif  border=0 ></td>
                                        </tr>                                
                                </table>
                        </form>";
        }
} 
?>
If successful, directs to page1_login.php:

Code: Select all

<?php
<?php
session_start();
include("assets/login.php");
require_once('../../HRjobs/positions_inc_fns.php');

echo "<table width="800"><tr ><td><center>
<font face="Arial Narrow" size="2">
<a href="page1_feb04.php">February 2004</a>&nbsp; |&nbsp;
<a href="page1_mar04.php">March 2004</a>&nbsp; |&nbsp;
<a href="page1_apr04.php">April 2004</a>&nbsp; |&nbsp;
<a href="page1_may04.php">May 2004</a>&nbsp; |&nbsp;
<a href="page1_jun04.php">June 2004</a>&nbsp; |&nbsp;
<a href="page1_jul04.php">July 2004</a>&nbsp; |&nbsp;
<a href="page1_aug04.php">August 2004</a>&nbsp; |&nbsp;
<a href="page1_sep04.php">September 2004</a>&nbsp; |&nbsp;
<a href="page1_oct04.php">October 2004</a>&nbsp; |&nbsp;
<a href="page1_nov04.php">November 2004</a>&nbsp; |&nbsp;
<a href="page1_dec04.php">December 2004</a></center></font></td></tr></table><br><br>";

echo "<table>";

//$conn = db_connect();
function poslist($title){
        if ((isset($_SESSION['level'])) && ($_SESSION['level']==2)) {
        $sql = mysql_query("SELECT distinct title, depID FROM positions WHERE depID IN (39,28,38,37,58)");
                        }
        if ((isset($_SESSION['level'])) && ($_SESSION['level']==3)) {
        $sql = mysql_query("SELECT distinct title, depID FROM positions WHERE depID IN (29,17,58)");
                       }
        if ((isset($_SESSION['level'])) && ($_SESSION['level']==4)) {
        $sql = mysql_query("SELECT distinct title, depID FROM positions WHERE depID (18,58)");
                        }
        if ((isset($_SESSION['level'])) && ($_SESSION['level']==5)) {
        $sql = mysql_query("SELECT distinct title, depID FROM positions WHERE depID (32,58)");
                     }
        if ((isset($_SESSION['level'])) && ($_SESSION['level']==6)) {
        $sql = mysql_query("SELECT distinct title, depID FROM positions WHERE depID='15'");
                      }
        if ((isset($_SESSION['level'])) && ($_SESSION['level']==7)) {
        $sql = mysql_query("SELECT distinct title, depID FROM positions WHERE depID='20'");
                      }
        if ((isset($_SESSION['level'])) && ($_SESSION['level']==8)) {
        $sql = mysql_query("SELECT distinct title, depID FROM positions WHERE depID IN (2,7,54,55,56,57,58)");
                      }
        if ((isset($_SESSION['level'])) && ($_SESSION['level']==9)) {
        $sql = mysql_query("SELECT distinct title, depID FROM positions WHERE depID IN (3,10,40,58)");
                       }
        if ((isset($_SESSION['level'])) && ($_SESSION['level']==10)) {
        $sql = mysql_query("SELECT distinct title, depID FROM positions WHERE depID IN (11,58,14)");
                       }
        if ((isset($_SESSION['level'])) && ($_SESSION['level']==11)) {
        $sql = mysql_query("SELECT distinct title, depID FROM positions WHERE depID IN (25,4,54,55,56,57,58)");
                       }
        if ((isset($_SESSION['level'])) && ($_SESSION['level']==12)) {
        $sql = mysql_query("SELECT distinct title, depID FROM positions WHERE depID IN (26,41,58,42)");
          }
        if ((isset($_SESSION['level'])) && ($_SESSION['level']==13)) {
        $sql = mysql_query("SELECT distinct title, depID FROM positions WHERE depID='27'");
                       }
        if ((isset($_SESSION['level'])) && ($_SESSION['level']==14)) {
        $sql = mysql_query("SELECT distinct title, depID FROM positions WHERE depID='43'");
                       }
        if ((isset($_SESSION['level'])) && ($_SESSION['level']==15)) {
        $sql = mysql_query("SELECT distinct title, depID FROM positions WHERE depID IN (8,58)");
                       }
        if ((isset($_SESSION['level'])) && ($_SESSION['level']==16)) {
        $sql = mysql_query("SELECT distinct title, depID FROM positions WHERE depID IN (19,58)");
                 }
        if ((isset($_SESSION['level'])) && ($_SESSION['level']==17)) {
        $sql = mysql_query("SELECT distinct title, depID FROM positions WHERE depID IN (44,45)");
                       }
        if ((isset($_SESSION['level'])) && ($_SESSION['level']==18)) {
        $sql = mysql_query("SELECT distinct title, depID FROM positions WHERE depID IN (46,58,54)");
                       }
        if ((isset($_SESSION['level'])) && ($_SESSION['level']==19)) {
        $sql = mysql_query("SELECT distinct title, depID FROM positions WHERE depID IN (30,58)");
                       }
        if ((isset($_SESSION['level'])) && ($_SESSION['level']==20)) {
        $sql = mysql_query("SELECT distinct title, depID FROM positions WHERE depID IN (24,31,58)");
                       }
        if ((isset($_SESSION['level'])) && ($_SESSION['level']==21)) {
        $sql = mysql_query("SELECT distinct title, depID FROM positions WHERE depID IN (47,5,6,54,55,56,57,58)");
                       }
        if ((isset($_SESSION['level'])) && ($_SESSION['level']==22)) {
        $sql = mysql_query("SELECT distinct title, depID FROM positions WHERE depID IN (23,58)");
                       }
        if ((isset($_SESSION['level'])) && ($_SESSION['level']==23)) {
        $sql = mysql_query("SELECT distinct title, depID FROM positions WHERE depID IN (48,58,49)");
                       }
        if ((isset($_SESSION['level'])) && ($_SESSION['level']==24)) {
        $sql = mysql_query("SELECT distinct title, depID FROM positions WHERE depID IN (22,33,34,35,36,58)");
                       }
        if ((isset($_SESSION['level'])) && ($_SESSION['level']==25)) {
        $sql = mysql_query("SELECT distinct title, depID FROM positions WHERE depID IN (21,50,51,52,54,55,56,57,58)");
                       }
        if ((isset($_SESSION['level'])) && ($_SESSION['level']==26)) {
        $sql = mysql_query("SELECT distinct title, depID FROM positions WHERE depID='9'");
                       }
        if ((isset($_SESSION['level'])) && ($_SESSION['level']==27)) {
        $sql = mysql_query("SELECT distinct title, depID FROM positions WHERE depID IN (53,16,54,55,56,57,58)");
             }
    echo "<select name="title">";
    while(list($title, $depID)=mysql_fetch_array($sql)){
        $title = stripslashes($title);
        echo "<option value="$title"";
echo ">$title";
    }
    echo "</option></select>";

}
// The Form:

echo "<form method="post" action="page1.php" select name="title">";
echo "<font face="Arial" size="2">Select Open Position: </font>";
poslist($title);
echo "<input type="Submit" Value="Select">
</form>";
echo "<br><br><font color="#006699" face="Arial" size="2"><b>Results will only show current applications for Job Title selected.<br>
If you would like to see all applications, please select month above.<br>
If dropdown is empty, there are no current positions in your category!</b></center></font>";

//end added
?>


?>
The drop down works fine but when the user selects

Code: Select all

<?php<a href="page1_feb04.php">February 2004</a>&nbsp; |&nbsp;

?>
one of these pages, they get the login screen again. I am using session_start(); on these pages. but if browser is refreshed on page1_login.php the page1_feb04.php works just fine. Here is the page1_feb04.php page:

Code: Select all

<?php
<?php
session_start();
include("assets/login.php");
require_once('../../HRjobs/positions_inc_fns.php');
//Start Login Validation
if ((isset($_SESSION['level'])) && ($_SESSION['level']==2)) {
       $query = "SELECT * FROM application WHERE position_type IN (39,28,38,37,58) AND date between '2004-02-01' and '2004-02-29' ORDER by position_apply, date DESC";
                        }
if ((isset($_SESSION['level'])) && ($_SESSION['level']==3)) {
       $query = "SELECT * from application WHERE position_type IN (29,17,58) AND date between '2004-02-01' and '2004-02-29' ORDER by position_apply, date DESC";
                        }
if ((isset($_SESSION['level'])) && ($_SESSION['level']==4)) {
       $query = "SELECT * from application WHERE position_type IN (18,58) AND date between '2004-02-01' and '2004-02-29' ORDER by position_apply, date DESC";
                        }
if ((isset($_SESSION['level'])) && ($_SESSION['level']==5)) {
        $query = "SELECT * from application WHERE position_type IN (32,58) AND date between '2004-02-01' and '2004-02-29' ORDER by position_apply, date DESC";
                     }
if ((isset($_SESSION['level'])) && ($_SESSION['level']==6)) {
        $query = "SELECT * from application WHERE position_type='15' AND date between '2004-02-01' and '2004-02-29' ORDER by position_apply, date DESC";
                       }
if ((isset($_SESSION['level'])) && ($_SESSION['level']==7)) {
        $query = "SELECT * from application WHERE position_type='20' AND date between '2004-02-01' and '2004-02-29' ORDER by position_apply, date DESC";
                       }
if ((isset($_SESSION['level'])) && ($_SESSION['level']==8)) {
        $query = "SELECT * from application WHERE position_type IN (2,7,54,55,56,57,58) AND date between '2004-02-01' and '2004-02-29' ORDER by position_apply, date DESC";
                       }
if ((isset($_SESSION['level'])) && ($_SESSION['level']==9)) {
        $query = "SELECT * from application WHERE position_type IN (6,10,40,58) AND date between '2004-02-01' and '2004-02-29' ORDER by position_apply, date DESC";
                       }
if ((isset($_SESSION['level'])) && ($_SESSION['level']==10)) {
        $query = "SELECT * from application WHERE position_type IN (11,58,14) AND date between '2004-02-01' and '2004-02-29' ORDER by position_apply, date DESC";
                       }
if ((isset($_SESSION['level'])) && ($_SESSION['level']==11)) {
        $query = "SELECT * from application WHERE position_type IN (25,4,54,55,56,57,58) AND date between '2004-02-01' and '2004-02-29' ORDER by position_apply, date DESC";
                       }
if ((isset($_SESSION['level'])) && ($_SESSION['level']==12)) {
        $query = "SELECT * from application WHERE position_type IN (41,58,42) AND date between '2004-02-01' and '2004-02-29' ORDER by position_apply, date DESC";
                       }
if ((isset($_SESSION['level'])) && ($_SESSION['level']==13)) {
        $query = "SELECT * from application WHERE position_type='27' AND date between '2004-02-01' and '2004-02-29' ORDER by position_apply, date DESC";
                       }
if ((isset($_SESSION['level'])) && ($_SESSION['level']==14)) {
        $query = "SELECT * from application WHERE position_type='43' AND date between '2004-02-01' and '2004-02-29' ORDER by position_apply, date DESC";
                       }
if ((isset($_SESSION['level'])) && ($_SESSION['level']==15)) {
        $query = "SELECT * from application WHERE position_type IN (8,58) AND date between '2004-02-01' and '2004-02-29' ORDER by position_apply, date DESC";
                       }
if ((isset($_SESSION['level'])) && ($_SESSION['level']==16)) {
        $query = "SELECT * from application WHERE position_type IN (9,58) AND date between '2004-02-01' and '2004-02-29' ORDER by position_apply, date DESC";
                       }
if ((isset($_SESSION['level'])) && ($_SESSION['level']==17)) {
        $query = "SELECT * from application WHERE position_type IN (44,45) AND date between '2004-02-01' and '2004-02-29' ORDER by position_apply, date DESC";
                       }
if ((isset($_SESSION['level'])) && ($_SESSION['level']==18)) {
        $query = "SELECT * from application WHERE position_type IN (46,58,54) AND date between '2004-02-01' and '2004-02-29' ORDER by position_apply, date DESC";
                       }
if ((isset($_SESSION['level'])) && ($_SESSION['level']==19)) {
        $query = "SELECT * from application WHERE position_type IN (30,58) AND date between '2004-02-01' and '2004-02-29' ORDER by position_apply, date DESC";
                       }
if ((isset($_SESSION['level'])) && ($_SESSION['level']==20)) {
        $query = "SELECT * from application WHERE position_type IN (24,31,58) AND date between '2004-02-01' and '2004-02-29' ORDER by position_apply, date DESC";
                       }
if ((isset($_SESSION['level'])) && ($_SESSION['level']==21)) {
        $query = "SELECT * from application WHERE position_type IN (5,6,54,55,56,57,58) AND date between '2004-02-01' and '2004-02-29' ORDER by position_apply, date DESC";
                       }
if ((isset($_SESSION['level'])) && ($_SESSION['level']==22)) {
        $query = "SELECT * from application WHERE position_type IN (23,58) AND date between '2004-02-01' and '2004-02-29' ORDER by position_apply, date DESC";
                       }
if ((isset($_SESSION['level'])) && ($_SESSION['level']==23)) {
        $query = "SELECT * from application WHERE position_type IN (48,58,49) AND date between '2004-02-01' and '2004-02-29' ORDER by position_apply, date DESC";
                       }
if ((isset($_SESSION['level'])) && ($_SESSION['level']==24)) {
        $query = "SELECT * from application WHERE position_type IN (22,33,34,35,36,58) AND date between '2004-02-01' and '2004-02-29' ORDER by position_apply, date DESC";
                       }
if ((isset($_SESSION['level'])) && ($_SESSION['level']==25)) {
        $query = "SELECT * from application WHERE position_type IN (21,50,51,52,54,55,56,57,58) AND date between '2004-02-01' and '2004-02-29' ORDER by position_apply, date DESC";
                       }
if ((isset($_SESSION['level'])) && ($_SESSION['level']==26)) {
        $query = "SELECT * from application WHERE position_type='9' AND date between '2004-02-01' and '2004-02-29' ORDER by position_apply, date DESC";
                       }
if ((isset($_SESSION['level'])) && ($_SESSION['level']==27)) {
        $query = "SELECT * from application WHERE position_type IN (53,16,54,55,56,57,58) AND date between '2004-02-01' and '2004-02-29' ORDER by position_apply, date DESC";
                       }
//End Login Validation

$result = mysql_query($query)
        or die (" ");

echo "<table width="800"><tr ><td><center><font face="Arial Narrow" size="2">
<a href="page1_login.php">Current Applications</a></font>&nbsp; |&nbsp;
<font face="Arial" size="2">
<b>February 2004</b></font>&nbsp; |&nbsp;
<font face="Arial Narrow" size="2">
<a href="page1_mar04.php">March 2004</a>&nbsp; |&nbsp;
<a href="page1_apr04.php">April 2004</a>&nbsp; |&nbsp;
<a href="page1_may04.php">May 2004</a>&nbsp; |&nbsp;
<a href="page1_jun04.php">June 2004</a>&nbsp; |&nbsp;
<a href="page1_jul04.php">July 2004</a>&nbsp; |&nbsp;
<a href="page1_aug04.php">August 2004</a>&nbsp; |&nbsp;
<a href="page1_sep04.php">September 2004</a>&nbsp; |&nbsp;
<a href="page1_oct04.php">October 2004</a>&nbsp; |&nbsp;
<a href="page1_nov04.php">November 2004</a>&nbsp; |&nbsp;
<a href="page1_dec04.php">December 2004</a></center></font></td></tr></table>";

echo "<table>";
echo "<tr bgcolor="#A6B1C6" align="left">";
echo "<td align="center" width="220"><font face="Verdana" size="1"><b>Applicant Name</b></font></td>";
echo "<td align="center"width="240"><font face="Verdana" size="1"><b>Position Applied</b></font></td>";
echo "<td align="center"width="100"><font face="Verdana" size="1"><b>Application</b></font></td>";
echo "<td align="center" width="100"><font face="Verdana" size="1"><b>Date</b></font></td>";
echo "<td align="center"width="100"><font face="Verdana" size="1"><b>Resume</b></font></td>";
echo "</tr><td height="20">&nbsp;</td>";

while ( $row = mysql_fetch_array($result))
{
   extract($row);

   echo "<tr>\n";
   $last_name=stripslashes($last_name);
   $first_name=stripslashes($first_name);
   echo "<td valign="top" width="220"><font face="Verdana" size="1">$first_name $last_name</font><br></td>";
   echo "<td valign="top" width="240"><font face="Verdana" size="1">$position_apply</font><br></td>";
   echo "<td align="center" valign="top" width="100"><font face="Verdana" size="1"><a href="../show_app.php?appID=$appID" target="_blank">view</a></font><br></td>";
   echo "<td align="center" valign="top" width="100"><font face="Verdana" size="1">$date</font><br></td>";
      if(file_exists("../resume/".$first_name.$last_name.".doc")){
      echo "<td valign="top" align="center" width="100"><font face="Verdana" size="1"><a href="../resume/".$first_name.$last_name.".doc">Yes</a></font><br></td>";
      } else {
      echo "<td valign="top" align="center" width="100"><font face="Verdana" size="1">No</font><br></td>";
      }
}
   echo "</tr></table>";
?>

?>
Why is this happening?? Is there a problem with my code??

PLEASE HELP!!!!

Posted: Wed Jun 23, 2004 10:26 am
by Buddha443556
Just throwing this out there... haven't read a quarter of the code yet!

Sounds like a caching problem? Did you have any no cache headers?

Posted: Wed Jun 23, 2004 10:26 am
by markl999
Not sure what the problem is exactly, but you shouldn't mix $_SESSION with session_* functions (apart from session_start()/session_destroy()) so change session_register("level"); to $_SESSION['level'] = $level; (or just $_SESSION['level'] = $row['level'] and skip a step ;))

Also, do you have register_globals On or Off, strange things can happen depending on this.

Posted: Wed Jun 23, 2004 10:39 am
by melindaSA
I do not have any cache headers.
How do I check if the register_globals are on or off??

Posted: Wed Jun 23, 2004 10:41 am
by markl999

Code: Select all

<?php
phpinfo();
?>
..will show you if register_globals is On or Off (just search down that page)

Posted: Wed Jun 23, 2004 10:50 am
by melindaSA
register_globals are on?

I also made the $_SESSION['level'] = $row['level'] change.

Still same problem...

Posted: Wed Jun 23, 2004 10:53 am
by markl999
Just out of interest, do sessions in general work for you or just not in this application?
Eg does the following work ok? (the count should go up everytime you refresh)

Code: Select all

<?php
error_reporting(E_ALL);
session_start();
if(empty($_SESSION['count'])){
  $_SESSION['count'] = 1;
}
echo ++$_SESSION['count'];
?>

Posted: Wed Jun 23, 2004 10:58 am
by melindaSA
This is thefirst time I am using sessions! The $_SESSION['count'] works fine...

Posted: Wed Jun 23, 2004 11:01 am
by markl999
Just noticed that you don't have a session_start() at the top of your login page ... or is that in common.php ? If not you need to add it.

Posted: Wed Jun 23, 2004 11:04 am
by melindaSA
That was it, thank you soo much. I can't believe I missed that!