Page 1 of 1

Hey got a problem with my PHP code!

Posted: Wed May 10, 2006 1:26 am
by AshrakTheWhite
the admin interface php dosent want to recognize that session['admin'] = true;

any help would be appretiated


Login Page:

Code: Select all

<?php
session_start();
require_once 'functions.php';
echo '
    <form method="post" action="">
    <input type="text" name="Username"
    <input type="password" name="Password">
    <input type="submit" name="submit" value="Go!">
    </form>
';


if($_SESSION['admin'] == false and isset($_POST['Username'], $_POST['Password']))
{
    $username = htmlspecialchars($_POST['Username']);
    $password = htmlspecialchars($_POST['Password']);
    
    if ($username == 'Marko' AND $password == '*********(password is really here i just dont want to give it to you :p)')
    {
        $_SESSION['admin'] = true;
        header("Location: adminInterface.php");

    } else
        {
            die('Wrong username or password');
        }
}
?>
Admin Interface PHP

Code: Select all

<?php
ini_set('error_reporting', E_ALL);

if($_SESSION['admin'] == true)
{
    require_once 'functions.php';
    connectDB();
    
    echo '
        <table>
            <tr>
                <td>
                    <a href="adminInterface.php?op=editShop">Edit Shop Items</a>
                </td>
                <td>
                    <a href="adminInterface.php?op=viewOrders">View Orders</a>
                </td>
                <td>
                    <a href="adminInterface.php?op=logOut">Log out</a>
                </td>
            <tr>
        </table>
    '; 


    switch($_GET['op'])
    {
        case('editShop'):
            echo' 
                <table>
                    <form method="post" action="adminInterface.php">
                        Enter Product Name:&nbsp
                        <input type="text" name="productName"><br>
                        Enter Product Price:&nbsp
                        <input type="text" name="productPrice"><br>
                        Enter Product Unit:&nbsp
                        <input type="text" name="productUnit"><br>
                        <input type="submit" name="Submit" value="update">
                    </form>
                </table>';
    }


    if(!empty($_POST['productName']) and !empty($_POST['productPrice']) and !empty($_POST['productUnit']))
    {
        $pName = $_POST['productName'];
        $pPrice = $_POST['productPrice'];
        $pUnit = $_POST['productUnit'];
        $pName = mysql_real_escape_string($pName);
        $pPrice = mysql_real_escape_string($pPrice);
        $pUnit = mysql_real_escape_string($pUnit);
        updateItems($pName, $pPrice, $pUnit);
    }

    function updateItems($pName, $pPrice, $pUnit)
    {
        $query='
        INSERT INTO
            MarkoPood
        (name, hind, yhik)
            values ("' . $pName . '","' . $pPrice . '","' . $pUnit . '")    
        ';    
        mysql_query($query) or die(mysql_error());
    }
} else
    {
        die("Bugger Off haxta newb!");
    }
?>

Posted: Wed May 10, 2006 2:09 am
by Christopher
Try:

Code: Select all

$_SESSION['admin'] = true;
        session_write_close();
        header("Location: adminInterface.php");
You need to write the session data before the redirect because both scripts are run in the same request. Normally the session data is written at the end of the request.