Page 1 of 1

Sessions Help!

Posted: Wed Dec 13, 2006 11:40 pm
by Pertmywert
Can someone PLEASE help me with the sessions function. In my script, the user logs into the admin panel, and can then go off and do certain functions. But the session isn't carrying on so It will just display the error message! Help!

--admin.php--

Code: Select all

<?PHP
/*\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
<   PHP Post                    >
<   Simple Message Board        >
<   Copyright © 2006 Pertmywert >  
/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/*/
include("adminconfig.php");
?>
<link href="style.css" rel="stylesheet" type="text/css" />
<title>Administration Panel</title>
<?php if ($_POST["username2"]=="") { ?> 
    <title>Enter admin username/password.</title>
    <body>
    In order to access this page, fill in the admin login details. <BR>
    <form method="post" action="admin.php">
    Username: <input name="username2" type="text" value="admin" size="20">
    <BR>
    Password: <input name="password2" type="password" value="admin" size="15">
    <BR> 
    <input type="Submit" value="Submit">
    </form>
    </body>
    </html>
	<?php
	 }else{ 
	 include("adminconfig.php");
    $username2=$_POST["username2"];
    $password2=$_POST["password2"];
    session_start();
   if ($username2==$username AND $password2==$password){$permission="yes";}

   $username2=$_POST["username2"];
    $_SESSION['permission'] = "yes";  
    $_SESSION='username2';  

    if ($permission=="yes"){
   ?> 
   <p class="underline"><strong>Administration Panel </strong></p>
<hr />
<p><em><strong>Current Messages:</strong></em></p>
<p>  
  <?PHP include($filename);?>
</p>
<hr>
<strong><em>Editing Panel: </em></strong>

<p>Edit the text in <?PHP echo"$filename";?> to your liking, then click 'Post Data'. Unfortunately, bbCode is not supported in the Admin Panel. HTML is though. </p>
<form action="adminedit.php" method="post" class="body">
  <textarea name="theText" cols="35" rows="15"><?PHP include($filename);?>
  </textarea> 
  <br>
  <input type="submit" value="Post Data">
</form> 
<hr />
<p><strong><em>Clear Text: </em></strong></p>
<p><?PHP echo "To clear the current messages in $filename click the bellow button.";?></p>
<FORM METHOD="LINK" ACTION="clear.php">
<INPUT TYPE="submit" VALUE="Clear Text">
</FORM>
</p>

<?php }else{ ?>
Error in username or password. 
   <?php } ?>
<?php } ?>
--clear.php--

Code: Select all

<?php 
session_start();
if ($permission=="yes") { 
?> 
<title>Administration Panel - Clear Text</title>
<link href="style.css" rel="stylesheet" type="text/css" />
<?PHP
/*\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
<   PHP Post                    >
<   Simple Message Board        >
<   Copyright © 2006 Pertmywert >  
/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/*/
include("adminconfig.php");
$theText = "ADMIN: Messages Cleared!<br>";
$theText = stripslashes($theText);
$data = fopen($filename, "w");
fwrite($data,$theText);
fclose($data);
echo "Messages in $filename Cleared.";
?>
<?php }else{ ?> 
<link href="style.css" rel="stylesheet" type="text/css" />
<title>Access Denied.</title>
<p>You are not allowed to access this page.</p>
<p><a href="index.php">Go Back?</a></p>
<p>  
  <?php } ?>

Posted: Wed Dec 13, 2006 11:46 pm
by feyd

Posted: Wed Dec 13, 2006 11:54 pm
by Pertmywert
That does not explain a thing. I don't use headers. Further explanation?

Posted: Wed Dec 13, 2006 11:57 pm
by feyd
It does explain everything, and yes you do use headers.

Posted: Thu Dec 14, 2006 12:01 am
by Pertmywert
What? I don't understand. Sorry :( Please point out the error. I can't see it.

Posted: Thu Dec 14, 2006 12:05 am
by feyd
I'll be nice and give you a big hint.

Do you have output to the browser before calling session_start()?

Posted: Thu Dec 14, 2006 12:07 am
by Pertmywert
:oops: Are you saying I should move it to the start in admin.php?

Posted: Thu Dec 14, 2006 12:09 am
by feyd
Have you tried it?

Posted: Thu Dec 14, 2006 12:11 am
by Pertmywert
I did... It is still not working... Arghgh....

Posted: Thu Dec 14, 2006 12:13 am
by feyd
Post what you tried and the exact error you are receiving then.

Posted: Thu Dec 14, 2006 12:21 am
by dibyendrah
You must put session_start at the top on admin.php rather than on clear.php because you are using session values on admin.php and not in clear.php.

Posted: Thu Dec 14, 2006 12:25 am
by Pertmywert
Okay guys, here's the admin panel. Password and username are already inputted. Once you get in, try going to the bottom of the page and press the clear text button. See? It brings up the error message....

--admin.php--

Code: Select all

<?PHP
session_start();
/*\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
<   PHP Post                    >
<   Simple Message Board        >
<   Copyright © 2006 Pertmywert >  
/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/*/
include("adminconfig.php");
?>
<link href="style.css" rel="stylesheet" type="text/css" />
<title>Administration Panel</title>
<?php if ($_POST["username2"]=="") { ?> 
    <title>Enter admin username/password.</title>
    <body>
    In order to access this page, fill in the admin login details. <BR>
    <form method="post" action="admin.php">
    Username: <input name="username2" type="text" value="admin" size="20">
    <BR>
    Password: <input name="password2" type="password" value="admin" size="15">
    <BR> 
    <input type="Submit" value="Submit">
    </form>
    </body>
    </html>
	<?php
	 }else{ 
	 include("adminconfig.php");
    $username2=$_POST["username2"];
    $password2=$_POST["password2"];
   if ($username2==$username AND $password2==$password){$permission="yes";}

   $username2=$_POST["username2"];
    $_SESSION['permission'] = yes;  
    $_SESSION='username2';  

    if ($permission=="yes"){
   ?> 
   <p class="underline"><strong>Administration Panel </strong></p>
<hr />
<p><em><strong>Current Messages:</strong></em></p>
<p>  
  <?PHP include($filename);?>
</p>
<hr>
<strong><em>Editing Panel: </em></strong>

<p>Edit the text in <?PHP echo"$filename";?> to your liking, then click 'Post Data'. Unfortunately, bbCode is not supported in the Admin Panel. HTML is though. </p>
<form action="adminedit.php" method="post" class="body">
  <textarea name="theText" cols="35" rows="15"><?PHP include($filename);?>
  </textarea> 
  <br>
  <input type="submit" value="Post Data">
</form> 
<hr />
<p><strong><em>Clear Text: </em></strong></p>
<p><?PHP echo "To clear the current messages in $filename click the bellow button.";?></p>
<FORM METHOD="LINK" ACTION="clear.php">
<INPUT TYPE="submit" VALUE="Clear Text">
</FORM>
</p>

<?php }else{ ?>
Error in username or password. 
   <?php } ?>
<?php } ?>
--clear.php--

Code: Select all

<?php 
session_start();
if ($permission=="yes") { 
?> 
<title>Administration Panel - Clear Text</title>
<link href="style.css" rel="stylesheet" type="text/css" />
<?PHP
/*\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
<   PHP Post                    >
<   Simple Message Board        >
<   Copyright © 2006 Pertmywert >  
/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/*/
include("adminconfig.php");
$theText = "ADMIN: Messages Cleared!<br>";
$theText = stripslashes($theText);
$data = fopen($filename, "w");
fwrite($data,$theText);
fclose($data);
echo "Messages in $filename Cleared.";
?>
<?php }else{ ?> 
<link href="style.css" rel="stylesheet" type="text/css" />
<title>Access Denied.</title>
<p>You are not allowed to access this page.</p>
<p><a href="index.php">Go Back?</a></p>
<p>  
  <?php } ?>

Posted: Thu Dec 14, 2006 3:38 am
by volka
Please explain in detail this part of your code

Code: Select all

include("adminconfig.php");
    $username2=$_POST["username2"];
    $password2=$_POST["password2"];
   if ($username2==$username AND $password2==$password){$permission="yes";}

   $username2=$_POST["username2"];
    $_SESSION['permission'] = yes; 
    $_SESSION='username2';
(not for me, for yourself)

Posted: Thu Dec 14, 2006 9:44 am
by feyd
The admin page is not sending the headers for sessions to start

Code: Select all

Date: Thu, 14 Dec 2006 15:43:45 GMT
Server: Apache
X-Powered-By: PHP/5.2.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 541
Keep-Alive: timeout=1, max=75
Connection: Keep-Alive
Content-Type: text/html

200 OK