Page 1 of 1

PHP Admin Login Issue

Posted: Thu Apr 19, 2007 11:40 am
by Addulous
Hello all,

I have hit a wall :( . Now let me start off by saying i DO NOT know php. I have the ability to understand patterns and manipulate but i just haven't had the experience yet to really know what i'm doing. I have a program i found and have manipulated that is basically a 'help desk' ticketing application, that will allow me to better manage things at work in my department. I currently have this hosted through a computer with XP using the Apache Web Suite Developer.

The Problem:
When i go to the 'admin login' and try to login, it doesn't work. I get a thing saying "Your session has expired, please login using the form below." (that is just from the language file). Because i really don't know what to do, i've included the part i THINK of the code that would be dedicated to this. If there is more that i can provide, or question i can answer to be able to make this better understood please don't hesitate, i've been trying so hard to get this to work.
define('IN_SCRIPT',1);

/* Get all the required files and functions */
require_once('hesk_settings.inc.php');
require_once('language/'.$hesk_settings['language'].'.inc.php');
require_once('inc/common.inc.php');
hesk_session_start();
require_once('inc/database.inc.php');
hesk_dbConnect() or hesk_error("$hesklang[cant_connect_db] $hesklang[contact_webmsater] $hesk_settings[webmaster_mail]!");

/* What should we do? */
$action=hesk_input($_REQUEST['a']) or $action='login';
if ($action == 'login') {print_login();}
elseif ($action == 'do_login') {do_login();}
elseif ($action == 'logout') {logout();}
else {hesk_error($hesklang['invalid_action']);}

/* Print footer */
require_once('inc/footer.inc.php');
exit();

/*** START FUNCTIONS ***/

function do_login() {
global $hesklang;
$user=hesk_isNumber($_POST['user'],$hesklang['select_username']);
$pass=hesk_input($_POST['pass'],$hesklang['enter_pass']);

$sql = "SELECT * FROM `hesk_users` WHERE `id`=$user LIMIT 1";
$result = hesk_dbQuery($sql) or hesk_error("$hesklang[cant_sql]: $sql</p><p>$hesklang[mysql_said]:<br>".mysql_error()."</p><p>$hesklang[contact_webmsater] $hesk_settings[webmaster_mail]");
$_SESSION=hesk_dbFetchAssoc($result);

/* Check password */
if ($pass != $_SESSION['pass']) {
hesk_session_stop();
hesk_error($hesklang['wrong_pass']);
}

session_regenerate_id();

/* Get allowed categories */
if (empty($_SESSION['isadmin'])) {
$cat=substr($_SESSION['categories'], 0, -1);
$_SESSION['categories']=explode(",",$cat);
}

if ($url=hesk_input($_REQUEST['goto'])) {
Header("Location: $url");
} else {
Header("Location: admin_main.php");
}
exit();
} // End do_login()


function print_login() {
require_once('inc/header.inc.php');
global $hesk_settings, $hesklang;
?>
<p class="smaller"><a href="<?php echo $hesk_settings['site_url']; ?>"
class="smaller"><?php echo $hesk_settings['site_title']; ?></a> >
<?php echo $hesklang['admin_login']; ?><br>&nbsp;</p>
</td>
</tr>
<tr>
<td>

<p>&nbsp;</p>

<h3 align="center"><?php echo $hesklang['login']; ?></h3>

<?php
if ($_REQUEST['notice']) {
echo "<p align=\"center\" class=\"important\">$hesklang[session_expired]</p>";
}
?>


<form action="admin.php" method="POST">

<div align="center">
<center>
<table border="0" cellspacing="1" cellpadding="5">
<tr>
<td align="right"><?php echo $hesklang['user']; ?>: </td>
<td><select name="user">
<?php
$sql = "SELECT * FROM `hesk_users`";
$result = hesk_dbQuery($sql) or hesk_error("$hesklang[cant_sql]: $sql</p><p>$hesklang[mysql_said]:<br>".mysql_error()."</p><p>$hesklang[contact_webmsater] $hesk_settings[webmaster_mail]");
while ($row=hesk_dbFetchAssoc($result))
{
echo "
<option value=\"$row[id]\">$row[user]</option>
";
}

?>
</select></td>
</tr>
<tr>
<td align="right"><?php echo $hesklang['pass']; ?>: </td>
<td><input type="password" name="pass"></td>
</tr>
</table>
</center>
</div>

<p align="center"><input type="hidden" name="a" value="do_login">
<?php
if ($url=hesk_input($_REQUEST['goto'])) {
echo "<input type=\"hidden\" name=\"goto\" value=\"$url\">";
}
?>
<input type="submit" value="<?php echo $hesklang['login']; ?>" class="button"></p>

</form>
<?php
} // End print_login()

function logout() {
require_once('inc/header.inc.php');
global $hesk_settings, $hesklang;
hesk_session_stop();
?>
<p class="smaller"><a href="<?php echo $hesk_settings['site_url']; ?>"
class="smaller"><?php echo $hesk_settings['site_title']; ?></a> >
<?php echo $hesklang['logged_out']; ?><br>&nbsp;</p>
</td>
</tr>
<tr>
<td>

<p>&nbsp;</p>
<h3 align="center"><?php echo $hesklang['logout']; ?></h3>
<p>&nbsp;</p>

<p align="center"><?php echo $hesklang['logout_success']; ?></p>
<p>&nbsp;</p>
<p align="center"><a href="admin.php"><?php echo $hesklang['click_login']; ?></a></p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<?php
require_once('inc/footer.inc.php');
exit();
} // End logout()

?>

Posted: Thu Apr 19, 2007 1:49 pm
by arturm
It is hard to tell whats wrong but try to look at your php.ini file and check if you have session support on and that your browser support cookies.

Posted: Thu Apr 19, 2007 2:02 pm
by Addulous
hello arturm. thank you for your response.

i went into my php.ini file. what exactly do i need to look at to see if session support is enabled. there is alot of lines in there about [session]

Posted: Thu Apr 19, 2007 2:13 pm
by bert4
Look at your phpinfo() output....