strange problem
Moderator: General Moderators
strange problem
When you log into my site all works fine, the problem comes when clicking any of the buttons in the member admin section. On the first click it logs you out even though you stay on the members page.
code
the members admin is called into the index page as is my login script, so when you click a button it refreshes the whole page, it's not that it logs you out, as it still shows the members page, but the login script in the top corner shows the not logged in section.
http://www.irealms.co.uk/crimson
then log on as test/test and you can see the members section, the first time you click a button it you will see the problem.
http://www.irealms.co.uk/crimson
then log on as test/test and you can see the members section, the first time you click a button it you will see the problem.
I've been on your page, logged in as a test member and even clicked on the members button, and guess what... I was still test-member
- Does this problem still existits or you have just cope with it yourself
If you use sessions you should allways be sure that you send session id using both cookies and in url or just url, but not only in cookie. I have the same problem on my friends page and now it works.
BTW: Write more about the problem, of course only if it still is a problem
If you use sessions you should allways be sure that you send session id using both cookies and in url or just url, but not only in cookie. I have the same problem on my friends page and now it works.
BTW: Write more about the problem, of course only if it still is a problem
order
ok here it is
admin menu file
members file
Code: Select all
<?php
<?
require "config.php";
?>
<html>
<head>
<link rel="stylesheet" type"text/css" href="standard.css" />
<title>Crimson Maurauders</title>
</head>
<BODY>
<table align="center" width="950" border="0" cellspacing="0" cellpadding="0">
<tr>
<td>
<?
//login info
if ($userid && $password)
{
// if the user has just tried to log in
$query = "select * from users "
."where username='$userid' "
." and passwd='$password' ";
$result = mysql_query($query, $db_conn);
$row = mysql_fetch_assoc($result);
if (mysql_num_rows($result) >0 && $row['approved'] == 1)
{
// if they are in the database register the user id
$valid_user = $userid;
$_SESSION['valid_user'] = $valid_user;
$_SESSION['pass'] = $_POST['password'];
$_SESSION['id'] = $row['id'];
$_SESSION['approved'] = $row['approved'];
$_SESSION['officer'] = $row['officer'];
$_SESSION['admin'] = $row['admin'];
$_SESSION['rank'] = $row['rank'];
}
}
if ($_SESSION['admin'] == 1)
{
//this is where the admin menu is called in (see below)
include "siteadmin/admenu.php";
}
?>
<table align="left" width="160" cellpadding="0" cellspacing="0" border="0">
<tr>
<td height="220" width="160">
<?
//here is where the login script is called depending in the situation
if ($log=="") include "authmain.php";
if ($log=="logout") include "logout.php";
if ($log=="change") include "changepass.php";
if ($log=="1") include "changepass.php";
if ($log=="forgot") include "forgot.php";
?>Code: Select all
<?php
//admin menu file
if ($_SESSION['admin'] ==0)
{
header("Location: http://www.irealms.co.uk/crimson/index.php");
}
else if ($_SESSION['admin'] ==1)
{
echo '<table cellspacing="5" cellpassing="5" border="0"><tr><td><a href="index.php?page=members" /><img src="buttons\members.jpg" border="0" /></a></td>';
echo '<td><a href="forums\admin\index.php" target="_blank" /><img src="buttons\fadmin.jpg" border="0" /></a></td>';
echo '</tr></table>';
}
?>Code: Select all
<?php
//show members
$query = "SELECT username,charname,approved,rank,admin FROM users ORDER BY username";
$result = mysql_query($query, $db_conn) or die('query failed');
$num_results = mysql_num_rows($result);
echo '<table cellspacing="5" cellpadding="5"><tr><td><div class="log"><u>Username</u></div></td><td><div class="log"><u>Main character name</u></div></td><td><div class="log"><u>Rank?</u></div></td><td><div class="log"><u>Approved?</u></div></td><td><div class="log"><u>Admin?</u></div></td></tr>';
while ($row = mysql_fetch_assoc($result))
{
if ($row['approved'] == 1)
{
$approved = Yes;
}
else
{
$approved = No;
}
if ($row['rank'] == 1)
{
$rank = Officer;
}
if ($row['rank'] == 2)
{
$rank = Leader;
}
elseif ($row['rank'] == 0)
{
$rank = Member;
}
if ($row['admin'] == 1)
{
$adminlvl = Yes;
}
else
{
$adminlvl = No;
}
echo '<tr><td><div class="log">'.$row[username].'</div></td>';
echo '<td><div class="log">'.$row[charname].'</div></td>';
echo '<td><div class="log">'.$rank.'</div></td>';
echo '<td><div class="log">'.$approved.'</div></td>';
echo '<td><div class="log">'.$adminlvl.'</div></td>';
}
echo '</tr></table>';
?>
<table cellspacing="5" cellpadding="5" border="0">
<tr>
<td>
<form method="post" action="index.php?page=members">
<div class="log">User:<input type="text" name="useredit" size="16" style="font-size:10px;border: 0px;"><br /><br />
<input type=submit name="userapp" value="Approve" style="font-size:10px;color:#FFFFFF;background-color:#000000;border: 0px;text-decoration:underline;">
<input type=submit name="userdeny" value="Deny" style="font-size:10px;color:#FFFFFF;background-color:#000000;border: 0px;text-decoration:underline;">
<input type=submit name="usermem" value="Make member" style="font-size:10px;color:#FFFFFF;background-color:#000000;border: 0px;text-decoration:underline;">
<input type=submit name="useroff" value="Make officer" style="font-size:10px;color:#FFFFFF;background-color:#000000;border: 0px;text-decoration:underline;">
<input type=submit name="userlea" value="Make leader" style="font-size:10px;color:#FFFFFF;background-color:#000000;border: 0px;text-decoration:underline;">
<br /><br />
<input type=submit name="useradm" value="Make admin" style="font-size:10px;color:#FFFFFF;background-color:#000000;border: 0px;text-decoration:underline;">
<input type=submit name="usernoad" value="Remove admin rights" style="font-size:10px;color:#FFFFFF;background-color:#000000;border: 0px;text-decoration:underline;">
<br /><br /><br />
<input type=submit name="userdel" value="Delete User" style="font-size:10px;color:#FFFFFF;background-color:#000000;border: 0px;text-decoration:underline;">
</form>
</div>
</form>
</td>
</tr>
<?
//user approve
if (isset($_POST['userapp']))
{
$userapp = "UPDATE users set approved = '1' where username = '$_POST[useredit]'";
$resultapp = mysql_query($userapp, $db_conn) or die("query [$query] failed: ".mysql_error());
}
if (isset($resultapp))
{
header("Location: index.php?page=members");
}
//user deny
if (isset($_POST['userdeny']))
{
$userden = "UPDATE users set approved = '0' where username = '$_POST[useredit]'";
$resultden = mysql_query($userden, $db_conn) or die("query [$query] failed: ".mysql_error());
}
if (isset($resultden))
{
header("Location: index.php?page=members");
}
//user delete
if (isset($_POST['userdel']))
{
$userdel = "DELETE FROM users where username = '$_POST[useredit]'";
$resultdel = mysql_query($userdel, $db_conn) or die("query [$query] failed: ".mysql_error());
}
if (isset($resultdel))
{
header("Location: index.php?page=members");
}
//user member
if (isset($_POST['usermem']))
{
$usermem = "UPDATE users set rank = '0' where username = '$_POST[useredit]'";
$resultmem = mysql_query($usermem, $db_conn) or die("query [$query] failed: ".mysql_error());
}
if (isset($resultmem))
{
header("Location: index.php?page=members");
}
//user officer
if (isset($_POST['useroff']))
{
$useroff = "UPDATE users set rank = '1' where username = '$_POST[useredit]'";
$resultoff = mysql_query($useroff, $db_conn) or die("query [$query] failed: ".mysql_error());
}
if (isset($resultoff))
{
header("Location: index.php?page=members");
}
//user leader
if (isset($_POST['userlea']))
{
$userlea = "UPDATE users set rank = '2' where username = '$_POST[useredit]'";
$resultlea = mysql_query($userlea, $db_conn) or die("query [$query] failed: ".mysql_error());
}
if (isset($resultlea))
{
header("Location: index.php?page=members");
}
//set admin
if (isset($_POST['useradm']))
{
$useradm = "UPDATE users set admin = '1' where username = '$_POST[useredit]'";
$resultadm = mysql_query($useradm, $db_conn) or die("query [$query] failed: ".mysql_error());
}
if (isset($resultadm))
{
header("Location: index.php?page=members");
}
//remove admin rights
if (isset($_POST['usernoad']))
{
$usernoad = "UPDATE users set admin = '0' where username = '$_POST[useredit]'";
$resultnoad = mysql_query($usernoad, $db_conn) or die("query [$query] failed: ".mysql_error());
}
if (isset($resultnoad))
{
header("Location: index.php?page=members");
}
?>thanks
yeah it seems to be an intermittent problem not sure why it's happening.
Not sure what you mean about sending the session id in the url, i've noticed it doesn't always send the session id into the url, not sure why though.
Not sure what you mean about sending the session id in the url, i've noticed it doesn't always send the session id into the url, not sure why though.
Re: thanks
Yes, because when the session id is not in the url that means session wrote its cookie on your computer (or it doesn't existirealms wrote:(...)Not sure what you mean about sending the session id in the url, i've noticed it doesn't always send the session id into the url, not sure why though.
As for the code, I agree with []InTeR[], you should try add session id to location headers.
There is probably simple and stupid reason why doesn't it work, but I would try the session id parsing first.
Can I ask you, why you are usign \ and not / in your anchors?
Code: Select all
// e.g.
header("Location: index.php?page=members&". SID."");Code: Select all
// e.g.
header("Location: index.php?page=members&". session_name()."=".session_id()."");