strange problem

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
irealms
Forum Contributor
Posts: 215
Joined: Mon Apr 28, 2003 7:10 am
Location: Leeds

strange problem

Post by irealms »

When you log into my site all works fine, the problem comes when clicking any of the buttons in the member admin section. On the first click it logs you out even though you stay on the members page.
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

how and when do you set and check the permissions?
User avatar
irealms
Forum Contributor
Posts: 215
Joined: Mon Apr 28, 2003 7:10 am
Location: Leeds

code

Post by irealms »

the members admin is called into the index page as is my login script, so when you click a button it refreshes the whole page, it's not that it logs you out, as it still shows the members page, but the login script in the top corner shows the not logged in section.
http://www.irealms.co.uk/crimson

then log on as test/test and you can see the members section, the first time you click a button it you will see the problem.
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

it's still the same problem, isn't it?
Wrong order of set and check.
Where in your code (and the flow of the script) do you perform the login and where do you include/check the admin section?
User avatar
delorian
Forum Contributor
Posts: 223
Joined: Sun May 04, 2003 5:20 pm
Location: Olsztyn, Poland

Post by delorian »

I've been on your page, logged in as a test member and even clicked on the members button, and guess what... I was still test-member :D - Does this problem still existits or you have just cope with it yourself :?:

If you use sessions you should allways be sure that you send session id using both cookies and in url or just url, but not only in cookie. I have the same problem on my friends page and now it works.

BTW: Write more about the problem, of course only if it still is a problem :wink:
User avatar
irealms
Forum Contributor
Posts: 215
Joined: Mon Apr 28, 2003 7:10 am
Location: Leeds

order

Post by irealms »

ok here it is :)

Code: Select all

<?php
<?
require "config.php";
?>
<html>
<head>
<link rel="stylesheet" type"text/css" href="standard.css" />
<title>Crimson Maurauders</title>
</head>
<BODY>
<table align="center" width="950" border="0" cellspacing="0" cellpadding="0">
<tr>
<td>
<?
//login info
if ($userid && $password)
{
  // if the user has just tried to log in
  $query = "select * from users "
           ."where username='$userid' "
           ." and passwd='$password' ";
  $result = mysql_query($query, $db_conn);
  $row = mysql_fetch_assoc($result);
  if (mysql_num_rows($result) >0 && $row['approved'] == 1)
  {
    // if they are in the database register the user id
    $valid_user = $userid;
    $_SESSION['valid_user'] = $valid_user;
    $_SESSION['pass'] = $_POST['password'];
	$_SESSION['id'] = $row['id'];
	$_SESSION['approved'] = $row['approved'];
	$_SESSION['officer'] = $row['officer'];
	$_SESSION['admin'] = $row['admin'];
	$_SESSION['rank'] = $row['rank'];
  }
}
if ($_SESSION['admin'] == 1)
{
//this is where the admin menu is called in (see below)
	include "siteadmin/admenu.php";
}
?>
<table align="left" width="160" cellpadding="0" cellspacing="0" border="0">
<tr>
<td height="220" width="160">
<?
//here is where the login script is called depending in the situation
if ($log=="") include "authmain.php";
if ($log=="logout") include "logout.php";
if ($log=="change") include "changepass.php";
if ($log=="1") include "changepass.php";
if ($log=="forgot") include "forgot.php";

?>
admin menu file

Code: Select all

<?php

//admin menu file
if ($_SESSION['admin'] ==0)
{
header("Location: http://www.irealms.co.uk/crimson/index.php");
}
else if ($_SESSION['admin'] ==1)
{
echo '<table cellspacing="5" cellpassing="5" border="0"><tr><td><a href="index.php?page=members" /><img src="buttons\members.jpg" border="0" /></a></td>';
echo '<td><a href="forums\admin\index.php" target="_blank" /><img src="buttons\fadmin.jpg" border="0" /></a></td>';
echo '</tr></table>';
}

?>
members file

Code: Select all

<?php

//show members 

$query = "SELECT username,charname,approved,rank,admin FROM users ORDER BY username"; 
$result = mysql_query($query, $db_conn) or die('query failed'); 
$num_results = mysql_num_rows($result); 
echo '<table cellspacing="5" cellpadding="5"><tr><td><div class="log"><u>Username</u></div></td><td><div class="log"><u>Main character name</u></div></td><td><div class="log"><u>Rank?</u></div></td><td><div class="log"><u>Approved?</u></div></td><td><div class="log"><u>Admin?</u></div></td></tr>'; 
while ($row = mysql_fetch_assoc($result)) 
{ 
    
   if ($row['approved'] == 1) 
   { 
      $approved = Yes; 
   } 
    else 
   { 
      $approved = No; 
   } 
   if ($row['rank'] == 1) 
   { 
      $rank = Officer; 
   } 
   if ($row['rank'] == 2) 
   { 
      $rank = Leader; 
   } 
   elseif ($row['rank'] == 0) 
   { 
      $rank = Member; 
   } 
   if ($row['admin'] == 1) 
   { 
      $adminlvl = Yes; 
   } 
   else 
   { 
      $adminlvl = No; 
   } 
   echo '<tr><td><div class="log">'.$row[username].'</div></td>'; 
   echo '<td><div class="log">'.$row[charname].'</div></td>'; 
   echo '<td><div class="log">'.$rank.'</div></td>'; 
   echo '<td><div class="log">'.$approved.'</div></td>'; 
   echo '<td><div class="log">'.$adminlvl.'</div></td>'; 
   }
echo '</tr></table>';
?> 
<table cellspacing="5" cellpadding="5" border="0">
<tr>
<td>
<form method="post" action="index.php?page=members">
<div class="log">User:<input type="text" name="useredit" size="16" style="font-size:10px;border: 0px;"><br /><br />
<input type=submit name="userapp" value="Approve" style="font-size:10px;color:#FFFFFF;background-color:#000000;border: 0px;text-decoration:underline;">
<input type=submit name="userdeny" value="Deny" style="font-size:10px;color:#FFFFFF;background-color:#000000;border: 0px;text-decoration:underline;">
<input type=submit name="usermem" value="Make member" style="font-size:10px;color:#FFFFFF;background-color:#000000;border: 0px;text-decoration:underline;">
<input type=submit name="useroff" value="Make officer" style="font-size:10px;color:#FFFFFF;background-color:#000000;border: 0px;text-decoration:underline;">
<input type=submit name="userlea" value="Make leader" style="font-size:10px;color:#FFFFFF;background-color:#000000;border: 0px;text-decoration:underline;">
<br /><br />
<input type=submit name="useradm" value="Make admin" style="font-size:10px;color:#FFFFFF;background-color:#000000;border: 0px;text-decoration:underline;">
<input type=submit name="usernoad" value="Remove admin rights" style="font-size:10px;color:#FFFFFF;background-color:#000000;border: 0px;text-decoration:underline;">
<br /><br /><br />
<input type=submit name="userdel" value="Delete User" style="font-size:10px;color:#FFFFFF;background-color:#000000;border: 0px;text-decoration:underline;">
</form>
</div>
</form>
</td>
</tr>
<?
//user approve
if (isset($_POST['userapp']))
{
	$userapp = "UPDATE users set approved = '1' where username = '$_POST[useredit]'"; 
	$resultapp = mysql_query($userapp, $db_conn) or die("query [$query] failed: ".mysql_error()); 
}
if (isset($resultapp))
{
	header("Location: index.php?page=members");
}
//user deny
if (isset($_POST['userdeny']))
{
	$userden = "UPDATE users set approved = '0' where username = '$_POST[useredit]'"; 
	$resultden = mysql_query($userden, $db_conn) or die("query [$query] failed: ".mysql_error()); 
}
if (isset($resultden))
{
	header("Location: index.php?page=members");
}
//user delete
if (isset($_POST['userdel']))
{
	$userdel = "DELETE FROM users where username = '$_POST[useredit]'"; 
	$resultdel = mysql_query($userdel, $db_conn) or die("query [$query] failed: ".mysql_error()); 
}
if (isset($resultdel))
{
	header("Location: index.php?page=members");
}
//user member
if (isset($_POST['usermem']))
{
	$usermem = "UPDATE users set rank = '0' where username = '$_POST[useredit]'"; 
	$resultmem = mysql_query($usermem, $db_conn) or die("query [$query] failed: ".mysql_error()); 
}
if (isset($resultmem))
{
	header("Location: index.php?page=members");
}
//user officer
if (isset($_POST['useroff']))
{
	$useroff = "UPDATE users set rank = '1' where username = '$_POST[useredit]'"; 
	$resultoff = mysql_query($useroff, $db_conn) or die("query [$query] failed: ".mysql_error()); 
}
if (isset($resultoff))
{
	header("Location: index.php?page=members");
}
//user leader
if (isset($_POST['userlea']))
{
	$userlea = "UPDATE users set rank = '2' where username = '$_POST[useredit]'"; 
	$resultlea = mysql_query($userlea, $db_conn) or die("query [$query] failed: ".mysql_error()); 
}
if (isset($resultlea))
{
	header("Location: index.php?page=members");
}
//set admin
if (isset($_POST['useradm']))
{
	$useradm = "UPDATE users set admin = '1' where username = '$_POST[useredit]'"; 
	$resultadm = mysql_query($useradm, $db_conn) or die("query [$query] failed: ".mysql_error()); 
}
if (isset($resultadm))
{
	header("Location: index.php?page=members");
}
//remove admin rights
if (isset($_POST['usernoad']))
{
	$usernoad = "UPDATE users set admin = '0' where username = '$_POST[useredit]'"; 
	$resultnoad = mysql_query($usernoad, $db_conn) or die("query [$query] failed: ".mysql_error()); 
}
if (isset($resultnoad))
{
	header("Location: index.php?page=members");
}

?>
User avatar
irealms
Forum Contributor
Posts: 215
Joined: Mon Apr 28, 2003 7:10 am
Location: Leeds

thanks

Post by irealms »

yeah it seems to be an intermittent problem not sure why it's happening.


Not sure what you mean about sending the session id in the url, i've noticed it doesn't always send the session id into the url, not sure why though.
[]InTeR[]
Forum Regular
Posts: 416
Joined: Thu Apr 24, 2003 6:51 am
Location: The Netherlands

Post by []InTeR[] »

In the Location headers, you need to parse the session id.

I try'd to find where i read this, but @ the time i can't find it.
User avatar
discobean
Forum Commoner
Posts: 49
Joined: Sun May 18, 2003 9:06 pm
Location: Sydney, Australia
Contact:

Post by discobean »

I only just skimmed thru this thread, but isn't there supposed to be a session_start(); somewhere??

or have u got it to automatically start sessions?
User avatar
irealms
Forum Contributor
Posts: 215
Joined: Mon Apr 28, 2003 7:10 am
Location: Leeds

config

Post by irealms »

the session start is in the config file
User avatar
delorian
Forum Contributor
Posts: 223
Joined: Sun May 04, 2003 5:20 pm
Location: Olsztyn, Poland

Re: thanks

Post by delorian »

irealms wrote:(...)Not sure what you mean about sending the session id in the url, i've noticed it doesn't always send the session id into the url, not sure why though.
Yes, because when the session id is not in the url that means session wrote its cookie on your computer (or it doesn't exist :D ).

As for the code, I agree with []InTeR[], you should try add session id to location headers.

There is probably simple and stupid reason why doesn't it work, but I would try the session id parsing first.

Can I ask you, why you are usign \ and not / in your anchors?
User avatar
irealms
Forum Contributor
Posts: 215
Joined: Mon Apr 28, 2003 7:10 am
Location: Leeds

Post by irealms »

no idea, just a habit from old times i think, lol
User avatar
irealms
Forum Contributor
Posts: 215
Joined: Mon Apr 28, 2003 7:10 am
Location: Leeds

Post by irealms »

can't find the session parse info on php.net
User avatar
delorian
Forum Contributor
Posts: 223
Joined: Sun May 04, 2003 5:20 pm
Location: Olsztyn, Poland

Post by delorian »

Code: Select all

// e.g.
header("Location: index.php?page=members&". SID."");
or something more sophisticated :D

Code: Select all

// e.g.
header("Location: index.php?page=members&". session_name()."=".session_id()."");
But read http://pl.php.net/manual/en/ref.session.php first, there's a lot info and probably the answer to all your php questions.
Post Reply