Page 1 of 1
strange problem
Posted: Wed Jun 04, 2003 4:29 am
by irealms
When you log into my site all works fine, the problem comes when clicking any of the buttons in the member admin section. On the first click it logs you out even though you stay on the members page.
Posted: Wed Jun 04, 2003 5:46 am
by volka
how and when do you set and check the permissions?
code
Posted: Wed Jun 04, 2003 6:38 am
by irealms
the members admin is called into the index page as is my login script, so when you click a button it refreshes the whole page, it's not that it logs you out, as it still shows the members page, but the login script in the top corner shows the not logged in section.
http://www.irealms.co.uk/crimson
then log on as test/test and you can see the members section, the first time you click a button it you will see the problem.
Posted: Wed Jun 04, 2003 6:52 am
by volka
it's still the same problem, isn't it?
Wrong order of set and check.
Where in your code (and the flow of the script) do you perform the login and where do you include/check the admin section?
Posted: Wed Jun 04, 2003 7:07 am
by delorian
I've been on your page, logged in as a test member and even clicked on the members button, and guess what... I was still test-member

- Does this problem still existits or you have just cope with it yourself
If you use sessions you should allways be sure that you send session id using both cookies and in url or just url, but not only in cookie. I have the same problem on my friends page and now it works.
BTW: Write more about the problem, of course only if it still is a problem

order
Posted: Wed Jun 04, 2003 7:09 am
by irealms
ok here it is
Code: Select all
<?php
<?
require "config.php";
?>
<html>
<head>
<link rel="stylesheet" type"text/css" href="standard.css" />
<title>Crimson Maurauders</title>
</head>
<BODY>
<table align="center" width="950" border="0" cellspacing="0" cellpadding="0">
<tr>
<td>
<?
//login info
if ($userid && $password)
{
// if the user has just tried to log in
$query = "select * from users "
."where username='$userid' "
." and passwd='$password' ";
$result = mysql_query($query, $db_conn);
$row = mysql_fetch_assoc($result);
if (mysql_num_rows($result) >0 && $row['approved'] == 1)
{
// if they are in the database register the user id
$valid_user = $userid;
$_SESSION['valid_user'] = $valid_user;
$_SESSION['pass'] = $_POST['password'];
$_SESSION['id'] = $row['id'];
$_SESSION['approved'] = $row['approved'];
$_SESSION['officer'] = $row['officer'];
$_SESSION['admin'] = $row['admin'];
$_SESSION['rank'] = $row['rank'];
}
}
if ($_SESSION['admin'] == 1)
{
//this is where the admin menu is called in (see below)
include "siteadmin/admenu.php";
}
?>
<table align="left" width="160" cellpadding="0" cellspacing="0" border="0">
<tr>
<td height="220" width="160">
<?
//here is where the login script is called depending in the situation
if ($log=="") include "authmain.php";
if ($log=="logout") include "logout.php";
if ($log=="change") include "changepass.php";
if ($log=="1") include "changepass.php";
if ($log=="forgot") include "forgot.php";
?>
admin menu file
Code: Select all
<?php
//admin menu file
if ($_SESSION['admin'] ==0)
{
header("Location: http://www.irealms.co.uk/crimson/index.php");
}
else if ($_SESSION['admin'] ==1)
{
echo '<table cellspacing="5" cellpassing="5" border="0"><tr><td><a href="index.php?page=members" /><img src="buttons\members.jpg" border="0" /></a></td>';
echo '<td><a href="forums\admin\index.php" target="_blank" /><img src="buttons\fadmin.jpg" border="0" /></a></td>';
echo '</tr></table>';
}
?>
members file
Code: Select all
<?php
//show members
$query = "SELECT username,charname,approved,rank,admin FROM users ORDER BY username";
$result = mysql_query($query, $db_conn) or die('query failed');
$num_results = mysql_num_rows($result);
echo '<table cellspacing="5" cellpadding="5"><tr><td><div class="log"><u>Username</u></div></td><td><div class="log"><u>Main character name</u></div></td><td><div class="log"><u>Rank?</u></div></td><td><div class="log"><u>Approved?</u></div></td><td><div class="log"><u>Admin?</u></div></td></tr>';
while ($row = mysql_fetch_assoc($result))
{
if ($row['approved'] == 1)
{
$approved = Yes;
}
else
{
$approved = No;
}
if ($row['rank'] == 1)
{
$rank = Officer;
}
if ($row['rank'] == 2)
{
$rank = Leader;
}
elseif ($row['rank'] == 0)
{
$rank = Member;
}
if ($row['admin'] == 1)
{
$adminlvl = Yes;
}
else
{
$adminlvl = No;
}
echo '<tr><td><div class="log">'.$row[username].'</div></td>';
echo '<td><div class="log">'.$row[charname].'</div></td>';
echo '<td><div class="log">'.$rank.'</div></td>';
echo '<td><div class="log">'.$approved.'</div></td>';
echo '<td><div class="log">'.$adminlvl.'</div></td>';
}
echo '</tr></table>';
?>
<table cellspacing="5" cellpadding="5" border="0">
<tr>
<td>
<form method="post" action="index.php?page=members">
<div class="log">User:<input type="text" name="useredit" size="16" style="font-size:10px;border: 0px;"><br /><br />
<input type=submit name="userapp" value="Approve" style="font-size:10px;color:#FFFFFF;background-color:#000000;border: 0px;text-decoration:underline;">
<input type=submit name="userdeny" value="Deny" style="font-size:10px;color:#FFFFFF;background-color:#000000;border: 0px;text-decoration:underline;">
<input type=submit name="usermem" value="Make member" style="font-size:10px;color:#FFFFFF;background-color:#000000;border: 0px;text-decoration:underline;">
<input type=submit name="useroff" value="Make officer" style="font-size:10px;color:#FFFFFF;background-color:#000000;border: 0px;text-decoration:underline;">
<input type=submit name="userlea" value="Make leader" style="font-size:10px;color:#FFFFFF;background-color:#000000;border: 0px;text-decoration:underline;">
<br /><br />
<input type=submit name="useradm" value="Make admin" style="font-size:10px;color:#FFFFFF;background-color:#000000;border: 0px;text-decoration:underline;">
<input type=submit name="usernoad" value="Remove admin rights" style="font-size:10px;color:#FFFFFF;background-color:#000000;border: 0px;text-decoration:underline;">
<br /><br /><br />
<input type=submit name="userdel" value="Delete User" style="font-size:10px;color:#FFFFFF;background-color:#000000;border: 0px;text-decoration:underline;">
</form>
</div>
</form>
</td>
</tr>
<?
//user approve
if (isset($_POST['userapp']))
{
$userapp = "UPDATE users set approved = '1' where username = '$_POST[useredit]'";
$resultapp = mysql_query($userapp, $db_conn) or die("query [$query] failed: ".mysql_error());
}
if (isset($resultapp))
{
header("Location: index.php?page=members");
}
//user deny
if (isset($_POST['userdeny']))
{
$userden = "UPDATE users set approved = '0' where username = '$_POST[useredit]'";
$resultden = mysql_query($userden, $db_conn) or die("query [$query] failed: ".mysql_error());
}
if (isset($resultden))
{
header("Location: index.php?page=members");
}
//user delete
if (isset($_POST['userdel']))
{
$userdel = "DELETE FROM users where username = '$_POST[useredit]'";
$resultdel = mysql_query($userdel, $db_conn) or die("query [$query] failed: ".mysql_error());
}
if (isset($resultdel))
{
header("Location: index.php?page=members");
}
//user member
if (isset($_POST['usermem']))
{
$usermem = "UPDATE users set rank = '0' where username = '$_POST[useredit]'";
$resultmem = mysql_query($usermem, $db_conn) or die("query [$query] failed: ".mysql_error());
}
if (isset($resultmem))
{
header("Location: index.php?page=members");
}
//user officer
if (isset($_POST['useroff']))
{
$useroff = "UPDATE users set rank = '1' where username = '$_POST[useredit]'";
$resultoff = mysql_query($useroff, $db_conn) or die("query [$query] failed: ".mysql_error());
}
if (isset($resultoff))
{
header("Location: index.php?page=members");
}
//user leader
if (isset($_POST['userlea']))
{
$userlea = "UPDATE users set rank = '2' where username = '$_POST[useredit]'";
$resultlea = mysql_query($userlea, $db_conn) or die("query [$query] failed: ".mysql_error());
}
if (isset($resultlea))
{
header("Location: index.php?page=members");
}
//set admin
if (isset($_POST['useradm']))
{
$useradm = "UPDATE users set admin = '1' where username = '$_POST[useredit]'";
$resultadm = mysql_query($useradm, $db_conn) or die("query [$query] failed: ".mysql_error());
}
if (isset($resultadm))
{
header("Location: index.php?page=members");
}
//remove admin rights
if (isset($_POST['usernoad']))
{
$usernoad = "UPDATE users set admin = '0' where username = '$_POST[useredit]'";
$resultnoad = mysql_query($usernoad, $db_conn) or die("query [$query] failed: ".mysql_error());
}
if (isset($resultnoad))
{
header("Location: index.php?page=members");
}
?>
thanks
Posted: Wed Jun 04, 2003 7:11 am
by irealms
yeah it seems to be an intermittent problem not sure why it's happening.
Not sure what you mean about sending the session id in the url, i've noticed it doesn't always send the session id into the url, not sure why though.
Posted: Wed Jun 04, 2003 7:29 am
by []InTeR[]
In the Location headers, you need to parse the session id.
I try'd to find where i read this, but @ the time i can't find it.
Posted: Wed Jun 04, 2003 7:49 am
by discobean
I only just skimmed thru this thread, but isn't there supposed to be a session_start(); somewhere??
or have u got it to automatically start sessions?
config
Posted: Wed Jun 04, 2003 7:51 am
by irealms
the session start is in the config file
Re: thanks
Posted: Wed Jun 04, 2003 4:23 pm
by delorian
irealms wrote:(...)Not sure what you mean about sending the session id in the url, i've noticed it doesn't always send the session id into the url, not sure why though.
Yes, because when the session id is not in the url that means session wrote its cookie on your computer (or it doesn't exist

).
As for the code, I agree with
[]InTeR[], you should try add session id to location headers.
There is probably simple and stupid reason why doesn't it work, but I would try the session id parsing first.
Can I ask you, why you are usign \ and not / in your anchors?
Posted: Thu Jun 05, 2003 3:20 am
by irealms
no idea, just a habit from old times i think, lol
Posted: Thu Jun 05, 2003 3:22 am
by irealms
can't find the session parse info on php.net
Posted: Thu Jun 05, 2003 4:42 am
by delorian
Code: Select all
// e.g.
header("Location: index.php?page=members&". SID."");
or something more sophisticated
Code: Select all
// e.g.
header("Location: index.php?page=members&". session_name()."=".session_id()."");
But read
http://pl.php.net/manual/en/ref.session.php first, there's a lot info and probably the answer to all your php questions.