On the admin pages I’ve done it so if an Admin session is not created then it takes them back to the login area. On the login area I’ve coded it so if the login details are correct then it creates the session:
$_SESSION['AdminID']=$adminid;
Now below is the code I use to check if the session exists.
if (isset($_SESSION["AdminID"])) {
//code
}
else{
//NO LOGIN - SEND TO LOGIN
header('Location: http://www.***********.com/****/***/index.php');
}
Now I’ve been having problems with this, for example today I cannot login and it takes me back to the login page, and on other days I can login fine. Why would it work some days and not work on other days, I need this fixed so your help is much appreciated. Is there a better way of protecting my admin pages?
StarLion i tried your code and same thing was happening.
R2D2 I’ve done what you said and here is the output:
array(1) { [“AffID”]=> string(1) “4” }
Now that AffID is the session from the members area, so I’m guessing the 2 sessions are conflicting each other. How do i get round this even though i’ve named the sessions differently?
There is only one $_SESSION array. You are trying to create two different entries within the array. It should work as you expect it too, but something is obviously going wrong.
How do you assign your AffID? Do you have anything else that is accessing $_SESSION?
<?
session_start();
// Quote variable to make safe
function quote_smart($value)
{
// Stripslashes
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}
// Quote if not a number or a numeric string
if (!is_numeric($value)) {
$value = "'" . mysql_real_escape_string($value) . "'";
}
return $value;
} // end make safe
/*Retrive Database Connection Login*/
require("./databaseconnection.php");
$email=$_POST['Email'];
$adminpassword=$_POST['Password'];
mysql_connect(localhost,$username,$password);
@mysql_select_db($database) or die( "Oops theres an error, our highly trained monkeys have been notified.");
$query = sprintf("SELECT * FROM admins WHERE Email=%s and Password=%s",
quote_smart($email),
quote_smart($adminpassword));
//echo $query;
mysql_query($query);
$result = mysql_query($query);
$count=mysql_num_rows($result);
mysql_close();
while($row = mysql_fetch_array($result))
{
//echo $row['Pixel'];
$adminid=$row['AdminID'];
}
if($count==1){
// store session data
$_SESSION['AdminID']=$adminid;
//echo $_SESSION['AdminID'];
header( 'Location: http://xxxxxxxxxx.com/xxxx/xxxxx/admin.php' ) ;
}
else {
header( 'Location: http://xxxxxxxxx.com/xxxxxx/xxxxxx/index.php?s=failed' ) ;
}
?>
I know that they are being sent to admin.php as i can see this using a FireFox addon. But admin.php keeps sending me back to the login area as its saying the session doesnt exist. Any help would be great please.
But then it cant be the admin page causing the problem is for some reason there is no session is being saved in the first place right? It has to be the login code but as you can see i am saving the session, so I’m all confused why its not working
You’re calling mysql_close(); before you actually call mysql_fetch_array($result)! There is probably an error being output when you try to do this or try to use $adminid - are you displaying errors? I guess not because the header call is working.
Anyway, just take out the mysql_close() altogether - it’ll get closed when the script finishes anyway.