PHP - Sessions - Works & Doesnt Other Days

On the admin pages I’ve done it so if an Admin session is not created then it takes them back to the login area. On the login area I’ve coded it so if the login details are correct then it creates the session:

$_SESSION['AdminID']=$adminid;

Now below is the code I use to check if the session exists.

if (isset($_SESSION["AdminID"])) {

//code

}
else{
//NO LOGIN - SEND TO LOGIN
header('Location: http://www.***********.com/****/***/index.php'); 
}

Now I’ve been having problems with this, for example today I cannot login and it takes me back to the login page, and on other days I can login fine. Why would it work some days and not work on other days, I need this fixed so your help is much appreciated. Is there a better way of protecting my admin pages?

Thank you.

are you calling session_start() on every page?

Yep session_start(); is on the second line of every page after <?php

Thanks.

more header redirects. Ew.

Haha sorry StarLion I’m still fairly new to PHP so any suggestions are welcomed :slight_smile:

Admin directory header.php:


<?php
session_start();
if(!isset($_SESSION['AdminID'])) { ///Not logged in, eh?
 include_once('login.php'); //Here is my login form.
 die(); //Now stop processing.
}

Comment out the ‘header’ call, and put

var_dump($_SESSION);

underneath it. This will help you discover more on what is going wrong.

StarLion i tried your code and same thing was happening.

R2D2 I’ve done what you said and here is the output:

array(1) { [“AffID”]=> string(1) “4” }

Now that AffID is the session from the members area, so I’m guessing the 2 sessions are conflicting each other. How do i get round this even though i’ve named the sessions differently?

Thanks for the help so far guys!

‘named the sessions differently’???

Sessions… dont have names?

Ah, well what’s the $_SESSION[‘AdminID’] (AdminID) for then as i named them both differently?

There is only one $_SESSION array. You are trying to create two different entries within the array. It should work as you expect it too, but something is obviously going wrong.

How do you assign your AffID? Do you have anything else that is accessing $_SESSION?

Well this is the code i am using:

<?
session_start();
// Quote variable to make safe  
function quote_smart($value)  
{  
   // Stripslashes  
   if (get_magic_quotes_gpc()) {  
       $value = stripslashes($value);  
   }  
   // Quote if not a number or a numeric string  
   if (!is_numeric($value)) {  
       $value = "'" . mysql_real_escape_string($value) . "'";  
   }  
   return $value;  
} // end make safe


/*Retrive Database Connection Login*/
require("./databaseconnection.php");


$email=$_POST['Email'];
$adminpassword=$_POST['Password'];

mysql_connect(localhost,$username,$password);

@mysql_select_db($database) or die( "Oops theres an error, our highly trained monkeys have been notified.");


$query = sprintf("SELECT * FROM admins WHERE Email=%s and Password=%s",
			quote_smart($email),
			quote_smart($adminpassword));

//echo $query;
mysql_query($query);
$result = mysql_query($query);
$count=mysql_num_rows($result);
mysql_close();

while($row = mysql_fetch_array($result))
  {
  //echo $row['Pixel'];
  $adminid=$row['AdminID'];
  }

if($count==1){
	
	// store session data
	$_SESSION['AdminID']=$adminid;
	//echo $_SESSION['AdminID'];
	
	header( 'Location: http://xxxxxxxxxx.com/xxxx/xxxxx/admin.php' ) ;
}
else {
header( 'Location: http://xxxxxxxxx.com/xxxxxx/xxxxxx/index.php?s=failed' ) ;
}

?>

I know that they are being sent to admin.php as i can see this using a FireFox addon. But admin.php keeps sending me back to the login area as its saying the session doesnt exist. Any help would be great please.

and on admin.php, line 1 is <?php,
line 2 is session_start,
line 3 is if (isset($_SESSION[“AdminID”])) {
?

Correct:

<?php
session_start();
if (isset($_SESSION["AdminID"])) { 
//THEN

But then it cant be the admin page causing the problem is for some reason there is no session is being saved in the first place right? It has to be the login code but as you can see i am saving the session, so I’m all confused why its not working :frowning:

databaseconnection.php isnt destroying the session, is it?

You’re calling mysql_close(); before you actually call mysql_fetch_array($result)! There is probably an error being output when you try to do this or try to use $adminid - are you displaying errors? I guess not because the header call is working.

Anyway, just take out the mysql_close() altogether - it’ll get closed when the script finishes anyway.

Nope all thats in there is the following:

<?
/*DATABASE LOGIN INFORMATION*/
$username="*******";
$password="*******";
$database="*******";

/*DATABASE LOGIN INFORMATION*/
$usernameadmin="*******";
?>

I’ve done and still the same problem :frowning:

Is there a better way of protecting my admin pages instead of sessions?

Not really… but i dont see why what you have isnt working :confused: