Asheeown Posted May 20, 2008 Share Posted May 20, 2008 Okay, so my sessions work flawlessly for my site, however in the admin section I have a section to view, edit, add and delete users. When I view all users, or try to edit one of the current users the userlevel changes from 3 (admin status) to 1 (user status). This does NOT happen on my development server, same files, different database information. Here is my page code: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <?php require_once("../include/config.php"); require_once("../include/functions.php"); require_once("../include/db_connect.php"); if(!$_SESSION['LoggedIn']) { $Errors .= "You must be logged in to view that page."; $URL = "../login.php?Error=1"; echo("<meta http-equiv='refresh' content='0;URL=$URL'>"); die(); } if($_SESSION['UserLevel'] < 2) { $URL = "../index.php?Error=1"; echo("<meta http-equiv='refresh' content='0;URL=$URL'>"); die(); } ?> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>EGM .::. Admin .::. View Users</title> <link rel="stylesheet" href="../assets/css/style.css" type="text/css" media="all" /> <style type="text/css"> <!-- body { background-color: #999999; } .style1 {color: #FFFFFF} --> </style></head> <body> <div id="wrapper"> <div id="header"> <p class="logotext"> </p> </div> <div id="nav"> <ul> <li><a href="../index.php">Home</a></li> <li><a href="../aboutus.php">About Us</a></li> <li><a href="../contact.php">Contact Us</a></li> <li><a href="../faq.php">FAQ</a></li> </ul> </div> <div id="content"> <div id="left"> <h2 class="style1">Admin Menu</h2> <ul> <li><a href="../index.php">Leave Admin Area</a></li> <li><a href="viewnews.php">News</a></li> <li><a href="viewusers.php">Users</a></li> </ul> <h2 class="style1">Users Menu</h2> <ul> <li><a href="viewusers.php">View All</a></li> <li><a href="adduser.php">Add New</a></li> </ul> <?php UserMenu('../'); ?> </div> <br /> <div id="breadcrumb"><span class="style1">Home » Administration » Users » View All</span></div> <br /> <br /> <div id="right"> <?php if(!isset($_GET['page'])){ $page = 1; } else { $page = $_GET['page']; } // Define the number of results per page $max_results = 10; // Figure out the limit for the query based // on the current page number. $from = (($page * $max_results) - $max_results); $Result = mysql_query("SELECT * FROM Users ORDER BY Id DESC LIMIT $from, $max_results") or die(mysql_error()); echo(" <table width=\"100%\" border=\"0\" align=\"center\" cellpadding=\"5\" cellspacing=\"2\"> <tr> <td width=\"5%\">Id:</td> <td width=\"25%\">Username:</td> <td width=\"20%\">First Name:</td> <td width=\"30%\">Email:</td> <td width=\"20%\">Options:</td> </tr> "); while($Row = mysql_fetch_assoc($Result)) { extract($Row); echo(" <tr> <td width=\"20%\">$Id</td> <td width=\"20%\">$Username</td> <td width=\"20%\">$FirstName</td> <td width=\"20%\">$Email</td> <td width=\"20%\"><div id=\"reglink\"><a href=\"edituser.php?Id=$Id\"><img border=\"0\" src=\"../assets/images/edit_icon.png\" /></a> <a href=\"deleteuser.php?Id=$Id\"><img border=\"0\" src=\"../assets/images/delete_icon.png\" /></a></div></td> </tr> "); } echo(" </table> "); // Figure out the total number of results in DB: $total_results = mysql_result(mysql_query("SELECT COUNT(*) as Num FROM Users"),0); // Figure out the total number of pages. Always round up using ceil() $total_pages = ceil($total_results / $max_results); // Build Page Number Hyperlinks echo "<center>Select a Page</span><br />"; echo "<div id=\"pagination\">"; // Build Previous Link if($page > 1){ $prev = ($page - 1); echo "<a href=\"".$_SERVER['PHP_SELF']."?page=$prev\">< Previous</a> "; } for($i = 1; $i <= $total_pages; $i++){ if(($page) == $i){ echo "$i "; } else { echo "<a href=\"".$_SERVER['PHP_SELF']."?page=$i\">$i</a> "; } } // Build Next Link if($page < $total_pages){ $next = ($page + 1); echo "<a href=\"".$_SERVER['PHP_SELF']."?page=$next\">Next ></a>"; } echo "</div>"; echo "</center>"; ?> </div> </div> <br class="clear" /> <div id="footer"> <p> <?php Footer(); ?> </p> </div> </div> </body> </html> The news admin portion of my site is almost identical just with different tables and rows Any ideas of what it could be? It's really weird it works on one server and not on the other Quote Link to comment Share on other sites More sharing options...
btherl Posted May 21, 2008 Share Posted May 21, 2008 I suspect the problem is with extract(). There's a number of solutions, the safest being to use {$Row['Id']}, {$Row['Username']}, etc etc inside the echo. That way you can never clobber your session variables. And the reason that may work on one server but not another is probably the register_globals setting. With registered globals, it's possible for a standard variable like $UserLevel to overwrite $_SESSION['UserLevel'], because they both reference the same value. Edit: To fix the problem (if this is what it is), remove the extract() line and use {$Row['Id']} in place of each of your $Id style variables in the mysql result loop. Quote Link to comment Share on other sites More sharing options...
GingerRobot Posted May 21, 2008 Share Posted May 21, 2008 I'd say you should fix the problem by turning off the register_globals setting if at all possible (though you might experience problems with forms etc if you've been used to writing code with register_globals turned on). Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted May 21, 2008 Share Posted May 21, 2008 Sessions won't work in the posted code unless session.auto_start is on or that whole code is being included by a page that is doing session_start(); extract() should almost always be used with the EXTR_SKIP second parameter to avoid overwriting any existing variables. Quote Link to comment Share on other sites More sharing options...
btherl Posted May 22, 2008 Share Posted May 22, 2008 EXTR_SKIP doesn't make sense in the way he's using extract(). He wants to overwrite the variables for each row. But I think he is inadvertently overwriting other variables because he used "SELECT *", fetching more than just the ones he is interested in, including the user level. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.