[SOLVED] Session Destroy?

[Lamez]

My page I just made keeps logging me out after I refresh, but when I browse to another page I made, I do not get logged out. They are both base on the same code structure. Is there anything in my code below that would be the reason why I get logged out?

 

<?php
ob_start();
$path = "../../";
$title = "Change User Level";
$rank = "yes";
include ($path."main/include/cons/head.php");
if($session->logged_in){
  if($session->isAdmin()){
  
   $q = mysql_query("SELECT * FROM `users` ORDER BY `userlevel` DESC");
?>
<p class="header">Change User Level</p>
<p class="maintext">
<form id="us_lvl" name="us_lvl" method="post" action="">
  <table width="100%" border="0">
    <tr>
      <td width="7%">User List</td>
      <td width="13%"><label>
        <select name="user" id="user">
        <?php
	 while($row = mysql_fetch_array($q)){
	    $lvl = $row['userlevel'];
            $username = $row['username'];
   		    if ($lvl == ('9')){
	     $lvl = "Admin";
	    }else{
	     $lvl = "Member";
	    }
	 //$user_ is defined in head.php as logged in username.
	     if ($username !== ($user_)){
              echo '<option value="'.$username.'">'.$username.' ('.$lvl.')</option>';
	     }
         }
	?>
        </select>
      </label></td>
      <td width="14%"><label>
        <input type="radio" name="lvl" id="radio" value="9" checked>
      </label>
      Admin 
      <label>
      <input type="radio" name="lvl" id="radio2" value="1" />
      </label>
      Member</td>
      <td width="66%"><label>
        <input type="submit" name="ch_lvl" id="ch_lvl" value="Change Level" />
      </label></td>
    </tr>
  </table>
</form>
</p>
<?php
  }else{
  header('Location: '.$path.'index.php');
  }
}else{
header('Location: '.$path.'index.php');
}
include ($path."main/include/cons/foot.php");
?>

[revraz]

You don't have session_start(); at the top of your page

[Lamez]

it is in the include in head.php, that should not be the problem though, because one of my other pages that work fine, are structured like this one.

 

example:

<?php
ob_start();
$path = "../../";
$title = "Ban\UnBan Users";
$rank = "yes";
include ($path."main/include/cons/head.php");
if($session->logged_in){
  if($session->isAdmin()){

  $ban = mysql_query("SELECT `username` FROM `users` WHERE `ban` = '0' and `userlevel` = '1'");
  $un = mysql_query("SELECT `username` FROM `users` WHERE `ban` = '1'");
  if (isset($_POST['ban'])){
    if (isset($_POST['user'])){
  $user = $_POST['user'];
  mysql_query("UPDATE `users` SET `ban`='1' WHERE `username`='$user'")or die(mysql_error());
  $_SESSION['message'] = $user." has been banned";
  header('Location: ban_us.php');
}
  }
  if (isset($_POST['un_ban'])){
    if (isset($_POST['ban_user'])){
  $banuser = $_POST['ban_user'];
  mysql_query("UPDATE `users` SET `ban`='0' WHERE `username`='$banuser'")or die(mysql_error());
  $_SESSION['message'] = $banuser." has been unbanned";
  header('Location: ban_us.php');
}
  }
?>  
<p class="header">Ban\UnBan Users</p>
<p class="maintext">
<?php echo $_SESSION['message']; ?>
<br />
<form id="ban" name="ban" method="post" action="">
  <table width="100%" border="0">
    <tr>
      <td width="7%">UnBanned</td>
      <td width="13%"><label>
        <select name="user" id="user">
        <?php
	 while($row = mysql_fetch_array($ban)){
           echo '<option value="'.$row['username'].'">'.$row['username'].'</option>';
         }
	?>
        </select>
      </label></td>
      <td width="80%"><label>
        <input type="submit" name="ban" id="ban" value="Ban User" />
      </label></td>
    </tr>
  </table>
</form>
<br />

<form id="unban" name="unban" method="post" action="">
  <table width="100%" border="0">
    <tr>
      <td width="7%">Banned</td>
      <td width="13%"><label>
        <select name="ban_user" id="ban_user">
        <?php
	 while($row = mysql_fetch_array($un)){
           echo '<option value="'.$row['username'].'">'.$row['username'].'</option>';
         }
	?>
        </select>
      </label></td>
      <td width="80%"><label>
        <input type="submit" name="un_ban" id="un_ban" value="unBan User" />
      </label></td>
    </tr>
  </table>
</form>
</p>
<?php
  }else{
  header('Location: '.$path.'index.php');
  }
}else{
header('Location: '.$path.'index.php');
}
include ($path."main/include/cons/foot.php");
?>

 

This page works great

[revraz]

Then my best guess is that this page is not on the same level as your other page and your $path is wrong.  Try starting the session and find out.

[MadTechie]

After include ($path."main/include/cons/head.php");

add var_dump($_SESSION); to check the session values..

is logged_in missing or isAdmin or both ?

[Lamez]

well I did var dump, and I get this:

 

  array(4) { ["url"]=>  &string(27) "/admin_area/usmg/us_lvl.php" ["message"]=>  &string(27) "sidspicer has been unbanned" ["username"]=>  &string(11) "JamesLittle" ["userid"]=>  &string(32) "1a96f86861577f8f2d4737df5dd0faee" }

 

everything looks to be intact

[revraz]

How is that intact?

[Lamez]

I am pretty sure all the variables are there.

[MadTechie]

Erm.....

well

is logged_in and isAdmin are missing.. but i guess $session->isAdmin() is a function

[Lamez]

I did var_dump on a page that works, and I get the same variables

 

ya it is a function.

[PFMaBiSmAd]

I am pretty sure

When it comes to programming, I am pretty sure is not close enough. You must be 100% sure by checking exactly if what you expect is occurring (computers only do what they are told by their programming.)

 

Are you debugging this on a system where php error_reporting is set to E_ALL and display_errors are set to On so that php will help you?

 

If it is only that single page that does not work, I suspect that you might be having a header problem and sessions are not actually starting, so when you refresh that page, a new session is attempted each time. Full php error reporting would tell you this. Another possibility is reusing a variable name (or register globals are on and they are overwriting a same name variable.)

 

Since your $session class is determining the logged in condition, it would take seeing that code for anyone to be able to help with why it might not be keeping you logged in.

[Lamez]

lol I am sorry about my choice of words, when I say something like that, I am sure that they are all intact. Thank you for your response. I am not getting any errors.

 

Also it is not just when I refresh it is when I browse to any page that requires a login. I will look harder.

[Lamez]

you know what is funny, when I remove the query, and refresh the page, I do not get logged out. But when I put the query back, I get logged out.

 

Why?

[PFMaBiSmAd]

I believe I might have already suggested a reason why -

(or register globals are on and they are overwriting a same name variable.)

Are register_globals turned on? You are using a $username variable and have a session variable by that same name.

[Lamez]

gosh I am sorry, I must have over read that part. I did overwrite the variable $username, I changed it to $usn, and it works fine now.

 

Thank you for your help. It takes a lot of patience to put of with me

 

-Lamez

[MadTechie]

lol, i noticed thats but without the class couldn't make the connection lol

[PFMaBiSmAd]

If your code was reusing $username, than changing one of the variable names is okay. However, if register_globals are on, I recommend turning them off. By having them on, you could be inadvertently creating code that only works because of register_globals and it will stop (requiring you to go back and fix it) on any server where register_globals have been properly turned off or under php6, where register_globals have been completely removed.