Jump to content

help with a session problem !

nilansanjaya

By nilansanjaya
in PHP Coding Help

 Share

Recommended Posts

nilansanjaya Newbie

nilansanjaya

Posted
Posted

hey guys...

ive got a big prob here.. i got to fix some error's on a exsisting project ( some one else did it )

its a admin panel. the problem is that , you can navigate to anypage , but when you go to usermanagment page and then go back to anyother page , your session is gone , and you are redirected to the login.

 

i kno it may be hard without the codings...but dont kno which one to post.. ( not all at once rite ? :o )

so ask .. help me !

Link to comment
Share on other sites
nilansanjaya Newbie

nilansanjaya

Posted
  • Author
Posted

There may be session_unregister (), session_unset(), session_destroy() functions used in user management page or any file which is included in user management page.

 

thanks for ur quick reply... bot unfortunately , theres only one session_destroy() and thats only in logout.php

ive checkd all the files ( using dreamveawer's advanced search) but no any of those session removing functions are there.

Link to comment
Share on other sites
Deoctor Member

Deoctor

Posted
Posted

Paste the code of one page..i think that u can do if help is needed..

without code. it is quite impossible to do..

 

also check what values are there  in the php.ini file for these things

session.cache_expire        session.gc_maxlifetime

 

 

Link to comment
Share on other sites
nilansanjaya Newbie

nilansanjaya

Posted
  • Author
Posted

sorry for the delay

heres the page thats causing me this case :/

 

usermanage.php

 

<?php
session_start();

if ($_SESSION['user_name'] == '' || $_SESSION['user_level'] != 1) {
header('Location: index.php');
exit(0);	
}

require_once('../config/config.php');
require_once('../includes/header.php');
require_once('../lib/svalidation.php');
require_once('../lib/functions.php');
require_once('menu.php');

// Get the GET data
$uid = isset($_GET['uid']) ? trim($_GET['uid']) : '';
$task = isset($_GET['task']) ? trim($_GET['task']) : '';

// Decode GET values
$uid = base64_decode($uid);
$task = base64_decode($task);

$msg = isset($_GET['msg']) ? trim($_GET['msg']) : '';
// Decode the message
$msg = base64_decode($msg);

// Calling to error message displaing function
$msg = show_err_msg($msg, 'User');

// Change the Submit button name
if ($task == 'edit') {
$btn_val = 'Update';
} else {
$btn_val = 'Add';
}

if ($task == 'edit') {
$query = "SELECT user_name,
				 first_name,
				 last_name									 
			FROM users
		   WHERE user_name = '$uid'			  
		ORDER BY first_name ASC";
	    		  	
$result = mysql_query($query) or die('Sql error.');
$row = mysql_fetch_assoc($result);
}
// Get post or database values
$first_name = isset($_POST['first_name']) ? add_escape($_POST['first_name']) : $row['first_name'];
$last_name = isset($_POST['last_name']) ? add_escape($_POST['last_name']) : $row['last_name'];
$user_name = isset($_POST['user_name']) ? add_escape($_POST['user_name']) : $row['user_name'];
$password = isset($_POST['password']) ? add_escape($_POST['password']) : $row['password'];

if ($_POST['btn_add_upd'] == 'Add' || $_POST['btn_add_upd'] == 'Update') {
$proceed = true; // $prceed is used to check that whether to insert data to the database 
// Server side validation
// First Name validation
if (is_blank($first_name) == true) {
	$msg_fname = 'First Name cannot be blank.';
	$proceed = false;	 
}
// Last Name validation
if (is_blank($last_name) == true) {
	$msg_lname = 'Last Name cannot be blank.';
	$proceed = false;		 
}
// Email validation
if (is_blank($user_name) == true) {
	$msg_email = 'User Name cannot be blank.';
	$proceed = false;		 
}	
/*if ($email != '') {
	if (check_email_address($email) == false) {		
		$msg_email = 'Invalid User Id.';
		$proceed = false;		 
	}
}	*/
if ($_POST['btn_add_upd'] == 'Add') {
	// Password validation
	if (is_blank($password) == true) {
		$msg_password = 'Password cannot be blank.';
		$proceed = false;		 
	}
}	
// User level validation
/*if (is_blank($user_level) == true) {
	$msg_user_level = 'Please select a user level.';
	$proceed = false;		 
}*/
}
// Add the user data to the database
if ($_POST['btn_add_upd'] == 'Add') {				
if ($proceed === true) {		
	// Encrypt the password
	$en_password = sha1($password);

	$query = "SELECT user_name				     
				FROM users
			   WHERE user_name='$user_name'";		  

	$result = mysql_query($query) or die('Sql error.');

	if (mysql_num_rows($result) > 0) {
		$msg =  4;	
	} else {
		$query = "INSERT INTO users (first_name, last_name, user_name, pwd, user_level)
							   VALUES ('$first_name', '$last_name', '$user_name', '$en_password', 2)";

		$result = mysql_query($query) or die('Sql error.');
		if (mysql_affected_rows($dbconn) > 0) {
			$msg = 1;
		} else {
			$msg = 5;
		}			
		header('Location: '.$_SERVER['PHP_SELF'].'?msg='.base64_encode($msg));
	}
}	
}

// Update template data
if ($_POST['btn_add_upd'] == 'Update') {	
if ($proceed === true) {
	$query = "UPDATE user 
				 SET fname = '$fname',
					 lname = '$lname',						 
					 email = '$email',						 
			   WHERE user_name = $uid";
	//echo $query;
	$result = mysql_query($query) or die('Sql error.');
	if (mysql_affected_rows($dbconn) > 0) {
		$msg = 2;
	}		
}
}	

// Delete users
if ($task == 'del') {			
$query = "DELETE 
			FROM users
		   WHERE user_name='$uid'";

$result = mysql_query($query) or die('Sql error.');
if (mysql_affected_rows($dbconn) > 0) {
	$msg = 3;
} else {
	$msg = 5;
}
header('Location: '.$_SERVER['PHP_SELF'].'?msg='.base64_encode($msg));
}	

$show_table = '<table width="330px" border="0" cellspacing="1" cellpadding="2" align="center" class="admin_panel_font">';
$show_table .= '<tr><td colspan="5"> </td></tr>';
$show_table .= '<tr align="left">';
$show_table .= '<th>First Name</th>';
$show_table .= '<th>Last Name</th>';
$show_table .= '<th>User Name</th>';
$show_table .= '<th> </th>';
$show_table .= '<th> </th>';
$show_table .= '</tr>';

$query = "SELECT user_name,
				 first_name,
				 last_name					 			
			FROM users
		   WHERE user_level != 1 
		ORDER BY first_name ASC";

$result = mysql_query($query) or die('Sql error.');

while ($row = mysql_fetch_array($result)) {		
$show_table .= '<tr>';	
$show_table .= '<td>' . $row['first_name'] . '</td>';
$show_table .= '<td>' . $row['last_name'] . '</td>';
$show_table .= '<td>' . $row['user_name'] . '</td>';
$show_table .= '<td><a href="'.$_SERVER['PHP_SELF'].'?uid='.base64_encode($row['user_name']).'&task='.base64_encode('edit').'">Edit</a></td>';	
$show_table .= '<td><a href="'.$_SERVER['PHP_SELF'].'?uid='.base64_encode($row['user_name']).'&task='.base64_encode('del').'" onclick="return promptConfirm(\'Are you sure?\')">Delete</a></td>';
$show_table .= '</tr>';
}
$show_table .= '<tr><td colspan="6"> </td></tr>';
$show_table .= '</table>';
?>

<script type="text/javascript" src="common.js"></script>

<script type="text/javascript">	
// JavaScript Email validation
function isValidEmail(val) {	
var re = /^[\w-]+(\.[\w-]+)*@([\w-]+\.)+[a-zA-Z]{2,7}$/;
if (!val.match(re)) {
	return false;
} else {
	return true;
}
}

// Validate Required fields
function validate() {						
var status = true;
var btn_name = '<?=$btn_val?>'; 
// Validae First Name
if (document.getElementById("txt_fname").value == "") {		
	document.getElementById("td_txt_fname").innerHTML = "First Name cannot be blank.";
	status = false;				
}
// Clear the error message
if (document.getElementById("txt_fname").value != "") {		
	document.getElementById("td_txt_fname").innerHTML = "";				
}
// validate Last Name
if (document.getElementById("txt_lname").value == "") {		
	document.getElementById("td_txt_lname").innerHTML = "Last Name cannot be blank.";		
	status = false;
}
// Clear the error message
if (document.getElementById("txt_lname").value != "") {		
	document.getElementById("td_txt_lname").innerHTML = "";		
}
// Validate Email address (Check if Email is blank)
if (document.getElementById("txt_email").value == "") {		
	document.getElementById("td_txt_email").innerHTML = "Email cannot be blank.";		
	status = false;
}
// Check Email is valid or not
if (document.getElementById("txt_email").value != "" && isValidEmail(document.getElementById("txt_email").value) == false) {		
	document.getElementById("td_txt_email").innerHTML = "Invalid Email.";		
	status = false;
}
// Clear error messages
if (document.getElementById("txt_email").value != "" && isValidEmail(document.getElementById("txt_email").value) == true) {		
	document.getElementById("td_txt_email").innerHTML = "";		
}
if (btn_name == 'Add') {
	// Password validation
	if (document.getElementById("txt_password").value == "") {		
		document.getElementById("td_txt_password").innerHTML = "Password cannot be blank.";		
		status = false;
	}
	// Clear Password validation error message
	if (document.getElementById("txt_password").value != "") {		
		document.getElementById("td_txt_password").innerHTML = "";		
	}
}
// User level validation
if (document.frm_user_management.user_level.selectedIndex == 0) {		
	document.getElementById("td_user_level").innerHTML = "Please select a user level.";		
	status = false;
}
// Clear User level validation error message
if (document.frm_user_management.user_level.selectedIndex != 0) {		
	var tmp_cat = document.frm_user_management.user_level.selectedIndex; 
	document.getElementById("td_user_level").innerHTML = "";				
}
if (status == true) {
	return true;		
} else {
	return false;
}		
}

// Cancel updation
function cancel_operation() {		
window.location.href="user_manage.php"; // Redirect to current page
}

// This function is used to get the confirm box
function promptConfirm(prompt_str) {
var answer = confirm(prompt_str);
if (answer) {
	document.frm_user_management.submit();
} else {
	return false;
}
/*if (confirm(prompt_str)) {
	alert(prompt_str);
	document.frm_user_management.submit();
} else {
	return false;
}*/
}
</script>	
<form name="frm_user_management" id="frm_user_management" method="post" action="<?=$_SERVER['PHP_SELF']?>?uid=<?=base64_encode($uid)?>&task=<?=base64_encode($task)?>">
<table width="500px" border="0" cellspacing="0" cellpadding="1" align="center" class="admin_panel_font">
<tr>
	<td> </td>
	<td> </td>
	<td> </td>
<tr>
	<th> </th>
	<th colspan="2" align="left">Manage Users</th>			
</tr>
<tr>
	<td colspan="3"> </td>	
</tr>
<tr>
	<td width="150" class="form_label_right">First Name:</td>
	<td width="150" class="frm_elements"><input type="text" name="first_name" id="first_name" value="<?=$first_name?>" size="20" maxlength="25" /></td>
	<td width="200" id="td_txt_fname"><?=isset($msg_fname) ? $msg_fname : ' '?></td>
</tr>
<tr>
	<td class="form_label_right">Last Name:</td>
	<td class="frm_elements"><input type="text" name="last_name" id="last_name" value="<?=$last_name?>" size="20" maxlength="25" /></td>
	<td id="td_txt_lname"><?=isset($msg_lname) ? $msg_lname : ' '?></td>
</tr>
<tr>
	<td class="form_label_right">User Name:</td>
	<td class="frm_elements"><input type="text" name="user_name" id="user_name" value="<?=$user_name?>" size="20" maxlength="50" /></td>
	<td id="td_txt_email"><?=isset($msg_email) ? $msg_email : ' '?></td>
</tr>		
<?php
// Show only in adding 
if (isset($task) && $task == 'edit') {
?>		
<tr>
	<td class="form_label_right"> </td>	
	<td class="frm_elements"><a href="change_password.php?uid=<?=base64_encode($uid)?>">Change password</a></td>
	<td> </td>
</tr>

<?php
} else {
?>				
<tr>
	<td class="form_label_right">Password:</td>	
	<td class="frm_elements"><input type="password" name="password" id="password" value="<?=$password?>" /></td>
	<td id="td_txt_password"><?=isset($msg_password) ? $msg_password : ' '?></td>
</tr>	
<?php
}
?>			
<tr>
	<td> </td>
	<td class="frm_elements">
	<input type="submit" name="btn_add_upd" value="<?=$btn_val?>" size="20" maxlength="25" />
	<input type="button" name="btn_cancel" value="Cancel" size="20" maxlength="25" /></td>
</tr>				
<tr>
	<td> </td>
	<td colspan="2"><?=$msg?></td>
</tr>
</table>
<?=$show_table?>
</form>
<?php
require_once('../includes/footer.php');
?>

 

when i go to dat page...and try to go to another from that...then im out and redirecting to login

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.