Munchieman5150 Posted February 13, 2007 Share Posted February 13, 2007 Hello, I have been following the Dreamweaver 8 Dynamic Development from Lynda.com. He builds an Admin system in ColdFusion. I'm using PHP. 2 issues I have been struggling with. First Question) The pages will ask for the password, and take me to the requested page. After that, the session appears to be destroyed. It goes back to the login screen after each page. I know that the trainer had to Enable sessions for ColdFusion to allow the session to work. What do I have to do in Dreamweaver to allow the session to keep moving forward. I have included some code from my main index.php page to see what I am missing. <?php if (!isset($_SESSION)) { session_start(); } $MM_authorizedUsers = "1"; $MM_donotCheckaccess = "false"; // *** Restrict Access To Page: Grant or deny access to this page function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) { // For security, start by assuming the visitor is NOT authorized. $isValid = False; // When a visitor has logged into this site, the Session variable MM_Username set equal to their username. // Therefore, we know that a user is NOT logged in if that Session variable is blank. if (!empty($UserName)) { // Besides being logged in, you may restrict access to only certain users based on an ID established when they login. // Parse the strings into arrays. $arrUsers = Explode(",", $strUsers); $arrGroups = Explode(",", $strGroups); if (in_array($UserName, $arrUsers)) { $isValid = true; } // Or, you may restrict access to only certain users based on their username. if (in_array($UserGroup, $arrGroups)) { $isValid = true; } if (($strUsers == "") && false) { $isValid = true; } } return $isValid; } $MM_restrictGoTo = "/admin/login.php"; if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) { $MM_qsChar = "?"; $MM_referrer = $_SERVER['PHP_SELF']; if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&"; if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0) $MM_referrer .= "?" . $QUERY_STRING; $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer); header("Location: ". $MM_restrictGoTo); exit; } Second Question) I have read the Headers Errors pined topic. I am getting header errors, and I know where from. I want to know what I may be doing wrong in Dreamweaver that is causing this to happen. The problem is this code at the beginning: <?php virtual('/Connections/Hostgator_Highwade.php'); ?> <?php if (!isset($_SESSION)) { session_start(); } When I put the contents of the Hostgator_Highwade.php file there instead of the virtual, the issue goes away. However, Dreamweaver changes that back anytime I make an edit of anything in Server Behaviors. I have also tried the ob_start() band-aid. It did not work for me. I want to be able to fix this issue, so Dreamweaver puts the code in right. Any suggestions that don't include getting rid of dreamweaver? Thanks! Brian Hightower Quote Link to comment Share on other sites More sharing options...
benjaminbeazy Posted February 13, 2007 Share Posted February 13, 2007 i believe... session_start(); has to be the first line in every unincluded file regardless of isset $_SESSION Quote Link to comment Share on other sites More sharing options...
Munchieman5150 Posted February 13, 2007 Author Share Posted February 13, 2007 Wow, thanks for the quick response! I changed the code as I think you meant, and it crashed my server a couple of times. <?php if (!isset($_SESSION)) { session_start(); } ?> <?php virtual('/Connections/Hostgator_Highwade.php'); ?> <?php $MM_authorizedUsers = "1"; $MM_donotCheckaccess = "false"; Did I do that right? Thanks again! Brian Hightower Quote Link to comment Share on other sites More sharing options...
benjaminbeazy Posted February 13, 2007 Share Posted February 13, 2007 dont check if isset just do <?php session_start(); ?> and see what happens Quote Link to comment Share on other sites More sharing options...
Munchieman5150 Posted February 13, 2007 Author Share Posted February 13, 2007 Same thing happened, it crashed Apache <?php session_start(); ?> <?php virtual('/Connections/Hostgator_Highwade.php'); ?> <?php $MM_authorizedUsers = "1"; $MM_donotCheckaccess = "false"; Brian Hightower Quote Link to comment Share on other sites More sharing options...
benjaminbeazy Posted February 13, 2007 Share Posted February 13, 2007 not sure without knowing the contents of the highwade.php file it might not be passing valid cgi headers try using... include('Connections/Hostgator_Highwade.php'); instead of virtual if that doesnt work, post contents fo highwade.php Quote Link to comment Share on other sites More sharing options...
Munchieman5150 Posted February 13, 2007 Author Share Posted February 13, 2007 It got worse! Here are the errors I got: Warning: include(/Connections/Hostgator_Highwade.php) [function.include]: failed to open stream: No such file or directory in C:\wamp\www\admin\usertypes\index.php on line 3 Warning: include() [function.include]: Failed opening '/Connections/Hostgator_Highwade.php' for inclusion (include_path='.;C:\php5\pear') in C:\wamp\www\admin\usertypes\index.php on line 3 Warning: Cannot modify header information - headers already sent by (output started at C:\wamp\www\admin\usertypes\index.php:3) in C:\wamp\www\admin\usertypes\index.php on line 41 Here is what is in the Hostgator_Highwade.php file: <?php # FileName="Connection_php_mysql.htm" # Type="MYSQL" # HTTP="true" $hostname_Hostgator_Highwade = "localhost"; $database_Hostgator_Highwade = "database"; $username_Hostgator_Highwade = "username"; $password_Hostgator_Highwade = "password"; $Hostgator_Highwade = mysql_pconnect($hostname_Hostgator_Highwade, $username_Hostgator_Highwade, $password_Hostgator_Highwade) or trigger_error(mysql_error(),E_USER_ERROR);?> I don't think there is a problem there, the fix I have been using is the remove the virtual call, and put the code above in place of it. Before the session_start() call. Brian Hightower Quote Link to comment Share on other sites More sharing options...
benjaminbeazy Posted February 13, 2007 Share Posted February 13, 2007 according to php manual, it says to use include() or require() over virtual() due to virtual relying on valid header output use include(relational path to file from index); shouldnt have a problem then, highwade.php looks ok although, i suppose if you use include, dreamweaver will keep reverting over that as well try going through the options to figure that part out Quote Link to comment Share on other sites More sharing options...
Munchieman5150 Posted February 13, 2007 Author Share Posted February 13, 2007 Well, this is interesting! I changed it to require, and Dreamweaver gave me the "!" on the behavior that was adding it. However, this time it changed it to require_once() instead of virtual, and now it works!! <?php require_once('../../Connections/Hostgator_Highwade.php'); ?> <?php if (!isset($_SESSION)) { session_start(); } $MM_authorizedUsers = "1"; $MM_donotCheckaccess = "false"; So that issue is solved. Thank you VERY much for your assistance on that. Any idea about my sessions not keeping after each page? Brian Hightower Quote Link to comment Share on other sites More sharing options...
benjaminbeazy Posted February 13, 2007 Share Posted February 13, 2007 each page has to have session_start(); very first line, every page from there, the only way you can lose a session is from the timeout which is by default 3600 sec or session_destroy/unset etc.. are the vars gone or just the values i.e. on any page where session vars should exist, just below session_start(); put in foreach($_SESSION as $var => $val){ echo "$var = $val<br>"; } this return all vars and vals Quote Link to comment Share on other sites More sharing options...
Munchieman5150 Posted February 13, 2007 Author Share Posted February 13, 2007 I did that, and I got a header error. PrevUrl = /admin/users/edit.php Warning: Cannot modify header information - headers already sent by (output started at C:\wamp\www\admin\users\index.php:7) in C:\wamp\www\admin\users\index.php on line 46 Line 46 is: header("Location: ". $MM_restrictGoTo); I also moved things around so that the session_start() is first, and I'm having the same issue. <?php if (!isset($_SESSION)) { session_start(); } require_once('../../connections/hostgator_highwade.php'); $MM_authorizedUsers = "1"; $MM_donotCheckaccess = "false"; In a nutshell, I goto the login page from my User List page. After logging in, it takes me to the user list page. I click on a user to edit them, and I get a login page again. The code above is the same for all of the pages involved. Thanks! Brian Hightower Quote Link to comment Share on other sites More sharing options...
benjaminbeazy Posted February 13, 2007 Share Posted February 13, 2007 right, once you have sent any output to the client, you cant user header(location) if its a redirect use something like a JS window.location but you only need to use that foreach() to check what vars are registered and have value something is dying on the logged in check on the edit page, maybe because session vars arent there or maybe something else post code to edit page and login page if possible I did that, and I got a header error. PrevUrl = /admin/users/edit.php Warning: Cannot modify header information - headers already sent by (output started at C:\wamp\www\admin\users\index.php:7) in C:\wamp\www\admin\users\index.php on line 46 Line 46 is: header("Location: ". $MM_restrictGoTo); I also moved things around so that the session_start() is first, and I'm having the same issue. <?php if (!isset($_SESSION)) { session_start(); } require_once('../../connections/hostgator_highwade.php'); $MM_authorizedUsers = "1"; $MM_donotCheckaccess = "false"; In a nutshell, I goto the login page from my User List page. After logging in, it takes me to the user list page. I click on a user to edit them, and I get a login page again. The code above is the same for all of the pages involved. Thanks! Brian Hightower Quote Link to comment Share on other sites More sharing options...
Munchieman5150 Posted February 13, 2007 Author Share Posted February 13, 2007 Here ya go: Login page) <?php // *** Validate request to login to this site. if (!isset($_SESSION)) { session_start(); } require_once('../connections/hostgator_highwade.php'); $loginFormAction = $_SERVER['PHP_SELF']; if (isset($_GET['accesscheck'])) { $_SESSION['PrevUrl'] = $_GET['accesscheck']; } if (isset($_POST['Username'])) { $loginUsername=$_POST['Username']; $password=$_POST['Password']; $MM_fldUserAuthorization = "UserTypeID"; $MM_redirectLoginSuccess = "/admin/index.php"; $MM_redirectLoginFailed = "/admin/loginfailed.php"; $MM_redirecttoReferrer = true; mysql_select_db($database_Hostgator_Highwade, $Hostgator_Highwade); $LoginRS__query=sprintf("SELECT UserName, Password, UserTypeID FROM users WHERE UserName='%s' AND Password='%s'", get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc() ? $password : addslashes($password)); $LoginRS = mysql_query($LoginRS__query, $Hostgator_Highwade) or die(mysql_error()); $loginFoundUser = mysql_num_rows($LoginRS); if ($loginFoundUser) { $loginStrGroup = mysql_result($LoginRS,0,'UserTypeID'); //declare two session variables and assign them $_SESSION['MM_Username'] = $loginUsername; $_SESSION['MM_UserGroup'] = $loginStrGroup; if (isset($_SESSION['PrevUrl']) && true) { $MM_redirectLoginSuccess = $_SESSION['PrevUrl']; } header("Location: " . $MM_redirectLoginSuccess ); } else { header("Location: ". $MM_redirectLoginFailed ); } } ?> Edit Page) <?php if (!isset($_SESSION)) { session_start(); } require_once('../../connections/hostgator_highwade.php'); $MM_authorizedUsers = "1"; $MM_donotCheckaccess = "false"; // *** Restrict Access To Page: Grant or deny access to this page function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) { // For security, start by assuming the visitor is NOT authorized. $isValid = False; // When a visitor has logged into this site, the Session variable MM_Username set equal to their username. // Therefore, we know that a user is NOT logged in if that Session variable is blank. if (!empty($UserName)) { // Besides being logged in, you may restrict access to only certain users based on an ID established when they login. // Parse the strings into arrays. $arrUsers = Explode(",", $strUsers); $arrGroups = Explode(",", $strGroups); if (in_array($UserName, $arrUsers)) { $isValid = true; } // Or, you may restrict access to only certain users based on their username. if (in_array($UserGroup, $arrGroups)) { $isValid = true; } if (($strUsers == "") && false) { $isValid = true; } } return $isValid; } $MM_restrictGoTo = "/admin/login.php"; if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) { $MM_qsChar = "?"; $MM_referrer = $_SERVER['PHP_SELF']; if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&"; if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0) $MM_referrer .= "?" . $QUERY_STRING; $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer); header("Location: ". $MM_restrictGoTo); exit; } ?> <?php function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") { $theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue; switch ($theType) { case "text": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "long": case "int": $theValue = ($theValue != "") ? intval($theValue) : "NULL"; break; case "double": $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL"; break; case "date": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "defined": $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; break; } return $theValue; } $editFormAction = $_SERVER['PHP_SELF']; if (isset($_SERVER['QUERY_STRING'])) { $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']); } if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "form1")) { $updateSQL = sprintf("UPDATE users SET UserTypeID=%s, First_Name=%s, Home_City=%s, Home_Line_2=%s, Home_Line_1=%s, Social_Security=%s, Home_State=%s, Last_Name=%s, Middle_Name=%s, Home_Zip=%s, Bus_Line_1=%s, Bus_Line_2=%s, Bus_City=%s, Bus_State=%s, Bus_Zip=%s, Home_Phone=%s, Business_Phone=%s, Cell_Phone=%s, Fax_Phone=%s, email_1=%s, UserName=%s, Password=%s, Secret_Question=%s, Secret_Answer=%s WHERE UserID=%s", GetSQLValueString($_POST['UserTypeID'], "text"), GetSQLValueString($_POST['First_Name'], "text"), GetSQLValueString($_POST['Home_City'], "text"), GetSQLValueString($_POST['Home_Line_2'], "text"), GetSQLValueString($_POST['Home_Line_1'], "text"), GetSQLValueString($_POST['Social_Security'], "text"), GetSQLValueString($_POST['Home_State'], "text"), GetSQLValueString($_POST['Last_Name'], "text"), GetSQLValueString($_POST['Middle_Name'], "text"), GetSQLValueString($_POST['Home_Zip'], "text"), GetSQLValueString($_POST['Bus_Line_1'], "text"), GetSQLValueString($_POST['Bus_Line_2'], "text"), GetSQLValueString($_POST['Bus_City'], "text"), GetSQLValueString($_POST['Bus_State'], "text"), GetSQLValueString($_POST['Bus_Zip'], "text"), GetSQLValueString($_POST['Home_Phone'], "text"), GetSQLValueString($_POST['Business_Phone'], "text"), GetSQLValueString($_POST['Cell_Phone'], "text"), GetSQLValueString($_POST['Fax_Phone'], "text"), GetSQLValueString($_POST['email_1'], "text"), GetSQLValueString($_POST['UserName'], "text"), GetSQLValueString($_POST['Password'], "text"), GetSQLValueString($_POST['Secret_Question'], "text"), GetSQLValueString($_POST['Secret_Answer'], "text"), GetSQLValueString($_POST['UserID'], "int")); mysql_select_db($database_Hostgator_Highwade, $Hostgator_Highwade); $Result1 = mysql_query($updateSQL, $Hostgator_Highwade) or die(mysql_error()); $updateGoTo = "/admin/users/index.php"; if (isset($_SERVER['QUERY_STRING'])) { $updateGoTo .= (strpos($updateGoTo, '?')) ? "&" : "?"; $updateGoTo .= $_SERVER['QUERY_STRING']; } header(sprintf("Location: %s", $updateGoTo)); } mysql_select_db($database_Hostgator_Highwade, $Hostgator_Highwade); $query_rsUserTypes = "SELECT * FROM usertypes"; $rsUserTypes = mysql_query($query_rsUserTypes, $Hostgator_Highwade) or die(mysql_error()); $row_rsUserTypes = mysql_fetch_assoc($rsUserTypes); $totalRows_rsUserTypes = mysql_num_rows($rsUserTypes); mysql_select_db($database_Hostgator_Highwade, $Hostgator_Highwade); $query_rsUser = "SELECT * FROM users"; $rsUser = mysql_query($query_rsUser, $Hostgator_Highwade) or die(mysql_error()); $row_rsUser = mysql_fetch_assoc($rsUser); $totalRows_rsUser = mysql_num_rows($rsUser); ?> Thanks again Brian Hightower Quote Link to comment Share on other sites More sharing options...
benjaminbeazy Posted February 14, 2007 Share Posted February 14, 2007 try this for edit page, ive commented all the changes i made with //#### <?php //#### no use checking for session to be set, we need to make sure it is //#### this should not affect output session_start(); require_once('../../connections/hostgator_highwade.php'); $MM_authorizedUsers = "1"; $MM_donotCheckaccess = "false"; // *** Restrict Access To Page: Grant or deny access to this page function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) { // For security, start by assuming the visitor is NOT authorized. $isValid = False; // When a visitor has logged into this site, the Session variable MM_Username set equal to their username. // Therefore, we know that a user is NOT logged in if that Session variable is blank. if (!empty($UserName)) { // Besides being logged in, you may restrict access to only certain users based on an ID established when they login. // Parse the strings into arrays. $arrUsers = Explode(",", $strUsers); $arrGroups = Explode(",", $strGroups); if (in_array($UserName, $arrUsers)) { $isValid = true; } // Or, you may restrict access to only certain users based on their username. if (in_array($UserGroup, $arrGroups)) { $isValid = true; } //#### changed the strUsers check as it was checking for false of nothing as best as I can see if ($strUsers == "") { $isValid = true; } } return $isValid; } //#### this outputs user name on the screen, if you do not see it, then session value is not stored //#### if it does show up on screen remove the next two lines as the page will stop immediately after output echo "$_SESSION['MM_Username']"; exit; $MM_restrictGoTo = "/admin/login.php"; if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) { $MM_qsChar = "?"; $MM_referrer = $_SERVER['PHP_SELF']; if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&"; if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0) $MM_referrer .= "?" . $QUERY_STRING; $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer); header("Location: ". $MM_restrictGoTo); exit; } ?> <?php function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") { $theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue; switch ($theType) { case "text": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "long": case "int": $theValue = ($theValue != "") ? intval($theValue) : "NULL"; break; case "double": $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL"; break; case "date": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "defined": $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; break; } return $theValue; } $editFormAction = $_SERVER['PHP_SELF']; if (isset($_SERVER['QUERY_STRING'])) { $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']); } if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "form1")) { $updateSQL = sprintf("UPDATE users SET UserTypeID=%s, First_Name=%s, Home_City=%s, Home_Line_2=%s, Home_Line_1=%s, Social_Security=%s, Home_State=%s, Last_Name=%s, Middle_Name=%s, Home_Zip=%s, Bus_Line_1=%s, Bus_Line_2=%s, Bus_City=%s, Bus_State=%s, Bus_Zip=%s, Home_Phone=%s, Business_Phone=%s, Cell_Phone=%s, Fax_Phone=%s, email_1=%s, UserName=%s, Password=%s, Secret_Question=%s, Secret_Answer=%s WHERE UserID=%s", GetSQLValueString($_POST['UserTypeID'], "text"), GetSQLValueString($_POST['First_Name'], "text"), GetSQLValueString($_POST['Home_City'], "text"), GetSQLValueString($_POST['Home_Line_2'], "text"), GetSQLValueString($_POST['Home_Line_1'], "text"), GetSQLValueString($_POST['Social_Security'], "text"), GetSQLValueString($_POST['Home_State'], "text"), GetSQLValueString($_POST['Last_Name'], "text"), GetSQLValueString($_POST['Middle_Name'], "text"), GetSQLValueString($_POST['Home_Zip'], "text"), GetSQLValueString($_POST['Bus_Line_1'], "text"), GetSQLValueString($_POST['Bus_Line_2'], "text"), GetSQLValueString($_POST['Bus_City'], "text"), GetSQLValueString($_POST['Bus_State'], "text"), GetSQLValueString($_POST['Bus_Zip'], "text"), GetSQLValueString($_POST['Home_Phone'], "text"), GetSQLValueString($_POST['Business_Phone'], "text"), GetSQLValueString($_POST['Cell_Phone'], "text"), GetSQLValueString($_POST['Fax_Phone'], "text"), GetSQLValueString($_POST['email_1'], "text"), GetSQLValueString($_POST['UserName'], "text"), GetSQLValueString($_POST['Password'], "text"), GetSQLValueString($_POST['Secret_Question'], "text"), GetSQLValueString($_POST['Secret_Answer'], "text"), GetSQLValueString($_POST['UserID'], "int")); mysql_select_db($database_Hostgator_Highwade, $Hostgator_Highwade); $Result1 = mysql_query($updateSQL, $Hostgator_Highwade) or die(mysql_error()); $updateGoTo = "/admin/users/index.php"; if (isset($_SERVER['QUERY_STRING'])) { $updateGoTo .= (strpos($updateGoTo, '?')) ? "&" : "?"; $updateGoTo .= $_SERVER['QUERY_STRING']; } header(sprintf("Location: %s", $updateGoTo)); } mysql_select_db($database_Hostgator_Highwade, $Hostgator_Highwade); $query_rsUserTypes = "SELECT * FROM usertypes"; $rsUserTypes = mysql_query($query_rsUserTypes, $Hostgator_Highwade) or die(mysql_error()); $row_rsUserTypes = mysql_fetch_assoc($rsUserTypes); $totalRows_rsUserTypes = mysql_num_rows($rsUserTypes); mysql_select_db($database_Hostgator_Highwade, $Hostgator_Highwade); $query_rsUser = "SELECT * FROM users"; $rsUser = mysql_query($query_rsUser, $Hostgator_Highwade) or die(mysql_error()); $row_rsUser = mysql_fetch_assoc($rsUser); $totalRows_rsUser = mysql_num_rows($rsUser); ?> Quote Link to comment Share on other sites More sharing options...
Munchieman5150 Posted February 14, 2007 Author Share Posted February 14, 2007 Hello again, I changed the file the way you described. I got an error: Parse error: parse error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in C:\wamp\www\admin\users\index.php on line 33 Line 33 being echo "$_SESSION['MM_Username']"; I did discover that the 'Virtual' at the begining is there because I had the Dreamweaver Site set reference from the site root. When I changed to reference from the document, it changed everything to require_once. After changing the top, I'm still not able to keep a session going. Brian Quote Link to comment Share on other sites More sharing options...
benjaminbeazy Posted February 14, 2007 Share Posted February 14, 2007 remove the double quotes Quote Link to comment Share on other sites More sharing options...
redarrow Posted February 14, 2007 Share Posted February 14, 2007 <?php echo $_SESSION['MM_Username']; ?> Quote Link to comment Share on other sites More sharing options...
benjaminbeazy Posted February 14, 2007 Share Posted February 14, 2007 right, what does that outpout to the page? Quote Link to comment Share on other sites More sharing options...
Munchieman5150 Posted February 14, 2007 Author Share Posted February 14, 2007 Ok, so I did make the change, and I saw the user name on the screen only. This seems very strange to me. I edited my index, add, and edit.php pages for the user directory. When I previewed the index, I got a blank page. Which is correct, I'm not logged in, and exit before the redirect to login. So, I goto the login page manually, and when I'm logged in, I get a blank page that only has my username on it. I preview all the pages in the user directory, and they all have the user name only on them. Seems to be keeping the session alive! So, I preview the EditUserType.php file, and it takes me there, without going to the login screen. When I click on a new link on the page, it THEN goes back to the login screen. It seems to me that something below the text that you had me add is causing the actual problem here? Brian Hightower Quote Link to comment Share on other sites More sharing options...
benjaminbeazy Posted February 14, 2007 Share Posted February 14, 2007 after the echo line the next line i put: exit; kills the page dead in its tracks, now that you can see that the username is on there, the session is alive remove both lines and see what happens use this for edit page <?php //#### no use checking for session to be set, we need to make sure it is //#### this should not affect output session_start(); require_once('../../connections/hostgator_highwade.php'); $MM_authorizedUsers = "1"; $MM_donotCheckaccess = "false"; // *** Restrict Access To Page: Grant or deny access to this page function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) { // For security, start by assuming the visitor is NOT authorized. $isValid = False; // When a visitor has logged into this site, the Session variable MM_Username set equal to their username. // Therefore, we know that a user is NOT logged in if that Session variable is blank. if (!empty($UserName)) { // Besides being logged in, you may restrict access to only certain users based on an ID established when they login. // Parse the strings into arrays. $arrUsers = Explode(",", $strUsers); $arrGroups = Explode(",", $strGroups); if (in_array($UserName, $arrUsers)) { $isValid = true; } // Or, you may restrict access to only certain users based on their username. if (in_array($UserGroup, $arrGroups)) { $isValid = true; } //#### changed the strUsers check as it was checking for false of nothing as best as I can see if ($strUsers == "") { $isValid = true; } } return $isValid; } //#### this outputs user name on the screen, if you do not see it, then session value is not stored //#### if it does show up on screen remove the next two lines as the page will stop immediately after output //echo $_SESSION['MM_Username']; //exit; $MM_restrictGoTo = "/admin/login.php"; if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) { $MM_qsChar = "?"; $MM_referrer = $_SERVER['PHP_SELF']; if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&"; if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0) $MM_referrer .= "?" . $QUERY_STRING; $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer); header("Location: ". $MM_restrictGoTo); exit; } ?> <?php function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") { $theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue; switch ($theType) { case "text": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "long": case "int": $theValue = ($theValue != "") ? intval($theValue) : "NULL"; break; case "double": $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL"; break; case "date": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "defined": $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; break; } return $theValue; } $editFormAction = $_SERVER['PHP_SELF']; if (isset($_SERVER['QUERY_STRING'])) { $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']); } if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "form1")) { $updateSQL = sprintf("UPDATE users SET UserTypeID=%s, First_Name=%s, Home_City=%s, Home_Line_2=%s, Home_Line_1=%s, Social_Security=%s, Home_State=%s, Last_Name=%s, Middle_Name=%s, Home_Zip=%s, Bus_Line_1=%s, Bus_Line_2=%s, Bus_City=%s, Bus_State=%s, Bus_Zip=%s, Home_Phone=%s, Business_Phone=%s, Cell_Phone=%s, Fax_Phone=%s, email_1=%s, UserName=%s, Password=%s, Secret_Question=%s, Secret_Answer=%s WHERE UserID=%s", GetSQLValueString($_POST['UserTypeID'], "text"), GetSQLValueString($_POST['First_Name'], "text"), GetSQLValueString($_POST['Home_City'], "text"), GetSQLValueString($_POST['Home_Line_2'], "text"), GetSQLValueString($_POST['Home_Line_1'], "text"), GetSQLValueString($_POST['Social_Security'], "text"), GetSQLValueString($_POST['Home_State'], "text"), GetSQLValueString($_POST['Last_Name'], "text"), GetSQLValueString($_POST['Middle_Name'], "text"), GetSQLValueString($_POST['Home_Zip'], "text"), GetSQLValueString($_POST['Bus_Line_1'], "text"), GetSQLValueString($_POST['Bus_Line_2'], "text"), GetSQLValueString($_POST['Bus_City'], "text"), GetSQLValueString($_POST['Bus_State'], "text"), GetSQLValueString($_POST['Bus_Zip'], "text"), GetSQLValueString($_POST['Home_Phone'], "text"), GetSQLValueString($_POST['Business_Phone'], "text"), GetSQLValueString($_POST['Cell_Phone'], "text"), GetSQLValueString($_POST['Fax_Phone'], "text"), GetSQLValueString($_POST['email_1'], "text"), GetSQLValueString($_POST['UserName'], "text"), GetSQLValueString($_POST['Password'], "text"), GetSQLValueString($_POST['Secret_Question'], "text"), GetSQLValueString($_POST['Secret_Answer'], "text"), GetSQLValueString($_POST['UserID'], "int")); mysql_select_db($database_Hostgator_Highwade, $Hostgator_Highwade); $Result1 = mysql_query($updateSQL, $Hostgator_Highwade) or die(mysql_error()); $updateGoTo = "/admin/users/index.php"; if (isset($_SERVER['QUERY_STRING'])) { $updateGoTo .= (strpos($updateGoTo, '?')) ? "&" : "?"; $updateGoTo .= $_SERVER['QUERY_STRING']; } header(sprintf("Location: %s", $updateGoTo)); } mysql_select_db($database_Hostgator_Highwade, $Hostgator_Highwade); $query_rsUserTypes = "SELECT * FROM usertypes"; $rsUserTypes = mysql_query($query_rsUserTypes, $Hostgator_Highwade) or die(mysql_error()); $row_rsUserTypes = mysql_fetch_assoc($rsUserTypes); $totalRows_rsUserTypes = mysql_num_rows($rsUserTypes); mysql_select_db($database_Hostgator_Highwade, $Hostgator_Highwade); $query_rsUser = "SELECT * FROM users"; $rsUser = mysql_query($query_rsUser, $Hostgator_Highwade) or die(mysql_error()); $row_rsUser = mysql_fetch_assoc($rsUser); $totalRows_rsUser = mysql_num_rows($rsUser); ?> Quote Link to comment Share on other sites More sharing options...
Munchieman5150 Posted February 14, 2007 Author Share Posted February 14, 2007 Yes, I do see that the session stays alive, unless I click on any link to another restricted page. Maybe something below the exit is causing my issues? Brian Quote Link to comment Share on other sites More sharing options...
benjaminbeazy Posted February 14, 2007 Share Posted February 14, 2007 i can't tell you much more without seeing the whole scope of this... every restricted access file needs a couple different things 1) session must be started session_start(); 2) access test must work and be identical you're saying the edit page now loads for you, but when you go elsewhere it dies, right? Quote Link to comment Share on other sites More sharing options...
Munchieman5150 Posted February 14, 2007 Author Share Posted February 14, 2007 That is correct. Right now, I'm removing all the access restrictions, and resetting everything one at a time. I'm hoping that this will tell me where my problem lies. Brian Hightower Quote Link to comment Share on other sites More sharing options...
benjaminbeazy Posted February 14, 2007 Share Posted February 14, 2007 ok now we might be getting somewhere... i changed the validating function as it works on edit page, past this code on all other restricted access pages, you really should make it an include but here is the function.. paste this over the nearly identical function to every other restricted page, barring you're positive the edit page is accessible once logged in it and doesnt redirect you // *** Restrict Access To Page: Grant or deny access to this page function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) { // For security, start by assuming the visitor is NOT authorized. $isValid = False; // When a visitor has logged into this site, the Session variable MM_Username set equal to their username. // Therefore, we know that a user is NOT logged in if that Session variable is blank. if (!empty($UserName)) { // Besides being logged in, you may restrict access to only certain users based on an ID established when they login. // Parse the strings into arrays. $arrUsers = Explode(",", $strUsers); $arrGroups = Explode(",", $strGroups); if (in_array($UserName, $arrUsers)) { $isValid = true; } // Or, you may restrict access to only certain users based on their username. if (in_array($UserGroup, $arrGroups)) { $isValid = true; } //#### changed the strUsers check as it was checking for false of nothing as best as I can see if ($strUsers == "") { $isValid = true; } } return $isValid; } or make a new file called validate.php and paste that function to it with php tags ofcourse and put include('path/to/file/validate.php'); in place of the function make sure the 1st line on all pages is session_start(); not a $_SESSION check Quote Link to comment Share on other sites More sharing options...
Munchieman5150 Posted February 14, 2007 Author Share Posted February 14, 2007 I think I may have found the issue. I used the dreamweaver template system to build the pages. As I was removing the restrict access to page functions, the template would recreate them. I removed the access restriction from template, and all of the pages, and started add the access restriction back manually. It seems to be working. After that, I'm going to add the access level back to the restriction, and see if it still works. I'll post back if it works. Thanks for the help! Brian Hightower Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.