session not staying alive????

[aceofspades]

hello

my problem is as follows..

auth.php < the usual login file with form that allows staff to login which are in the database

home.php < the file that shows 3 links...1 link if staff are access level 1 / 2 if staff access level 2 / 3 if staff is access level 3

 

so in the database the staff in the "staff" table have their id's, first/last/names etc..and an access_level which is a single number 1, 2 or 3

 

all works fine when they login, and it shows the right links depending on their access_level.. THE MAIN PROBLEM IS that when they go to these links and then go back home..the php query in home.php does not run because the  - WHERE staff_id = '" . $_SESSION['staff_id'] . "' does not have the staff id...

 

is there a way so the sessions staff_id is stored in the page home.php so links will still show up once you go to a link(ie different page) and come back???

 

thanks in advance for any help..much appreciated

 

-----------------------------

auth.php -

 

<?

// convert username and password from _POST or _SESSION

if(isset($_POST["username"]) && isset($_POST["password"]))

{

$result = mysql_query("select staff_id from Staff where username = '" . $_POST['username'] . "' and password = '" . $_POST['password'] . "'");

$num_staff = mysql_num_rows($result);

if($num_staff < 1)

{

echo "<center><b>Invalid login details</b></center><br><br>";

}

else

{

$_SESSION['staff_id'] = mysql_result($result,0,"staff_id");

}

}

 

if(!isset($_SESSION['staff_id']))

{

  echo "<center><b>You are not authenticated. Please login.<br><br>

 

  <form method=\"POST\" action=\"".$_SERVER['PHP_SELF']."\">

  Username: <input type=\"text\" name=\"username\"><br>

  Password: <input type=\"password\" name=\"password\"><br>

  <input type=\"submit\" value=\"Login\"></b></center>

  </form>";

 

  exit;

}

 

 

?>

 

 

 

-----------------------------------------------

home.php -

 

<?php

include('../database/connection.php');

include("header.html");

?>

 

 

<font color="white">

  <br/><br/>

  Welcome to the administrtative storage website, you are here <b>ONLY</b> to download/upload files <br/>

  If you are here you have been given a username/password from Paul at Wisco, Aus.<br/>

  The <b>supported file types</b> are: <br/>

  <ul>

  <li>Microsoft Word(<b>.doc</b>)</li>

  <li>Adobe Acrobat(<b>.pdf</b>)</li>

  <li>Coral Draw(<b>.cdr</b>)</li>

  <li>Images(<b>.jpeg/jpg</b>)</li>

  </ul>

 

  Please be aware that file size <b>DOES MATTER</b>, so keep the files MB size to a minimum, unless <b>ABSOLUTELY NECCESSARY</b><br/>

  </font>

</td>

</tr>

<tr><td> </td></tr>

<?php

 

$result = mysql_query("select staff_id, access_level from Staff WHERE staff_id = '" . $_SESSION['staff_id'] . "'");

    $num_access = mysql_num_rows($result);

    $query_data = mysql_fetch_array($result);

   

    $al = $query_data ["access_level"];

   

if($al == 1)

{

        echo '<tr><td>-- <a href="directories/index.php">Directories</a> --</td></tr><br/>';

    echo '<tr><td>  </td></tr><br/>';

        echo '<tr><td>-- <a href="directories/eindex.php">Edit Directories</a> --</td></tr>';

        echo '<tr><td>  </td></tr><br/>';

        echo '<tr><td>-- <a href="../stafflogin/index.php">Edit Staff Logins</a> --</td></tr><br/>';

    }

    else if($al == 2)

    {

        echo '<tr><td>-- <a href="directories/index.php">Directories</a> --</td></tr>';

        echo '<tr><td>  </td></tr><br/>';

        echo '<tr><td>-- <a href="directories/eindex.php">Edit Directories</a> --</td></tr>';

       

    }

    else if($al == 3)

    {

   

        echo '<tr><td>-- <a href="directories/index.php">Directories</a> --</td></tr>';

   

    }

 

?>

 

 

</td>

</tr>

</table>

 

 

</body>

</html>

 

 

--------

example of directories/index.php back link

...

echo '<br/><br/><br/><center><a href="../home.php">Back</a></center>';

...

 

[~n[EO]n~]

Keep this at top of your page

session_start();

[snk]

n[e0]n is right.

 

I just add that you need to write it as first line, also put an additional one

 

<?php session_start();

header("Cache-control: private"); // IE 6 Fix. ?>

[aceofspades]

i get this error on home.php now

 

Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /home/wis15627/public_html/login/index.php:6) in /home/wis15627/public_html/login/home.php on line 26

 

did u want me to put session_start(); at the top of home.php?? or should i put it in index.php which is exampled below

???

 

<?php

include('../database/connection.php');

include("auth.php");

?>

 

<?php

include('home.php');

?>

 

[snk]

sorry i didnt check your code to be honest.

 

if you include a file that starts a session then you dont need to add it again to the file that calls the include. Just make sure that you have it on the top. even before header tag

[~n[EO]n~]

session_start should be at very top like this

<?php 
session_start();
include('../database/connection.php');
include("header.html");
?>

 

For the error you got read here, there is better explanation

http://www.phpfreaks.com/forums/index.php/topic,37442.0.html

[snk]

and dont start other session in connection.php

[aceofspades]

ok

 

i have put session_start();

in index.php...but i still the problem as when they go from home.php to one of the links in that file...i click the back href link

eg. <center><a href="../home.php">Back[/url]</center>';

is there a way to go back to home.php while still keeping the session alive??? because i need to know the users user_id each time home.php is viewed...

please help??

 

[revraz]

As long as you use session_start(); at the top of every page, the session will pass.

 

If it doesn't, then you have a problem with your session save path in your PHP.INI.

[aceofspades]

yerp....figured it all out

thanks for all your help people!! :)