newbie: Session problems 1

[stevebanks]

Hey everyone! Hope you can help, I haven't been doing PHP very long, and am trying to do something fairly simple, well, i thought it would be simple, but it doesn't seem to be working

its just a login form going to check a password and change the site's menu to an administrator's menu if it is correct:

if ($password == "userpass") {
if (! isset($_SESSION['loggedin'])) {
   $_SESSION['loggedin'] = 1;
}
	header("Location:[URL unfurl="true"]http://www.website.com/index.php");[/URL]
} else {
echo "Your password is incorrect. Please try again";
}

my understanding would be that the $_SESSION['loggedin'] would store the value 1.

The page then redirects to the main page where i have:

<? if ($_SESSION['loggedin'] = 1) {
		?>
		<div class="menusubsection">
		<p><img src="../images/purplepiece.gif" width="21" height="20" align="left" alt="logo"> <img src="../images/greenpiece.gif" width="21" height="20" align="right" alt="logo"> </p>
		<h2>Staff Area </h2>
		<p><a href="../app/login.php">Add A New Vacancy</a></p>
		<p><a href="../app/vacchangesearch.php">Edit / Archive Current Vacancies</a></p>
		<p><a href="../app/logout.php">Log Out </a></p>
		<p>&nbsp;</p>
		<p><br>
        </p></div>
		<?

} else { ?>
Different Menu

This seems to change the menu to the admin area when the correct password is entered. But, then when logging out, it doesn't change the $_SESSION("loggedin") to a zero, I have been trying this with the code below, but it won't clear the variable:

 if ( isset($_SESSION['loggedin'])) {
   $_SESSION['loggedin'] = 0;
}
header("Location: [URL unfurl="true"]http://www.website.com/index.php");[/URL]
 } ?>

This isn't working for some reason???

Does anyone have any ideas please?!?!?

Thanks


Steve

 

[Vragabond]

Looks like you're assuming register_globals is on. That has not been the case in recent versions of php due to security reasons and it is best left off. Basically it comes down to where your password is coming from. Since passwords are usually sent via post method on a form, I would assume that is how it works with your code as well. in that case, change your initial if sentence to read:

if ($_POST['password'] == "userpass") {

 

[stevebanks]

It seems to log-in fine.... i am having problems with logging out... it IS verifying the password fine... I cannot clear the Session['loggedin'] from 1 back to 0 it stays at 1??

 

[Vragabond]

This:

<? if ($_SESSION['loggedin'] = 1) {

will always return true, since you are assigning a value of 1 rather than checking. Remember, php distinguishes between =, == and ===. Try

<? if ($_SESSION['loggedin'] == 1) {

 

[stevebanks]

No that hasn't worked... But, I have it changed from

if ($_SESSION['loggedin'] = 1) {...

to

if ($_SESSION['loggedin'] = "1") {...

and the log-in works fine now no errors at all, but, the logout still won't work. At the moment i have:

if ($_SESSION['loggedin'] == "1") {
   $_SESSION['loggedin'] = 0;
}

and this isn't setting it back to zero

 

[Vragabond]

I don't think we're talking about the same thing. Have you tried outputing the value of $_SESSION['loggedin'] simply to see what it is? In your code:

if ($_SESSION['loggedin'] = 1) {

means:
If assigning value 1 to session variable loggedin is successful, continue. Since assigning will always take place, the if will always return true and subsequent code will come into effect. Meaning that if the value of $_SESSION['loggedin'] is 1 or 0 or anything else, your code will set it to 1 and return true. This is not what you want. You want to compare the currently set value to 1. That is why I believe your logging out seems like it is not working. loggedin gets changed to 0 but then when you redirect, it changes to 1 again.

 

[stevebanks]

Indeed i do " want to compare the currently set value to 1." .... How would i go about this?

Thanks

 

[Vragabond]

Like I said above:

<? if ($_SESSION['loggedin'] [red][b]==[/b][/red] 1) {
        ?>
        <div class="menusubsection"> ...

I included more code so as to not confuse you where the problem lies. You just need to change the assigning = to comapring ==.

 

[stevebanks]

Nope that is not working... The page you suggest IS working, it is changing the Menu...
The logOut page, which is not working, but not giving an error is:

if ($_SESSION['loggedin'] == 1) {
   $_SESSION['loggedin'] == 0;

}
header("Location: [URL unfurl="true"]http://www.website.com/index.php");[/URL]

currently and it won't log out to the normal menu, and

<? echo $_SESSION['loggedin'] ?>

is returning 1 all the time????

 

[Vragabond]

Can you please just change what I am telling you to change. I have explained why logging in works and logging out doesn't eventhough your problem lies in the log in script rather than log out script. Could you please, without changing, replace your old script portions with these:

index.php

<? if ($_SESSION['loggedin'] == 1) {
        ?>
        <div class="menusubsection">
        <p><img src="../images/purplepiece.gif" width="21" height="20" align="left" alt="logo"> <img src="../images/greenpiece.gif" width="21" height="20" align="right" alt="logo"> </p>
        <h2>Staff Area </h2>
        <p><a href="../app/login.php">Add A New Vacancy</a></p>
        <p><a href="../app/vacchangesearch.php">Edit / Archive Current Vacancies</a></p>
        <p><a href="../app/logout.php">Log Out </a></p>
        <p>&nbsp;</p>
        <p><br>
        </p></div>
        <?

} else { ?>
Different Menu

logout.php

 if ( isset($_SESSION['loggedin'])) {
   $_SESSION['loggedin'] = 0;
}
header("Location: [URL unfurl="true"]http://www.website.com/index.php");[/URL]
 } ?>

 

[stevebanks]

No that is still not working... I have copied exactly with the same problem... But, at logout.php

if ( isset($_SESSION['loggedin'])) {
   $_SESSION['loggedin'] = 0;
}

is NOT being called???

 

[TKindree]

Steve / Vgra:
You've still got a value for $_SESSION['loggedin'].
Instead of a value of 1, you've set the value to 0.
0 exists, and is a value.

You've got to UNset the variable.

Old:

if ( isset($_SESSION['loggedin'])) {
   [red]$_SESSION['loggedin'] = 0;[/red]

New:

if ( isset($_SESSION['loggedin'])) {
   [blue]unset($_SESSION['loggedin']);[/blue]

 

[Vragabond]

TKindree, that is true, however he is testing if the value of the session variable is 1. Being 0 or not being set at all will return false.

 

[stevebanks]

That is not working either... Can anybody help?

I just need a session variable to change from say "in" to "out" using a login page and a logout page:

IE.

Login page:

If ($password = "xyz") {
     $_SESSION['login'] = "in"
     header("Location: index.php")
}

Main page:

If ($_SESSION['login'] = "in") { ?>

   ADMIN MENU

<? } else { ?>

   NORMAL MENU

}?>

and LOG OUT PAGE

If ( $_SESSION['login'] = "in") {
     $_SESSION['login'] = "out" 
    header("Location: index.php")
}

I am tearing my hair out because the Session variables don't seem to alter. I have echoed them on the page and when it becomes "in" it never changes back to out????


Thanks!!!

 

[Vragabond]

OK. Since you seemed to have the session variables at hand, I assumed you had session.auto_start set to 1 in your php.ini. However, let's stop assuming and test. Do your sessions even work? Have you tried (or are you) instantiating session_start() at the beginning of your script.

Second, all your if tests in the code you provided are erroneous. They are assigning values rather than comparing them. I do believe you have posted pseudo code here, since it is full of lines that would result in parsing errors. Try something easier.

Login page:

  session_start();
  $_SESSION['login'] = "in";
  header("Location: index.php");

Main page:

  session_start();
  echo 'Your session status is: ' . $_SESSION['login'];
  if ($_SESSION['login'] == "in")
  {
    echo '<a href="logout.php">click</a> to logout.';
  }

Logout page:

  session_start();
  $_SESSION['login'] = "out";
  header("Location: index.php");

 

[stevebanks]

Thanks very much! Problem Solved!