Confused $_SESSION

SoulAssassin · #1 May 18th, 2007, 08:50

Hi guys, this is my first post on your forum.
I am not really a newbie to php, but I have been sitting with a problem for about 3 days now. Also posted it on other support forums.
Maybe you guys can help.

When the Admin signs in, a Session gets created to hold it's user info, and echo it on every page.
login.php

PHP: Select all


<?
$_SESSION['user_name'] = $row['user_name'];
$_SESSION['level'] = $row["user_level"];
$_SESSION['com_usercode'] = $row['com_usercode'];
$_SESSION['user_email'] = $row['user_email'];
$_SESSION['user_tel'] = $row['user_tel'];
$_SESSION['user_date'] = $row['date'];
?>

It works fine on every other page until the Admin needs to change another user's detail.
These Users have got the same fields as the Admin User, so when the edit form gets submitted, the $_POST somehow replaces the $_SESSION. Which means that all fields that's been changed, now echo the $_POST value of the user who's detail has been changed, instead of the original Admin user's SESSION information. It only happens once Admin chooses another user to edit. And if I go to another Page, the "New SESSION" goes through.
I need to know why this happen, or if it's something I'm doing wrong.

Here's a shortened version of my page.
users.php

PHP: Select all


<?
session_start();
include "config.php";

$adminuser = $_SESSION['user_name']; 
$adminlevel = $_SESSION['level'];
$admincom_usercode = $_SESSION['com_usercode'];
$adminuser_date = $_SESSION['user_date'];
$adminuser_email = $_SESSION['user_email'];
$adminuser_tel = $_SESSION['user_tel'];

if(isset($_POST['Amend'])) 
{
//The only 2 field who gets edited, and who's values replace the $_SESSION
$userid = $_POST['userid'];
$user_email = $_POST['user_email'];
$user_tel = $_POST['user_tel'];

$result = mysql_query("Update login_table set user_email='$user_email', user_tel='$user_tel' where userid=".$_POST['userid']);
if ($result)
{
echo "User updated<br>";
$edit = "";
}
}
if ($order == "") {$order = "userid";}
$list = mysql_query("Select * from login_table WHERE com_usercode='$admincom_usercode' ORDER BY '$order'",$con);
$num = mysql_num_rows($list);
$n = 0;
?>
Admin Detail:
<? echo "Username - $adminuser"; ?>
<br>
<? echo "Login Level - $adminlevel"; ?>
<br>
<? echo "Company Code - $admincom_usercode"; ?>
<br>
<? echo "E-Mail Address - $adminuser_email"; // After form has been submited, $_POST replace this field ?>
<br>
<? echo "Telephone Number - $adminuser_tel"; // After form has been submited, $_POST replace this field ?>
<br>
<? echo "Registered Date - $adminuser_date"; ?>
<br>        
User Information:
<table width="100%" border="0">
    <tr> 
      <td width="5%"><a href="users.php?order=userid">ID</a></td>
      <td width="16%"><a href="users.php?order=user_name">User Name</a></td>
      <td width="8%"><a href="users.php?order=user_level">Level</a></td>
      <td width="18%"><a href="users.php?order=user_email">E-Mail</a></td>
      <td width="17%"><a href="users.php?order=user_tel">Tel</a></td>
      <td width="14%"><a href="users.php?order=user_ip">User IP</a></td>
      <td width="22%"><a href="users.php?order=date">Date Registered</a></td>
    </tr>
<?
while($row = mysql_fetch_array($list, MYSQL_ASSOC))
{
$n++;
?>
    <tr> 
      <td width="5%"><? echo $row['userid']; ?></td>
      <td width="16%">
<?
if($row['userid'] > "1") 
{ 
?>
<a href="users.php?edit=<? echo $row['userid']; ?>"><? echo $row['user_name']; ?></a>
<? 
} 
else
{
echo $row['user_name'];
}
?>
      </td>
      <td width="8%"><? echo $row['user_level']; ?></td>
      <td width="18%"><? echo $row['user_email']; ?></td>
      <td width="17%"><? echo $row['user_tel']; ?></td>
      <td width="14%"><? echo $row['user_ip']; ?></td>
      <td width="22%"><? echo $row['date']; ?></td>
    </tr>
<?
}
?>
</table>
<?
if ($edit) 
{
$result = mysql_query("Select * from login_table WHERE userid = '$edit'",$con);
$row = mysql_fetch_array($result);
?>
<br/>
<form name="form" method="post" action="">
Edit User:
        <table width="43%">
          <tr> 
            <td width="21%">User Name</td>
            <td width="43%">E-Mail</td>
            <td width="36%">Tel</td>
          </tr>
          <tr> 
            <td><? echo $row['user_name'];?></td>
            <td><input type="user_email" name="user_email" value="<? echo $row['user_email']; ?>"></td>
            <td><input type="user_tel" name="user_tel" value="<? echo $row['user_tel']; ?>"></td>
          </tr>
        </table>
  <input type="hidden" name="userid" value="<? echo $row['userid'];?>">
  <input type="Submit" name="Amend" value="Update">
</form>
<?
}
?>

</div>
When I echo session_id(); it shows the encrypted filename of the Session.

Thought it might be something in my php.ini file, but I can't see anything wrong:
session.save_handler = files
session.save_path = c:/apache/tmp
session.use_cookies = 1
session.name = PHPSESSID
session.auto_start = 0
session.cookie_lifetime = 0
session.cookie_path = /
session.cookie_domain =
session.serialize_handler = php
session.gc_probability = 1
session.gc_maxlifetime = 1440
session.referer_check =
session.entropy_length = 0
session.entropy_file =
session.cache_limiter = nocache
session.cache_expire = 180
session.use_trans_sid = 1

I also tried it with Register Globals on, and off.

Please guys, any suggestions?
Thanks

SoulAssassin · #2 May 18th, 2007, 08:54

Ok, I'm now posting print screens, maybe it makes more sense
I'm printing it with the print_r($_SESSION);, so you guys can see the real session values.

This is when I land on the page. The Sessions are all correct.

Selected User1 for edit, and change tel.

When for POST, see how the Session changes in the print, but on the left, the Session still shows correctly.

When Selecting Use2 for edit, see how the Session on left also changes

Does this make more sense?
Can someone please check the process sequence, and maybe suggest another place to define my Sessions.
I'm obviously over complicating it in my own head.
Thanks

masonbarge · #3 May 18th, 2007, 14:44

Sorry, I tried. It's just too hard to wade through the code. My first suspicion is a variable being reset by a SELECT query.

I do have a possible approach, though, to simplify the code, although it would make automation difficult or maybe impossible. Use .htaccess for the administrator's username and password login. A different range of pluses and minuses, but it's something to consider -- maybe it will at least get you "outside your box".

(PS -- it helps, if you're posting a long bit of code on the forum, to use the ENTER key to break lines of code into proper width. Having horizontal and vertical scroll bars on a block of code makes it a major headache to read.

If worst comes to worst, you can just put your cursor at the end of every line in the Reply screen and hit ENTER; if it doesn't create a line break, leave it, and if it does create a line break, just backspace.)

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
input $_SESSION['username'] = $username; on login page help	Aaron1988	PHP Forum	2	Jan 28th, 2008 14:14
Still confused... PHP	ssnerdy	Starting Out	14	Oct 1st, 2007 10:29
Now im really confused	cressy	Scripts and Online Services	1	Aug 4th, 2007 08:14
Confused!!!	TwentyFourSeven	Website Planning	2	Apr 28th, 2007 05:57
Confused with Actionscript	Diggers23	Flash & Multimedia Forum	0	Jan 29th, 2007 10:35

		Webforumz.com > Main Forums > Program Your Website > PHP Forum
Confused $_SESSION