dargpat Posted August 6, 2010 Share Posted August 6, 2010 I'm creating a script and having problems with the log in portion using sessions. Everything works fine when I set the sessions for the log in which is in the root directory. The problem arises when I try to create an admin area and cross from the user side to the admin side which is in a different directory of its own. I do an echo to check for the sessions in admin area and all are lost. /root <--sessions work 100% Click link to go to /root/admin <--- sessions are lost and yes all pages have session_start() Any advice would gladly be appreciated! Thanks Here is login code: <?php session_start(); include("admin/db/db_connect.php"); $myusername=$_POST['myusername']; $mypassword=$_POST['mypassword']; $myusername = stripslashes($myusername); $mypassword = stripslashes($mypassword); $myusername = mysql_real_escape_string($myusername); $mypassword = mysql_real_escape_string($mypassword); $sql="SELECT * FROM members WHERE user_name='$myusername' and user_pass='$mypassword'"; $result=mysql_query($sql); $rows=mysql_fetch_array($result); $status = $rows['status']; $user_id = $rows['user_id']; if(($status!="") && ($status==0)){ $m="Your Account has not been activated or is suspended!"; $m = base64_encode($m); header("location:login.php?m=$m"); exit(); } $count=mysql_num_rows($result); if($count==1){ $_SESSION['myusername'] = $myusername; $_SESSION['myuser_id'] = $user_id; if($user_id == "1"){ $_SESSION['admin'] = $myusername . $user_id; } //echo $user_id . $myusername."<p></p>"; //echo $_SESSION['myusername'] . $_SESSION['myuser_id'] . $_SESSION['admin']; //exit(); $m="Login Successful!"; $m = base64_encode($m); header("location:members.php?m=$m"); } else { $m="Login Failed, Please Try Again!"; $m = base64_encode($m); header("location:login.php?m=$m"); } ?> That works fine for members area and other files in root: <?php session_start(); include("inc/vars.php"); include("admin/db/db_connect.php"); include("inc/page_header.php"); if(!isset($_SESSION['myusername'])){ header("location:login.php"); } ?> <?php $m = $_GET['m']; $m = base64_decode($m); ?> <?php include("inc/page_footer.php");?> But it doesn't for this script in admin: <?php session_start(); $log = $_SESSION['myusername']; $in = $_SESSION['myuser_id']; $key = $log . $in; echo "<p>-->". $log . $in ."<--</p>"; echo $key."<-- Key"; exit(); //testing if($_SESSION['admin'] !== $key){ header("location:/login.php"); } $ImageDirx = "../sopImages/"; $func = $_GET["func"]; $picid = $_GET["picid"]; $dothis = $_GET["dothis"]; if($func != "" && $picid != "" && $dothis != ""){ function DoDelete($picid,$dothis) { include ("../inc/vars.php"); include ("db/db_connect.php"); include ("admin_header.php"); $query ="SELECT * FROM listings WHERE picid='$picid'"; $result = mysql_query($query); $row = mysql_fetch_array($result); $delete = $row["imagefile"]; // Delete image from server & DATABASE //echo $ImagePth . $delete;exit(); $sql = "DELETE FROM listings WHERE picid='$picid'"; $result = mysql_query($sql); @unlink($ImagePth . $delete); } function DoStatusC($func,$picid,$dothis) { include ("../inc/vars.php"); include ("db/db_connect.php"); include ("admin_header.php"); if($func == hold){ $Nactive = "n"; } else{ $Nactive = "y";} $query ="SELECT * FROM listings WHERE picid='$picid'"; $result = mysql_query($query); $myrow = mysql_fetch_array($result); $picid = $myrow["picid"]; $active = $myrow["active"]; $sql ="UPDATE listings SET active='$Nactive' WHERE picid='$picid'"; $result = mysql_query($sql); } if($func == "delete"){ DoDelete($picid,$dothis); } else { DoStatusC($func,$picid,$dothis); } } if (empty($_GET["dothis"])) { shownew(); Die(); } else {$dothis = $_GET["dothis"];} if($dothis == "echonew"){shownew(); die();} elseif($dothis == "echoactive"){showactive(); die();} elseif($dothis == "echoall"){showall(); die();} elseif($dothis == "resetDB"){DoresetDB(); die();} // Retrieve all images from the db function showall() { include("../inc/vars.php"); include ("db/db_connect.php"); include ("admin_header.php"); $query = "SELECT * FROM listings ORDER BY id DESC"; $result = mysql_query($query); $num = mysql_num_rows($result); if ($num == "0") {print("No Results");include("admin_footer.php"); die();} if ($num < "20") {$Xwarning = "WARNING: There are not enough images for this script to work correctly.<br>";} print("<font color='red'>$Xwarning</font>"); print("<font color='blue'>$num</font> Image(s)<br>"); if($num > 0){ $i=0; echo ""; while($i < $num){ $id = mysql_result($result, $i, "id"); $owner_id = mysql_result($result, $i, "owner_id"); $picid = mysql_result($result, $i, "picid"); $imagename = mysql_result($result, $i, "imagename"); $imagefile = mysql_result($result, $i, "imagefile"); $active = mysql_result($result, $i, "active"); $query2 ="SELECT * FROM members WHERE user_id='$owner_id'"; $result2 = mysql_query($query2); $myrow2 = mysql_fetch_array($result2); $name = $myrow2["user_name"]; if ($active == "n") {$status = "Hold";} else {$status = "Active";} if ($active == "n") {$statusL = "<a href=\"inedx.php?func=allow&picid=$picid&dothis=echoall\">Click to Allow</a>";} else {$statusL = "<a href=\"index.php?func=hold&picid=$picid&dothis=echoall\">Click to Hold</a>";} echo "<table border=\"0\" cellspacing=\"1\" style=\"border-collapse: collapse\" bordercolor=\"#111111\" width= \"585\"> <tr><td width=\"237\"><img src='../i.php?src=/".$ImageDir."".$imagefile."&h=&w=150&zc=0'></td> <td width=\"341\" valign=\"top\"><b>Submitted By:</b> <a href=\"member.php?user_id=".$owner_id."\">". $name."</a><br><b>Website:</b> ".$website."<br><b>Image Name:</b> ".$imagename."<br><b>Status:</b> ".$status."<br><br><a href=\"index.php?func=delete&picid=$picid&dothis=echoall\">Delete</a> | ".$statusL."</td> </tr>\n</table><hr color=\"#0000FF\" align=\"left\" width=\"570\" size=\"1\">"; $i++; } echo ""; } include("admin_footer.php"); } function shownew() { // Retrieve all new images from the db include("../inc/vars.php"); include ("db/db_connect.php"); include ("admin_header.php"); $query = "SELECT * FROM listings WHERE active='n' ORDER BY id DESC"; $result = mysql_query($query); $num = mysql_num_rows($result); if ($num == "0") {print("No Results"); include("admin_footer.php"); die();} print("<font color='blue'>$num</font> Image(s)<br>"); if($num > 0){ $i=0; echo ""; while($i < $num){ $id = mysql_result($result, $i, "id"); $owner_id = mysql_result($result, $i, "owner_id"); $picid = mysql_result($result, $i, "picid"); $imagename = mysql_result($result, $i, "imagename"); $imagefile = mysql_result($result, $i, "imagefile"); $active = mysql_result($result, $i, "active"); $query2 ="SELECT * FROM members WHERE user_id='$owner_id'"; $result2 = mysql_query($query2); $myrow2 = mysql_fetch_array($result2); $name = $myrow2["user_name"]; if ($active == "n") {$status = "Hold";} else {$status = "Active";} if ($active == "n") {$statusL = "<a href=\"index.php?func=allow&picid=$picid&dothis=echonew\">Click to Allow</a>";} else {$statusL = "<a href=\"index.php?func=hold&picid=$picid&dothis=echonew\">Click to Hold</a>";} echo "<table border=\"0\" cellspacing=\"1\" style=\"border-collapse: collapse\" bordercolor=\"#111111\" width= \"585\"> <tr><td width=\"237\"><img src='../i.php?src=/".$ImageDir."".$imagefile."&h=&w=150&zc=0'></td> <td width=\"341\" valign=\"top\"><b>Submitted By:</b> <a href=\"member.php?user_id=".$owner_id."\">". $name."</a><br><b>Website:</b> ".$website."<br><b>Image Name:</b> ".$imagename."<br><b>Status:</b> ".$status."<br><br><a href=\"index.php?func=delete&picid=$picid&dothis=echonew\">Delete</a> | ".$statusL."</td> </tr>\n</table><hr color=\"#0000FF\" align=\"left\" width=\"570\" size=\"1\">"; $i++; } echo ""; } include("admin_footer.php"); } function showactive(){ // Retrieve all Active images from the db include("../inc/vars.php"); include ("db/db_connect.php"); include ("admin_header.php"); $query = "SELECT * FROM listings WHERE active='y' ORDER BY id DESC"; $result = mysql_query($query); $num = mysql_num_rows($result); if ($num == "0") {print("No Results");include("admin_footer.php"); die();} if ($num < "20") {$Xwarning = "WARNING: There are not enough images for this script to work correctly.<br>";} print("<font color='red'>$Xwarning</font>"); print("<font color='blue'>$num</font> Image(s)<br>"); if($num > 0){ $i=0; echo ""; while($i < $num){ $id = mysql_result($result, $i, "id"); $owner_id = mysql_result($result, $i, "owner_id"); $picid = mysql_result($result, $i, "picid"); $imagename = mysql_result($result, $i, "imagename"); $imagefile = mysql_result($result, $i, "imagefile"); $active = mysql_result($result, $i, "active"); $query2 ="SELECT * FROM members WHERE user_id='$owner_id'"; $result2 = mysql_query($query2); $myrow2 = mysql_fetch_array($result2); $name = $myrow2["user_name"]; if ($active == "n") {$status = "Hold";} else {$status = "Active";} if ($active == "n") {$statusL = "<a href=\"index.php?func=allow&picid=$picid&dothis=echoactive\">Click to Allow</a>";} else {$statusL = "<a href=\"index.php?func=hold&picid=$picid&dothis=echoactive\">Click to Hold</a>";} echo "<table border=\"0\" cellspacing=\"1\" style=\"border-collapse: collapse\" bordercolor=\"#111111\" width= \"585\"> <tr><td width=\"237\"><img src='../i.php?src=/".$ImageDir."".$imagefile."&h=&w=150&zc=0'></td> <td width=\"341\" valign=\"top\"><b>Submitted By:</b> <a href=\"member.php?user_id=".$owner_id."\">". $name."</a><br><b>Website:</b> ".$website."<br><b>Image Name:</b> ".$imagename."<br><b>Status:</b> ".$status."<br><br><a href=\"index.php?func=delete&picid=$picid&dothis=echoactive\">Delete</a> | ".$statusL."</td> </tr>\n</table><hr color=\"#0000FF\" align=\"left\" width=\"570\" size=\"1\">"; $i++; } echo "$warning"; } include("admin_footer.php"); } ?> Quote Link to comment Share on other sites More sharing options...
schilly Posted August 7, 2010 Share Posted August 7, 2010 Did you print_r($_SESSION); to what is actually in the session? Quote Link to comment Share on other sites More sharing options...
dargpat Posted August 7, 2010 Author Share Posted August 7, 2010 Did you print_r($_SESSION); to what is actually in the session? returns: Array ( ) I also did it on members.php in root and it returned: Array ( [myusername] => admin [myuser_id] => 1 [admin] => admin1 ) and if I click link in members.php and goes to admin/index.php I get nothing in the array! Quote Link to comment Share on other sites More sharing options...
dargpat Posted August 7, 2010 Author Share Posted August 7, 2010 I found out the problem... I took my php.ini file and placed it in the admin directory now everything is working 100% I thought by having php.ini in the root folder it would affect all sub-folders .... Can someone explain to me why php.ini in root is not affecting the sub-folders and what do I need to do, to accomplish that! Thanks Quote Link to comment Share on other sites More sharing options...
dargpat Posted August 7, 2010 Author Share Posted August 7, 2010 Sometimes you have to figure things out yourself... But after hours or trial and error I found an answer to the php.ini (saw there were possibly more but this one works fine) Don't want to place php.ini in every subfolder? GeeksEngine is hosted by LunarPages where PHP is compiled as CGI. In addition, LunarPages also uses suPHP to parse php scripts. An account can have multiple php.ini files in different folders so you can customize the php processing in different folders should your script require it. A php.ini file will not inherit down into subfolders. However, you can create a .htaccess file in the same folder as the php.ini file and place the following code into it: suPHP_ConfigPath /home/username/public_html/ where "username" is your cPanel username. This will cause the php.ini file to affect all subfolders, unless a php.ini file is in a subfolder, at which point the php.ini in the subfolder takes precedence. ~ geeksengine.com Quote Link to comment Share on other sites More sharing options...
schilly Posted August 9, 2010 Share Posted August 9, 2010 whats in your php.ini file? i've never had a php.ini file in any of my web dirs. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.