0

I am not an expert in PHP, and all that I know comes from tuts. I try anyway to do the best I can by myself, but now I have a problem and cannot find what is causing the issue.

I made a bolg using this tutorial. The tutorial is great, easy to understand and everything, the only BUT is that they don't explain how to make a control panel/admin system. So, I made one by myself! I created a simple php/html5 file with icones for the functionalities that exist in the blog: "Add a new blog entry", "Edit an existing blog entry", "Add/manage categories" and "Log out". For the log in mechanism I used this other tutorial. Everything is working fine except for one thing:

After one has logged in the control panel and presses in one of the functions (let's say "Add a new blog entry") and then presses on the button "Back to the control panel", the system automatically logs out and forces you to log in again.

Anybody can explain me why? Bellow is the code of my control panel and the check.php which is included on the control panel (I cut off unnecessary code for other functions like slide shows, css sheets and others):

Control Panel:

<?php require('autent/check.php'); ?>
<p style="background:#48c248; line-height:30px; vertical-align:middle; color:#fff; font-weight:bold;">If you can see this, you're logged in</p>
<!DOCTYPE html>
<head>
  <meta charset="utf-8" />

  <title></title>

  <!-- Rich text editor -->
  <script src="ckeditor/ckeditor.js"></script>

</head>
<body>
  <div class="row">
    <div class="twelve columns">

      <h4>Useful links</h4>
      <h5>Archive</h5>
      <p>

      <?php
        mysql_connect ('localhost', 'dbuser', 'dbpass') ;
        mysql_select_db ('tablename');

        $result = mysql_query("SELECT FROM_UNIXTIME(timestamp, '%Y') AS get_year, COUNT(*) AS entries FROM php_blog GROUP BY get_year");

        while ($row = mysql_fetch_array($result)) {
            $get_year = $row['get_year'];
            $entries = $row['entries'];

            echo "<a href=\"archive.php?year=" . $get_year . "\">Entries from " . $get_year . "</a> (" . $entries . ")<br />";
        }

      ?>

      </p>
      <h5>Category Archive</h5>
      <p>

      <?php
        mysql_connect ('localhost', 'dbuser', 'dbpass') ;
        mysql_select_db ('tablename');

        $result1 = mysql_query("SELECT * FROM php_blog_categories ORDER BY category_name ASC");

        while($row = mysql_fetch_array($result1)) {

            $result2 = mysql_query("SELECT COUNT(`id`) AS entries FROM php_blog WHERE category = $row[category_id]");
            $num_entries = mysql_fetch_array($result2);

            echo '<a href="kat_arkiv.php?category=' . $row['category_id'] . '">' . $row['category_name'] . '</a> (' . $num_entries['entries'] . ')<br />';

            }
        ?>

      </p>
      </div>
        <h4>Control panel - Manage your blog</h4>
              <a href="skapa.php"><img src="../images/new_blog.png"  title="Add a new blog entry" alt="Add a new blog entry"/></a><br>
              <p><a href="skapa.php" title="Add a new blog entry">Add a new blog entry</a></p>
            </div>
            <div class="four columns">
              <a href="update_list.php"><img src="../images/edit_blog.png"  title="Edit a blog entry" alt="Edit a blog entry"/></a><br>
              <p><a href="update_list.php" title="Edit a blog entry">Edit an existing blog entry</a></p>
            </div>
            <div class="four columns">
              <a href="kategorier.php"><img src="../images/cat_blog.png"  title="Add/manage categories" alt="Add/manage categories"/></a><br>
              <p><a href="kategorier.php" title="Add/manage categories">Add/manage categories</a></p>
            </div>
            <div class="four columns">
              <p>&nbsp;</p>
            </div>
          </div>
            <div class="four columns">
              <a href="logout.php"><img src="../images/logout.png"  title="End your session" alt="End your session"/></a><br>
              <p><a href="logout.php" title="End your session">End your session</a></p>
            </div>


<!-- other html and footer follows -->

</body>
</html>

check.php

<?php
session_start(); 
if (!isset($_SESSION['loggedin'])) {
    header("Location: login.php");
    exit;
} else {
    // the session variable exists, let's check it's valid:
    require('autent/config.php');
    $userexists = false;

    foreach($users as $username => $password) {
        if (md5($username.$password.$salt) == $_SESSION['loggedin'])
            $userexists = true;
    }

    if ($userexists !== true) {
        exit('<p style="background:#fd0000; line-height:30px; vertical-align:middle; color:#fff; font-weight:bold;">Invalid session: please <a href="login.php">login</a>.</p>');
    }
}
?>
halfer
  • 19,824
  • 17
  • 99
  • 186
viriato
  • 859
  • 2
  • 13
  • 26

2 Answers2

0

It may because of session timeout problem.try to increase the session time by referring the following url.

How do I expire a PHP session after 30 minutes?

Community
  • 1
  • 1
Kalaiyarasan
  • 12,134
  • 8
  • 31
  • 49
  • Don't think so, because if I just press back on the browser I don't get logged out, even if I refresh the page. Which means that my session is not the issue here, something else is being the issue... But thanks anyway! – viriato Aug 29 '13 at 12:16
0

Session variables are stored on your server, not on the users computer like a cookie. So the user can't ever modify $_SESSION variables. It is helpful to create a boolean variable in your session that can be used as a quick flag to tell you if the user is still signed in.

When you create the session for the user, you could create a session variable like this:

$_SESSION['valid'] = TRUE;

From here on out, all you have to do is check if the session is still set to true:

session_start();
if (!$_SESSION['valid']) {
    header("Location: login.php");
    exit;
}

That code checks if the session is not true and if it is not, send them to login.php

When you sign them out, you can unset the session variable or just set it to false.

KevBot
  • 17,900
  • 5
  • 50
  • 68