Session causing checklogin problem

Im putting together a site that allows for a session to be created as soon as a person comes to the site, then the person has the opportunity to log in and so the session continues.

Here lies my problem.

If the person uses the correct log in details, it does follow through on the success script by taking the person to the correct page, but the checklogin script on that page doesnt allow it, and takes them back to the log in page.

If I comment out that script it works, when I un comment it it doesnt.

Here is the code for the log in page:

<?php
session_start();
include("config.php"); 
$sid=session_id();
$date=date("Y-m-d G:i:s ");
$sql="select * from logdetails where sid='$sid' AND ddate='$date' AND pageno=3";
$q=mysql_query($sql) or die(mysql_error());
$c=mysql_num_rows($q);
$usrcnt=0;
global $h;
global $w;
$h=0;
$w=0;
if($c<1)
{
	$q1=mysql_query("insert into logdetails(sid,ddate,pageno) values('$sid','$date',3)") or die (mysql_error());

	$q3=mysql_query("select count(*) from logdetails where pageno=3") or die (mysql_query());
	$r3=mysql_fetch_row($q3);
//	echo ("No. of Users hit : $r3[0]");	
	$usrcnt=$r3[0];
}
else
{
	$q2=mysql_query("select count(*) from logdetails where pageno=3") or die (mysql_query());
	$r2=mysql_fetch_row($q2);
	//echo ("No. of Users hit : $r2[0]");
	$usrcnt=$r2[0];
}
?>

and the form:

<form name="form1" method="post" action="checklogin.php">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td colspan="3"><strong>Member Login </strong></td>
</tr>
<tr>
<td width="78">Username</td>
<td width="6">:</td>
<td width="294"><input name="myusername" type="text" id="myusername"></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name="mypassword" type="password" id="mypassword"></td>
</tr>
<tr>
<td>&nbsp;</td>
<td>&nbsp;</td>
<td><input type="submit" name="Submit" value="Login"></td>
</tr>
</table>
</td>
</form>

Here is the code for the checklogin page:

<?php
session_start();
$_SESSION['user1'];
$_SESSION['flaglog'];
ob_start();
include("config.php");
$sid=session_id();
$date=date("Y-m-d G:i:s ");

$tbl_name="Register"; // Table name 

// Connect to server and select databse.
mysql_connect("$host", "$user", "$pass")or die("cannot connect"); 
mysql_select_db("$db")or die("cannot select DB");

// username and password sent from form 
$myusername=$_POST['myusername']; 
$mypassword=md5($_POST['mypassword']); 


$q1=mysql_query("select * from Register") or die (mysql_error());		
while($data = mysql_fetch_assoc($q1))
{
$username=$_POST['myusername']; 
$pass=md5($_POST['mypassword']); 
if ($username==$data['Username']  && $pass==$data['Password'])
{
$error1="correct";
$_SESSION['user1']=$username;
$_SESSION['flaglog']=1;
$sql="insert into logdetails(sid,Log_Id,dDate,PageNo) values('$sid',$data[RegId],now(),99)";
$r=mysql_query($sql) or die ("insert into logdetails(sid,Log_Id,dDate,PageNo) values($data[RegId],now(),99)<br><br>".mysql_error());
//header("location:main.php");
}
}

// To protect MySQL injection (more detail about MySQL injection)
$myusername = trim($myusername);
$mypassword = trim($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
$_SESSION['myusername'];
$_SESSION['mypassword']; 
//header("location:login_success.php");
header("location:/tourCheck/index.php");
}
else { 
?>
<p>I'm sorry but you have entered the wrong Username and or Password.</p>
<? }
ob_end_flush();
?>

And then the problem script on the intended destination index page.



session_start();
if(!session_is_registered(myusername)){
header("location:../main_login.php");
}
//include("../config.php");
$sid=session_id();
$date=date("Y-m-d G:i:s ");

{
$q1=mysql_query("insert into logdetails(sid,Log_Id,Ddate,pageno) values('$sid','user1','$date',5)") or die (mysql_error());
}

The problem goes away when I comment out this bit:


session_start();
if(!session_is_registered(myusername)){
header("location:../main_login.php");
}


I hope that helps, I have worked on this all day to no avail, and now its time for me to go home, but will be on it first thing if somebody would like to help me, I’m sorry that I left it late to post, as I wont be able to reply.

Thanks

session_is_registered is deprecated in PHP (as of version 5.3.0), change that bit to:


if (!isset($_SESSION['myusername'])) {
header('location:../main_login.pgp');
}

Hi,

Thanks for the reply.

I changed the line of code over, and unfortuntaly it still doesnt work.

The log in details are correct as I go to the correct page when logging in, but the checklogin script sends me back.

Cheers


session_start(); 
if(!session_is_registered(myusername)){ 
header("location:../main_login.php"); 
} 

Like SpacePhoenix said, session_is_registered is deprecated. But in any case, to be redirected back to your login page means that the IF test condition is evaluating to true and so header() is being executed.

The probable cause is that your session is not actually starting. You haven’t posted all your code. Make sure there is no output of any kind, including blank lines, echo statements or trailing blank spaces on any lines before session_start(). session_start() should be located directly after <php tag.

I assume that $_SESSION[‘myusername’] should exist when the above code is run. To test if the session exists do the following:


session_start(); 

echo $_SESSION['myusername']; die();

if(!session_is_registered(myusername)){ 
header("location:../main_login.php"); 
} 

If the echo outputs nothing, then your session is not being started.

Hello again,

We tested what you asked and unfortunately nothing came back, so I guess your right.

Below is all the code for the index page we are trying to get too, hopefully there might be something there that you can see to help us.


<?
session_start();
echo $_SESSION['myusername']; die();

if(!session_is_registered(myusername)){ 
header("location:../main_login.php"); 
} 
include("../config.php");
$sid=session_id();
$date=date("Y-m-d G:i(worry) ");

{
$q1=mysql_query("insert into logdetails(sid,Log_Id,Ddate,pageno) values('$sid','user1','$date',5)") or die (mysql_error());
}