Im putting together a site that allows for a session to be created as soon as a person comes to the site, then the person has the opportunity to log in and so the session continues.
Here lies my problem.
If the person uses the correct log in details, it does follow through on the success script by taking the person to the correct page, but the checklogin script on that page doesnt allow it, and takes them back to the log in page.
If I comment out that script it works, when I un comment it it doesnt.
Here is the code for the log in page:
<?php
session_start();
include("config.php");
$sid=session_id();
$date=date("Y-m-d G:i:s ");
$sql="select * from logdetails where sid='$sid' AND ddate='$date' AND pageno=3";
$q=mysql_query($sql) or die(mysql_error());
$c=mysql_num_rows($q);
$usrcnt=0;
global $h;
global $w;
$h=0;
$w=0;
if($c<1)
{
$q1=mysql_query("insert into logdetails(sid,ddate,pageno) values('$sid','$date',3)") or die (mysql_error());
$q3=mysql_query("select count(*) from logdetails where pageno=3") or die (mysql_query());
$r3=mysql_fetch_row($q3);
// echo ("No. of Users hit : $r3[0]");
$usrcnt=$r3[0];
}
else
{
$q2=mysql_query("select count(*) from logdetails where pageno=3") or die (mysql_query());
$r2=mysql_fetch_row($q2);
//echo ("No. of Users hit : $r2[0]");
$usrcnt=$r2[0];
}
?>
and the form:
<form name="form1" method="post" action="checklogin.php">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td colspan="3"><strong>Member Login </strong></td>
</tr>
<tr>
<td width="78">Username</td>
<td width="6">:</td>
<td width="294"><input name="myusername" type="text" id="myusername"></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name="mypassword" type="password" id="mypassword"></td>
</tr>
<tr>
<td> </td>
<td> </td>
<td><input type="submit" name="Submit" value="Login"></td>
</tr>
</table>
</td>
</form>
Here is the code for the checklogin page:
<?php
session_start();
$_SESSION['user1'];
$_SESSION['flaglog'];
ob_start();
include("config.php");
$sid=session_id();
$date=date("Y-m-d G:i:s ");
$tbl_name="Register"; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$user", "$pass")or die("cannot connect");
mysql_select_db("$db")or die("cannot select DB");
// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=md5($_POST['mypassword']);
$q1=mysql_query("select * from Register") or die (mysql_error());
while($data = mysql_fetch_assoc($q1))
{
$username=$_POST['myusername'];
$pass=md5($_POST['mypassword']);
if ($username==$data['Username'] && $pass==$data['Password'])
{
$error1="correct";
$_SESSION['user1']=$username;
$_SESSION['flaglog']=1;
$sql="insert into logdetails(sid,Log_Id,dDate,PageNo) values('$sid',$data[RegId],now(),99)";
$r=mysql_query($sql) or die ("insert into logdetails(sid,Log_Id,dDate,PageNo) values($data[RegId],now(),99)<br><br>".mysql_error());
//header("location:main.php");
}
}
// To protect MySQL injection (more detail about MySQL injection)
$myusername = trim($myusername);
$mypassword = trim($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
$_SESSION['myusername'];
$_SESSION['mypassword'];
//header("location:login_success.php");
header("location:/tourCheck/index.php");
}
else {
?>
<p>I'm sorry but you have entered the wrong Username and or Password.</p>
<? }
ob_end_flush();
?>
And then the problem script on the intended destination index page.
session_start();
if(!session_is_registered(myusername)){
header("location:../main_login.php");
}
//include("../config.php");
$sid=session_id();
$date=date("Y-m-d G:i:s ");
{
$q1=mysql_query("insert into logdetails(sid,Log_Id,Ddate,pageno) values('$sid','user1','$date',5)") or die (mysql_error());
}
The problem goes away when I comment out this bit:
session_start();
if(!session_is_registered(myusername)){
header("location:../main_login.php");
}
I hope that helps, I have worked on this all day to no avail, and now its time for me to go home, but will be on it first thing if somebody would like to help me, I’m sorry that I left it late to post, as I wont be able to reply.
Thanks