general logic in this code

searls03 · February 16, 2012, 4:48am

ok so here is the code:
[php]<?php
session_start(); // Must start session first thing
/*
Created By Adam Khoury @ www.flashbuilding.com
-----------------------June 20, 2008-----------------------
*/
// Here we run a login check
include_once “connect.php”;
// Place Session variable ‘id’ into local variable

$sql = mysql_query(“SELECT * FROM cart”);
while($row = mysql_fetch_array($sql)){
$cid = $row[“cart_id”];
$academy = $row[“academy”];
$complete = “”.$cid."".$academy."";
$_SESSION[‘complete’] = $complete;

$_SESSION[‘cart_id’] = $cid;
$_SESSION[‘academy’] = $academy;

}
if (!isset($_SESSION[‘complete’])) {
echo ‘Please log in to access your account’;
exit();
}

//Connect to the database through our include
include_once “connect.php”;
// Place Session variable ‘id’ into local variable
$academy = $_SESSION[‘academy’];

$sql = mysql_query(“SELECT * FROM cart”);
while($row = mysql_fetch_array($sql)){
$cid = $row[“cart_id”];
$_SESSION[‘cart_id’] = $cid;

}

echo $cid;
echo “
”;
echo $academy;

?>
[/php]

what I need to know how to do is arrange my code so that if the person is logged in already, the part before the if isnot set, will run. but if the person is not already logged in, they must login first. the problem is if one person is logged in, all people can get logged in. please help…

searls03 · February 16, 2012, 4:56am

I may not be setting them right either. :
[php]<?php
/*
Created By Adam Khoury @ www.flashbuilding.com
-----------------------June 20, 2008-----------------------
*/
if ($_POST[‘username’]) {
//Connect to the database through our include
include_once “connect.php”;
$username = stripslashes($_POST[‘username’]);
$username = strip_tags($username);
$username = mysql_real_escape_string($username);
$password = ereg_replace("[^A-Za-z0-9]", “”, $_POST[‘password’]);
$password = md5($password); // filter everything but numbers and letters
// Make query and then register all database data that -
// cannot be changed by member into SESSION variables.
// Data that you want member to be able to change -
// should never be set into a SESSION variable.
$sql = mysql_query(“SELECT * FROM users WHERE username=’$username’ AND password=’$password’”);
$login_check = mysql_num_rows($sql);
if($login_check > 0){
while($row = mysql_fetch_array($sql)){
// Get member ID into a session variable
$academy = $row[“academy”];

$_SESSION[‘academy’] = $academy;
$_SESSION[‘logged’] = “1”;

function genRandomString($length = 20) {
$characters = ‘0123456789’;
$string =’’;

for ($p = 0; $p < $length; $p++) {
     $string .= $characters[mt_rand(0, strlen($characters))];
 }

return $string;

}

$bar = genRandomString();

$sql = “INSERT INTO cart (cart_id, academy)
VALUES(’”.$bar."".$academy."’,’$academy’ )";
$rs = mysql_query($sql) or die ("Problem with the query: $sql
" . mysql_error());
$id = $bar;

$_SESSION[‘cart_id’] = $cid;
$_SESSION[‘complete’] = “”.$cid."".$academy."";

// Get member username into a session variable

$errorMsg = ‘’;
$pass = ‘’;
$remember = ‘’;
if (isset($_POST[‘Submit’])) {

$pass = $_POST['password'];
if (isset($_POST['remember'])) {
	$remember = $_POST['remember'];
}
$pass = stripslashes($pass);
$pass = strip_tags($pass);

if($remember == “yes”){
$encryptedID = base64_encode(“g4enm2c0c4y3dn3727553$id”);
setcookie(“idCookie”, $encryptedID, time()+606024100, “/”); // Cookie set to expire in about 30 days
setcookie(“passCookie”, $password, time()+606024100, “/”); // Cookie set to expire in about 30 days
}
// All good they are logged in, send them to homepage then exit script
header(“location: index.php”);
exit();
}} // close while
} else {
// Print login failure message to the user and link them back to your login page
print '

Sorry, incorrect username or password, please try again!
';

}}
?>[/php]

It seems that I have to query the database on every page for them to actually work…why is this? I don’t beleive they are setting…like I echo logged, but nothing shows…so I don’t think they are working.