I finally signed up! Anyway, on my basic login, it works pretty well, though I noticed a bug.
If I log in with one existing email, but a different existing password, it doesn’t set the session, but bypasses my if statement. Here is a nice block of code where I think the trouble occurs
[php]$sql = “SELECT firstname, lastname FROM persons WHERE
email = '”.$_POST[“email”]."’ AND
Password = ‘".$hashedPassword."’";
$result = mysql_query($sql, $con) or die(mysql_error($con));
if (mysql_num_rows($result) == 1) {
while ($info = mysql_fetch_array($result)){
$Fname = $info[‘firstname’];
$Lname = $info[‘lastname’];
}
$_SESSION[‘firstname’] = $Fname;
$_SESSION[‘lastname’] = $Lname;
}
header(‘Location: members-area.php’);
exit();[/php]
It redirects, but luckily at members-area.php it checks if the session is set.
MAIN PROBLEM
If you log in with a email but a password that corresponds to a different user, it says you aren’t logged in (which is what happens if a session isn’t set on members-area.php)