I’ve been banging my head against the wall… I’ve asked 5 coders and none of them could tell me what’s wrong! My sessions aren’t working. After a user logs in they should be able to navigate all the member-only pages, however this is not the case. After logging in I get the ‘success you’re logged in’ message but then you can’t actually stay logged in via Sessions. My login system was working fine until I added a callname in the register script, and although all the fields registered fine the login system/sessions won’t keep anymore.
index.php (login)
[php]<?php
include(‘config.php’);
include(‘dateindex.php’);
if($loggedin == ‘0’)
{
if(isset($_POST[‘submit’]))
{
// Make sure all forms were filled out.
if((!isset($_POST[‘username’])) ||
(!isset($_POST[‘pass’]))
|| ($_POST[‘username’] == ‘’) || ($_POST[‘pass’] == ‘’))
die(“Please fill out the form completely.
Continue”);
// Get user’s record from database
$player = @mysql_query(“SELECT id, username, password, callname, email, registered, lastlogin FROM users WHERE username = '”.$_POST[‘username’]."’");
$player = @mysql_fetch_assoc($player);
mysql_real_escape_string($username);
mysql_real_escape_string($password);
if($player[‘id’] == false)
die(“Sorry, that user is not in our database.
Back”);
else if($player[‘password’] != md5($_POST[‘pass’]))
die(“Wrong password!
Back”);
$_SESSION[‘id’] = $player[‘id’];
$_SESSION[‘username’] = $player[‘username’];
$_SESSION[‘password’] = $player[‘password’];
$_SESSION[‘callname’] = $player[‘callname’];
$_SESSION[‘email’] = $player[‘email’];
$date = date(“m/d/y”);
$update = @mysql_query(“UPDATE users SET lastlogin = ‘$date’ WHERE id = '”.$_SESSION[‘id’]."’");
echo ‘You are now logged in!’;
}
else
{
echo 'You are not logged in.
Password:
Would you like to register?'; } } else { echo 'You are logged in! Welcome to my game, '.$_SESSION['username'].'!';
}
?>
[/php]
config.php
[php]<?php
$dbhost = ‘localhost’;
$dbuser = ‘root’;
$dbpass = ‘’;
$dbname = ‘mygame’;
$link = mysql_pconnect($dbhost, $dbuser, $dbpass)
or die(“Could not connect to server.”);
$selectdb = mysql_select_db($dbname, $link)
or die(“Could not connect to database.”);
session_start();
if((!isset($_SESSION[‘id’])) ||
(!isset($_POST[‘callname’])) ||
(!isset($_SESSION[‘username’])) ||
(!isset($_SESSION[‘email’])) ||
(!isset($_SESSION[‘password’])))
{
unset($_SESSION[‘callname’]);
unset($_SESSION[‘username’]);
unset($_SESSION[‘email’]);
unset($_SESSION[‘password’]);
unset($_SESSION[‘id’]);
$loggedin = 0;
}
else
{
$loggedin = 1;
}
?>[/php]
date.php (which restricts users not logged in from pages)
[php]<?php
include(‘config.php’);
if ($_SESSION[‘id’]=="") {
header(“Location: YouMustLogInNotice.html”);
}
echo ‘’;
echo ‘Main | Profile | Inbox | To-Do List | Logout’;
echo ‘’;
print date(‘g:i a - l, F jS’);
echo ‘
’;
?>[/php]
Any advice?