--- Dre <[EMAIL PROTECTED]> wrote:
> $username = trim(addslashes($_POST['user_name']));
> $pass = trim(addslashes($_POST['password']));
I recommend using mysql_escape_string() or mysql_real_escape_string()
instead of addslashes().
> if((empty($_POST['user_name'])) || (empty($_POST['password'])))
> {
> header('Location: index.php');
> include("login_form");
> exit();
> }
The Location header requires an absolute URL. Also, including login_form
wouldn't display the form, even if you remembered to add the file
extension.
> header('Location: /members/main.php');
Same thing as above with this header.
> if ($_SESSION['uname'] = = "")
There is no space in the == comparison operator.
> header('Location: ../../index.php');
Same thing again with this header.
> After I login using the correct user name and password I get
> always re-directed to that index page as if I'm not logged in
Instead of redirecting when someone isn't logged in, use the following
code instead:
echo "<p>Cookie: [{$_COOKIE['PHPSESSID']}]</p>";
echo "<p>URL: [{$_GET['PHPSESSID']}]</p>";
It is likely that the browser is not identifying itself. Do you have
cookies enabled?
Hope that helps.
Chris
=====
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming Fall 2004
HTTP Developer's Handbook - Sams
http://httphandbook.org/
PHP Community Site
http://phpcommunity.org/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
