Hi,

Tuesday, October 8, 2002, 6:53:43 AM, you wrote:
SV> Hiya,
SV>     DOn't think I am getting anywhere!!!

SV>     I have no turned register_globals off and recoding my website, but I cant work 
out how to do sessions.

SV>     The following code dosen't keep sessions. Its logs on, but I dosent keep a 
session on another page. It should either get the post variables with the new username 
and passwords or validate the
SV> session variables and use them.

SV>     Help!

SV> Thanks!
    
SV>     session_start();

SV>  if(isset($_SESSION['ssun']) || isset($_POST['ssname']))
SV>  {
SV>   //Check if the user name and password are stored in session variables, if not 
empty them.
SV>   if(!isset($_SESSION['ssun']))
SV>   {
SV>    echo "Session ssun not set";
SV>        $_SESSION['ssun'] = "";
SV>   }
   
SV>   if(!isset($_SESSION['sspw']))
SV>   {
SV>    echo "Session sspw not set";
SV>        $_SESSION['sspw'] = "";
SV>   }

SV>   //Attempt to logon. Set the logon form variables to the session variables.
SV>   if(isset($_POST['sspass']))
SV>   {
SV>       $_SESSION['sspw'] =$_POST['sspass'];
SV>   }

SV>   if(isset($ssname))
SV>   {
SV>    $_SESSION['ssun'] =$_POST['ssname'];
SV>   }

SV>   //Make sure no one breaks in, if in the param loggedin was set, unset it.
SV>   if(isset($loggedin))
SV>   {
SV>    unset($loggedin);
SV>   }

SV>   if(isset($_POST['ssname']))
SV>   {
SV>    //Check if the session username and password are correct
SV>    $result = mysql_query("SELECT userid FROM users WHERE 
userpassword=PASSWORD('".$_POST['sspass']."') AND userid='".$_POST['ssname']."'", 
$db_link); 
SV>   }
SV>   else
SV>   {
SV>    //Check if the session username and password are correct
SV>    $result = mysql_query("SELECT userid FROM users WHERE 
userpassword=PASSWORD('".$_SESSION['sspw']."') AND userid='".$_SESSION['ssun']."'", 
$db_link); 
SV>   }

SV>   $norows = mysql_num_rows($result);

SV>   if($norows==1)
SV>   {
SV>    $loggedin="yes";
SV>   }
SV>   else
SV>   {
SV>    $loggedin="no";
SV>   }

SV>   if(isset($logoff))
SV>   {  
SV>    if($logoff=="true")
SV>    {
SV>     $loggedin="no";
SV>     $_SESSION['ssun']="";
SV>     $_SESSION['sspw']="";
SV>    }
SV>   }

SV>  }

After the successful first login you are not saving the $_POST variables
into the $_SESSION equivalents

-- 
regards,
Tom


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to