losing my session variables

"Seabird" <jacco@vliegt.nl> · Tue, 29 Oct 2002 19:08:56 +0100

Hi everyone,

I use a login-script, but for some reason I keep losing my $_SESSION
variables. Can Anyone tell me why?

Here's my login script:

<?php
if(isset($_POST['submit'])) { // if form has been submitted
 /* check they filled in what they were supposed to and authenticate */
 if(!$_POST['uname'] | !$_POST['passwd']) {
  print '<form action="index.php" method="post">
        <div align="left">
          <input class="test" name="uname" type="text" size="8"
maxlength="8">
          <input class="test" type="password" size="8" maxlength="8"
name="passwd">
          <input name="submit" type="submit" value="Login">
          <br>
          <span class="welcome">please fill in the required
fields.</span></div>
      </form>
';
 }
 // authenticate.
 if(!get_magic_quotes_gpc()) {
  $_POST['uname'] = addslashes($_POST['uname']);
 }
 $check = $db_object->query("SELECT username, password FROM users WHERE
username = '".$_POST['uname']."'");
 if(DB::isError($check)) {
  print '<form action="index.php" method="post">
        <div align="left">
          <input class="test" name="uname" type="text" size="8"
maxlength="8">
          <input class="test" type="password" size="8" maxlength="8"
name="passwd">
          <input name="submit" type="submit" value="Login">
          <br>
          <span class="welcome">username doesn\'t exist.</span> <a
class="header"
href="javascript:loadPage(\'mainlayer\',null,\'login/signup.php\')">sign up
here</a></div>
      </form>
';
 }
 $info = $check->fetchRow();
 // check passwords match
 $_POST['passwd'] = stripslashes($_POST['passwd']);
 $info['password'] = stripslashes($info['password']);
 $_POST['passwd'] = md5($_POST['passwd']);
 if($_POST['passwd'] != $info['password']) {
  print '<form action="index.php" method="post">
        <div align="left">
          <input class="test" name="uname" type="text" size="8"
maxlength="8">
          <input class="test" type="password" size="8" maxlength="8"
name="passwd">
          <input name="submit" type="submit" value="Login">
          <br>
          <span class="welcome">wrong password, try again</span></div>
      </form>
';
 }

 // if we get here username and password are correct, register session
variables and set
 // last login time.
 $date = date('m d, Y');
 $update_login = $db_object->query("UPDATE users SET last_login = '$date'
WHERE username = '".$_POST['uname']."'");
 $_POST['uname'] = stripslashes($_POST['uname']);
 $_SESSION['username'] = $_POST['uname'];
 $_SESSION['password'] = $_POST['passwd'];
 $db_object->disconnect();
?>
<span class="welcome">Welcome <a class="header"
href="javascript:loadPage('mainlayer',null,'users/edit.php?user=<?=$_SESSION
['username']?>')"><font
color="white"><?=$_SESSION['username']?></font></a><br><a class="header"
href="login/logout.php">Logout</a>
</span>
<?php
}
else { // if form hasn't been submitted
?>
<form action="<?=$HTTP_SERVER_VARS['PHP_SELF']?>" method="post">
        <div align="left">
          <input class="test" name="uname" type="text" size="8"
maxlength="8">
          <input class="test" type="password" size="8" maxlength="8"
name="passwd">
          <input name="submit" type="submit" value="Login">
          <br>
          <a class="header"
href="javascript:loadPage('mainlayer',null,'login/signup.php')">sign up
here</a> </div>
      </form>
<?php
}
?>

--
http://seabird.jmtech.ca

Attitude is Everything!
But Remember, Attitudes are Contagious!
Is Yours worth Catching????

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php