i got these codes from a website but since it's fairly old i'm trying to figure out the problem the scenario: when a user login it will go to a page (processlogin.php) that confirmed that the user is logged in & the user will be redirect to the user's account manager (admin/index.php) the problem: i manage to logged in (processlogin.php) but once redirected to account manager page (admin/index.php), it said that i'm NOT logged in here are the codes login.php <? include("header.php"); include("functions.php"); ?> <? // Checkin session ID to see if user is already logged in if ($session[auth]==1) { // If user has superadmin status // then display super admin Home Page if ($session[superadmin]==1) { echo "<meta http-equiv=\"Refresh\" content=\"0; url=$siteaddress/admin/index.php\">\n\n<br><br><h2>You are already logged in</h2><h3>You will now be transported to your Account Management Page.If nothing happens or your browser does not support Refresh Meta Tags, please click <a href=\"$siteaddress/admin/index.php\">here</a> to continue. Thanks.</h3>"; } // If user has Admin status // then display Admin Home Page else if ($session[admin]==1) { echo "<meta http-equiv=\"Refresh\" content=\"0; url=$siteaddress/admin/index.php\">\n\n<br><br><h2>You are already logged in</h2><h3>You will now be transported to your Account Management Page.If nothing happens or your browser does not support Refresh Meta Tags, please click <a href=\"$siteaddress/admin/index.php\">here</a> to continue. Thanks.</h3>"; } // If user has no admin privileges // then display regular user Home Page else { echo "<meta http-equiv=\"Refresh\" content=\"0; url=$siteaddress/accountmanager.php\">\n\n<br><br><h2>You are already logged in</h2><h3>You will now be transported to your Account Management Page.If nothing happens or your browser does not support Refresh Meta Tags, please click <a href=\"$siteaddress/accountmanager.php\">here</a> to continue. Thanks.</h3>"; } } else { echo "<h2>Login page</h2>"; // If user not logged in, then display login screen include("logininc.php"); } ?> PHP: processlogin.php <? include("header.php"); include("functions.php"); ?> <? global $HTTP_REFERER; $HTTP_REFERER = $_SERVER['HTTP_REFERER']; $r=$HTTP_REFERER; //getenv(http_referer); // If user is not logged in and accesses processlogin.php // directly without being called from login.php then, // Display login Screen // // $session[auth]= x {x=1 : Loggged in | x=0 Not Logged in } //echo "[".$session[auth]."]"; if (($r=="") and ($session[auth]!=1)) { include("logininc.php"); } // Otherwise if user is not logged in // and processlogin has been accesed from another script else if ($session[auth]!=1) { // Query to get employee informatiob based on login and password entered $formlogin = $_POST['formlogin']; $formpassword = $_POST['formpassword']; $referpage= $_POST['referpage']; $PHPSESSID= $_POST['PHPSESSID']; $Submit= $_POST['Submit']; $Submit2= $_POST['Submit2']; $query = "select empid,login,password,firstname,lastname,email,admin,superadmin,deptid,parentid from employee where login='$formlogin'"; $result = MYSQL_QUERY($query) or die("SQL Error Occured : ".mysql_error().':'.$query); $number = MYSQL_NUMROWS($result); $session[auth]=0; $session[admin]=0; $session[superadmin]=0; if ($number==0) { echo "<h3>Error !!</h3><br><h4>No such login exist in our system.</h4><br>$back<br>"; $session[auth]=0; $session[admin]=0; $session[superadmin]=0; $session[login]=$loginch; $session[starttime]=date("Y-m-d H:i:s"); session_register("session"); } else if ($number>0) { $loginch = mysql_result($result,0,"login"); $passwordch = mysql_result($result,0,"password"); $empid=mysql_result($result,0,"empid"); $admin=mysql_result($result,0,"admin"); $superadmin=mysql_result($result,0,"superadmin"); $firstname=mysql_result($result,0,"firstname"); $lastname=mysql_result($result,0,"lastname"); $deptid=mysql_result($result,0,"deptid"); $parentid=mysql_result($result,0,"parentid"); $email=mysql_result($result,0,"email"); // Checking if password entered matches database password // If passwords do not march, display error message if ($formpassword!=$passwordch) { echo "<h2>Wrong Password !<br><br> $back </h2>"; $session[auth]=0; session_register("session"); } // If passwords match // Then Authentification is allright // Set Session Variables to authenticate user else if ($formpassword==$passwordch) { // Setting Session Variables // These session variables can be used from any page // where a session is started. Syntax for session variable use // $session[variable] // where variable can be ny one of the following // // auth { 1, Authenticated | 0, Not authenticated} // login { login of the user } // startime { time the user started this session } // empid { Employee ID } // deptid { Department ID } // parentid { Parent (Boss) of this employee, another employee } // lastname { Employee Last Name } // firstname { Employee First Name } // email { Employee Email Address } // admin { 0, No Admin Access | 1, Admin Access } // superadmin { 0, No SuperAdmin Access | 1, Super Admin Access } $session[auth]=1; $session[login]=$loginch; $session[starttime]=date("Y-m-d H:i:s"); $session[empid]=$empid; $session[deptid]=$deptid; $session[parentid]=$parentid; $session[lastname]=$lastname; $session[firstname]=$firstname; $session[email]=$email; // User has Super Admin Privileges if ($superadmin==1) { $session[superadmin]=1; $session[admin]=1; echo "<h2>Admin User</h2>"; } // User had regular Admin Privileges else if ($admin==1) { $session[superadmin]=0; $session[admin]=1; echo "<h2>Admin User</h2>"; } // User is a Regular user else { $session[superadmin]=0; $session[admin]=0; echo "<h2>Regular User</h2>"; } // Saving Session Variabls to Server session_register("session"); // Query to update employee login data $queryu="update employee set numlogins=numlogins+1,lastlogindate='$datetime',loginip='$ipaddress' where empid='$empid';"; $resultu = MYSQL_QUERY($queryu) or die("SQL Error Occured : ".mysql_error().':'.$queryu); // If user has superadmin status // then display super admin Home Page if ($superadmin==1) { echo "<meta http-equiv=\"Refresh\" content=\"2; url=$siteaddress/admin/index.php\">\n\n<br><br><h3>You will now be transported to the Administrator Account Management Page.If nothing happens or your browser does not support Refresh Meta Tags, please click <a href=\"$siteaddress/admin/index.php\">here</a> to continue. Thanks.</h3>"; } // If user has Admin status // then display Admin Home Page else if ($admin==1) { echo "<meta http-equiv=\"Refresh\" content=\"2; url=$siteaddress/admin/index.php\">\n\n<br><br><h3>You will now be transported to the Administrator Account Management Page.If nothing happens or your browser does not support Refresh Meta Tags, please click <a href=\"$siteaddress/admin/index.php\">here</a> to continue. Thanks.</h3>"; } // If user has no admin privileges // then display regular user Home Page else { echo "<meta http-equiv=\"Refresh\" content=\"2; url=$siteaddress/accountmanager.php\">\n\n<br><br><h3>You will now be transported to your Account Management Page.If nothing happens or your browser does not support Refresh Meta Tags, please click <a href=\"$siteaddress/accountmanager.php\">here</a> to continue. Thanks.</h3>"; } } // end of else if ($formpassword==$passwordch) } // else if number > 0 }//end if session[auth]!=1 // User is already logged on // So no need for further authentification // Just transport to user home page else { echo "z"; // User is already logged in // Just Transport them to their home page // If user has superadmin status // then display super admin Home Page if ($session[superadmin]==1) { echo "<meta http-equiv=\"Refresh\" content=\"1; url=$siteaddress/admin/index1.php\">\n\n<br><br><h2>You are already logged in</h2><h3>You will now be transported to your Account Management Page.If nothing happens or your browser does not support Refresh Meta Tags, please click <a href=\"$siteaddress/admin/index.php\">here</a> to continue. Thanks.</h3>"; } // If user has Admin status // then display Admin Home Page else if ($session[admin]==1) { echo "<meta http-equiv=\"Refresh\" content=\"1; url=$siteaddress/admin/index1.php\">\n\n<br><br><h2>You are already logged in</h2><h3>You will now be transported to your Account Management Page.If nothing happens or your browser does not support Refresh Meta Tags, please click <a href=\"$siteaddress/admin/index.php\">here</a> to continue. Thanks.</h3>"; } // If user has no admin privileges // then display regular user Home Page else { echo "<meta http-equiv=\"Refresh\" content=\"1; url=$siteaddress/index1.php\">\n\n<br><br><h2>You are already logged in</h2><h3>You will now be transported to your Account Management Page.If nothing happens or your browser does not support Refresh Meta Tags, please click <a href=\"$siteaddress/index1.php\">here</a> to continue. Thanks.</h3>"; } } // end of else ?> PHP: admin/index.php <? include("header.php"); include("functions.php"); ?> <? // Checkin session ID to see if user is already logged in if ($session[auth]==0) { echo "<h2>YOU ARE NOT LOGGED IN</h2>"; echo "<h3>You have to be logged in to have acesss to this page</h3>"; echo "<br>Please click <a href=\"$siteaddress/login.php\">here</a> to login<br><br>"; } else if ($session[auth]==1) { ?> //html codes PHP: any help is greatly appreciated
Hi, Please start checking your scripts by adding ERROR_REPORTING(E_ALL) at the top of your scripts and please fix alle the errors before asking the next question. Your script is so 1999 and realy needs to be checked! and do use $_SESSION instead of $session and start your script with session_start(); http://www.php.net/sessions