The following is something I designed and though should work. I'm sorta new with sessions, but am trying to implement them into my new site design and user system. Maybe I'm being stupid, but I thought it should work.
First off, you can login from any page on the site. It then sends your username, password, and the REQUEST_URI to login.php in the form $uname, $pword, and $return_page. Once login.php recieves it, the following occurs (this is login.php):
<?php
$db = mysql_connect("localhost", "my_db_username") or die("Could not connect!\n");
$db_name = "users_mv";
$usedb = mysql_query("USE $db_name") or die("Couldn't find database");
$result = mysql_query("SELECT pword FROM userinfo WHERE username='$uname'", $db) or die("Mysql error:".mysql_error($db));
$array_res = mysql_fetch_array($result);
$stored_pass = $array_res[0];
//Password Test
$new_pass = md5("$pword");
if($new_pass != $stored_pass){
mysql_close($db);
include("includes/styles.txt");
print <<<EOF
Code for "password incorrect" message here.
EOF;
exit;
}
$userinfo = mysql_query("SELECT * FROM userinfo WHERE username = '$uname'", $db) or die("Mysql error:".mysql_error($db));
$sessarray = mysql_fetch_row($userinfo);
session_register('sessarray');
mysql_close($db);
header("Location:$return_page?session=".session_id());
?>
Now, everything seems to work fine until the very end. When the user is sent back to the URI sent from the original login form, session_id() is supposed to be tacked on the end of it. What winds up happening instead is session_id() always turns up blank! I just don't get it at all...
Thanks for any help in advance!
