Trouble passing global variables

dirion

I'm trying to make my own user login system with a mySQL database, but i'm having trouble passing a session variable through a switch statement, so that the script recognizes that the user is still logged in.

<code>
#######FUNCTIONS

function home()
{
global $session_id, $username;

$valid_SID = check_SID();

if ($valid_SID)
	{		
	echo ("<DIV ALIGN=\"CENTER\">\n");
	echo $username;
	echo ("<BR>\n");
	echo $session_id;		
	echo ("</DIV>\n");
	}
else
	{
	show_login();
	}

return true;
}

function show_login()
{
global $username, $session_id;

echo ("<DIV ALIGN=\"CENTER\">\n");
echo ("<FORM ACTION=\"$PHP_SELF?login\" method=\"POST\">\n");
echo ("<TABLE>\n");
echo ("<TR><TD><FONT>Username:</FONT></TD><TD><INPUT NAME=\"username\" TYPE=\"text\" LENGTH=\"10\" MAXLENGTH=\"10\"></TD></TR>\n");
echo ("<TR><TD><FONT>Password:</FONT></TD><TD><INPUT NAME=\"password\" TYPE=\"password\" LENGTH=\"10\" MAXLENGTH=\"10\"></TD></TR>\n");
echo ("<TR><TD></TD><TD><INPUT NAME=\"submit\" TYPE=\"submit\" VALUE=\"Submit\"></TD></TR>\n");
echo ("</TABLE>\n");
echo ("</FORM>\n");
echo ("</DIV>\n");

return true;
}

function login()
{
global $username, $password, $session_id;

$valid_user = authenticate_user();

if($valid_user)
	{
	create_SID();
	register_SID();
	home();
	}
else
	{
	echo ("<DIV ALIGN=\"CENTER\">\n");
	echo ("<FONT>Incorrect username or password.</FONT>\n");
	echo ("</DIV>\n");
	}

return true;
}

function authenticate_user()
{
global $server, $user, $pass, $division, $username, $password;

$connection = mysql_connect($server, $user, $pass);
$db = "$division" . "_news";
mysql_select_db($db, $connection);

$query = "SELECT * FROM users WHERE username = '$username' AND password = '$password'";
$result = mysql_query($query, $connection);
$rows_returned = mysql_num_rows($result);
if ($rows_returned)
	{
	$valid = 1;
	}
else
	{
	$valid = 0;
	}

return $valid;

}

function create_SID()
{
global $server, $user, $pass, $division, $session_id;

$connection = mysql_connect($server, $user, $pass);
$db = "$division" . "_news";
mysql_select_db($db, $connection);

mt_srand((double)microtime()*1000000);
$unique_id = mt_rand(1000000000,9999999999);

$session_id = md5($unique_id);

return true;
}

function register_SID()
{
global $server, $user, $pass, $division, $session_id, $username;

$connection = mysql_connect($server, $user, $pass);
$db = "$division" . "_news";
mysql_select_db($db, $connection);

$query = "UPDATE users SET session_id = '$session_id' WHERE username = '$username'";
$result = mysql_query($query, $connection);

return true;
}

function check_SID()
{
global $server, $user, $pass, $division, $session_id;

$connection = mysql_connect($server, $user, $pass);
$db = "$division" . "_news";
mysql_select_db($db, $connection);

$query = "SELECT * FROM users WHERE session_id = '$session_id'";
$result = mysql_query($query, $connection);
$rows_returned = mysql_num_rows($result);

if ($rows_returned)
	{
  	$valid = 1;
	}
else 
	{
  	$valid = 0;
	}

return $valid;
}

#########SWITCH STATEMENT

if(isset($QUERY_STRING))
{
switch($QUERY_STRING)
{
case "home":
home();
break;
case "manage_users":
manage_users();
break;
case "manage_news":
manage_news();
break;
case "login";
login();
break;
case "logout";
logout();
break;
default:
home();
}
}
</code>
i have links on the top that go with the switch statement, with targets like $PHP_SELF?home

i am having no problem logging the user in and getting a session id for the first time, but if i click one of the links, like the home link, the session id is lost (somewhere in the switch statement i believe) is there anyway to fix this?

thanks in advance

dirion

I've got an idea as to why this might not be working, and i think that i'm basically reloading the page with the links, so i'm losing all my variables. I'm thinking that in order to store the session id, i would have to use a cookie or something. can anyone confirm this?