AHHHH, this is driving me nuts

viper21634

I have a login page, i include a header and config file, then it goes through a series of if's if none are true, i escape the php "?>" and have a form for the username and pass, then it submits the form, and runs the checks on it, it starts a session, sets 3 session vars, id, is_paid, loggedin, then sends them to a user page, it check for the session var loggedin, but, it ALWAYS fails there, and goes to the "you are not logged in" for some reason when i set the session, it is not actually set, i can do a session_is_registered on my vars on the login page and they come back true, but on the next page it comes back false, there is only one spot on the whole site where i use the session destroy(), and that is in the logout section of the login page, but i even took that out to see if maybe it was getting called for some reason, but that didnt make a diff. Any body have any ideas?

here is code:

include("config.inc.php");
if(isset($HTTP_GET_VARS['login']))
{
	//run login
	$conn = mysql_connect($host,$user,$pass);
	mysql_select_db($db,$conn);
	$query = "SELECT id,uname,pass,is_active,is_paid,reg_code FROM users WHERE uname = '$uname'";
	$result = mysql_query($query,$conn);
	$row = mysql_fetch_array($result);

if(mysql_affected_rows($conn) < 1)
{
	echo "You have entered a invalid username or password. Please try again.";
}
if($row[pass] == md5($pass))
{
	if($row[is_active] !== "1")
	{
		echo "The account you tried to login to does not appear to be activated. If you feel you have reached this page in error, please contact customer service at [email]service@constructionnetwork.net[/email]";
	}
	if($row[reg_code] !== "0")
	{
		echo "The account you tried to login to does not appear to be activated. If you feel you have reached this page in error, please contact customer service at [email]service@constructionnetwork.net[/email]";
	}
	elseif($row[is_active] = "1" && $row[reg_code] == 0)
	{
		session_start();
                                            session_register("id");
		session_register("is_paid");
		session_register("loggedin");
		if(session_is_registered('id') && session_is_registered('is_paid') && session_is_registered('loggedin'))
		{
			$id = $row[id];
			$is_paid = $row[is_paid];
			$loggedin = "1";
			mysql_close($conn);
			if($row[is_paid] == "1")
			{		
				header("Location: [url]http://www.constructionnetwork.net/homeuser/prem_panel.php[/url]");
			}
			if($row[is_paid] == "0")
			{
				header("Location: [url]http://www.constructionnetwork.net/homeuser/public_panel.php[/url]");
			} 
		}
		else
			echo "There was a error statring your session";
	}
}
else
{
	echo "You have entered a invalid username or password. Please try again.";
}
}
include("header.php");

public_panel.php

<?
include("header.php");
include("config.inc.php");
if(isset($loggedin))
{
	$conn = mysql_connect($host,$user,$pass);
	mysql_select_db($db,$conn);
	$query = "SELECT area_name,area_id FROM area";
	$res = mysql_query($query,$conn);
?>
<form action="search.php?contractor&user=$sess_id&service=$sess_is_paid" method="post">
Search by name: <input type="text" name="$cname"><br>
Search by state <select name="state"><option value="none" selected>Choose a state</option><option value="TN">Tennessee</option><option value="GA">Georgia</option></select><br>
Search by Area: <select name="area"><option value="none" selected>Choose a area</option>
<?
	while($data = mysql_fetch_array($res))
	{
		echo "<option value=".$data[area_id].">".$data[area_name]."</option>";
	}
?>
</select>		
</form>
<?
mysql_close($conn);	
}
elseif(!isset($loggedin));
{
	echo $sess_loggedin."<br>";
	echo $sess_is_paid."<br>";
	echo $sess_id."<br>";
	echo "You arnt loggein";
	//phpinfo();
	//header("Location: [url]http://www.constructionnetwork.net/homeuser/login.php[/url]");

}
include("footer.php");
?>

sarahk

first thing I'd do is echo out the sql $query with the username and run that through mysql and see if it's ok. Check that your database connection is ok etc as it appears to fail before it even gets to check the session.

debug step by step.

viper21634

well, here is the thing, i have debugged it enought to know that it is starting the session and setting the session vars, then i go directly to the user page, but, it isnt seeing the session vars from that page, for some reason

viper21634

well, its official, I am a moron, i found out what was causing my problem

one little ";"

elseif(!isset($loggedin));

it was causing my elseif to be true, strange thing is, php wasnt showing a error, 😕 ohh well, it works now

galena

those are the really nifty bugs....
php wasn't throwing an error because it is perfectly legal to start a block with {} ANYWHERE you like. You dont' need an if statement or anything to do this.

Weedpacket

It wasn't making the elseif true, it just wasn't doing anything when the variable wasn't set.

...elseif(!isset($loggedin));
{ blahblah
}

is equivalent to
...elseif(!isset($loggedin))
{
}
{ blahblah
}

is equivalent to
...elseif(!isset($loggedin))
{
}
blahblah

is equivalent to
...
blahblah