check if logged in

[deleted]

I'm having a problem getting my sessions to pass between pages that require authentication. What happens is that I can log into one page, but each time I trie to login to another page I get prompted to login again.

Here's the login code:

<?php
session_start();


include("common.php");
include("sql_layer.php");
include("functions.php");
//include("header.php");

$_SESSION['isLoggedIn']= FALSE;
if(!isset($_POST["email"])){
?>
<?php //head(); ?>
	<form method="Post" action="<?=$_SERVER['PHP_SELF']?>?mod=<?php echo $_GET['mod'];?>">
		<span class="name_text">Login. <br/></span>
			e-mail: 
			<br/>
			<input class="login_field" type="text" name="email" />
			<br/>
			<br/>
			password: 
			<br/>				
			<input class="login_field" type="password" name="pwd" />
			<br/>
			<br/>
			<input class="login_button" type="submit" name="submitok" value="Sign in">
	</form>

<?php
exit;
}


//connect to database
dbConnect('crc1');
$email = $_POST['email'];
$password = $_POST['pwd'];
$sql = "SELECT * FROM tblusers WHERE emailaddress = '$email' AND password = md5('$password')";
$result = sql_query($sql) or die ("Error in query: $sql. " . mysql_error());

if (sql_num_rows($result)== 0) {

$_SESSION["emailaddress"] = $_POST['email'];
$_SESSION["password"]= $_POST['pwd'];
$_SESSION["isLoggedIn"] = TRUE;

?>
<?php //head(); ?>
	<body style="background-color: #CCCC99; text-align: center">
<?php echo $_POST['email'];?>
	<br/>
	<?php echo $passw=  $_POST['pwd']; ?>
	<?php echo $password = md5($passw);?>
	<br/>
	<form method="Post" action="<? $_SERVER['PHP_SELF']?>?mod=<?php echo $_GET['mod'];?>">
		<span class="name_text">Login.<br/></span>
			<div style="width: 200px; padding: 3px; border-style: solid; border-width:1px; border-color: #999999; background-color: #E9E9E9;color:#FF0000;">You have entered an incorrect username or password.Please try again. </div>
			<br/>
				e-mail: 
			<br/>
			<input class="login_field" type="text" name="email" />
			<br/>
			<br/>
				password: 
			<br/>
			<input class="login_field" type="password" name="pwd" />
			<br/>
			<br/>
			<input class="login_button" type="submit" name="submitok" value="Sign in">
	</form>							
</body>

<?php
exit;
}
$firstname = mysql_result($result,0,"firstname");
$lastname = mysql_result($result,0,"lastname");
?>

And here's the code that checks if the user is logged in.

session_start();
if ($_SESSION['isLoggedIn']=TRUE){ 

//code for the page goes here

	<?php
}else{
	echo error("You are not logged in.");
}
?>

Clearly I'm doing something wrong, but I am not sure what. Any help would be greatly appreciated.

thessoro

maybe you need to register the variable as a session variable. Try: (what a mess)
why don't?

$showform=true;
if(isset($_POST["email"] && isset($_POST['password']))  (
    1. check if the login name and password are right
        1.1 register variables
        1.2 showform=false;
}
if ($showform) {
    show the form again
}

this way you will have no need to write the form twice! i think is much clearer. Anyway, what you are doing is this:

if (sql_num_rows($result)== 0) {
     register variables
     logged=true
     show the form again
}

so, if there is no result, you log the user, then show the form and submit it, and just when it returns you set logged=false again...

try this

if (sql_num_rows($result)) {
     session_register ('whatever');  // i don't know if this is really necessary
     $_SESSION['whatever']=whatever;
}

Just another thing...
You have written

 
if ($_SESSION['logged']=true) {
      i'm logged
}

notice the condition above is always true, whatever $_COOKIE['logged'] contains...
Try

if ($_SESSION['logged']==true)  // or just 
if ($_SESSION['logged'])