Hey! I have a fantasy football site that I am using PHP and MySQL for. I am using frames, including a left side that acts as a navigation bar. Here is what should happen:
Visitor shows up at the site. He can view certain pages without logging in. Once he logs in the left frame reloads with session information and new links appear to manage his team.
Here is the problem:
A visitor shows up and a session is starting immediately. The session file is empty on my web server. But I can see the PHPSESS value in the link. What I don't like is that these sessions shouldn't be starting until they login. Also, these empty session files just site on my web server.
Any thoughts? My code is below. FYI: I have learned all this stuff myself so I am sure my code is somewhat unconventional (inefficient). Thanks in advance!!!
Rob
<?php
// start the session
session_start();
header("Cache-control: private"); //IE 6 Fix
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>PFL Site Leftmenu</title>
<link href="pfl1.css" rel="stylesheet" type="text/css">
</head>
<?php
//PHP Includes
include 'dbc.php';
include 'week.php';
if ($POST['team'])
{ //Create variable from form
$team = $POST['team'];
// Create a new Session Value
session_register('team_name', 'team_ID', 'm_fname', 'p_ID', 'lastlogin');
//Pull team info from DB for session
$result = mysql_query("SELECT team_ID, m_fname, team_name, password, logindate, lastlogin FROM teaminfo WHERE team_name = '$team'",$connection);
if ($myrow = mysql_fetch_array($result)) {
if ($_POST['pwd'] == $myrow["password"]) {
printf("%s are logged in", $myrow["team_name"]);
$team_ID = $myrow["team_ID"];
$_SESSION['team_name'] = $myrow["team_name"];
$_SESSION['team_ID'] = $myrow["team_ID"];
$_SESSION['lastlogin'] = $lastlogin;
$_SESSION['m_fname'] = $myrow["m_fname"];
?>
<br><br><a href="yourteam.php" target="mainFrame">Team Home</a><br>
<a href="gmtradehome.php" target="mainFrame">GM Activity</a><br>
<a href="mprofile.php" target="mainFrame">Your Profile</a><br>
<a href="logout.php" target="mainFrame">Log Out</a><br>
<?
}
else { echo "INVALID LOGIN!<br />";
session_destroy();
echo "<a href=\"http://pfl.robhoffman.com\" target=\"_top\">Try Again</a>"; } } }
//Not logged in, display login form
else
{ session_unregister();
session_destroy();
?>
<form action="leftmenu.php" method="post" name="rosterform">
Manager Login:
<select name="team" style="background-color:white; height:18px; width:95px; font-family:Verdana; font-size:10px;">
<?
$result = mysql_query("SELECT team_name FROM teaminfo WHERE team_ID !=99",$connection);
$myrow = mysql_fetch_array($result);
do {
printf("<option value=%s>%s</option>", $myrow['team_name'], $myrow['team_name']);
} while( $myrow = mysql_fetch_array($result)); ?>
</select><br>
Password: <input type="password" name="pwd" SIZE="12" style="background-color:white; height:18px; width:95px; font-family:Verdana; font-size:10px;"><br><br>
<input type="SUBMIT" value="Login">
</form>
</font>
<p><font class="menu">
<? } ?>
<br>
<br>
<a href="body.php" target="mainFrame">PFL Home</a><br>
<a href="teams.php" target="mainFrame">Rosters</a><br>
<a href="psearch.php" target="mainFrame">Players</a><br>
<a href="tradehome.php" target="mainFrame">Transactions</a><br>
<a href="draft.php" target="mainFrame">2003 Draft</a><br>
<a href="schedule.php" target="mainFrame">PFL Schedule</a><br>
Standings<br>
<a href="rules.php" target="mainFrame">PFL rules</a><br>
<br>
</font></p>
</body>
</html>
