Checking for Session information

djcomplex

hi im making a very simple login script, ive set it up so that when the user logs in it creates a session variable called 'valid_user' i then want to be able to check for this to see if a user is logged in on other pages however it does seem to work

functions.php

<?php session_start(); function login($username, $password) { session_start(); $username = $HTTP_POST_VARS['username']; $password = $HTTP_POST_VARS['password']; global $username; global $password; db_connect();  $query = "select * from hw_users where username='$username' and password='$password' and admin='1'" or die (mysql_error()); $result = mysql_query($query); $num_results = mysql_num_rows($result);  if ($num_results == 1) {    $HTTP_SESSION_VARS['valid_user'] = $username;  global $HTTP_SESSION_VARS;   do_html_header($username);  display_admin_menu();  }  else  {  echo '<strong> You are not an admin user</strong>';  } } echo '<br>'; function do_html_header($title) { ?> <html> <head> <title>Admin Area</title> </head> <body> <?php }  function display_login_form() { echo '<form method=post action="login.php">'; echo '<table bgcolor="#cccccc" cellpadding = 6 cellspacing = 0 border = 0>'; echo ' <tr>'; echo ' <th colspan = 2 bgcolor = "#5B69A6">'; echo '<b>Login</b>'; echo ' </th>'; echo ' </tr>'; echo '<tr>'; echo '<td><b>Username:</b></td><td><input type=text name=username></td>'; echo '</tr>'; echo '<tr>'; echo '<td><b>Password:</b></td><td><input type=password name=password></td>'; echo '</tr>'; echo '<tr>'; echo '<td><center><input type=submit value="Login"></center></td>'; echo '</tr>'; echo '</table>'; }  function db_connect() { $db = mysql_connect('localhost','root','') or die (mysql_error()); mysql_select_db('nuke'); }  function display_admin_menu() { ?> <a href="/dev/homework/beta/add/index.php">Add Homework</a> <br> <a href="/dev/homework/beta/view/index.php">View Homework</a> <br> <a href="/dev/homework/beta/auth/index.php">Index</a> <br> <a href="/dev/homework/beta/auth/check.php">check</a> <?php echo $HTTP_SESSION_VARS['valid_user']; }  function check_valid_user() {  global $HTTP_SESSION_VARS;  if (isset($HTTP_SESSION_VARS['valid_user']))  {   echo ' Logged in as'.$HTTP_SESSION_VARS['valid_user'].'.';;   echo '<br />';  }  else  {  do_html_header('Error');  echo 'you are not logged in.<br />';  display_login_form();  exit;  } } ?>

index.php

<?php include('hw_fns.php'); check_valid_user(); ?>

<?php include('hw_fns.php'); login($username, $password); ?>

i hope someone can point me in the right direction

laserlight

I suggest that you format your code properly, first.

It makes it easier for us to read, and for you to debug and maintain.

djcomplex

i thought it was :/

whats missing?

laserlight

um,
1. How does it not work?
2. Dont you find that all your errors are on line 1? Not very useful, is it?

You need to space things out, e.g. 1 statement per line.

djcomplex

it is all formatted correctly in my editor all multiple lines, dont know why it goes all on one line here

the first bit of code is my functions list

basically it logs in, querys the db and matchs the username and password its then meant to register a session variable saying thats a valid user $HTTP_SESSION_VARS['valid_user'] = $username

i then thought id be able to check for this on other pages to see if the user is logged in, however its either not creating it or its not reading it

Refl3ct

Is it just me, or is that code very similar to phpBB's session searching? i use this code whenever im creating off-phpBB grounds, and i want to search for the "forum session" i use this, dunno if it will be at any help, but i may as well post it.

$userdata = session_pagestart($user_ip, PAGE_INDEX); 
init_userprefs($userdata);