session variables

adamluz

I have been attempting to get session variables to work on this script....

location is at: http://www.burbankglendale.com/search/admin.php
<?
include ("config.php");
include ("include.php");
session_start();
if(!$HTTP_SESSION_VARS['admin']){
if($nick & $password){
$sql = mysql_query("SELECT password FROM {$prefix}admin WHERE nick = '$nick'");
if (mysql_num_rows($sql) == 0){
$error_login = true;
}else if ( mysql_result($sql,0,"password") != $password){
$error_login = true;
}else{
$HTTP_SESSION_VARS['admin'] = true;
header("Location: {$dir}admin_edit.php");
};
};
}else{
header("Location: {$dir}admin_edit.php");
};
?>
<HTML>
<HEAD>
<TITLE>Control Panel</TITLE>
<SCRIPT TYPE="text/javascript" SRC="style.js"></SCRIPT>
</HEAD>
<BODY>
<DIV CLASS="main">
<DIV CLASS="logo"><A HREF="<? echo $dir?>index.php"></A></DIV>
<DIV CLASS="heading">
<H1>Control Panel</H1>
<DIV CLASS="heading_path"><A HREF="<? echo $dir?>index.php">Index</A> > Control Panel</DIV>
</DIV>
<?
if (getenv("REQUEST_METHOD") == "POST"){
?>
<DIV CLASS="form">
<DIV CLASS="form_text">The user name and/or the password are incorrect:</DIV>
<DIV CLASS="form_controls">
<FORM METHOD="post" ACTION="admin.php">
<INPUT TYPE="text" NAME="nick" VALUE="<? echo $nick?>" MAXLENGTH=14 CLASS="form_controls_text"> Username<BR>
<INPUT TYPE="password" NAME="password" VALUE="<? echo $password?>" MAXLENGTH=14 CLASS="form_controls_text"> Password<BR>
<INPUT TYPE="submit" VALUE="Enter" CLASS="form_controls_button">
</FORM>
<SCRIPT>

</SCRIPT>
</DIV>
</DIV>
<?
}else{
?>
<DIV CLASS="form">
<DIV CLASS="form_text">Type your user name and password to enter the panel:</DIV>
<DIV CLASS="form_controls">
<FORM METHOD="post" ACTION="admin.php">
<INPUT TYPE="text" NAME="nick" VALUE="<? echo $nick?>" MAXLENGTH=14 CLASS="form_controls_text"> Username<BR>
<INPUT TYPE="password" NAME="password" VALUE="<? echo $password?>" MAXLENGTH=14 CLASS="form_controls_text"> Password<BR>
<INPUT TYPE="submit" VALUE="Enter" CLASS="form_controls_button">
</FORM>
<SCRIPT>

</SCRIPT>
</DIV>
</DIV>
<?
};
?>
</DIV>
</BODY>
</HTML>

Sometimes its lets me in, other times it doesn't. Latly I have not been able to login. Its able to connect to the mysql database fine and if I enter a invalid username/password it lets me know. For some reason when I enter the correct username and password it just reloads the page and doesn't log me in. I check in the server as I am the administrator and it doesn't look like its writing the session to /tmp. I thought maybe it was a php.ini error but I create a small script at http://www.adamluz.com/session.php (same server different host) and its sessions work fine and its writing to the /tmp directory. The directory has chmod 777 so now I am stuck. I don't know what wrong. Any idea's?

PS. if you want to see my php info its http://www.adamluz.com/php.php

Thanks

rinjani

Try putting session_start at the top of the page, first thing after <?php

<?php
session_start();
include 'xyz';

HTH

rinjani

adamluz

I got it working, thank you...