Hi all,
I've been trying for the last couple days to get Sessions working properly in PHP and haven't found a solution yet. I searched and browsed these forums for a while too.
My question is this: I have a set of pages that should be controlled by a login. So, at the top of every page, I want to include a little script that determins login status and redirects to the login page if the user has not logged in. However, clicking on a link or reloading the page will cause the script to think that the user has not logged in. Here's the code for the script that should be controlling page access:
<?php
session_start();
if($_POST['login'])
{
$username = $_POST['username'];
$password = $_POST['password'];
/*Hides some of the Databse Connection + Checking Code */
require '/users/cs477/user.php';
$user = new user($username, md5($password));
if($user->getLoginStatus())
{
session_name("$username");
$_SESSION['loggedIN'] = $user->getLoginStatus();
$_SESSION['username'] = $user->getUsername();
$_SESSION['usertype'] = $user->getUsertype();
$_SESSION['userID'] = $user->getPersonID();
}
else
header("location: login.php?badlogin=true");
}
elseif(!isset($_SESSION['loggedIN']))
header("location: login.php?nologin=true");
?>
In plain english, the script does two things. First, it determines whether or not it was redirected to from the login page. If it was, it authenticates the user.
If it was not redirected to from the login page, it checks the Login status of the user.
And if neither of these things happen, it doesn't do anything, letting the page load as normal.
To test this, I wrote a little page
<?php require 'login_status.php'; ?>
<html>
<head>
<title>Test Login</title>
</head>
<body>
<?php
echo $_SESSION['loggedIN'] . ' . ' . $_SESSION['username'] . ' . ';
echo $_SESSION['usertype'] . ' . ' . $_SESSION['userID'];
echo "<br><a href='login_test.php'>Login Test</a>";
?>
</body>
</html>
So, when I redirect to this test page from the login page, the Session Data is all displayed properly. BUT when I click the link, it redirects me to the login page saying that I'm not logged in?
Can anybody tell me why this is happening?
