I have quite a complicated authentication script so I won't copy it all out now. Basically when you can log into "home.php", a session is set (at least i think so) because the session variable is called up later in the page and it displays correctly.
However if you click a link on to another page, even the same one, the session doesnt seem to exist and consequently the access is denied. :chomp:
Have a look at this...
if($login == 1){
session_start();
$_SESSION = array();
session_destroy();
header("Cache-control: private");
// Get the user's input from the form
$uname = $_POST['uname'];
// Get the user's input from the form
$upass = $_POST['upass'];
// Register session
$_SESSION['uname'] = $uname;
$uname = $_SESSION['uname'];
// Register session 2
$_SESSION['upass'] = $upass;
$upass = $_SESSION['upass'];
}else{
// Already logged in
session_start();
header("Cache-control: private");
$uname = $_SESSION['uname'];
$upass = $_SESSION['upass'];
}
The 1st part is for if a new login exists, the else is if they have already logged in (included at the top of every other page). I think it is this part which is incorrect as this is where the sessions should be set.
Following this the sessions are checked against data in a mysql table to verify the user. However as they dont contain anything there is no match and so no authentication.
Any ideas what I'm doing wrong, with either setting the session correctly, calling it back up on each page or somehow terminating it?
Sorry for any confusion and my somewhat novice scripting.
Thanks 🙂
