I'm trying to make my site not use PHPSESSID in the url string, but when I change my php.ini file I lose my session when I load a new page.
I tried this in my php.ini file:
session.use_only_cookies = 1
session.use_trans_sid = 0
When I logged in it worked, but when I tried to load another page I was logged out.
Here is my code that is run each page load. It checks if the user submitted to the login and password form and logs them in if they did. Is this where my problem comes from?
session_start();
if($_POST) {
$_SESSION['name'] = $_POST["name"];
$_SESSION['password'] = $_POST["password"];
}
$Link = mysql_connect("$hostname", "$dbuser", "$dbpass");
$result = mysql_db_query($database, "select confirmed from members where username LIKE BINARY '" . $_SESSION['name'] . "' and password LIKE BINARY '" . $_SESSION['password'] . "'", $Link);
$num = mysql_num_rows($result);
if($num < 1) {
if($_POST) $error = "<center><b>Login failed.</b><br><font size = 1>usenames and passwords are case sensitive</font></center>";
$_SESSION['name'] = "Guest";
$LoggedIn = "FALSE";
} else {
$c = mysql_fetch_row($result);
if ($c[0] == 0) {
$LoggedIn = "FALSE";
$_SESSION['name'] = "Guest";
$error = "<center><b>You must click the link in your confirmation email to login!</b></center>";
} else {
$TheDay = trim(date("D, M j, Y H:i a"));
$sql = "UPDATE members SET lastactive = '".$TheDay."' where username = '".$_SESSION['name']."'";
mysql_db_query($database, $sql, $Link);
$LoggedIn = "TRUE";
}
}
