Hi to all .....

Istly have to mention here..I'm kind of newbie in php so my attempt just now is to make a simple login authentication using session....

Ok I able to do a login then set the session only my problem is when i Try to access in restricted page it's seem not recognise me..then it'll redirect to the login.php...eventhough after successful login...really weird..?... ok below I paste the code I currently using...

in index.php


<?

$PAGEINDEX = true;
include_once ('other/auth_user.php');

?>

then in auth_user.php

<?
/********************************************************/

function db_connection2(){
	$dbname='shopcart';
	$link=mysql_connect('localhost','root','');
	mysql_select_db($dbname) or die(mysql_error());

return $link;
}

function db_select2($query){
	$result = mysql_query($query) or die(mysql_error());
	$rows = mysql_fetch_array($result);
	return $rows;
	mysql_free_result($result);
}

function db_update2($query){
	mysql_query($query) or die(mysql_error());
}

// ---------------------------------------------------------------------------------------- 
// functions 
// ---------------------------------------------------------------------------------------- 

function auth()
{  

  	global $mysession, $userid, $password, $varlatenter;

if (isset($_GET['bye'])) 
{                                     // user requested logout 
	session_start(); 
	session_unregister("mysession"); 
	session_destroy(); 
	return 0; 
} 

if(isset($_POST['sented']))
{                               // arrive from login form 
	$login_ok = 0;  
	if (isset($_POST['userid']) and isset($_POST['password']))
	{  
		$db = db_connection2();
		$rows = db_select2("SELECT * FROM useraccount WHERE userid='".$_POST['userid']."' AND password='".$_POST['password']."' LIMIT 1"); 

		if ($rows)
		{
			session_start();  
			// create the session array 
			$mysession = array ("userid" => $_POST['userid'], "password" => $_POST['password'], "ID" => session_id());  
			///////////////////////////////
			$userid = $_POST["userid"];
			$password = $_POST["password"];
			$varlatenter = $rows['lastenter'];
			session_register("mysession");  
			$varlatenter = $rows['lastenter'];
			db_update2("UPDATE useraccount SET lastenter=NOW() WHERE userid='".$_POST['userid']."'"); //last update

			$login_ok = 1;
			return 1;                               // authentication succeeded 			  
		}  

		 mysql_close($db); 
	}

	if(!$login_ok)
	{  
		return 0;                                   // access denied 
	}

}else{                                           // arrive from session var 
	$login_ok = 0;  
	session_start();

	foreach($GLOBALS["mysession"] as $elem)
	{      // retrieve session array 
	  $ses_tmp[] = $elem;  
	}  

	$userid = $ses_tmp[0];                         
	$password = $ses_tmp[1];                        

	$db = db_connection2();
	$rows = db_select2("SELECT * FROM useraccount WHERE userid='$userid' AND password='".$password."' LIMIT 1");

	if ($rows)
	{    							
		session_start();  
		// create the session array 
		$mysession = array ("userid" => $userid, "password" => $password, "ID" => session_id());  
		session_register("mysession"); 





		////////////////////////////////////////// 

		$login_ok = 1;
		return 1;                                 // authentication succeeded 			  
	}  

   	mysql_close($db);

	if(!$login_ok)
	{
	  	return 0;                                   // access denied 
	}

} //end else
}//end function  

// -------------------------------------------------------------------------------------- 
// main 
// -------------------------------------------------------------------------------------- 

//init vars; 
$mysession = array ("userid"=>FALSE, "password"=>FALSE, "ID"=>FALSE, "usertype"=>FALSE);  

if(!auth())
{                 // authentication failed
	$logsuccessed = 0;
	if($PAGEINDEX != true){
		include("login.php");               // display login form 
	}

}else{                      // authentication was successful 
	$logsuccessed = 1;

} 
?>

and lastly in my restricted page
main.php

<?
//I just include the auth_user.php page only but it keeps redirect me eventhough after success login
include_once ('other/auth_user.php');

if($logsuccessed != 1){
	exit();
}

?>

hope someone will point me or at least show me where is my wrong exactly...I'm alaso attach my file for u guys review...

p/s: auth_user.php must be put in other directory

    I think on the page your trying to get to you need to check the session data for the auth string then say it's OK to use the page if say username and pass are set and match whatever is in the DB.

    <?php
    if (!isset($_SESSION)) {
    session_start();
    }
    $MM_authorizedUsers = "";
    $MM_donotCheckaccess = "true";

    // *** Restrict Access To Page: Grant or deny access to this page
    function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) {
    // For security, start by assuming the visitor is NOT authorized.
    $isValid = False;

    // When a visitor has logged into this site, the Session variable MM_Username set equal to their username.
    // Therefore, we know that a user is NOT logged in if that Session variable is blank.
    if (!empty($UserName)) {
    // Besides being logged in, you may restrict access to only certain users based on an ID established when they login.
    // Parse the strings into arrays.
    $arrUsers = Explode(",", $strUsers);
    $arrGroups = Explode(",", $strGroups);
    if (in_array($UserName, $arrUsers)) {
    $isValid = true;
    }
    // Or, you may restrict access to only certain users based on their username.
    if (in_array($UserGroup, $arrGroups)) {
    $isValid = true;
    }
    if (($strUsers == "") && true) {
    $isValid = true;
    }
    }
    return $isValid;
    }

    $MM_restrictGoTo = "login.php";
    if (!((isset($SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $SESSION['MM_Username'], $SESSION['MM_UserGroup'])))) {

    $MM_qsChar = "?";
    $MM_referrer = $    SERVER['PHP_SELF'];
    if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
    if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0)
    $MM_referrer .= "?" . $QUERY_STRING;
    $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
    header("Location: ". $MM_restrictGoTo);
    exit;
    }
    ?>

      Write a Reply...