Session security giving me just a blank screen.

SFDonovan

Hey everyone.

In my initial script where members click the link it sends them to a checkuser for validation.

$nukeusername = $userinfo['username'];  

$sql = "SELECT * FROM " . $prefix . "_eto_divisions WHERE div_commander ='$nukeusername'"; 
   $result = $db->sql_query($sql); 
   if ($db->sql_numrows($result) > 0) { 
       @session_destroy(); 
       session_start(); 
       $_SESSION['logged_in'] = 1;       

       Header("Location: modules.php?name=Campaign&file=CombatAssets"); 
    } else { 
       @session_destroy(); 
       session_start(); 
       $_SESSION['logged_in'] = 0;       

       Header("Location: modules.php?name=Campaign&file=AccessDenied"); 
    } 
    die(); 

?>

If they are logged in and their username matches what is in the eto_divisions table then the session is set and they are sent to CombatAssets.

Upon entering the CombatAssets I have the following.

<?php
session_start(); 

if (!isset($_SESSION['logged_in'])) {
	session_regenerate_id() 
   $_SESSION['logged_in'] = 1;
} else {
   @session_destroy(); 
   session_start(); 
   $_SESSION['logged_in'] = 0;       

   Header("Location: modules.php?name=Campaign&file=AccessDenied"); 
}

...and the rest of my page follows.

But all I am getting is a blank screen.

Where did I goof?

Weedpacket

One problem I think I see is that CombatAssets will redirect you to the AccessDenied page if you're logged in. If $_SESSION['logged_in'] hasn't been set, then CombatAssets logs you in and then continues. If it has been set, it logs you out, and redirects you.