[RESOLVED] Still having problems with password protected pages

anaitis4

There seems to be a problem with the session or something. I put the following code into a template that is used for all pages that shouldn't be accessed without the user being logged in:

<?php 
if(!$_SESSION['username']) 
{ 
header('Location:attendancelogin.php'); 
exit; 
} 
?>

Technically, the code works and boots people out to the login page. Unfortunately, it also boots you out even if you ARE logged in and I can't figure out why.

I thought that the session was started, but maybe I'm missing something.
Here's the code for the page that checks the login:

//At the very top of the page: 
<?php 
    include "include/session.php"; 
    include "include/z_db.php"; 
?> 
//In the <head>: 
<?php 
if($_SESSION['username']) { 
    header( 'Location: adminlogin.php' ) ; 
} 
?> 

//In the <body>: 
<?php 

$username=mysql_real_escape_string($_POST['username']); 
$password=mysql_real_escape_string($_POST['password']); 

echo $username . " " . $password; 

if($rec=mysql_fetch_array(mysql_query("SELECT * FROM users WHERE username='$username' AND password = '$password'"))){ 
    if(($rec['username']==$username)&&($rec['password']==$password)){ 
     include "include/newsession.php"; 
            echo "<p class=data> <center>Successfully,Logged in<br><br><a href='logout.php'> Log OUT </a><br><br><a href=adminwelcome.php>Click here if your browser is not redirecting automatically or you don't want to wait.</a><br></center>"; 
     print "<script>"; 
       print " self.location='adminwelcome.php';"; // Comment this line if you don't want to redirect 
          print "</script>"; 

            } 
    }     
else { 

    session_unset(); 
echo "<font face='Verdana' size='2' color=red>Wrong Login. Use your correct Username and Password and Try <br><center><input type='button' value='Retry' onClick='history.go(-1)'></center>"; 

} 
?>

And then here's the code for the include files....

session.php:

 
<?php 
session_start(); 
session_register("session"); 
?>

newsession.php:

 
<?php 
//error_reporting(E_ERROR | E_PARSE | E_CORE_ERROR); 
$_SESSION['id']=session_id(); 
$_SESSION['username']=$username; 

//echo $session['userid']; 
?>

Does anybody see something I'm missing here?

sneakyimp

Have you verified that the information is getting set in $SESSION by your login script? You might want to test that by loggin in and then visiting this page:

<?
session_start();
print_r($_SESSION);
?>

That should show you what your $SESSION variable contains. If that is getting set properly then the problem is in the file that is 'booting you out'. NOTE that for $SESSION to be populated with the right information, you have to call session_start(). This is done in your file session.php. Make sure that you are including that file before you do this:

<?php
if(!$_SESSION['username'])
{
header('Location:attendancelogin.php');
exit;
}
?>

otherwise, you will get booted every time because you haven't initialized the session handling.