How to programatically log in users

glima

Hello guys. I hope to have written the title right 😛 English is not my first language and I always get confused with log ON and log IN :S
Anyway, my question is... I created this form for users to register to my website and it is working great just the second part isn't doing what I want it to do.
After registering the form creates a temp account on my DB and sends an email to the email to confirm the email address in the email body it sends a confirmation code and the user's email.

What I want is when the user click on the link to confirm I want to log on the user automatically...

Today when the user click on the confirm link it brings the website and the email confirmation script, it moves the account from the TMP table to the confirmed, it tries to redirect the user automatically, but it appear not to be creating the session because instead of redirecting the user to the account management area it takes the user to the log in if the $_GET['accesscheck '] variable :S.

I thought it would be easy to do but I'm kinda stuck on this for over a week 🙁

If some one can shine a light would help me a lot.

Here is the code Ive been using to try to redirect the user after the temp account confirmation:

require_once('Connections/dbConnect.php');

  $loginUsername='user@email.com';
  $password=sha1('password');

  $MM_fldUserAuthorization = "";
  $MM_redirectLoginSuccess = './main.php?page=Home';
  $MM_redirectLoginFailed = "index.php?&LoginError";
  $MM_redirecttoReferrer = false;
  mysql_select_db($database_dbConnect, $dbConnect);

  $LoginRS__query=sprintf("SELECT user_email, user_password FROM user_registered WHERE user_email='".$loginUsername."' AND user_password='".$password."'"); 

  $LoginRS = mysql_query($LoginRS__query, $dbConnect) or die(mysql_error());
  $loginFoundUser = mysql_num_rows($LoginRS);

  if ($loginFoundUser) {
     $loginStrGroup = "";

//declare two session variables and assign them
$_SESSION['MM_Username'] = $loginUsername;
$_SESSION['MM_UserGroup'] = $loginStrGroup;	      

if (isset($_SESSION['PrevUrl']) && false) {
  $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];	
}
header("Location: " . $MM_redirectLoginSuccess );
  }
  else {
	header("Location: ". $MM_redirectLoginFailed );
  }

CoderDan

a few quick comments on the code itself:
how are $loginusername and $password usually initialized (i assume you changed this code here?) as, as it stands, it's going to always check for the same default user, regardless of who comes to this page,
you're using sprintf on the query, but not actually 'using' it - ie, it's doing nothing.
you should be using mysql_escape_string on the $loginUsername when you put it into the query. Possibly also with teh password, i forget what kinds of characters sha1 may be returning (and it can't hurt)
not sure if it's a problem or not, but you are assigning loginStrGroup to an empty string, then storing it into session... doesn't seem to be a reason to do this.

where is $_SESSION['PrevUrl'] getting set?
the "&& false" part of the if check is doing nothing

the variable $MM_redirecttoReferrer appears unused.