I've been there done that. I've tried everything except the empty function. I just forgot to update the code before I submitted it. below is the new code:
$query = mysql_query("SELECT ThemeDashboardURL, ThemeStartpageURL FROM theme_repository") or die("Failure");
while($row = mysql_fetch_array($query))
{
if(!empty($_SESSION['loggedin'])) {
include($row['ThemeDashboardURL']);
//otherwise they are shown the admin area
} else {
//if the cookie does not exist, they are taken to the login screen
include($row['ThemeStartpageURL']);
}
}
And come to think of it, Maybe I'm not setting the SESSION variable right. Below is my login processing script:
<?php
// Connects to your Database
mysql_connect("localhost", "root", "") or die(mysql_error());
mysql_select_db("drupia1") or die(mysql_error());
//Checks if there is a login cookie
if(isset($_POST['username'])) {
//if there is, it logs you in and directes you to the members page
$username = $_POST['username'];
$password = (md5($_POST['password']));
$check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."' and passcode = '".$_POST['password']."'")or die(mysql_error());
while($info = mysql_fetch_array($check)) {
if ($password != $info['passcode']) {
include("../login.php");
} else {
include("../Themes/Original-CORE/dashboard.php");
}
}
}
//if the login form is submitted
if (isset($_POST['submit'])) { // if form has been submitted
// makes sure they filled it in
if(!$_POST['username'] | !(md5($_POST['password']))) {
die('You did not fill in a required field.');
}
// checks it against the database
if (!get_magic_quotes_gpc()) {
$_POST['username'] = addslashes($_POST['username']);
$_POST['password'] = addslashes(md5($_POST['password']));
}
$check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."' AND passcode = '".$_POST['password']."'")or die(mysql_error());
//Gives error if user dosen't exist
$check2 = mysql_num_rows($check);
if ($check2 == 0) {
die('That user does not exist in our database. <a href=../register.php>Click Here to Register</a>');
}
while($info = mysql_fetch_array($check)) {
$_POST['username'] = stripslashes($_POST['username']);
$info['passcode'] = stripslashes($info['passcode']);
$_POST['passsword'] = md5($_POST['password']);
$_POST['username'] = stripslashes($info['passcode']);
//gives error if the password is wrong
if ($_POST['password'] != $info['passcode']) {
die('Incorrect password, please try again.');
} else {
// if login is ok then we add a cookie
$_POST['username'] = stripslashes($_POST['username']);
$hour = time() + 3600;
$_SESSION['username'] = $_POST['username'];
$_SESSION['password'] = (md5($_POST['password']));
$_SESSION['loggedIn'] = 'yes';
setcookie($username, $_POST['username'], $hour);
setcookie($password, (md5($_POST['password'])), $hour);
//then redirect them to the members area
}
}
include("../Themes/Original-CORE/dashboard.php");
}
else
{
include("../login.php");
}
?>
and my kill SESSION script is:
session_start();
session_destroy();
include("index.php");
I have no clue what the problem is. I've spent the last week troubleshooting and debugging.
