Hello all, I just wrote a php website to communicate with a database and it has a login based on the users email and password, they login on the first page and then the php checks for every page they visit if they indeed logged in before and not just found out what php file to open to get where they want to be. For this I used session variables to store both e-mail and password. The login info gets posted from the 1st(login) site to the 2nd site where it is checked for the first time, after that the login info isn't posted to the next page anymore, but just checked, this works for the 3rd page but when the user hits for the 4th page the variables are lost(I can't echo them either). However if I'd go from the 2nd page directly to the 4th page the page will load, however the 5th will then get my security-msg. So offcourse, I am wondering how this might have happened and how to fix this problem, here's some of the code I wrote:
This is the check for the logininfo:
<?php
include('SessionStart.php');
include('logindata.php');
$db = mysql_connect($host, $user, $pw);
if (!$db)
{
echo "<br />Helaas, u heeft geen verbinding met de database.";
exit();
} else
{
mysql_select_db("teammanagementtool", $db);
$sql24 = "SELECT * FROM leidinggevenden";
$allesarray = mysql_query($sql24);
$i = 0;
while ($mails = mysql_fetch_array($allesarray)) {
$mailtjes[$i] = $mails['lg_mailadres'];
$i = $i+1;
}
echo "...".$_SESSION['sessie']['email']."...".$_SESSION['sessie']['password']."...".$session_name."...";
if (in_array($_SESSION['sessie']['email'],$mailtjes)) {
$sql25 = "SELECT lg_wachtwoord FROM leidinggevenden WHERE lg_mailadres = '".$_SESSION['sessie']['email']."'";
$pass = mysql_query($sql25);
$pasje = mysql_fetch_array($pass);
if ($_SESSION['sessie']['password'] != $pasje['lg_wachtwoord']) {
echo "<script>alert('U bent hier op incorrecte manier terecht gekomen!');</script>";
echo "<meta http-equiv='refresh' content='0;URL=index.php' />";
exit();
} else if ($_SESSION['sessie']['password'] = "" || $_SESSION['sessie']['email'] = ""){
echo "<script>alert('U bent hier op incorrecte manier terecht gekomen!');</script>";
echo "<meta http-equiv='refresh' content='0;URL=index.php' />";
exit();
} else {
}
} else {
echo "<script>alert('U bent hier op incorrecte manier terechtgekomen!');</script>";
echo "<meta http-equiv='refresh' content='0;URL=index.php' />";
exit();
}
?>
And this is the code in my SessionStart.php:
<?php
$session_name = 'sessie';
$session_exp_time = 10000 ;
$previous_name = session_name($session_name);
ini_set('session.gc_maxlifetime', $session_exp_time);
ini_set('session.gc_probability', '1');
ini_set('session.gc_divisor', '1000');
ini_set('session.name', $session_name);
ini_set('session.cookie_domain', '');
ini_set('session.cookie_lifetime', 0 );
session_set_cookie_params($session_exp_time, '/', '');
session_start();
if (isset($_COOKIE[$session_name]))
setcookie($session_name, $_COOKIE[$session_name], 2147483647 , '');
?>
the includes are at the start of all of my pages, I only do a session_unset() at my index.php(the login page).
and my 2nd page gets:
$_SESSION['sessie']['email'] = $_POST['email'];
$_SESSION['sessie']['password'] = $_POST['password'];
from the login.
I could really use some help here, thanks in advance.