I'm implementing MD5 hashing for my login but the sessions keep dying when I navigate to a different page.
My old code works fine when navigating.
The new script logs in fine but just loses the session after going to a different link.
//----------------------------NEW LOGIN SCRIPT------------------------
if ($_GET['Login'] == "True") {
$count = mysql_num_rows(mysql_query("SELECT * FROM `Users` WHERE `account`='$_POST[username]'"));
if ($count == 0) { //$count will either be a 0 (user don't exist) or a 1 (user exists), no duplicate accounts
$_SESSION['Login']="BAD";
}
if (isset($_POST['Username']) && isset($_POST['Password'])) {
$query = "SELECT account, active, salt, password
FROM `Users` WHERE `account`='" . $_POST['Username'] . "'";
$result = mysql_query($query);
while($r=mysql_fetch_array($result))
{
$cPass = $r['password'];
if ($r['active'] == "0") {
session_destroy();
die("User is disabled");
}
$cSalt = $r['salt'];
$oPass = $_POST['Password'] . $cSalt;
if (md5($oPass) == $r['password']) {
$_SESSION['Username'] = $_POST['Username'];
$_SESSION['Hash'] = md5("$oPass");
$_SESSION['Login']="GOOD";
} else {
$_SESSION['Login']="BAD";
}
}
}
}
//----------------------------OLD LOGIN SCRIPT------------------------
if ($_GET['Login'] == "True") {
$count = mysql_num_rows(mysql_query("SELECT * FROM `Users` WHERE `active`='1' AND `account`='" . $_POST['Username'] . "' AND `password`='" . $_POST['Password'] . "'"));
if ($count == "1") {
$_SESSION['Login']="GOOD";
$_SESSION['Username']=$_POST['Username'];
} else {
if (isset($_POST['Username']) || isset($_POST['Password'])) {
$_SESSION['Login']="BAD";
}
}
}