Still have problems with passing VARS via SESSION

[grandman]

Hello,

 

This small script is activated when members login. First time creates new folder, otherwise navigates to members folder.

 

My problem is the DB part is not consist enough in identifying the member login in. So have been trying to use SESSION, but can't get it to work. This is the script with the DB part still in place:

 

<?php

ob_start();

$Database = mysql_connect("localhost", "vars", "vars");

mysql_select_db("database");

$fields = mysql_query("SELECT * FROM users");

$Username = mysql_result($fields,0,"username");

$dirname = $Username;

$filename = "on/cont/" . "$dirname";

if (file_exists($filename)) {

header ( "Location: " . "$filename" . "$dirname");

} else {

mkdir("on/cont/ " . "$dirname", 0777);

echo "welcome " . "$dirname" . "Your Area Is Being created.";

}

ob_end_flush();

 

This was suggested the last time I asked for help but will not work:

 

<?php

session_start();

if (isset($_SESSION['username']))

    $user = $_SESSION['username'];

else

    $user = "";

 

print ($user);

?>

 

Print Command purely for test purposes. Finally it should be made clear that login is in dir(a) while this is in dir(d), while directory structure is simply:

a,b,c,d,.

 

Any help with this is greatly appreciated, as I'm not moving at all, (haven't for two days, really stuck).

 

DG

[Caesar]

Where's the part where you actually set SESSION variables and assign values to them?

[grandman]

Where's the part where you actually set SESSION variables and assign values to them?

 

 

?php>

 

function checkLogin ( $levels )

{

// set session

 

session_start ();

global $db;

$kt = split ( ' ', $levels );

 

if ( ! $_SESSION['logged_in'] ) {

 

$access = FALSE;

 

if ( isset ( $_COOKIE['cookie_id'] ) ) {//if we have a cookie

 

$query =  'SELECT * FROM ' . DBPREFIX . 'users WHERE ID = ' . $db->qstr ( $_COOKIE['cookie_id'] );

 

if ( $db->RecordCount ( $query ) == 1 ) {//only one user can match this

$row = $db->getRow ( $query );

 

//let's see if we pass the validation,

if ( $_COOKIE['authenticate'] == md5 ( getIP () . $row->Password . $_SERVER['USER_AGENT'] ) ) {

//we set the sessions

 

$_SESSION['user_id'] = $row->ID;

$_SESSION['logged_in'] = TRUE;

 

//check the level access,

if ( in_array ( get_level_access ( $_SESSION['user_id'] ), $kt ) ) {

//

$access = TRUE;

}

}

}

}

}

else {

$access = FALSE;

 

if ( in_array ( get_level_access ( $_SESSION['user_id'] ), $kt ) ) {

$access = TRUE;

}

}

 

if ( $access == FALSE ) {

header ( "Location: " . REDIRECT_TO_LOGIN );

}

}

 

?>

 

 

 

this is the login:

 

<?php

require_once ( 'settings.php' );

 

if ( array_key_exists ( '_submit_check', $_POST ) )

{

if ( $_POST['username'] != '' && $_POST['password'] != '' )

{

$query = 'SELECT ID, Username, Active, Password FROM ' . DBPREFIX . 'users WHERE Username = ' . $db->qstr ( $_POST['username'] ) . ' AND Password = ' . $db->qstr ( md5 ( $_POST['password'] ) );

 

if ( $db->RecordCount ( $query ) == 1 )

{

$row = $db->getRow ( $query );

if ( $row->Active == 1 )

{

set_login_sessions ( $row->ID, $row->Password, ( $_POST['remember'] ) ? TRUE : FALSE );

header ( "Location: " . REDIRECT_AFTER_LOGIN );

}

elseif ( $row->Active == 0 ) {

$error = 'Your membership was not activated. Please open the email that we sent and click on the activation link.';

}

elseif ( $row->Active == 2 ) {

$error = 'You are suspended!';

}

}

else {

$error = 'Login failed!';

}

}

else {

$error = 'Please use both your username and password to access your account';

}

}

?>

 

I still can't get it to work, but I'm thinking it wont work, and I may need to change the above? If so that will be a real pain :-\

 

DG