Session problem?!?

[smashmouth]

Hello All! I am very new to the php world but I am working on fixing things that a previous programmer screwed up for a site that I have. Let me explain what the current issue is. I believe it had to do with sessions:

 

On my site, I can go to login page and log in with a name I made just fine. If I use an older one, it says that the password or username is wrong, but when I click on boards, im logged in. (weird)

 

On the sign up page, when all the info is plugged in, the page hangs like its looking for something, then 2 min later it logs the person in.

 

 

 

Any help, advice or whatever would be appreciated thanks. As we get into this discussion, I will supply code that I have when I figure out why it's not working properly.

 

thanks!

 

 

Th

[LeadingWebDev]

can we see a piece of code from login page?

[smashmouth]

<?php
ob_start(); 
include ("header.php");

# Programmed by tony tony Copyright (c) 2008 All rights reserved.

if (empty($_POST["login"]) & $_SESSION["logged_in"] == "Y"){
$_SESSION["logged_in"] = "N";
$user_id = $_SESSION["user_id"];
setcookie("loginid", NULL, time()-60*60*24, "/", "mysite.com"); 
session_destroy(); 
ob_flush();
	?>
<SCRIPT LANGUAGE="JavaScript">
window.location="http://www.mysite.com/index.php";	
</script>
<?
exit;	
}


if ($_SESSION["logged_in"] == "Y"){
echo "<span class='error'>You are already logged in.</span>";
exit;
}

$GetFileMain = file("html/userstat.html") ;
$webpage = join("",$GetFileMain) ;

if ($_POST["login"] == "Login"){

# Check to see if the user exists in our system.

if (empty($_POST[username])){
	echo "<span class='error'>Username is a required field<span>";
}else{
	$username = $_POST[username];
}

if (empty($_POST[password])){
	echo "<span class='error'>Password is a required field</span>";
}else{
	$submitted_password = $_POST[password];
}

$get_user_sql = "SELECT password FROM members WHERE username = '$username'";
$result = $db->get_a_line($get_user_sql);

$password = $result[0];

$get_injail_sql = "SELECT injail FROM members WHERE username = '$username'";
$get_injail_result = $db->get_a_line($get_injail_sql);

$injail = $get_injail_result[0];

$get_userid_sql = "SELECT id FROM members WHERE username = '$username'";
$get_userid_result = $db->get_a_line($get_userid_sql);

;	$user_id = $get_userid_result[0];

$get_admin_sql = "SELECT admin FROM members WHERE username = '$username'";
$get_admin_result = $db->get_a_line($get_admin_sql);

$admin = $get_admin_result[0];

$get_paid_sql = "SELECT paid FROM members WHERE username = '$username'";
$get_paid_result = $db->get_a_line($get_paid_sql);

$paid = $get_paid_result[0];

if ($submitted_password <> $password){
	echo "<span class='error'>Username or Passwords are incorrect. Hit your back button and try again.</span>";
	exit;
}	

$get_active_sql = "SELECT active FROM members WHERE username = '$username'";
$get_active_result = $db->get_a_line($get_active_sql);

$active = $get_active_result[0];

if ($active == "N"){
	echo "<span class='error'>You have not activated your account yet. Please check your email</span>";
	exit;
}

# Update the IP address when someone logs in
$ipaddress = $_SERVER['REMOTE_ADDR']; 

$upd_cust_ip_sql = "UPDATE members SET ipaddress = '$ipaddress' WHERE username = '$username'";
$db->insert($upd_cust_ip_sql);

$get_member_type_sql = "SELECT type FROM members WHERE username = '$username'";
$get_member_type_result = $db->get_a_line($get_member_type_sql);

$member_type = $get_member_type_result[0];

$_SESSION["member_type"] = $member_type;
$_SESSION["logged_in"] = "Y";
$_SESSION["user_name"] = $username;
$_SESSION["user_id"] = $user_id;
$_SESSION["show"] = "Y";
$_SESSION["shwc"] = "Y";
$_SESSION["injail"] = $injail;
$_SESSION["admin"] = $admin;
$_SESSION["paid"] = $paid;
$_SESSION["password"] = $password;


?>
<SCRIPT LANGUAGE="JavaScript">
window.location="http://www.mysite.com/index.php";	
</script>
<?
exit;	
}

$webpage = preg_replace("/{{(.*?)}}/e","$$1",$webpage) ;
echo $webpage;
include ("footer.php");
?>