session trouble

[doddsey_65]

in my login script i have the following which searches for the username they inputted and then adds their user id to the table sessions in the database.

 

$result = mysql_query("SELECT * FROM ".DB_PREFIX."members WHERE user_username = '$username' AND user_password = '$password'");
        
            if(mysql_num_rows($result) != 1)
            {
                $val_error = 'Username and Password incorrect.';
            }
                else
                {
                 $row = mysql_fetch_array($result);
                    $browser = $_SERVER['HTTP_USER_AGENT'];
                    $_SESSION['user_id'] = $row['user_id'];
                    $_SESSION['session'] = session_id();
                    mysql_query("INSERT INTO ".DB_PREFIX."sessions 
                    VALUES(NULL, '".$_SESSION['user_id']."', '".$_SESSION['session']."', '".$_SERVER['REMOTE_ADDR']."', '".$_SERVER['HTTP_USER_AGENT']."', '".date('Y-m-d')."')");
                    
                    if ($_SESSION['backpage']) 
                    {
                    header('Location: '.$_SESSION['backpage']);
                    } else {
                    
                    header('Location: index.php');
                    }
                }

 

then on pages which i want only logged in members to access i have the following:

 

if ($_SESSION['user_id'] == '') {
header ('Location: '.SITE_ROOT.'/login.php');
} else { REST OF CODE }

 

but when i login and try to access a page which requires you to be logged in i am directed back to index.php. I have nothing which does that. if you are not logged in you are redirected to login.php but it doesnt seem to work.

Any ideas?

 

[rwwd]

You need to see what the value of $_SESSION['backpage'] is before using a clause on it, it could well be empty, so check that BEFORE you get to that if clause, and check that the sql that you are using is populated as expected by echoing it to screen.

 

This sound like a case of debugging to me, but ya never know!

 

Rw