session variable error

[droidus]

why is $loggedIn coming up as true, when the session user is never set?

 

      <?php
      if(isset($_SESSION['user'])) { 
  	$loggedIn = true; } else {
  	echo "<form id='login-form' action='' method='post'>
    <label for='login'>User ID</label><br />
	<input type='text' name='uname' id='uname' value=''.if (isset($login_errors)) {echo $_POST[uname].'' style='font-size:16px;' />
	<div class='clear' style='height:15px;'></div>
	<label for='password'>Password</label><br />
	<input name='pword' type='password' value=''.if (isset($login_errors)) {echo $_POST[pword].'' style='font-size:16px;' />
	<div class='clear' style='height:15px;'></div>
	<label for='remember_me' style='padding: 0;'>Remember me?</label>
	<input type='checkbox' id='remember_me' style='position: relative; top: 3px; margin: 0; ' name='remember_me' disabled='disabled'/>
	<div class='clear'></div>
	<input type='submit' class='button' name='login' value='Login' style='background-color:#FC0; font-weight:bold; padding:5px; border:none;' />	
  		</form>
	<div style='height:15px;'></div>
  	<div style='line-height:23px; font-size:12px;'>>> <a href='forgot.php' target='_blank'>Forget your User ID / Password? </a><br />
  		>><a href='admin_login.php' target='_blank'> Administrator Login</a>
  </div>";
  } 
  ?>
  <?php
  	if($loggedIn) {
	mysql_select_db($database_uploader, $uploader);    
	$query = "SELECT * FROM members WHERE uname='$_SESSION[user]'";
	$result = mysql_query($query) or die(mysql_error());

	if (mysql_num_rows($result) > 0) {
		$row = mysql_fetch_array($result) or die(mysql_error());

		$used = $row['bandwhitch'];

		$acntType = $row['acntType'];
		if ($acntType == 2) {
			$totalSpace = 500;
		}
		else {
			$totalSpace = 250;
		}
		$usagePercent = (round(($used/$totalSpace), 2)) * 100;
	}
}
echo "<a href='files.php'>My Files</a><br /><a href='my_account.php'>View your account details</a><br /><a href='upgrade.php'>Upgrade my account to Pro!</a><br /><a href='contact.php'>Technical Support</a><br /><a href='logout.php'>Logout</a><br />
<div id='outerPercentContainer' style='width: 200px; background-color:#FFF; border: 2px #000000 solid; margin-left:auto; margin-right:auto;'>
    <div id='actualPercentage' style='width: <?php echo $usagePercent; ?>%; background-color:#09F; font-weight:bold;'>
      <div id='percentageText' style='text-align:center; width:200px;'>  $usagePercent% of 250 MB </div>
      </div>
  </div>";
?>

[PFMaBiSmAd]

why is $loggedIn coming up as true

How do you know it is? What symptom did you see that leads you to believe it is?

 

when the session user is never set?

How do you know it is not set? What have you done to confirm what the session contains?

[droidus]

it is echoing the user navigation.  also, i removed all sessions, and it still shows the links.

[PFMaBiSmAd]

I'm going to guess you have some php code on your page before the code you posted that is setting $loggedIn or perhaps you have register_globals turned on and a post/get/cookie/session variable by that same name is causing $loggedIn to be set.

 

The code you posted is setting $loggedIn to true if the session variable is set, but is is not doing anything to $loggedIn if the session variable is not set, so any existing value $loggedIn has won't be affected if the session variable is not set.

 

What's all the code from the start of your page up through where you are testing if($loggedIn)? Also, what does a phpinfo() statement show for the register_globals setting and do you have any $_POST['loggedIn'], $_GET['loggedIn'], $_COOKIE['loggedIn'], or $_SESSION['loggedIn'] variables anywhere within your code?