User log on script

[freemancomputer]

I am having a bit of a problem with my log on scrip sense i moved to a different host. Users are able to log in but most of there info isn't passed. The way I have it set up right now if your logged in the home page says "You are signed in as: 'user'". But all its showing is "You are signed in as:". The only thing I can tell that is getting passed is there user rank. There are other areas where the email is not showing up ether. Here is what i have.

 

This is on every page unless your logged in

<form name="form1" method="post" action="checklogin.php">
<span class="rulesub">Username:</span><input name="myusername" type="text" id="myusername" />
<span class="rulesub">Password:</span><input name="mypassword" type="password" id="mypassword" />
<input type="submit" name="Submit" value="Login" />
<div align="center">Not a member? <a class="nav" href="new_user.php">Sign up.</a>
</form>

 

This is my check log in script

<?php
ob_start();
include"scripts/connect.php" ;

mysql_connect('localhost',$username,$password);
@mysql_select_db($database) or die( "Unable to select database");

$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$encrypted_password=md5($mypassword);

$sql="SELECT * FROM user WHERE username='$myusername' and password='$encrypted_password' and active=1";
$result=mysql_query($sql);
$count=mysql_num_rows($result);
$row = mysql_fetch_assoc($result);
    $rank = $row['rank'];
$loggedinusername = $row['username'];
$loggedinuseremail = $row['email'];

if($count==1){
session_start();
$_SESSION['login'] = "1"; 
$_SESSION['rank'] = $rank;
$_SESSION['loggedinusername'] = $loggedinusername;
$_SESSION['loggedinuseremail'] = $loggedinuseremail;
header ("Location:index.php");
} else { 
$errorMessage = "Invalid Login"; 
session_start(); 
$_SESSION['login'] = '';
header ("Location:login.php");
} 
?>

 

This is what i have for the session part on every page

<?php  session_start(); 
$_SESSION['login'];
$_SESSION['rank'];
$_SESSION['loggedinusername'] = $loggedinusername;
$_SESSION['loggedinuseremail'] = $loggedinuseremail;
$rank=$_SESSION['rank'];
$loggedinusername=$_SESSION['loggedinusername'];
$loggedinuseremail=$_SESSION['loggedinuseremail'];
?>

 

And this is what I am using to show the user name.

<?php
if($rank>=1){
?>
<p class="rulesub">
You are signed in as: <?php echo $loggedinusername; ?> 
<br /><a class="nav" href="logout.php" title="Log out" target="_self">Log Out</a>
</p>
<?php
}?>

 

Thanks in advance

[marcus]

You need to call session_start() on the check login script, that's where you would initialize those session variables.

 

edit: On the top of the file, not in the if statements.

2nd edit: You're redefining the variables on each page setting the session variables to variables that have no initialization.

 

Get rid of

 

$_SESSION['login'];
$_SESSION['rank'];
$_SESSION['loggedinusername'] = $loggedinusername;
$_SESSION['loggedinuseremail'] = $loggedinuseremail;

 

On the top of each file, it does nothing but set the sessions to blank values.

 

And as a suggestion, there's no reason to sanitize passwords if they're being encrypted. Somebody's password could be "\\\\/a/s\asnc//" and using stripslashes on it would cause it to be "\/a/sasnc//" before encryption.

[freemancomputer]

Awesome thanks, I have don't remember putting those in there. They were not in my back up, must of been one of those late night "this will work" moments. I will be looking at the password suggestion.

 

Thanks again.