Login & Sessions Mystery

[djneel]

Hello,

This is a mind boggler for me...
What am I doing wrong here?
Any help would greatly be appreciated!

I've simplified these two scripts to make testing easy...
The original script checks user input with a db entry.
The main page featured more functionality.

Basics: On submit of user & pass, login.php runs itself. If login & pass = correct, it shows links. Links lead to main page. However, main page keeps saying I'm not logged in, while I started the session up above in the page...

I just keep getting the error message (!$logged_in_user) of the main page...

LOGIN.PHP
[code]
<?php session_start(); ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Login</title>
</head>

<body>
<?php

$user = stripslashes(trim($_POST["user"]));
$pass = stripslashes(trim($_POST["pass"]));

$links = "<p><a href='main.php'>Main page</a> | <a href='logout.php'>Log out</a></p>";

if ($user && $pass) {

if ($logged_in_user == $user) {
echo "<p>".$user.", you're already logged in.</p>";
echo $links;
exit;
}

//there in the original there is a mysql statement to check $user & $pass with database entries
//I just wanted to make testing easy for you guys

if ( $user == 'test' && $pass == 'test' ) {

$logged_in_user = $user;
    //I've checked to see if register_globals is enabled: it is!
session_register("logged_in_user");
echo "<h1>Welcome, ".$logged_in_user.". </h1>";
echo $links;
exit;

    } else {

echo "<p>Incorrect login data. Try again.</p>";
}

} else if ($user || $pass) {
echo "<p>Please fill in both fields.</p>";
}
?>
<form id="loginData" name="loginData" method="post" action="login.php">
<h1>Login</h1>
<p>
  <label>
    <input type="text" name="user" /> Username    
</label>
  </p>
<p>
<label>
  <input type="text" name="pass" /> Password
  </label>
</p>
<p>
  <input type="submit" name="Submit" value="Verzenden" />
  <input type="reset" name="Submit2" value="Wissen" />
</p>
</form>
</body>
</html>
[/code]

MAIN.PHP
[code]<?php session_start(); ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Main</title>
</head>

<body>
<?php
if (!$logged_in_user) {
echo "<h1>Failed</h1>";
echo "<a href='login.php'>Please click here to login.</a>";
} else {
echo "<h1>It Worked! This is the main page!</h1>";
}
?>
</body>
</html>
[/code]

Please help!

[haaglin]

quote from php.net:
[quote]Use of session_register() is deprecated. Use of $_SESSION is preferred, as of PHP 4.1.0[/quote]

Try using this instead:

$_SESSION['logged_in_user'] = $user;

if(!$_SESSION['logged_in_user]') {

[djneel]

Thank you!
I will try it!

[djneel]

Hello everyone,

I'm happy to say that it's working now!
Thank you, haaglin, for your insights.

This is what I made of it!

In the login page, to start the session
[code]if ( $user == 'test' && $pass == 'test' ) {

$_SESSION['ingelogd'] = true;
    //I've checked to see if register_globals is enabled: it is!
echo "<h1>Welcome, ".$user.". </h1>";
echo $links;
exit;

    } else {

echo "<p>Incorrect login data. Try again.</p>";
}[/code]

In the main page, to check if user logged in:
[code]<?php
if (!$_SESSION['ingelogd']) {
echo "<h1>Failed</h1>";
echo "<a href='login.php'>Please click here to login.</a>";
} else {
echo "<h1>It Worked! This is the main page!</h1>";
}
?>[/code]

On the first line of both documents, to resume the session:
[code]<?php session_start(); ?>[/code]

Thank you all very much.
Good night.