problem with login session

[dekon]

basically with my code it tells the user that they would need to be logged in to view the topics but once a user has logged in and tries to view them that it tells the user that they are not logged in and need to signin but once click this it already tells the user they are logged in can someone help me solve this i'm baffled. 

 

this is the code i'm using 

<?php
//create_cat.php
include 'mysql.php';
include 'header.php';

$sql = "SELECT
			id,
			subject
		FROM
			topics
		WHERE
			 id = ". mysql_real_escape_string($_GET['id']); 
			
$result = mysql_query($sql);
if(!$result)
{
	echo 'The topic could not be displayed, please try again later.' . mysql_error();  
}
else
{
	if(mysql_num_rows($result) == 0)
	{
		echo 'This topic dose not exist.';
	}
	else
	{
		while($row = mysql_fetch_assoc($result))
		{
			//display post data
			echo '<table class="topic" border="1">
					<tr>
						<th colspan="2">' . $row['subject'] . '</th>
					</tr>';
		
			//fetch the posts from the database
			$posts_sql = "SELECT
						post.topic,
						post.content,
						post.date,
						post.postby,
						users.id,
						users.username
					FROM
						post
					LEFT JOIN
						users
					ON
						post.postby = users.id
					WHERE
						post.topic = " . mysql_real_escape_string($_GET['id']);
						
			$posts_result = mysql_query($posts_sql);
			
			if(!$posts_result)
			{
				echo '<tr><td>The posts could not be displayed, please try again later.</tr></td></table>';
			}
			else
			{
			
				while($posts_row = mysql_fetch_assoc($posts_result))
				{
					echo '<tr class="topic-post">
							<td class="user-post">' . $posts_row['username'] . '<br/>' . date('d-m-Y H:i', strtotime($posts_row['date'])) . '</td>
							<td class="post-content">' . htmlentities(stripslashes($posts_row['content'])) . '</td>
						  </tr>';
				}
			}
			
			if($_SESSION['loggedIn'])
			{
				echo '<tr><td colspan=2>You must be <a href="signin.php">signed in</a> to reply. You can also <a href="signup.php">sign up</a> for an account.';
			}
			else
			{
				//show reply box
				echo '<tr><td colspan="2"><h2>Reply:</h2><br />
					<form method="post" action="reply.php?id=' . $row['id'] . '">
						<textarea name="reply-content"></textarea><br /><br />
						<input type="submit" value="Submit reply" />
					</form></td></tr>';
			}
			
			//finish the table
			echo '</table>';
		}
	}
}

include 'footer.php';
?>

 

 

[Psycho]

The logic in that script doesn't make sense to me. Why do you bury the login check at the very end after all the code has been run to display the content that shouldn't be displayed to a non-logged in user?

 

In any event, there is nothing in that script that would tell us why the user is being incorrectly identified as not logged in. I *assume* your login script is setting a value for $_SESSION['loggedIn']. So, a couple things come to mind. I don't see a session_start() on the above script - which is mandatory to reference session variables. But, you may have that in one of the included files. The other thing is, what is the value being set for $_SESSION['loggedIn']? If you are setting a value that is evaluated as false, your condition check will fail.

[dekon]

i have the session_start included in header.php

[DavidAM]

 

if($_SESSION['loggedIn'])
{
	echo '<tr><td colspan=2>You must be <a href="signin.php">signed in</a> to reply. You can also <a href="signup.php">sign up</a> for an account.';
}
else
{
	//show reply box

That IF test looks backwards to me. If LOGGED-IN tell them they must log-in?

[dekon]

the reason the check login is being displayed at the end is since if they are logged in it will display to reply box 

[dekon]

i managed to solve the problem in the end i realized that i had to look back at my header.php page and add . htmlentities and check the spelling on my session