login won't recognize session

[simcoweb]

I've tried a gazillion different combos to get this to work. Basically I have a page that, to be viewed, they must register first. The registration works fine. Once they register they have to log in with username/password. Password is 'hashed' with MD5.

 

On login it's showing the error section indicating they haven't logged in. But, if I remove the if(isset($_SESSION['searchlog']) part it works fine. In other words, when i'm trying to protect it from being viewed without first logging in and setting a session they can't get in. Ideas?

 

My code on the search.php page where they would land upon login:

 

<?php
session_start();
if(isset($_SESSION['searchlog']))
{
  include 'header.php';
  include 'iframe.php';
  include 'footer.php';
}

// else 
if(!isset($_SESSION['searchlog'])){
  include 'header.php';
  echo "<font face='Verdana'><h4>Registered Users Area</h4></font><br>
  <center><img src='images/Map_WA_lg.jpg'></center>
        <p class='bodytext'>This area is for registered users in order to prevent abuse. Registration is free of charge and users are under no obligations. Your information is not used for any other purpose nor sold to any third parties. We respect your privacy.<p class='bodytext'><b>To Register</b><br>Registration is easy. Just complete our online registration form to gain immediate access to as many MLS searches as you would like.<p>
		-  <a class='body' href='register.php'>Go to registration page</a><p>
		<b>Already Registered?</b><p>
		Go to the login page <a href='login.php'>Click Here</a><br>\n";
  include 'footer.php';
}
?>

 

The code on the login page:

 

<?php
session_start();
// Seattle Viet Homes customer login
// Turn on magic quotes to prevent SQL injection attacks
if(!get_magic_quotes_gpc())
set_magic_quotes_runtime(1);

include 'db_config2.inc.php';

// check for form submission
if (isset($_POST['submitted'])) {
  $errors = array();
  if (empty($_POST['Username']) || empty($_POST['Password'])) {
    $errors[] = "<h3>Error!</h3><p><font face='Verdana' size='2'>You must complete the username and password fields. Please try again";
  } 
  
  if(!$errors) {
$username = $_POST['Username'];
$password = $_POST['Password'];
$password = md5($password);

  // validate username and password against the database
  $sql = "SELECT * FROM users WHERE Username = '$username' AND Password ='$password' AND status='1' ";
  $results = mysql_query($sql) or die(mysql_error());
  if(mysql_num_rows($results) >= 1) {
    $_SESSION['searchlog'] = $_POST['searchlog'];
    header("Location: search.php");
    exit;
} else {
  if(mysql_num_rows($results) <= 0) {
  $errors[] = "<h3>Error!</h3><p><font face='Verdana' size='2'>An error has occurred for one of the following reasons:<p>Your username and password did not match our database. Please check your username and password you have on file and try again.<p>You have not activated your account. An email was sent to you when you registered that requires you to click on an enclosed link to validate your email address and registration. Check your email and follow the instructions. In some cases this email may be diverted to your spam or junk box by accident."; 
  }
}
}
}
?>

[metrostars]

TRy creating a temp page that echoes searchlog session and see if anything shows after you login.

[king arthur]

Try doing print_r($_SESSION); after the session_start() on your search page to see what is actually getting set.

[simcoweb]

Not sure how i'd do that. Example?

[simcoweb]

It's printing this:

 

Array ( [buy] => SHKQ2N

 

 

[simcoweb]

Update on this. The 'buy' reference was from another script which apparently needed to be closed out. So I closed the browser to end that session then did the login again . This time all it's printing is:

 

Array()

 

So, it's NOT passing the session id which is why the search.php  page is not displaying as if the person were logged in. Ideas?