[SOLVED] Login Help

[Muncey]

Well i've made a pretty damn good registration form (i think it's good for my 1st proper one anyway). Im not working on the login and a main page (which if your logged in will display one thing if not something else).

 

Im really confused, i've wrote 150 lines amazingly and i don't have a clue what i've done lol

 

Basically this is the code:

 

<?php
session_start();
include("db.php");

////// Connect to database //////

mysql_pconnect($dbhost,$dbuser,$dbpass)or die('Error connecting to database');
mysql_select_db($dbname);


if($logged_in != true){

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>

<body>
<h1>Login</h1>
<form action="" method="post">
<table align="left" border="0" cellspacing="0" cellpadding="3">
<tr><td>Username:</td><td><input type="text" name="username" maxlength="30"></td></tr>
<tr><td>Password:</td><td><input type="password" name="password" maxlength="30"></td></tr>
<tr><td colspan="2" align="left"><input type="checkbox" name="remember">
<font size="2">Remember me</td></tr>
<tr><td colspan="2" align="right"><input type="submit" name="sublogin" value="Login"></td></tr>
<tr><td colspan="2" align="left"><a href="register.php">Join</a></td></tr>
</table>
</form>
</body>
</html>

<?php

if(isset($_POST['sublogin'])){

if(!$_POST['username'] || !$_POST['password']){
      die('You didn\'t fill in a required field.');
}

$username = $_POST['username'];
$password = $_POST['password'];

$info = mysql_query("SELECT * FROM users WHERE username = '$username'") or die(mysql_error());
$data = mysql_fetch_array($info);
$salt = $data[salt];
$password = md5($password . $salt);

if($data[password] != $password) {
echo "Wrong password!";
}else{

   /* Username and password correct, register session variables */
    $_SESSION['user'] = $_POST['username'];
    
$password = $_POST['password'];
$info = mysql_query("SELECT * FROM users WHERE username = '$username'") or die(mysql_error());
$data = mysql_fetch_array($info);
$salt = $data[salt];
$password = md5($password . $salt);
    $_SESSION['password'] = $password;

   /**
    * This is the cool part: the user has requested that we remember that
    * he's logged in, so we set two cookies. One to hold his username,
    * and one to hold his md5 encrypted password. We set them both to
    * expire in 100 days. Now, next time he comes to our site, we will
    * log him in automatically.
    */
   if(isset($_POST['remember'])){
      setcookie("cookname", $_SESSION['user'], time()+60*60*24*100, "/");
      setcookie("cookpass", $_SESSION['password'], time()+60*60*24*100, "/");
   }

   /* Quick self-redirect to avoid resending data on refresh */
   echo "<meta http-equiv=\"Refresh\" content=\"0;url=$HTTP_SERVER_VARS[php_SELF]\">";
   return;
}
}
}

/* Sets the value of the logged_in variable, which can be used in your code */
$logged_in = checkLogin();


function checkLogin(){
   /* Check if user has been remembered */
   if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookpass'])){
      $_SESSION['user'] = $_COOKIE['cookname'];
      $_SESSION['password'] = $_COOKIE['cookpass'];
   }

   /* Username and password have been set */
   if(isset($_SESSION['user']) && isset($_SESSION['password'])){
      /* Confirm that username and password are valid */
      if(confirmUser($_SESSION['user'], $_SESSION['password']) != 0){
         /* Variables are incorrect, user not logged in */
         unset($_SESSION['user']);
         unset($_SESSION['password']);
         return false;
      }else{
      $logged_in = true;
  return true;
  }   
   }
   /* User not logged in */
   else{
      $logged_in = false;
  return false;
   }
}

function confirmUser($username, $password){

$info = mysql_query("SELECT * FROM users WHERE username = '$username'") or die(mysql_error());
$data = mysql_fetch_array($info);

if($data['password'] != $password) {
return 1;
}else{
return 0;
}
}

?>

 

The loggedIn variable is messing me about, i think all the sessions work ok but when i refresh the loggedIn variable doesn't seem to equal true and it just messes up.