Invalid Session being displayed.

[Perad]

I want this code to check if the session "user" is up and running. if so set a variable to true, otherwise set it to guest... however it seems to be setting the variable to guest no matter what the session is set to. I'm staring at this bit of code and just cannot see what is wrong. Can anyone help me out?

 

public function loginCheck() {
	if (isset($_SESSION['user'])) {
		$this->loggedin = TRUE;
	} else {
		$_SESSION['id'] = "0";
		$_SESSION['user'] = "Guest";
	}
}

[akitchin]

how/when are you assigning $_SESSION['user'] to anything other than 'Guest'?

[NArc0t1c]

Also, destroy unneeded sessions.

unset($_SESSION['id']);

[Perad]

0 is the id of a guest, perhaps I better change that to -1.

 

I am only changing it when the user log's in.

 

My class so far.

 

class Login {
public $message;
public $error;
public $loggedin;

private function cleanString($string) {
	$string = trim($string);
	$string = stripslashes($string);
	$string = strip_tags($string);
	return $string;
}
public function loginCheck() {
	if (isset($_SESSION['user'])) {
		$this->loggedin = TRUE;
	} else {
		$_SESSION['id'] = "0";
		$_SESSION['user'] = "Guest";
	}
}
public function parseLogin($user, $pass) {
	$clean_user = $this->cleanString($user);
	$clean_pass = md5($this->cleanString($pass));
	$sql = "SELECT username FROM member WHERE password='$clean_pass'";
	$result = mysql_query($sql);
	if (mysql_num_rows($result)) {
		$sql = "SELECT id FROM member WHERE username='$clean_user'";
		$result = mysql_query ($sql); 
		$row = (mysql_fetch_assoc($result));
		unset($_SESSION['id']);
		unset($_SESSION['user']);
		$_SESSION['id'] = $row['id'];
		$_SESSION['user'] = $clean_user;
	}
}
}

[akitchin]

then the $_SESSION['user'] will always be 'Guest' unless the user logs in, successfully.  otherwise, the id and user will always be the defaults.

[NArc0t1c]

If you want to keep the value, use Cookies.

Reason: Sessions gets destroyed when the user will logout or close browser, Cookies don't.