Today is nightmare, please refresh!!! (me)

[TheFilmGod]

Alright today has been a complete nightmare. Everything that I did puked an error on me or crashed...

 

Anyway I have login script and it works fine. But for some reason when you login the first time it says you are logged. You go to another page and you have to log in again!!!

 

This doesn't happen always. For some reason when you login the second time it works like a charm. Sometimes it works from the first time! But when it does not work I see the whole page go blank for a split, - its a though its reloading and refreshing all the information yet again.

 

Here's the code:

 

<?php
// Must start session to check
session_start();

// Check if session is already in progress
if ( isset($_SESSION['success'])) {

$login = true;

}

// Session not in progress
else {
....

 

Here's the code when php checks everything and everything is valid it does this:

 

// If submitted password matches password on record	
if ($login_pass == $login_pass2) {

// Create session success
$_SESSION['success'] = true;

// Set login to true
$login = true;

// Create other session variables
$_SESSION['level'] = $login_level;
$_SESSION['user'] = $_POST['login_user'];

[php_novice2007]

well this is my way of doing the login page and it works

 

In the validation page:

//$match = 1 if the username and password matches
if ($match == 0) {
          session_unset(); 
          session_destroy();
          echo "Invalid Login details <br><br>Please <a href=loginForm.html>go back</a> and try again";
} else {
          ini_set("session.gc_maxlifetime ", 60); //session expires after one min - doesn't actually work 
          session_register('userid');
          $_SESSION['user_name'] = $USERname;
}

 

And on all other pages which require a user to be logged in:

//start the session 
session_start(); 

//check to make sure the session variable is registered 
if(session_is_registered('userid')){ 
        $name = $_SESSION['user_name'];
        echo "Hi $name !";
        // Rest of your code... 
} else {
        //the session variable isn't registered, send them back to the login page 
        echo "You are not logged in, please go <a href=loginForm.html>here</a> to login";
}

 

Hope this helps~!

[TheFilmGod]

well this is my way of doing the login page and it works

 

In the validation page:

//$match = 1 if the username and password matches
if ($match == 0) {
          session_unset(); 
          session_destroy();
          echo "Invalid Login details <br><br>Please <a href=loginForm.html>go back</a> and try again";
} else {
          ini_set("session.gc_maxlifetime ", 60); //session expires after one min - doesn't actually work 
          session_register('userid');
          $_SESSION['user_name'] = $USERname;
}

 

And on all other pages which require a user to be logged in:

//start the session 
session_start(); 

//check to make sure the session variable is registered 
if(session_is_registered('userid')){ 
        $name = $_SESSION['user_name'];
        echo "Hi $name !";
        // Rest of your code... 
} else {
        //the session variable isn't registered, send them back to the login page 
        echo "You are not logged in, please go <a href=loginForm.html>here</a> to login";
}

 

Hope this helps~!

 

Sorry you are using some big "NO NO's " I have read some php books and there are some fatal problems with your code.

 

session_unset();

 

PHP Solutions (the book) says that session_unset() works too well sometimes and can prevent another session from being created. Not completely true but sounds a bit risky.

 

session_register('userid');

 

Use should do this instead:

 

$_SESSION['userid'] = $userid;

// to call it up
$userid_call = $_SESSION['userid'];