I have problems with sessions. It looks like the session variable "MM_UserID" is not passing from one page to another. I created a login page (login.php) and built the form and added dreamweaver mx's login behavior to it.I then created a user info page (login_success.php) which users reach right after logging in that displays several bits of information from their entry in the database table. When I login, the login is successful but no dynamic data (the user's info) is displayed on the user info page. The codes for both the login page and the userinfo page are below:
login.php
<?php
//initialize the session
session_start();
include '../Connections/mcssb.php';
// *** Validate request to login to this site.
if (isset($_POST['Login'])) {
if (isset($_POST['StoreProfile'])) {
setcookie ("UserName", $_POST['UserName'],time()+43200);
} else {
setcookie ("UserName", "",time()-43200);
}
}
$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($accesscheck)) {
$_SESSION['PrevUrl'] = $accesscheck;
}
if (isset($_POST['UserName'])) {
$loginUsername=$_POST['UserName'];
$password=$_POST['Password'];
$MM_fldUserAuthorization = "UserAccess";
$MM_redirectLoginSuccess = "login_success.php";
$MM_redirectLoginFailed = "login.php?failed=true";
$MM_redirecttoReferrer = true;
mysql_select_db($database_mcssb, $mcssb);
$LoginRS__query=sprintf("SELECT UserName, UserPassword, UserAccess, UserID FROM users WHERE UserName='%s' AND UserPassword='%s'",
get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc() ? $password : addslashes($password));
$LoginRS = mysql_query($LoginRS__query, $mcssb) or die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
if ($loginFoundUser) {
$loginStrGroup = mysql_result($LoginRS,0,'UserAccess');
//register the session variables
$_SESSION['MM_Username'] = $loginUsername;
$_SESSION['MM_UserID'] = mysql_result($LoginRS,0,'UserID');
$_SESSION['MM_UserGroup'] = $loginStrGroup;
if (isset($_SESSION['PrevUrl']) && true) {
$MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
}
header("Location: http://${_SERVER['HTTP_HOST']}/" . dirname($_SERVER['PHP_SELF']) . "/$MM_redirectLoginSuccess?" . SID);
}
else {
header("Location: ". $MM_redirectLoginFailed );
}
}
?>
login_success.php
<?php //initialize the session
session_start();
include '../Connections/mcssb.php';
$colname_LoggedIn = "1";
if (isset($_SESSION['MM_UserID'])) {
$colname_LoggedIn = (get_magic_quotes_gpc()) ? $_SESSION['MM_UserID'] : addslashes($_SESSION['MM_UserID']);
}
mysql_select_db($database_mcssb, $mcssb);
$query_LoggedIn = sprintf("SELECT UserID, UserName, UserEmail FROM users WHERE UserID = %s", $colname_LoggedIn);
$LoggedIn = mysql_query($query_LoggedIn, $mcssb) or die(mysql_error());
$row_LoggedIn = mysql_fetch_assoc($LoggedIn);
$totalRows_LoggedIn = mysql_num_rows($LoggedIn);
?>