Hi, Tuesday, October 8, 2002, 6:53:43 AM, you wrote: SV> Hiya, SV> DOn't think I am getting anywhere!!!
SV> I have no turned register_globals off and recoding my website, but I cant work out how to do sessions. SV> The following code dosen't keep sessions. Its logs on, but I dosent keep a session on another page. It should either get the post variables with the new username and passwords or validate the SV> session variables and use them. SV> Help! SV> Thanks! SV> session_start(); SV> if(isset($_SESSION['ssun']) || isset($_POST['ssname'])) SV> { SV> //Check if the user name and password are stored in session variables, if not empty them. SV> if(!isset($_SESSION['ssun'])) SV> { SV> echo "Session ssun not set"; SV> $_SESSION['ssun'] = ""; SV> } SV> if(!isset($_SESSION['sspw'])) SV> { SV> echo "Session sspw not set"; SV> $_SESSION['sspw'] = ""; SV> } SV> //Attempt to logon. Set the logon form variables to the session variables. SV> if(isset($_POST['sspass'])) SV> { SV> $_SESSION['sspw'] =$_POST['sspass']; SV> } SV> if(isset($ssname)) SV> { SV> $_SESSION['ssun'] =$_POST['ssname']; SV> } SV> //Make sure no one breaks in, if in the param loggedin was set, unset it. SV> if(isset($loggedin)) SV> { SV> unset($loggedin); SV> } SV> if(isset($_POST['ssname'])) SV> { SV> //Check if the session username and password are correct SV> $result = mysql_query("SELECT userid FROM users WHERE userpassword=PASSWORD('".$_POST['sspass']."') AND userid='".$_POST['ssname']."'", $db_link); SV> } SV> else SV> { SV> //Check if the session username and password are correct SV> $result = mysql_query("SELECT userid FROM users WHERE userpassword=PASSWORD('".$_SESSION['sspw']."') AND userid='".$_SESSION['ssun']."'", $db_link); SV> } SV> $norows = mysql_num_rows($result); SV> if($norows==1) SV> { SV> $loggedin="yes"; SV> } SV> else SV> { SV> $loggedin="no"; SV> } SV> if(isset($logoff)) SV> { SV> if($logoff=="true") SV> { SV> $loggedin="no"; SV> $_SESSION['ssun']=""; SV> $_SESSION['sspw']=""; SV> } SV> } SV> } After the successful first login you are not saving the $_POST variables into the $_SESSION equivalents -- regards, Tom -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php