.htaccess to enable sessions

On Sun, 01 Aug 2004 16:14:12 +0100, John wrote:

Hello.

I want to get this blasted .htaccess file sorted out, so I can have
sessions without register_global s being on.

I use sessions with register_global s off and without any .htaccess file at
all. (I am running Linux so perhaps things are somewhat different on
Windows.)

It took me a little while to work out the changes needed with the newer
PHP and with register_global s set to "Off". It is reasonably well
described on the php web site:

http://www.php.net/manual/en/function.session-start.php
http://www.php.net/manual/en/functio...n-register.php
...and other pages...

The key idea is to use the $_SESSION superglobal array. Here is a
simplified example from the php web site:

<?php
// page1.php
session_start() ;
echo 'Welcome to page #1';
$_SESSION['favcolor'] = 'green';

// Works if session cookie was accepted
echo '<br /><a href="page2.php ">page 2</a>';

// Or maybe pass along the session id, if needed
echo '<br /><a href="page2.php ?' . SID . '">page 2</a>';
?>

<?php
// page2.php
session_start() ;
echo 'Welcome to page #2<br />';
echo $_SESSION['favcolor']; // green
?>

On Sun, 01 Aug 2004 15:55:47 GMT, A strange species called Bob
<bo*@dont.spam. me> wrote:

On Sun, 01 Aug 2004 16:14:12 +0100, John wrote:

Hello.

I want to get this blasted .htaccess file sorted out, so I can have
sessions without register_global s being on.

I use sessions with register_global s off and without any .htaccess file at
all. (I am running Linux so perhaps things are somewhat different on
Windows.)

It took me a little while to work out the changes needed with the newer
PHP and with register_global s set to "Off". It is reasonably well
described on the php web site:

http://www.php.net/manual/en/function.session-start.php
http://www.php.net/manual/en/functio...n-register.php
...and other pages...

I don't understand any of the things on the php manual site. They are
too complicated and not explained clearly or simply, definitely not
for beginners.

I've been told in this group by quite a few people that I need to use
a .htaccess file to enable sessions with globals turned off.

If I don't need to do that and can just use $_SESSION, can I just
delete this .htaccess file? And what about all the settings I changed
to try and get the .htaccess file to work? Do I change them back?

Also if all I need to do is use this superglobal $_SESSION, what is
wrong with the login pages I have made by following the book I am
reading through? Why wont these work?

When I register it is fine, but when I try and login, it takes me back
to the index file instead of the url I was trying to go to in the
first place before logging in, despite having ticked the box to Go to
previous URL if it exists within the server behaviours for Log In
User.

When I try click the link I was originally going to after logging in
without seeing the login failed page, it still takes me back to the
login page and not the page I want to go to.

<?php require_once('C onnections/conn_newland.ph p'); ?>
<?php
// *** Validate request to login to this site.
session_start() ;

$loginFormActio n = $_SERVER['PHP_SELF'];
if (isset($accessc heck)) {
$GLOBALS['PrevUrl'] = $accesscheck;
session_registe r('PrevUrl');
}

if (isset($_POST['username'])) {
$loginUsername= $_POST['username'];
$password=$_POS T['pwd'];
$MM_fldUserAuth orization = "userGroup" ;
$MM_redirectLog inSuccess = "index.php" ;
$MM_redirectLog inFailed = "login_failed.p hp";
$MM_redirecttoR eferrer = true;
mysql_select_db ($database_conn _newland, $conn_newland);

$LoginRS__query =sprintf("SELEC T username, pwd, userGroup FROM
tbl_users WHERE username='%s' AND pwd='%s'",
get_magic_quote s_gpc() ? $loginUsername :
addslashes($log inUsername), get_magic_quote s_gpc() ? $password :
addslashes($pas sword));

$LoginRS = mysql_query($Lo ginRS__query, $conn_newland) or
die(mysql_error ());
$loginFoundUser = mysql_num_rows( $LoginRS);
if ($loginFoundUse r) {

$loginStrGroup = mysql_result($L oginRS,0,'userG roup');

//declare two session variables and assign them
$GLOBALS['MM_Username'] = $loginUsername;
$GLOBALS['MM_UserGroup'] = $loginStrGroup;

//register the session variables
session_registe r("MM_Username" );
session_registe r("MM_UserGroup ");

if (isset($_SESSIO N['PrevUrl']) && true) {
$MM_redirectLog inSuccess = $_SESSION['PrevUrl'];
}
header("Locatio n: " . $MM_redirectLog inSuccess );
}
else {
header("Locatio n: ". $MM_redirectLog inFailed );
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt d">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Newlan d Tours: Log In</title>
<meta http-equiv="Content-Type" content="text/html;
charset=iso-8859-1" />
<link href="css/newland.css" rel="stylesheet " type="text/css" />
<script language="JavaS cript" type="text/JavaScript">
<!--
function MM_findObj(n, d) { //v4.01
var p,i,x; if(!d) d=document;
if((p=n.indexOf ("?"))>0&&paren t.frames.length ) {
d=parent.frames[n.substring(p+1 )].document; n=n.substring(0 ,p);}
if(!(x=d[n])&&d.all) x=d.all[n]; for (i=0;!x&&i<d.fo rms.length;i++)
x=d.forms[i][n];
for(i=0;!x&&d.l ayers&&i<d.laye rs.length;i++)
x=MM_findObj(n, d.layers[i].document);
if(!x && d.getElementByI d) x=d.getElementB yId(n); return x;
}

function MM_validateForm () { //v4.0
var
i,p,q,nm,test,n um,min,max,erro rs='',args=MM_v alidateForm.arg uments;
for (i=0; i<(args.length-2); i+=3) { test=args[i+2];
val=MM_findObj( args[i]);
if (val) { nm=val.name; if ((val=val.value )!="") {
if (test.indexOf(' isEmail')!=-1) { p=val.indexOf(' @');
if (p<1 || p==(val.length-1)) errors+='- '+nm+' must contain
an e-mail address.\n';
} else if (test!='R') { num = parseFloat(val) ;
if (isNaN(val)) errors+='- '+nm+' must contain a number.\n';
if (test.indexOf(' inRange') != -1) { p=test.indexOf( ':');
min=test.substr ing(8,p); max=test.substr ing(p+1);
if (num<min || max<num) errors+='- '+nm+' must contain a
number between '+min+' and '+max+'.\n';
} } } else if (test.charAt(0) == 'R') errors += '- '+nm+' is
required.\n'; }
} if (errors) alert('The following error(s) occurred:\n'+er rors);
document.MM_ret urnValue = (errors == '');
}
//-->
</script>
</head>

<body>
<a href="#top"><im g src="images/spacer.gif" alt="Skip to main page
content." width="1" height="1" border="0" align="left" /></a>
<table width="750" border="0" cellpadding="3" cellspacing="0" >
<tr>
<td><img src="images/banner_left.jpg " width="451" height="68"
alt="Newland Tours Banner, Left" /></td>
<td width="280"><im g src="images/banner_right.jp g" width="276"
height="68" alt="Newland Tours Banner, Right" /></td>
</tr>
<tr>
<td><img src="images/navbar.gif" name="navbar" width="450"
height="20" border="0" usemap="#navbar Map" alt="Navigation Bar"
/></td>
<td><img name="copyright _bar" src="images/copyright_bar.g if"
width="272" height="20" border="0" alt="Copyright 2004 Newland Tours"
/></td>
</tr>
<tr>
<td colspan="2">
<h1><br />
<a name="top" id="top"></a>Please Log In </h1>
<form name="frm_login " id="frm_login" method="POST" action="<?php
echo $loginFormActio n; ?>">
<table width="95%" border="0" cellspacing="0" cellpadding="3" >
<tr>
<td>Email Address </td>
<td><input name="username" type="text" id="username"
size="55" /></td>
</tr>
<tr>
<td>Password</td>
<td><input name="pwd" type="password" id="pwd" /></td>
</tr>
<tr>
<td>&nbsp;</td>
<td><input name="Submit" type="submit"
onclick="MM_val idateForm('user name','','RisEm ail','pwd','',' R');return
document.MM_ret urnValue" value="Submit" /></td>
</tr>
</table>
<p>&nbsp;</p>
</form>
<p>If you don't already have an account, please <a
href="register. php">register</a> for a free account. </p>
</td>
</tr>
</table>

<br />
<br />
<map name="navbarMap " id="navbarMap" >
<area shape="rect" coords="1,0,62, 20" href="index.php " alt="Home" />
<area shape="rect" coords="71,0,11 7,20" href="about.php " alt="About"
/>
<area shape="rect" coords="129,0,1 96,20" href="tours.php " alt="Find
Tours" />
<area shape="rect" coords="209,0,3 11,20" href="profiles. php"
alt="Country Profiles" />
<area shape="rect" coords="327,0,4 34,20" href="contact.p hp"
alt="Contact An Agent" />
</map>
</body>
</html>


John

John wrote:

On Sun, 01 Aug 2004 15:55:47 GMT, A strange species called Bob
<bo*@dont.spam. me> wrote:

On Sun, 01 Aug 2004 16:14:12 +0100, John wrote:

Hello.

I want to get this blasted .htaccess file sorted out, so I can have
sessions without register_global s being on.

I use sessions with register_global s off and without any .htaccess file at
all. (I am running Linux so perhaps things are somewhat different on
Windows.)

It took me a little while to work out the changes needed with the newer
PHP and with register_global s set to "Off". It is reasonably well
described on the php web site:

http://www.php.net/manual/en/function.session-start.php
http://www.php.net/manual/en/functio...n-register.php
...and other pages...

I don't understand any of the things on the php manual site. They are
too complicated and not explained clearly or simply, definitely not
for beginners.

I've been told in this group by quite a few people that I need to use
a .htaccess file to enable sessions with globals turned off.

If I don't need to do that and can just use $_SESSION, can I just
delete this .htaccess file? And what about all the settings I changed
to try and get the .htaccess file to work? Do I change them back?

Also if all I need to do is use this superglobal $_SESSION, what is
wrong with the login pages I have made by following the book I am
reading through? Why wont these work?

When I register it is fine, but when I try and login, it takes me back
to the index file instead of the url I was trying to go to in the
first place before logging in, despite having ticked the box to Go to
previous URL if it exists within the server behaviours for Log In
User.

When I try click the link I was originally going to after logging in
without seeing the login failed page, it still takes me back to the
login page and not the page I want to go to.

<?php require_once('C onnections/conn_newland.ph p'); ?>
<?php
// *** Validate request to login to this site.
session_start() ;

Session_start needs to be the first line. That means it needs to go
before the include you've got here. To the best of my knowledge, you
don't need an .htaccess file to get this to work. I've never used one.

Steve
$loginFormActio n = $_SERVER['PHP_SELF'];
if (isset($accessc heck)) {
$GLOBALS['PrevUrl'] = $accesscheck;
session_registe r('PrevUrl');
}

if (isset($_POST['username'])) {
$loginUsername= $_POST['username'];
$password=$_POS T['pwd'];
$MM_fldUserAuth orization = "userGroup" ;
$MM_redirectLog inSuccess = "index.php" ;
$MM_redirectLog inFailed = "login_failed.p hp";
$MM_redirecttoR eferrer = true;
mysql_select_db ($database_conn _newland, $conn_newland);

$LoginRS__query =sprintf("SELEC T username, pwd, userGroup FROM
tbl_users WHERE username='%s' AND pwd='%s'",
get_magic_quote s_gpc() ? $loginUsername :
addslashes($log inUsername), get_magic_quote s_gpc() ? $password :
addslashes($pas sword));

$LoginRS = mysql_query($Lo ginRS__query, $conn_newland) or
die(mysql_error ());
$loginFoundUser = mysql_num_rows( $LoginRS);
if ($loginFoundUse r) {

$loginStrGroup = mysql_result($L oginRS,0,'userG roup');

//declare two session variables and assign them
$GLOBALS['MM_Username'] = $loginUsername;
$GLOBALS['MM_UserGroup'] = $loginStrGroup;

//register the session variables
session_registe r("MM_Username" );
session_registe r("MM_UserGroup ");

if (isset($_SESSIO N['PrevUrl']) && true) {
$MM_redirectLog inSuccess = $_SESSION['PrevUrl'];
}
header("Locatio n: " . $MM_redirectLog inSuccess );
}
else {
header("Locatio n: ". $MM_redirectLog inFailed );
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt d">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Newlan d Tours: Log In</title>
<meta http-equiv="Content-Type" content="text/html;
charset=iso-8859-1" />
<link href="css/newland.css" rel="stylesheet " type="text/css" />
<script language="JavaS cript" type="text/JavaScript">
<!--
function MM_findObj(n, d) { //v4.01
var p,i,x; if(!d) d=document;
if((p=n.indexOf ("?"))>0&&paren t.frames.length ) {
d=parent.frames[n.substring(p+1 )].document; n=n.substring(0 ,p);}
if(!(x=d[n])&&d.all) x=d.all[n]; for (i=0;!x&&i<d.fo rms.length;i++)
x=d.forms[i][n];
for(i=0;!x&&d.l ayers&&i<d.laye rs.length;i++)
x=MM_findObj(n, d.layers[i].document);
if(!x && d.getElementByI d) x=d.getElementB yId(n); return x;
}

function MM_validateForm () { //v4.0
var
i,p,q,nm,test,n um,min,max,erro rs='',args=MM_v alidateForm.arg uments;
for (i=0; i<(args.length-2); i+=3) { test=args[i+2];
val=MM_findObj( args[i]);
if (val) { nm=val.name; if ((val=val.value )!="") {
if (test.indexOf(' isEmail')!=-1) { p=val.indexOf(' @');
if (p<1 || p==(val.length-1)) errors+='- '+nm+' must contain
an e-mail address.\n';
} else if (test!='R') { num = parseFloat(val) ;
if (isNaN(val)) errors+='- '+nm+' must contain a number.\n';
if (test.indexOf(' inRange') != -1) { p=test.indexOf( ':');
min=test.substr ing(8,p); max=test.substr ing(p+1);
if (num<min || max<num) errors+='- '+nm+' must contain a
number between '+min+' and '+max+'.\n';
} } } else if (test.charAt(0) == 'R') errors += '- '+nm+' is
required.\n'; }
} if (errors) alert('The following error(s) occurred:\n'+er rors);
document.MM_ret urnValue = (errors == '');
}
//-->
</script>
</head>

<body>
<a href="#top"><im g src="images/spacer.gif" alt="Skip to main page
content." width="1" height="1" border="0" align="left" /></a>
<table width="750" border="0" cellpadding="3" cellspacing="0" >
<tr>
<td><img src="images/banner_left.jpg " width="451" height="68"
alt="Newland Tours Banner, Left" /></td>
<td width="280"><im g src="images/banner_right.jp g" width="276"
height="68" alt="Newland Tours Banner, Right" /></td>
</tr>
<tr>
<td><img src="images/navbar.gif" name="navbar" width="450"
height="20" border="0" usemap="#navbar Map" alt="Navigation Bar"
/></td>
<td><img name="copyright _bar" src="images/copyright_bar.g if"
width="272" height="20" border="0" alt="Copyright 2004 Newland Tours"
/></td>
</tr>
<tr>
<td colspan="2">
<h1><br />
<a name="top" id="top"></a>Please Log In </h1>
<form name="frm_login " id="frm_login" method="POST" action="<?php
echo $loginFormActio n; ?>">
<table width="95%" border="0" cellspacing="0" cellpadding="3" >
<tr>
<td>Email Address </td>
<td><input name="username" type="text" id="username"
size="55" /></td>
</tr>
<tr>
<td>Password</td>
<td><input name="pwd" type="password" id="pwd" /></td>
</tr>
<tr>
<td>&nbsp;</td>
<td><input name="Submit" type="submit"
onclick="MM_val idateForm('user name','','RisEm ail','pwd','',' R');return
document.MM_ret urnValue" value="Submit" /></td>
</tr>
</table>
<p>&nbsp;</p>
</form>
<p>If you don't already have an account, please <a
href="register. php">register</a> for a free account. </p>
</td>
</tr>
</table>

<br />
<br />
<map name="navbarMap " id="navbarMap" >
<area shape="rect" coords="1,0,62, 20" href="index.php " alt="Home" />
<area shape="rect" coords="71,0,11 7,20" href="about.php " alt="About"
/>
<area shape="rect" coords="129,0,1 96,20" href="tours.php " alt="Find
Tours" />
<area shape="rect" coords="209,0,3 11,20" href="profiles. php"
alt="Country Profiles" />
<area shape="rect" coords="327,0,4 34,20" href="contact.p hp"
alt="Contact An Agent" />
</map>
</body>
</html>


John

I noticed that Message-ID: <o9************ *************** *****@4ax.com>
from John contained the following:

I don't understand any of the things on the php manual site. They are
too complicated and not explained clearly or simply, definitely not
for beginners.

True enough.

I think you are trying to do too much at once. Why not get something
simple working first?

Try this: Username: John Password: php
or Username: Geoff Password: php

Now, copy the following and save it as login.php

<?php
session_start() ;
$_SESSION['logged_in']="";

//enter username-password pairs here
$userpass=array ("geoff-php","john-php");

if(isset($_POST['Submit'])){
$username=$_POS T['username'];
$input=strtolow er($_POST['username'])."-".strtolower($_ POST['password']);

if(in_array($in put,$userpass)) {
$_SESSION['logged_in']=1;
}
}
else{$username= "";}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<HTML>
<HEAD>
<TITLE>Login page</TITLE>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">

</HEAD>
<BODY BGCOLOR="#fffff f" TEXT="#000000">

<h2>Login page</h2>
<h3>Login to access administrative options</h3>
<form name="form1" method="post" action="">

<table width="30%" border="0" cellspacing="0" cellpadding="2" >
<tr>
<td align="right">U sername: </td>
<td>
<input type="text" name="username" value="<?php print $username;
?>">
</td>
</tr>
<tr>
<td align="right">P assword:</td>
<td>
<input type="password" name="password" >
</td>
</tr>
<tr>
<td>&nbsp;</td>
<td>
<input type="submit" name="Submit" value="Submit">
</td>
</tr>
</table></form>
<?php
if($_SESSION['logged_in']==1)
{
?>
<h3>Login successful!</h3>
<!--do stuff - show links, whatever...-->
<?php }
elseif(isset($_ POST['username'])||isset($_POST['password'])){
print "<h3>Incorr ect username or password. Go away.</h3>";
}
?>
</div>
</BODY>
</HTML>
--
Geoff Berrow (put thecat out to email)
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs http://www.ckdog.co.uk/rfdmaker/

<?php require_once('C onnections/conn_newland.ph p'); ?>
<?php
// *** Validate request to login to this site.
session_start() ;

Session_star t needs to be the first line. That means it needs to go
before the include you've got here. To the best of my knowledge, you
don't need an .htaccess file to get this to work. I've never used one.

Steve

Steve.

How should I break this down and change it?

Would the following work...?
<?php
// *** Validate request to login to this site.
session_start() ;
?>

<?php require_once('C onnections/conn_newland.ph p'); ?>

<?php
$loginFormActio n = $_SERVER['PHP_SELF'];
if (isset($accessc heck)) {
$GLOBALS['PrevUrl'] = $accesscheck;
session_registe r('PrevUrl');
}
etc etc.... ?>

Or should I just leave it all open?

<?php
// *** Validate request to login to this site.
session_start() ;

php require_once('C onnections/conn_newland.ph p');

$loginFormActio n = $_SERVER['PHP_SELF'];
if (isset($accessc heck)) {
$GLOBALS['PrevUrl'] = $accesscheck;
session_registe r('PrevUrl');
}
etc etc.... ?>

Cheers

John

"John" <du*@ula.com> wrote in message
news:l4******** *************** *********@4ax.c om...

Hello.

I want to get this blasted .htaccess file sorted out, so I can have
sessions without register_global s being on.

I have looked everywhere for info on this and I mean everywhere
including the php.net manual.

In the manual it said to include something like the following:

php_flag register_global s off;
php_value session.save_pa th C:\home\user\si teroot\sess\use rs
php_value session.cookie_ time 3600
php_value session.gc_maxl ifetime 3600
php_value include_path .;C:\home\user\ siteroot\sess
php_value auto_prepend C:\home\user\si teroot\sess\pat h_file.php

I did that and then someone in here said that it was wrong and I
needed to include all these other things and have other files in
different places as well.

To start with, I was informed in this group that all I needed was a
.htaccess file nothing else.

I am running locally, I have Windows XP Pro. I have Apache 2.0.49, PHP
4.37.

What exactly do I need to have in this .htaccess file (and elsewhere)
to get sessions to work? What am I doing wrong? All I have done is
followed what people in here and the advice in the manual said.

Is asp or coldfusion as complicated and troublesome to use as php is?

Are there any "good php" books that have recently been published that
explain clearly how to enable sessions without register_blobal s being
on? This book I am working through is pretty new, it is for learning
asp, coldfusion or php with mysql in dreamweaver mx 2004! It has only
recently been published but is still going with the old method of
globals being on! I have four other books on php as well, and none of
them deal with this.

Help please before I pull all my hair out! (whats left of it!)

John

Most default PHP installs I see have sessions enabled already. What does
phpinfo() say when you don't have any .htaccess file in place? What evidence
do you have that sessions are not working? You haven't shown any code where
you attempt to use sessions, so it may well be that you simply aren't coding
correctly and your configurations are correct.

Show a short and complete example that demonstrates the problem, describe
the symptoms, and perhaps we can help you retain a few hairs.

As pointed out by Bob the primary key is to use $_SESSION array to access
session variables. That, and issue a session_start() function call at the
beginning of your script.

- Virgil

"John" <du*@ula.com> wrote in message
news:o9******** *************** *********@4ax.c om...

On Sun, 01 Aug 2004 15:55:47 GMT, A strange species called Bob
<bo*@dont.spam. me> wrote:

I don't understand any of the things on the php manual site. They are
too complicated and not explained clearly or simply, definitely not
for beginners.

I've been told in this group by quite a few people that I need to use
a .htaccess file to enable sessions with globals turned off.
Not necessary.
If I don't need to do that and can just use $_SESSION, can I just
delete this .htaccess file? And what about all the settings I changed
to try and get the .htaccess file to work? Do I change them back?
Probably.
Also if all I need to do is use this superglobal $_SESSION, what is
wrong with the login pages I have made by following the book I am
reading through? Why wont these work?
Comments in code below.
When I register it is fine, but when I try and login, it takes me back
to the index file instead of the url I was trying to go to in the
first place before logging in, despite having ticked the box to Go to
previous URL if it exists within the server behaviours for Log In
User.

When I try click the link I was originally going to after logging in
without seeing the login failed page, it still takes me back to the
login page and not the page I want to go to.

<?php require_once('C onnections/conn_newland.ph p'); ?>
<?php
// *** Validate request to login to this site.
session_start() ;
Contrary to Steve's posting, it is *not* necessary to have session_start
before the require_once call. Leave it alone.
$loginFormActio n = $_SERVER['PHP_SELF'];
if (isset($accessc heck)) {
$GLOBALS['PrevUrl'] = $accesscheck;
session_registe r('PrevUrl');
}
Where is $accesscheck set? I don't see it anywhere.

Replace $GLOBALS with $_SESSION.

Remove session_registe r(whatever). You are not supposed to use the
session_registe r function with $_SESSION.
if (isset($_POST['username'])) {
$loginUsername= $_POST['username'];
$password=$_POS T['pwd'];
$MM_fldUserAuth orization = "userGroup" ;
$MM_redirectLog inSuccess = "index.php" ;
$MM_redirectLog inFailed = "login_failed.p hp";
$MM_redirecttoR eferrer = true;
mysql_select_db ($database_conn _newland, $conn_newland);

$LoginRS__query =sprintf("SELEC T username, pwd, userGroup FROM
tbl_users WHERE username='%s' AND pwd='%s'",
get_magic_quote s_gpc() ? $loginUsername :
addslashes($log inUsername), get_magic_quote s_gpc() ? $password :
addslashes($pas sword));

$LoginRS = mysql_query($Lo ginRS__query, $conn_newland) or
die(mysql_error ());
$loginFoundUser = mysql_num_rows( $LoginRS);
if ($loginFoundUse r) {

$loginStrGroup = mysql_result($L oginRS,0,'userG roup');

file://declare two session variables and assign them
$GLOBALS['MM_Username'] = $loginUsername;
$GLOBALS['MM_UserGroup'] = $loginStrGroup;
Replace $GLOBALS with $_SESSION.
file://register the session variables
session_registe r("MM_Username" );
session_registe r("MM_UserGroup ");
Drop these two lines of code. session_registe r is not for use with $_SESSION
if (isset($_SESSIO N['PrevUrl']) && true) {
$MM_redirectLog inSuccess = $_SESSION['PrevUrl'];
}
header("Locatio n: " . $MM_redirectLog inSuccess );
}
else {
header("Locatio n: ". $MM_redirectLog inFailed );
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt d">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Newlan d Tours: Log In</title>
<meta http-equiv="Content-Type" content="text/html;
charset=iso-8859-1" />
<link href="css/newland.css" rel="stylesheet " type="text/css" />
<script language="JavaS cript" type="text/JavaScript">
<!--
function MM_findObj(n, d) { file://v4.01
var p,i,x; if(!d) d=document;
if((p=n.indexOf ("?"))>0&&paren t.frames.length ) {
d=parent.frames[n.substring(p+1 )].document; n=n.substring(0 ,p);}
if(!(x=d[n])&&d.all) x=d.all[n]; for (i=0;!x&&i<d.fo rms.length;i++)
x=d.forms[i][n];
for(i=0;!x&&d.l ayers&&i<d.laye rs.length;i++)
x=MM_findObj(n, d.layers[i].document);
if(!x && d.getElementByI d) x=d.getElementB yId(n); return x;
}

function MM_validateForm () { file://v4.0
var
i,p,q,nm,test,n um,min,max,erro rs='',args=MM_v alidateForm.arg uments;
for (i=0; i<(args.length-2); i+=3) { test=args[i+2];
val=MM_findObj( args[i]);
if (val) { nm=val.name; if ((val=val.value )!="") {
if (test.indexOf(' isEmail')!=-1) { p=val.indexOf(' @');
if (p<1 || p==(val.length-1)) errors+='- '+nm+' must contain
an e-mail address.\n';
} else if (test!='R') { num = parseFloat(val) ;
if (isNaN(val)) errors+='- '+nm+' must contain a number.\n';
if (test.indexOf(' inRange') != -1) { p=test.indexOf( ':');
min=test.substr ing(8,p); max=test.substr ing(p+1);
if (num<min || max<num) errors+='- '+nm+' must contain a
number between '+min+' and '+max+'.\n';
} } } else if (test.charAt(0) == 'R') errors += '- '+nm+' is
required.\n'; }
} if (errors) alert('The following error(s) occurred:\n'+er rors);
document.MM_ret urnValue = (errors == '');
}
file://-->
</script>
</head>

<body>
<a href="#top"><im g src="images/spacer.gif" alt="Skip to main page
content." width="1" height="1" border="0" align="left" /></a>
<table width="750" border="0" cellpadding="3" cellspacing="0" >
<tr>
<td><img src="images/banner_left.jpg " width="451" height="68"
alt="Newland Tours Banner, Left" /></td>
<td width="280"><im g src="images/banner_right.jp g" width="276"
height="68" alt="Newland Tours Banner, Right" /></td>
</tr>
<tr>
<td><img src="images/navbar.gif" name="navbar" width="450"
height="20" border="0" usemap="#navbar Map" alt="Navigation Bar"
/></td>
<td><img name="copyright _bar" src="images/copyright_bar.g if"
width="272" height="20" border="0" alt="Copyright 2004 Newland Tours"
/></td>
</tr>
<tr>
<td colspan="2">
<h1><br />
<a name="top" id="top"></a>Please Log In </h1>
<form name="frm_login " id="frm_login" method="POST" action="<?php
echo $loginFormActio n; ?>">
<table width="95%" border="0" cellspacing="0" cellpadding="3" >
<tr>
<td>Email Address </td>
<td><input name="username" type="text" id="username"
size="55" /></td>
</tr>
<tr>
<td>Password</td>
<td><input name="pwd" type="password" id="pwd" /></td>
</tr>
<tr>
<td>&nbsp;</td>
<td><input name="Submit" type="submit"
onclick="MM_val idateForm('user name','','RisEm ail','pwd','',' R');return
document.MM_ret urnValue" value="Submit" /></td>
</tr>
</table>
<p>&nbsp;</p>
</form>
<p>If you don't already have an account, please <a
href="register. php">register</a> for a free account. </p>
</td>
</tr>
</table>

<br />
<br />
<map name="navbarMap " id="navbarMap" >
<area shape="rect" coords="1,0,62, 20" href="index.php " alt="Home" />
<area shape="rect" coords="71,0,11 7,20" href="about.php " alt="About"
/>
<area shape="rect" coords="129,0,1 96,20" href="tours.php " alt="Find
Tours" />
<area shape="rect" coords="209,0,3 11,20" href="profiles. php"
alt="Country Profiles" />
<area shape="rect" coords="327,0,4 34,20" href="contact.p hp"
alt="Contact An Agent" />
</map>
</body>
</html>

See if that cleans things up.

- Virgil