"Oli Filth" <ca***@olifilth.co.uk> wrote in message
news:wg******************@newsfe5-win.ntli.net...
Can you post the complete code for this page, so we're able to see what's
going wrong, because it's not apparent from the snippets you've posted so
far.
Here it is:
<?php require_once('Connections/ssLogin.php'); ?>
<?php
// *** Validate request to login to this site.
session_start();
$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($accesscheck)) {
$_SESSION['PrevUrl'] = $accesscheck;
}
if (isset($_POST['username'])) {
$loginUsername=$_POST['username'];
$MM_fldUserAuthorization = "";
$MM_redirecttoReferrer = false;
$MM_redirectLoginSuccess = "ssLounge.php";
$MM_redirectLoginFailed = "ssLogin.php"; //Redirected to
itself <=====
// Make the connection
mysql_select_db($database_ssLogin, $ssLogin);
// Encrypt the password
$encryptedPassword = md5($_POST["password"]);
// Define the query
$LoginRS__query=sprintf("SELECT username, password, level, status
FROM ssusername WHERE username='%s' AND
password='%s'",
get_magic_quotes_gpc() ? $loginUsername :
addslashes($loginUsername),
$encryptedPassword);
// Do the query
$LoginRS = mysql_query($LoginRS__query, $ssLogin) or die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
if ($loginFoundUser) {
// Found this user/password
$loginStrGroup = "";
// Put the fetched row into an array
$row = mysql_fetch_assoc($LoginRS);
$level = $row['level'];
$_SESSION['MM_UserLevel'] = $level;
// Check if status is paid
if (strcmp($row['status'], "paid")) {
// Need a payment
$MM_redirectLoginSuccess = "ssPayment.php";
} else {
//declare two session variables and assign them
$_SESSION['MM_Username'] = $loginUsername;
$_SESSION['MM_UserGroup'] = $loginStrGroup;
$MM_redirectLoginSuccess = "ssLounge.php";
if (isset($_SESSION['PrevUrl']) && false) {
$MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
} // End of test if paid
} //End of successfully found the user/password
header("Location: " . $MM_redirectLoginSuccess );
} else {
// log in error
$_SESSION['MM_LoginError'] = "Login Error";
//==> this is where I checked with an echo statement that the
$_SESSION['MM_LoginError']
//==> had been set. It validated that it was set when incorrect info was
put in.
header("Location: ". $MM_redirectLoginFailed );
} //End of checking if logged in
}
?>
<?php echo "<?xml version=\"1.0\" encoding=\"iso-8859-1\"?".">"; ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Login Page</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
</head>
<body>
<div align="center">
<h3>Login Page
</h3>
</div>
<form ACTION="<?php echo $loginFormAction; ?>" name="ssLoginPage" id="form1"
method="POST">
<?php
if (isset($_SESSION['MM_LoginError'])) {
echo "Login error =" . $_SESSION['MM_LoginError'];
unset($_SESSION['MM_LoginError']);
//==> this is what it is supposed to do. I checked with and echo statement
by adding
// } else {
//==> an echo statement that the $_SESSION['MM_LoginError'] was not set
}
?>
<p>Username:
<input name="username" type="text" id="username" />
</p>
<p>Password:
<input name="password" type="password" id="password" />
<label></label>
</p>
<blockquote>
<blockquote>
<p align="left">
<input name="Submit" type="submit" value="Log In" />
</p>
</blockquote>
</blockquote>
<p><a href="ssLounge.php"><img src="images/return.gif" width="138"
height="27" border="0" /></a><a href="ssLostPassword.php"> <img
src="images/lost.gif" width="163" height="27" border="0" /></a></p>
</form>
<p> </p>
<p> </p>
</body>
</html>