[darkcarnival]

hi,

my program is finished but for sessions they didnt give me much help on so i guessed at and i want to see if im right.heres the line i added if correct plz tell me if not plz show me how

PHP Code:

      $user = addslashes($_POST['username']);

      $pass = md5($_POST['password']);



      include ("config.php");



      $dbHost = $DB_HOST;

      $dbUser = $DB_USER;

      $dbPass = "$DB_PASS";

      $dbDatabase = $DB_NAME;



      //connect to the database

      $db = mysql_connect("$dbHost", "$dbUser", "$dbPass") or die ("Error connecting to database.");

      mysql_select_db("$dbDatabase", $db) or die ("Couldn't select the database.");



      $result=mysql_query("select * from SSearch_users where username='$user' AND password='$pass'", $db);



      //check that at least one row was returned

      $rowCheck = mysql_num_rows($result);



      if($rowCheck > 0)

      {

        while($row = mysql_fetch_array($result))

        {

//start the session

          session_start();



          //check to make sure the session variable is registered

          if(session_is_registered($user))

          {

            //the session variable is registered, the user is allowed to see anything that follows

            header( "Location: admin.php?action=menu" );

          }

          else

          {

            //the session variable isn't registered, send them back to the login page

            header( "Location: login.php" );

          }

      else

      {

        //if nothing is returned by the query, unsuccessful login code goes here...

        echo 'Incorrect login name or password. Please try again.';

      }

   }

} 

if this is correct my program is complete

[NeverMind]

it seems fine for me , but I have some comments :
*did you register the session first before checking if it's registered or not ?
*why did you use double quote in : $dbPass = "$DB_PASS"; ? or you want it to be saved as a string ?
* why are using the > instead of == in if($rowCheck > 0) ? because you are checking for one member login not more than one !! if the num of rows returned by mysql is more then 1 there should be a problem in the database because only one user can login using that unique username .. I mean it would be better like this :

PHP Code:

 if($rowCheck == 1) 

*also I hope you noticed that double S in this query : $result=mysql_query("select * from SSearch_users where username='$user' AND password='$pass'", $db); ... is it SSearch_users ?
* why don't you run it on a server first to test it to make sure nothing is wrong ?

[darkcarnival]

ok when you say registered you mean is the user/pass in the database? yes it is.
i using the double quote because i got this code from a friend and i didnt want to just re-write it since i wanted this program to just get done ill fix it later. Im using > becausethe way i got this set up i can have multiple amins which i want so others can help me update it.

as for the 2 S's, its short for Site Search all my tables look like that.

and the reason y i dont run it on a server is because if a error is around i have to re-upload and test and that can take time and i dont have much of it nemore since i got a job to support my site. but i do plan to install php/mysql but it will be once i get a newer computer that can take it w/o slowing down.

but all in all you say it looks correct?

BTW thx for repling

[NeverMind]

Quote:

but all in all you say it looks correct?

yeah , it look fine for me in its structure ..

Quote:

BTW thx for repling

np , we are here to help each other

[darkcarnival]

ok then thx ill upload the search engine program this weekend to test it then.

[wildcats]

i think the command session_start() must be at the top of the script.

i surprised you browser didnt warn any error