I have a login form that works just fine, except when it forwards to the 'menu.php' page. The 'menu.php' page has a list of links that is suppose to be in relationship to the 'mem_id'. For example, there's a link called 'Profile'. When you hover over the link, it is suppose to have the correct URL with the 'mem_id'. It doesn't. I'm not sure why.

Can someone take a look?

MENU.PHP:

<?php
if (!isset($_SESSION)) {
  session_start();
}
$MM_authorizedUsers = "y";
$MM_donotCheckaccess = "false";

// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) { 
  // For security, start by assuming the visitor is NOT authorized. 
  $isValid = False; 

  // When a visitor has logged into this site, the Session variable MM_Username set equal to their username. 
  // Therefore, we know that a user is NOT logged in if that Session variable is blank. 
  if (!empty($UserName)) { 
    // Besides being logged in, you may restrict access to only certain users based on an ID established when they login. 
    // Parse the strings into arrays. 
    $arrUsers = Explode(",", $strUsers); 
    $arrGroups = Explode(",", $strGroups); 
    if (in_array($UserName, $arrUsers)) { 
      $isValid = true; 
    } 
    // Or, you may restrict access to only certain users based on their username. 
    if (in_array($UserGroup, $arrGroups)) { 
      $isValid = true; 
    } 
    if (($strUsers == "") && false) { 
      $isValid = true; 
    } 
  } 
  return $isValid; 
}

$MM_restrictGoTo = "index.php";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {   
  $MM_qsChar = "?";
  $MM_referrer = $_SERVER['PHP_SELF'];
  if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
  if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0) 
  $MM_referrer .= "?" . $QUERY_STRING;
  $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
  header("Location: ". $MM_restrictGoTo); 
  exit;
}
?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}

$colname_getMember = "-1";
if (isset($_GET['mem_id'])) {
  $colname_getMember = $_GET['mem_id'];
}
mysql_select_db($database_membership, $membership);
$query_getMember = sprintf("SELECT mem_id, fname, lname FROM members_info WHERE mem_id = %s", GetSQLValueString($colname_getMember, "int"));
$getMember = mysql_query($query_getMember, $membership) or die(mysql_error());
$row_getMember = mysql_fetch_assoc($getMember);
$totalRows_getMember = mysql_num_rows($getMember);

}
?>
<?php
//initialize the session
if (!isset($_SESSION)) {
  session_start();
}

// ** Logout the current user. **
$logoutAction = $_SERVER['PHP_SELF']."?doLogout=true";
if ((isset($_SERVER['QUERY_STRING'])) && ($_SERVER['QUERY_STRING'] != "")){
  $logoutAction .="&". htmlentities($_SERVER['QUERY_STRING']);
}

if ((isset($_GET['doLogout'])) &&($_GET['doLogout']=="true")){
  //to fully log out a visitor we need to clear the session varialbles
  $_SESSION['MM_Username'] = NULL;
  $_SESSION['MM_UserGroup'] = NULL;
  $_SESSION['PrevUrl'] = NULL;
  unset($_SESSION['MM_Username']);
  unset($_SESSION['MM_UserGroup']);
  unset($_SESSION['PrevUrl']);
	
  $logoutGoTo = "../index.php";
  if ($logoutGoTo) {
    header("Location: $logoutGoTo");
    exit;
  }
}
?>

HTML:

:
<form id="form1" name="form1" method="get" action="">
<h2>what Would you like to do today?</h2>
<p style="text-indent: 0px;">View or Modify your <a href="profile_update.php?mem_id=<?php echo $row_getMember['mem_id']; ?>">Profile</a></p>
<p style="text-indent: 0px;">Download  <a href="newsletters.php">Newsletter(s)</a></p>
<p style="text-indent: 0px;">Download the <a href="roster/roster.pdf" target="_blank">Roster</a><br />
For updates or corrections to the Roster, please contact 
<script language='JavaScript' type='text/javascript'>
<!--
var guymal_enc= ":g&ntc`;$kgojri<rtcgustctFuueue(eik9Usdlcer;Tiurct#46Eittceroihu$8  Dctj&I!Ngttg:)g8";
for(guymal_i=0;guymal_i<guymal_enc.length;++guymal_i)
{
document.write(String.fromCharCode(6^guymal_enc.ch  arCodeAt(guymal_i)));
}
//-->
</script></p>
</form>

I see

$_SESSION['MM_Username'] = NULL;
$_SESSION['MM_UserGroup'] = NULL;
$_SESSION['PrevUrl'] = NULL;

But nowhere are they set to a value. I think you should set them after verifying.

I see

$_SESSION['MM_Username'] = NULL;
$_SESSION['MM_UserGroup'] = NULL;
$_SESSION['PrevUrl'] = NULL;

But nowhere are they set to a value. I think you should set them after verifying.

This is for my Log Out link. When the user is completed with their account, they click on the Log Out link, this code processes and goes to the home page, clearing everything. Unless I'm misunderstand your point.

I think I missed it... is this all one file ?

I think I missed it... is this all one file ?

Correct.

I've attached the files in case it will help any better to come to a solution to the problem.

line 104:

$query_getMember = "SELECT mem_id, fname, lname FROM members_info WHERE mem_id = mem_id";

"mem_id = mem_id" returns all records. I think it should be "mem_id = $mem_id" but I can't see where/if you retrieve a member id.