Please help, can't seem to see where problem lies. I have placed session_start() at start of script, yet problem recurs. Will appreaciate suggestions.
<?php
session_name ('YourVisitID');
ini_set('session.use_cookies', 0); // Don't use cookies.
session_start();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
</head>
<body>
<?php # Script 16.0 - login.php
// Send NOTHING to the Web browser prior to the session_start() line!
// Check if the form has been submitted.
if (isset($_POST['submitted'])) {
require_once ('./connect/mysql_connect.php'); //Connect to the db.
// Create a function for escaping the data.
function escape_data ($data) {
global $dbc; // Need the connection.
if (ini_get('magic_quotes_gpc')) {
$data = stripslashes($data);
}
return mysql_real_escape_string(trim($data), $dbc);
} // End of function.
$errors = array(); // Initialize error array.
// Check for email.
if (empty($_POST['User_ID'])) {
$errors[] = 'You forgot to enter your user ID.';
} else {
$ui = ($_POST['User_ID']);
}
// Check for Password.
if (empty($_POST['Password'])) {
$errors[] = 'You forgot to enter your password.';
} else {
$pa = escape_data($_POST['Password']);
}
if (empty($errors)) { // If everything's OK.
// Retrieve the User_ID and First_Name for email and password combination.
$query = "SELECT User_ID, First_Name FROM Users WHERE User_ID=('$ui')";
$result = @mysql_query ($query); // Run the query.
$row = mysql_fetch_array ($result, MYSQL_NUM); // Return a record, if applicable.
if ($row) { // A record was pulled from the database.
// Set the session data & redirect.
$_SESSION['User_ID'] = $row[0];
$_SESSION['First_Name'] = $row[1];
// Redirect the user to the loggedin.php page.
// Start defining the URL.
$url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']);
// Check for a trailing slash.
if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\') ) {
$url = substr ($url, 0, -1); // Chop off the slash.
}
// Add the page.
$url .= '/loggedin.php?' . SID; // Add the session name and ID.
if (!headers_sent()) {
header("Location: $url");
exit(); // Quit the script.
} else {
echo 'Wanted to redirect you but was not able to.';
}
} else { // No record matched the query.
$errors[] = 'The email address and password entered do not match those on file.';
// Public message.
$errors[] = mysql_error() . '<br /><br />Query: ' . $query; // Debugging message.
}
} // End of if (empty($errors)) IF.
mysql_close(); // Close the databsae connection.
} else { // Form has not been submitted.
$errors = NULL;
} // End of the main submit conditional.
// Begin the page now.
$page_title = 'Login';
if (!empty($errors)) { // Print any error messages.
echo '<h1 id="mainhead">Error!</h1>
<p class="error">The following error(s) occured:<br />';
foreach ($errors as $msg) { // Print each error.
echo " - $msg<br />\n";
}
echo '</p><p>Please try again.</p>';
}
// Create the form.
?>
<h2>Login</h2>
<form action="login.php" method="post">
<p>User ID: <input type="text" name="User_ID" size="7" maxlength="7" /> </p>
<p>Password: <input type="password" name="Password" size="12" maxlength="12" /> </p>
<p><input type="submit" name="submit" value="Login" /> </p>
<input type="hidden" name="submitted" value="TRUE" />
</form>
</body>
</html>