Posted by Rik on 08/16/07 15:42

On Thu, 16 Aug 2007 17:35:02 +0200, <isynclere@hotmail.com> wrote:

> relevant code for login page
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D

Don't see no session_start() anywhere in this relevant code, don't see h=
ow =

the redirect is done/handled, etc...

For the record: die()ing with a mysql_error() is offcourse OK in =

development, very sloppy and a possible security risk on an actual live =
=

site :)

>
> if(mysql_num_rows($result)=3D=3D0)
> {
> echo "<br /><p>incorrect email or password.</p>";
> }
> else
> {

<snip $_SESSION array filled>

> }
> }
> echo "<p>redirecting to homepage.</p>";

How?

> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D
> relevant code for homepage
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D
> <!--show login if session not set, if set show user email-->
> <?php

session_start()?

> if (isset($_SESSION['login']))


-- =

Rik Wasmus

[Back to original message]