Posted by John Howie on 02/25/06 00:17

Thanks for your continued support Joe, I'll include some code and if
you tell me which setting details you need I can get those for you
shortly.

The auth.php file called at the top of each restrictred page:
session_start();

if (!isset($_SESSION['db_is_logged_in'])
|| $_SESSION['db_is_logged_in'] != true) {

// not logged in, move to login page
header('Location: denied.php');
exit;
}

The login mechanism:
if (isset($_POST['txtUserId']) && isset($_POST['txtPassword'])) {
include 'config.php';
include 'opendb.php';

// form variables
$userId = $_POST['txtUserId'];
$password = $_POST['txtPassword'];

// check if the user id and password combination exist in database
$sql = "SELECT username, type FROM agent WHERE username = '$userId'
AND user_password = MD5('$password')";
$result = mysql_query($sql) or die('Query failed. ' . mysql_error());
include 'closedb.php';
if (mysql_num_rows($result) == 1) {
// the user id and password match,
// set the session variables
$_SESSION['db_is_logged_in'] = true;
$_SESSION['user'] = $userId;

// after login we move to the main page
header('Location: welcome.php');
exit;
} else {
$errorMessage = 'Sorry, wrong user id / password';
}

}

It's very hard for me to describe the error. Once logged in, when you
try to view a page, often you get redirected to the error page. Try the
link again from the menu and it may display the page. It's as if
sometimes it can't find the session variable in auth.php so is
redirecting. Then you try again and it works. This behaviour is really
irritating considering it hasn't done this before.

Thanks again.

[Back to original message]