I am trying to set the session information if the user logs in successfully, but the values are not setting or are setting blank. I have session_start(); at the top of every page, including the login handler and all protected pages. Am I missing something?
$qry= "SELECT * FROM members WHERE username='$username';";
$result=mysql_query($qry);
$rows=mysql_fetch_object($result);
//Check whether the query was successful or not
if($result) {
if(mysql_num_rows($result) == 1) {
if($rows->authlevel == "admin") { //if it's not an admin no need to check password
if($password = $rows->password) {
session_regenerate_id();
$member = mysql_fetch_assoc($result);
$_SESSION['SESS_MEMBER_ID'] = $member['username'];
$_SESSION['SESS_FIRST_NAME'] = $member['username'];
$_SESSION['SESS_FIRST_NAME'] = $member['firstname'];
$_SESSION['SESS_LAST_NAME'] = $member['username'];
session_write_close();
header("location: admin_index.php");
exit();
} else {
header("location: login-failed.php"); //change for bad password etc.
}
} else {
header("location: login-failed.php"); //change for invalid user level ( you do not
}
} else {
header("location: login-failed.php");
}
} else {
die("Query failed"); //change for username not found, or unknown username
}
?>
Note: Yes, I know, I should use MYSQLi or PDO, but I will implement that later. This is mostly for learning purposes so I'll get there eventually.
