Wont login???

[Romanity]

Config.php [The problem part]

PHP Code:

if ($_SESSION['username'] && $_SESSION['pass']) {
   $logged = mysql_query("SELECT * FROM users WHERE username = '$_SESSION[username]' AND password = '$_SESSION[pass]'") or die(mysql_error());
   $logged = mysql_fetch_array($logged);
} 


Login.php

PHP Code:

<?
ob_start();
session_start();
$date =  date("d/m/Y H:i:s"); 
$ip = $_SERVER['REMOTE_ADDR'];  
if (!$logged["username"])  
{  
echo"  <center>
<form method='POST'>  
<b>Username:</b><br>
<input type='text' size='15' maxlength='25' name='username'><br><br>
<b>Password:</b><br>
<input type='password' size='15' maxlength='25' name='password'><br><br>
</b><input type='submit' name='login' class='button' value='Login'><br></form>
<a href='?sid=1&page_view=register'>Register</a><Br>
<a href='?sid=1&page_view=forgotpass'>Forgot Password</a></center> ";  
}
if ($_POST[login]) {  
$username = strip_tags(addslashes($_POST["username"]));
$password = md5(strip_tags(addslashes($_POST["password"])));
$check = mysql_query("SELECT * FROM `users` WHERE `username` = '$username'");
$check_num = mysql_num_rows($check);
$check_pass = mysql_fetch_array($check);
if($check_num == 0){
echo "<br><font color=red><b>Username Incorrect!</b></font>";
}
if($check_pass[password] == $password){
unset($_SESSION[username]);
unset($_SESSION[password]);
session_start();
$_SESSION["username"] = $username;
$_SESSION["pass"] = $password;
Header("Location: index.php?sid=1");
}else{
echo "<br><font color=red><b>Password Incorrect!</b></font>";
}
}
if($logged["username"])  
{ 
echo "<img align='left' src='imager.php?user=$logged[username]&action=wlk&direction=3000002&head_direction=2999995&gesture=sml&size=l&hotel=$logged[hotels]'>"; 
echo("<br>Logged in As:<br><i><b>$logged[username]</b></i><br><br><a href=?page_view=profile&user=$logged[username]>View Public Profile</a><br><br><a href='?sid=1&logout=true'><b>Logout?</b></a>");
}
?>

So I type in the CORRECT username and password, click login... goes back to blank form? Never used to till I moved servers... yeh i cleared temp files cookie that lot... just wont work?? Any ideas?

[Jackboy]

Sorry can i ask

session_start();
$_SESSION["username"] = $username;
$_SESSION["pass"] = $password;

Why do you have another session start here??

Also have u got session_start(); in config?

[Bojangles]

Only use one session. Your trying to start two sessions which won't work.

[Ini]

Also you dont need ob_start();

and session_start();

ob_start(); = cookies
session_start(); = sessions

pick one and stick to it

[Bojangles]

DON'T pick cookies. Store your logins in sessions as cookies can be easily retrieved.

[Jme]

DON'T pick cookies. Store your logins in sessions as cookies can be easily retrieved.

Cookies are just as secure as sessions if you use them properly. They both have their uses, for example I don't think you can set a time on sessions, but you can cookies, so if you wanted the user to stay logged in for a certain amount of time you'd use cookies rather than sessions.

[Bojangles]

Cookies are just as secure as sessions if you use them properly. They both have their uses, for example I don't think you can set a time on sessions, but you can cookies, so if you wanted the user to stay logged in for a certain amount of time you'd use cookies rather than sessions.

Agreed but if hes using cookies and sessions and 2 sets of sessions for 1 file then he won't be able to manage cookies securely (no offence)