Firefox and PHP Sessions

programming
1

Hya Guys,
Im currently trying to put a user admin section together…basically a system that i can easily add to PHP pages to make them password protected.


<?PHP
session_start(); 
header("Cache-control: private"); //IE 6 Fix 
if(!$_SESSION['loggedin']){
INCLUDE ("login.php");
EXIT;
}
 
?>

What i do is simply include the above PHP at the top of every document i want to protect…as you can see if the session variable loggedin isnt valid a file called login.php is called below:


<?
if (isset($_POST['loginsubmit'])) { 
$email = $_POST["email"];
$password = $_POST["password"];
include("dbconnect.php");
$findUser = "SELECT * FROM site_users WHERE email='$email'" ; 
$runUserquery = mysql_query($findUser); 
mysql_num_rows($runUserquery);
	 if(mysql_num_rows($runUserquery) < 1){
	 echo "<CENTER><FONT COLOR='#ff000000'><B>EMAIL ADDRESS NOT FOUND IN DATABASE...</FONT><p></p></CENTER>";
	 include("create_user.php");
	 exit;
	 }
	 $findPword = "SELECT * FROM site_users WHERE password='$password'" ; 
	 $runPwordquery = mysql_query($findPword); 
	 mysql_num_rows($runPwordquery);	 
 
	 if(mysql_num_rows($runPwordquery) < 1){
	 echo "<CENTER><FONT COLOR='#ff000000'><B>Incorrect password for '$email'</FONT><p></p></CENTER>";
 
	 exit;
	 }
 
	 $checkValid = "SELECT * FROM site_users WHERE email='$email' and password='$password' and verified='yes' and status='admin'" ; 
	 $runValidquery = mysql_query($checkValid); 
	 mysql_num_rows($runValidquery);
	 if(mysql_num_rows($runValidquery) < 1){
	 echo "<P ALIGN='center'>You are not allowed access to this section of the site.</P>";
	 }
	 else {
 
	 session_start(); 
	 header("Cache-control: private"); //IE 6 Fix 
	 $_SESSION['loggedin']=TRUE;
 
 
	echo ("<A HREF='$_SERVER[HTTP_REFERER]'>ok</A>"); 
	 }
}else{
?>
<HTML>
<HEAD>
	<TITLE>
	 W1red User Login
	</TITLE>
<SCRIPT LANGUAGE="javascript">
function checkForm(){
if (document.form.email.value == ""){
alert ("Please enter an email address...");
return false;
}
if (document.form.password.value == ""){
alert ("Please enter a password...");
return false;
}
return true;
}
</SCRIPT>
</HEAD>
<BODY>
	<CENTER>
	 <TABLE>
		<TR>
		 <TD>
 
			<form name="form" method="post" action="login.php" onSubmit="return checkForm()">
			 Email Address:
		 </TD>
		 <TD>
			<input type="text" name="email" size="12" >
		 </TD>
		 <TR>
			<TD>
			 Password
			</TD>
			<TD>
			 <INPUT TYPE="password" NAME="password" size="12" MAXLENGTH="12">
			</TD>
			<TD>
			 <INPUT TYPE="submit" VALUE="submit" NAME="loginsubmit">
			</TD>
	 </TABLE>
</BODY>
</HTML>
<?
}
?>

This simply check a db for the inputed user info with relevant messages if incorrect data is inputted.

If the correct data is inputed then the session variable loggin in is set to true…meanign that all documents with the first script included should noW be accessable, a href is drawn back to the page the user was tryign to view…

This works liks a dream in IE 6 and i thought as PHP is server side that it would be browser independent…HOWEVER in firefox v1 when I log in and attempt to access the protected pages my log in form simply appears again.

Im a newbie to php and id really appreciate it if any could help as i dont know where to start!

Thanks in advance Zaid