Continued problems leading me to thinking that drinking at work should be legal....
Ok...so I am completely confused....regarding the problem I mentioned earlier...
//BEGIN AUTHENTICATION REQUIRED LINES
$allow_group = array(1,2);
//END AUTHENTICATION REQUIRED LINES
include ("../includes/ctd.php"); //database connection information
ob_start();
session_start();
// Check to see if there is a session currently set. If it does not exist, then set session variables. If it does exists, then skip setting variables and print that session already exists - use currently set variables.
if ((!isset($_SESSION['svUserName'])) || ($_SESSION['svUserName'] == "")){
// Pull data from form in
echo "No Username Session Variable.<br>";
$auth_username=$_POST['auth_username']
$auth_password=$_POST['auth_password']
// Check to see if user exists and is active
$sql = "SELECT * FROM mc_authentication WHERE username='$auth_username' AND password='$auth_password' AND status=1";
$result = mssql_query($sql) or die("Error on Select Statement.");
$num = mssql_num_rows($result);
if ($num<1) {
echo "location: incorrect_userid.php";
// header("Location: incorrect_userid.php");
} else {
$i=0;
WHILE ($i<$num) {
$id = mssql_result($result, $i,"id");
$username = mssql_result($result, $i,"username");
$password = mssql_result($result, $i,"password");
$groupname = mssql_result($result, $i,"groupname");
$status = mssql_result($result, $i,"status");
$emp_id = mssql_result($result, $i,"emp_id");
$changepw = mssql_result($result, $i, "changepw");
// Set user info for session
$_SESSION['svID'] = $id;
$_SESSION['svUserName'] = $username;
$_SESSION['svPassword'] = $password;
$_SESSION['svGroup'] = $groupname;
$_SESSION['svStatus'] = $status;
$_SESSION['svEmpID'] = $emp_id;
$i++;
}
if ($changepw == 0) {
echo "location: changepassword.php";
// header("Location: changepassword.php");
} else {
// Check to see if they are in the group allowed to view this page.
$pass_auth=0;
$count = count($allow_group);
for ($i = 0; $i < $count; $i++) {
if ($groupname==$allow_group[$i]) {
$pass_auth=1;
} else {
$pass_auth=$pass_auth;
}
}
if ($pass_auth==0) {
echo "location: fail.php";
// header("Location: fail.php");
} else {
if ($groupname==1) {
echo "location: admin.php";
// header("Location: admin.php");
} else {
echo "location: success.php";
// header("Location: success.php");
}
}
}
}
} else {
echo "Username variable.<br>";
if ($_SESSION['svGroup']==1) {
echo "location: admin.php";
// header("Location: admin.php");
} else {
echo "location: success.php";
// header("Location: success.php");
}
}
echo "ID=".$_SESSION['svID']."<br>";
echo "Username=".$_SESSION['svUserName']."<br>
echo "Password=".$_SESSION['svPassword']."<br>
echo "Group=".$_SESSION['svGroup']."<br>";
echo "Status=".$_SESSION['svStatus']."<br>";
echo "EmpID=".$_SESSION['svEmpID']."<br>";
echo "<a href=admin.php>Click here</a>";
ob_end_flush();
Now...the thing that completely baffles me is that if I have those last echo statements in that echo the session variables, everything works fine. But as soon as I remove the echo statements, it doesn't carry the session variables to the next page.
ob_start();
session_start();
// Check to see if there is a session currently set. If it does not exist, then set require login. If it does exists, then use currently set variables.
if ((!isset($_SESSION['svUserName'])) || ($_SESSION['svUserName'] == "")) {
echo "No Username Variable - check login page.";
// header("Location: ../authenticate/login.php");
} else {
// Check to see if they are in the group allowed to view this page.
echo "Username variable - check login page.";
$groupname = $_SESSION['svGroup'];
$pass_auth=0;
$count = count($allow_group);
for ($i = 0; $i < $count; $i++) {
if ($groupname==$allow_group[$i]) {
$pass_auth=1;
} else {
$pass_auth=$pass_auth;
}
}
if ($pass_auth==0) {
// header("Location: ../authenticate/fail.php");
}
ob_end_flush();
}
Can anyone explain this to me?? I have been pounding my head on my desk with this all day and cannot for the life of me figure out what I am doing wrong!