File structure:
/index.php
/source/header.php
/manager/login.php
/manager/scripts/auth.php
login.php:
<?php require ("../source/header.php"); ?>
<?php if ($_SESSION['check'] == 2) { unset($_SESSION['check']); echo "<p>Incorrect! Please try again.</p>"; } ?>
<form action="scripts/auth.php" method="post" name="login-form">
<label>Table ID</label> <br /> <input type="text" size="20" id="ID" name="ID">
<br /><br />
<label>Password</label> <br /> <input type="password" size="20" id="pass" name="pass">
<br />
<input type="submit" value="Login" id="login" name="login">
</form>
</body>
</html>
auth.php:
<?php
//Function to compare account details
-code removed-
//Store user's credentials from form
-code removed-
//Salt+hash them
-code removed-
//Connect to DB
-code removed-
//Fetch details from index table
-code removed-
//Compare two passwords
$valid = compareDetails($userPassHash, $tablePass);
if ($valid == 1) {
//Create session variable
$_SESSION['check'] = 1;
//send to home page
-code removed-
}
else {
//Incorrect details entered
$_SESSION['check'] = 2;
//refresh the page
-code removed-
}
?>
index.php:
<?php require ("source/header.php"); ?>
<?php echo session_id() . ' ' . $_SESSION['check']; ?>
</body>
</html>
So I have tried to make this work a lot. I have no idea why it isn't working. I'm pretty sure the authentication process is working because I am directed to login.php or index.php depending on the details entered - correct or incorrect. That also means session variables must be set before being redirected.
However, on correct login, after being redirected to index.php, the session variable 'check' shows nothing - it's blank.
On incorrect login, login.php is reloaded and doesn't show the 'try again' message like it should.
On the same server, I tried a simple expirement and session variables loaded fine accross two pages, which tells me I'm doing something wrong in my code. I've spent days on this but can't find what's wrong. Any help?