I'm having trouble registering the session, it always worked but then in once, it didn't. I use PHP version 5.2, read something about to change session_register(""); to $_SESSION('') = $$blabla; and so I did that, but that didn't worked either.
Here's my code:
<?
ob_start();
$host="localhost"; // Host name
$username="transrpt_transrp"; // Mysql username
$password="******************"; // Mysql password
$db_name="transrpt_transrp"; // Database name
$tbl_name="PlayerData"; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// Define $myusername and $mypassword
$myusername=$_POST['myusername'];
$mypassword= hash('whirlpool', $_POST['mypassword']);
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE Name='$myusername' and Password='$mypassword'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count!=0){
// Register $myusername, $mypassword and redirect to file "login_success.php"
$resultt = mysql_query("SELECT * FROM PlayerData WHERE Name='$myusername'");
$row = mysql_fetch_array($resultt);
$playerlevel = $row['PlayerLevel'];
$_SESSION['myusername'] = $$myusername;
$_SESSION['mypassword'] = $$mypassword;
$_SESSION['playerlevel'] = $$playerlevel;
header("location:index.php");
}
else {
echo "Wrong username or password";
}
ob_end_flush();
?>
Have you tried adding session_start(); to the beginning of your PHP file?
You have not started the session: Use session_start()
$_SESSION('') = $$blabla;
This makes no sense. It's as if you are trying to call a function, but you cannot call $_SESSION.
Further, you are using $$myusername and $$mypassword instead of $myusername and $mypassword
Why are you using stripslashes()? mysql_real_escape_string() takes care of escaping. Do you have magic_quotes enabled?
Since you do not need $result anymore, you can overwrite it with your second call to mysql_query(), you do not need $resultt.
Why do you make the second query at all? You have already fetched the appropriate row from PlayerData.
You do not seem to require output buffering. Why is it you have ob_start() and ob_end_flush()?
Use session_start() on the top of your script