User authentication using session variable

[manton]

Hello,
I use Dreamweaver.
I have a login form (methodost) which works fine.
But, when I add a session variable in order to keep the user logged in, the session does not work. I figure it out because i see no user data on the URL.
Changing the form method from post to get, seems to work (I mean userdata are on the URL), but in this case the form action (opening another page) is not performed.

I know this is a noob question but I would really appreciate any kind of help.
Thanks

[Kokos]

Hey manton,
sessions and form method's are a big difference.
The form method GET is used for stuff in the url, mainly used for sites that you wanna link to. Like: showthread.php?t=475198
The form method POST also works but it doesn't show in the url.
To help you with your problem I'll have to see your code though.

[manton]

You mean that the post method works although that I cannot see it?
My code is this

Code:

<?php require_once('../Connections/palso.php'); ?>
<?php
mysql_select_db($database_palso, $palso);
$query_Recordset1 = "SELECT * FROM accs";
$Recordset1 = mysql_query($query_Recordset1, $palso) or die(mysql_error());
$row_Recordset1 = mysql_fetch_assoc($Recordset1);
$totalRows_Recordset1 = mysql_num_rows($Recordset1);
?><?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
  session_start();
}

$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
  $_SESSION['PrevUrl'] = $_GET['accesscheck'];
}

if (isset($_POST['user'])) {
  $loginUsername=$_POST['user'];
  $password=$_POST['pass'];
  $MM_fldUserAuthorization = "";
  $MM_redirectLoginSuccess = "list.php";
  $MM_redirectLoginFailed = "login_failed.php";
  $MM_redirecttoReferrer = false;
  mysql_select_db($database_palso, $palso);
  
  $LoginRS__query=sprintf("SELECT user, pass FROM accs WHERE user='&#37;s' AND pass='%s'",
    get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc() ? $password : addslashes($password)); 
   
  $LoginRS = mysql_query($LoginRS__query, $palso) or die(mysql_error());
  $loginFoundUser = mysql_num_rows($LoginRS);
  if ($loginFoundUser) {
     $loginStrGroup = "";
    
    //declare two session variables and assign them
    $_SESSION['MM_Username'] = $loginUsername;
    $_SESSION['MM_UserGroup'] = $loginStrGroup;	      

    if (isset($_SESSION['PrevUrl']) && false) {
      $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];	
    }
    header("Location: " . $MM_redirectLoginSuccess );
  }
  else {
    header("Location: ". $MM_redirectLoginFailed );
  }
}
?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1253" />
<title>Untitled Document</title>
<link href="styles.css" type="text/css" rel="stylesheet" />
</head> 

<body>
<div id="container">
<div id="form">
<form action="<?php echo $loginFormAction; ?>" method="post" name="form_login" id="form_login">
<fieldset>
<legend>
Περιοχή μελών</legend>
<label>
Όνομα χρήστη<br />
<input name="user" type="text" id="username" value="<?php echo $_SESSION['user']; ?>" />
</label>
<br />
<label>
Κωδικός πρόσβασης<br />
<input name="pass" type="password" id="pass" />
</label>

<br />

<input name="Submit" type="submit" value="Είσοδος" />
</fieldset>
</form>

</div>

<p>&nbsp;</p>
</div>
</body>
</html>
<?php
mysql_free_result($Recordset1);
?>

Providing the correct username and psw it opens the form action page. I wonder, is the userdata passed to it?
How can I achieve user to stay logged in until the session expires?
Where do I go from here?

Thanks for your concern

[manton]

I guess ive been thinking wrong. Probably, the session variable works by saving the userdata (login) directly on the server rather than passing them from one page to another via the url, huh?

[voodoomagic]

yes it does.

a session is a file stored on the server which stores whatever data you add to the $_SESSION super global. Post data is data from a form that is sent in the request header, and accessible by $_POST super global.

So if you session_start()

and then $_SESSION['auth'] = whatever;

then the next page you session_start() again, then $_SESSION['auth'] will be a set variable, and will equal whatever.