[Bestford]

Hello guys,

Basically I want to show alternative links for the user to click on,

- so when the user is logged in the menu will show only the logout menu bar
- when they aren't logged in it will show the login link which pulls down a login form

this is basically what i have so far

(inside the menu div I print this:

<?php 
if ($_SESSION["loggedIn"] === true) { 
echo "<li> <a href=\"logout.php\">logout</a></li>";
} else if ($_SESSION["loggedIn"] === false) {
echo'<li class="dropdown" id="menu1">
<a class="dropdown-toggle" data-toggle="dropdown" href="#menu1">Login<b class="caret"></b>
	</a>
<div class="dropdown-menu">

<form style="margin: 0px" accept-charset="UTF-8" action="checklogin.php" method="post">
<div style="margin:0;padding:0;display:inline">
<input name="utf8" type="hidden" value="&#x2713;" /><input name="authenticity_token" type="hidden" value="4L/A2ZMYkhTD3IiNDMTuB/fhPRvyCNGEsaZocUUpw40=" /></div>
	<fieldset class=\'textbox\' style="padding:10px">
	<input style="margin-top: 8px" name="username" type="text" placeholder="Username" />
	<input style="margin-top: 8px" name="password" type="password" placeholder="Passsword" />
	<input class="btn-primary" name="commit" type="submit" value="Log In" />
	</fieldset>
	</form>
	</div>
	</li>'; 
}
	?>

then to check the login i use this

session_start(); // Start a new session
require('includes/db.inc.php'); // Holds all of our database connection information
function sanitize($data) {
	return htmlentities(strip_tags(mysql_real_escape_string($data)));
}
// Get the data passed from the form
$username = sanitize($_POST['username']);
$password = sanitize($_POST['password']);

// Do some basic sanitizing
$username = sanitize($username);
$password = sanitize($password);

$sql = "select * from users3 where username = '$username' and password = '$password'";
$result = mysql_query($sql) or die ( mysql_error() );

$count = 0;

$count = mysql_num_rows($result);


if ($count == 1) {
	 $_SESSION['loggedIn'] === true;
	 header("Location: index.php"); // This is wherever you want to redirect the user to
} else {
	 $_SESSION['loggedIn'] === false;
	 header("Location: index.php"); // Wherever you want the user to go when they fail the login
}

any help would be great

Regards
Bestford

[Atli]

You are setting the session values incorrectly. To set a variable you use a single equal sign operator. To compare variables you use either the two (loose) or three (strict) equal sign operators.

Also that sanitize function is both misleading and it's being incorrectly applied. It treats the value as if it is meant both for a mysql query and HTML output. You should only really be doing one at a time, in this case for the mysql query. You are also applying the function twice to the username and password inputs, which could easily corrupt them.