Problem with User Authentication since php5

Session variables are working.
The logon is also working.

For the user logon i use the following script.
<?php
// *** Validate request to login to this site.
session_start();

$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($accesscheck)) {
$GLOBALS['PrevUrl'] = $accesscheck;
session_register('PrevUrl');
}

if (isset($_POST['username'])) {
$loginUsername=$_POST['username'];
$password=md5($_POST['kennwort']);
$MM_fldUserAuthorization = "";
$MM_redirectLoginSuccess = "index2.php";
$MM_redirectLoginFailed = "index.php";
$MM_redirecttoReferrer = false;
mysql_select_db($database_hlw_intern, $hlw_intern);

$LoginRS__query=sprintf("SELECT user_login, user_pass FROM user WHERE user_login='%s' AND user_pass='%s'",
get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc() ? $password : addslashes($password));

$LoginRS = mysql_query($LoginRS__query, $hlw_intern) or die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
if ($loginFoundUser) {
$loginStrGroup = "";

//declare two session variables and assign them
$GLOBALS['MM_Username'] = $loginUsername;
$GLOBALS['MM_UserGroup'] = $loginStrGroup;

//register the session variables
session_register("MM_Username");
session_register("MM_UserGroup");

if (isset($_SESSION['PrevUrl']) && false) {
$MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
}
header("Location: " . $MM_redirectLoginSuccess );
}
else {
header("Location: ". $MM_redirectLoginFailed );
}
}
?>

For the restricted access on the folowing page i use this script (both created by Dreamweaver).
<?php
session_start();
$MM_authorizedUsers = "";
$MM_donotCheckaccess = "true";

// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) {
// For security, start by assuming the visitor is NOT authorized.
$isValid = False;

// When a visitor has logged into this site, the Session variable MM_Username set equal to their username.
// Therefore, we know that a user is NOT logged in if that Session variable is blank.
if (!empty($UserName)) {
// Besides being logged in, you may restrict access to only certain users based on an ID established when they login.
// Parse the strings into arrays.
$arrUsers = Explode(",", $strUsers);
$arrGroups = Explode(",", $strGroups);
if (in_array($UserName, $arrUsers)) {
$isValid = true;
}
// Or, you may restrict access to only certain users based on their username.
if (in_array($UserGroup, $arrGroups)) {
$isValid = true;
}
if (($strUsers == "") && true) {
$isValid = true;
}
}
return $isValid;
}

$MM_restrictGoTo = "index.php";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {
$MM_qsChar = "?";
$MM_referrer = $_SERVER['PHP_SELF'];
if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0)
$MM_referrer .= "?" . $QUERY_STRING;
$MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
header("Location: ". $MM_restrictGoTo);
exit;
}
?>

Thank you for your help.

Have you verified that session variables are working since you upgraded to
PHP 5?

Its worth doing a simple test, and setting one on one page, and reading it
back on another.

If sessions aren't working, you could still log in as the username and
password are correct, but you`ll get the problem you describe.


--
Gareth
http://www.phploginsuite.co.uk/
PHP Login Suite V2 - 34 Server Behaviors to build a complete Login system.

On Sat, 20 Jan 2007 16:30:26 +0000 (UTC), "bigjames122"
<webforumsuser@macromedia.com> wrote:

>Hello,
> since i use php 5.1.6 the code for the user authentication doesn't work.
> I can lon on, but if the next side uses restricted acces, the webserver
>redirects me to the first page?
> Is there an update to install (DW MX 2004?

Can we see your php code for the login and restricted pages?
--
Steve
steve at flyingtigerwebdesign dot com