Get "Array()" when I login.

[unstable_nes]

This is the site:

http://www.protaxlink.com/login.php

user: john@doe.com pass: 123456789

I cant login. I read somewhere that I have an empty array, but dont know where.


Login Page:

Code:

<?php
require('config.php');//for db connectivity
$message= $_GET['message'];
//hey file, look at url, is there a var called 'message'? if yes, grab it.
if (!isset($_SESSION)){
	session_start();
	//if session hasnt started-start one.
	//if we are already in session-resume it.
}//end if

if (isset($_POST['user_email'])) {
	//was the form submitted? time to process!
	$user_email=$_POST['user_email'];
	$user_password=$_POST['user_password'];
	//grab what the user filled in the boxes
mysql_select_db($database, $makeconnection);
//establish connection with db

$Login_query="Select user_email, user_password 
From user_tbl
Where user_email='$user_email'
AND user_password='$user_password'";
//bring me email+password of any row that matches this email+password. we expect 0 rows or 1

$LoginRS = mysql_query($Login_query, $makeconnection);
//press send

$loginFoundUser = mysql_num_rows($LoginRS);
//count the rows found

if ($loginFoundUser>0){
	//was a match found? at least 1? GOOOD! let him in.
$_SESSION['session_user_email'] = $user_email;
$_SESSION['session_user_password'] = $user_password;
//into the sessin array, push his email+password
$_SESSION['session_start'] = time();
//push into the array the time logged in.
header("Location: free-trial.php");
//take user to the restricted page
}else{
	header("Location: login.php?message=loginfailed");
	//reload this page with error message
}//end of else
}//end of isset post email
?>

Free-Trail Page (this is where user should go after login)

Code:

<?php
session_start(); print_r($_SESSION); 
$now=time();//grab the time now
//if (!isset($_SESSION)) {
	session_start();//start a session or resume one.
//}
if (!isset($_SESSION['session_user_email']) || 
$now - $_SESSION['session_start']>60*60){	//if there isnt in the session an item called 'session_user_email' that means the user didnt come from login. OR if the login time is older than _______
///////////////////////////////////////////////////////////
////////// code for setting a timeout in session //////////
////	if (!isset($_SESSION['session_user_email']) || ////
//// $now - $_SESSION['session_start']>30){ ///////////////
////////// code for setting a timeout in session //////////
///////////////////////////////////////////////////////////
	header('Location:login.php');
	//kick them out of here, send to login
	exit;//stop rendering this page
}//end of if
?>

I added ---->> session_start(); print_r($_SESSION); to see what the problem was, but I'm confused... I don't understand where the problem is. Need help.

[ZeratulsDomain]

1# On your first page you are passing the username and password right into a query. Even with sql safe quotes enabled in php ini I still would not do that (sql injection protection)
2# You only need to call "session_start();" once per page.
3# Why not echo out some debug code on your second page? For example if login works, you echo out 'logged in', then add an else for 'not logged in'. Personally id auto redirect to login page if session is not set, but if session time is expired id give the user a timeout error. That will help tell you more as a programmer whats going on, but it also makes more sense based on a users perspective.

[unstable_nes]

Thanks for your response!

I appreciate your help and feedback. I got it to work..

[unstable_nes]

Spoke too soon. I get a login if I put the "else" the session time, but then it doesn't logout.