PHP and MYSQL sessions

Question

<?php
require_once 'includes/config.php';
// username and password sent from form 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword']; 

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE name='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){

// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword"); 
header("location:login_success.php");
}
$guest=1;
isset($_SESSION){
$guest=0;
}
else {
echo "Wrong Username or Password";
}?>

I have this code, but i don't know how to make an integer like... $guest or something like this, if $guest==1, the user is a guest else if $guest==0 the user is a logged member. I've tried with isset but i failed, can someone help me?

Answer 1

try this :

if( $_SESSION['myusername'] != null && $_SESSION['myusername'] != "")
{
$guest=0;
}

and so on...

Answer 2

You have Several problems in your code

1. You should stop using mysql_* function and start using mysqli_* functions or PDO
2. When ever you are going to use SESSIONS you need to call session_start() before using sessions
3. session_register() is deprecated
4. You cannot use simply $_SESSION. Write code like this

change this part

if($count==1){

// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword"); 
header("location:login_success.php");
}
$guest=1;
isset($_SESSION){
$guest=0;
}
else {
echo "Wrong Username or Password";
}

to

if($count==1){
session_start();
$_SESSION['myusername'] = $_POST['myusername'];
$guest=1;
if($_SESSION['myusername'] == "" )
{
$guest = 0
}
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}