Session Problems..

[zscott]

Hello,I wrote a simple script to take care of a bunch of processes, in order to register a member for this website.I'm having a problem however parsing the $_SESSION['username'] from who is logged into the website.For some reason, i'm getting the username for the database that I connect with; I am using variables to connect, but not the same ones.Would there be any confusion as to who is logged into the page, and what is going on with the post variables? I wouldn't think so..Maybe I'm doing something wrong.. here is the code:

<?php// connect.php is just:/*<?php// set up the connection information$host="localhost"; // Host name$mysqluser="domain_user"; // Mysql username$mysqlpass="password"; // Mysql password$db_name="domain_db"; // Database name// connect yo!$con = mysql_connect("$host","$mysqluser","$mysqlpass");if (!$con)  {  die('Could not connect: ' . mysql_error());  }mysql_select_db("$db_name", $con);?>*/include('connect.php'); // Define $myusername and $mypassword $username=$_POST['username']; $password=$_POST['password']; $email=$_POST['email'];  $encrypted_password=md5($password);$sql="INSERT INTO members (username, password, email)VALUES('$username','$encrypted_password','$email')";if (!mysql_query($sql,$con))  {  die('Error: ' . mysql_error());  }mysql_close($con);// CREATE FOLDERmkdir("../../files/".$username); // Create History Footprintinclude('connect.php');// set date$addate = date('Y-m-d H-i-s');// Make Description$description = "Added a new member to the client login";// set usersession_start();$user = $_SESSION['username'];$sql='INSERT INTO history (date, madeby, description) VALUES ("'.$addate.'", "'.$user.'", "'.$description.'")';if (!mysql_query($sql,$con))   {	die('Error: ' . mysql_error());	}	mysql_close($con);// SEND EMAIL NOTIFY$message = "Dear client,\n\nThe following is your login information for the website, please do not give this information to anyone you do not trust. We will never ask you for your login information.\nUsername: $username\nPassword: $password\n\nThank you";$from = "From: $email\r\n";$from2= "From: Info@WebSite.com";// send that shiz!mail($from, "Subject", $message, $from2);?><html><head><meta http-equiv="REFRESH" content="1;URL=../index.php"></head><body><p>User Added</p></body></html>

[justsomeguy]

There's no reason that variables from $_POST or $_SESSION would overwrite what you have unless the autoregister_globals config option is set. That options takes a variable like $_POST['username'] and creates a variable called $username automatically. But it's always best to disable that (for reasons like this). But, if the variable names are different, then that should not be the reason.But I do notice that you never set the session variable. Where are you setting that, and how? If you are using a predefined variable from $_SERVER, that username variable corresponds to the user account on the server that PHP is running on, which would probably be the same account that you use to log into mysql.