devtech2015

I have this login page using sessions but when I provide the correct username and password, am just re-directed to the same login page but if the credentials are wrong, am issued with a warning. When i check the logged data in the database on provision of correct username and password, a blank username is logged as logged in at that time. I need your help. here is my code. // login.php <?php session_start(); include("config.php"); $error = ""; if($_SERVER["REQUEST_METHOD"] == "POST") { // username and password sent from form $myusername=addslashes($_POST['username']); $mypassword=addslashes($_POST['password']); $error="<h3><strong>Your Login Name or Password is invalid</h3></strong>"; $sql="SELECT uid FROM users WHERE username='$myusername' and password='$mypassword'"; $result=mysql_query($sql); $row=mysql_fetch_array($result); $active=$row['active']; //if( isset($_SESSION[$myusername]) ) $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1) { if( isset($_SESSION[$myusername]) ) //session_register("myusername"); //$_SESSION['login_user']=$myusername; $_SESSION['login_user']= $_POST['username']; header("location: welcome.php"); } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Login Page</title> <style type="text/css"> @import url("../../../Users/devtech/Documents/Unnamed Site 1/CSS/colors5.css"); body { font-family:Arial, Helvetica, sans-serif; font-size:14px; background-image: url(); background-color: #FFFFFF; background-repeat: repeat-x; } label { font-weight:bold; width:100px; font-size:14px; font-family: "Times New Roman", Times, serif; text-decoration: none; } .box { border:#666666 solid 1px; } body,td,th { color: #0000FF; font-weight: bold; background-color: #FFFFCC; line-height: normal; text-transform: capitalize; font-family: "Times New Roman", Times, serif; background-attachment: scroll; background-position: left bottom; text-decoration: overline; } </style> </head> <p align="center"> </p> <body> <img src="images/COMVOO Logo.jpg" width="194" height="156"/> <div align="center"> <div align="left" style="width:300px; border: solid 1px #333333; "> <div style="background-color:#333333; color:#FFFFFF; padding:3px;"><em><strong>COMVOO LOGIN</strong></em></div> <div style="margin:30px"> <form action="" method="post"> <label>UserName :</label> <input type="text" name="username" class="box"/> <br /> <br /> <label>Password :</label> <input type="password" name="password" class="box" /> <br/> <br /> <input type="submit" value=" Submit "/> <br /> </form> <div style="font-size:11px; color:#cc0000; margin-top:30px"><?php echo $error; ?></div> </div> </div> </div> </div> </body> </html> //// lock.php <?php session_start(); include('config.php'); // $inactive = 299; // set timeout period in seconds // $user_check=$_SESSION['login_user']; $ses_sql=mysql_query("select username from users where username='$user_check' "); $row=mysql_fetch_array($ses_sql); $login_session=$row['username']; if(!isset($login_session)) { header("Location:login.php"); } /////////////////////////////////// else if (isset($_SESSION['timeout'])) { $session_life = time() - $_SESSION['timeout']; if ($session_life > $inactive) { session_destroy(); header("Location: logout.php"); //header("Location: login.php"); } } $_SESSION['timeout'] = time(); /////////////////////////////////// ?> /////////// welcome.php <?php //include('lock.php'); //include("config.php"); require_once("config.php"); require_once("lock.php"); ?> <?php $login="INSERT INTO logaudit (eventid, username, event, eventdate) VALUES ('', '$login_session', 'logged in', NOW())"; $sql2=mysql_query($login); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Welcome </title> <style type="text/css"> <!-- body { background-color: #FFFFCC; background-image: url(); background-repeat: no-repeat; } --> </style></head> <?php $url=$_SERVER['REQUEST_URI']; header("Refresh: 300; URL=$url"); ?> lock.php