lwmiller

Thanks Dan, That worked, now it takes me to the login page. But now when I try to return to the login page, it still prompts me to login, instead of passing me to the login_success.php. Would that be due to the fact that I have session_start(); in the login.php? Should it be someplace else? Thanks

And I put die(); after my headers, I was not aware that was necessary or even an option. Leonard

Hi ManiacDan, I realized I forgot the tags after I posted it, thanks for pointing that out.Actually no, I just realized that I forgot to change the link in the index.html that takes me to the login.php. So now that problem is that once I click the link for login.php, it automatically takes me to login_success.php. So it thinks $_SESSION["autorized"] is true, even if is hasn't been set yet, which it would in login.php. Thanks for your help, Leonard

Hi, I am writing some code to check logins to a mySQL database(WANIP) of remotes sites against usernames in wanipusers database. I have the login.php checking to see if there is a valid session, if not they are prompted to login, if there is a valid session, they are passed to login_success.php. Below is my login.php and the checklogin.php that checks for a valid session and the usernames against the wanipusers database. The login_success.php just gives them a choice to either update the database or add a new site. Currently, once they hit login.php, they are automatically sent to checklogin.php and the incorrect username message is displayed, once they click the return link to enter proper credentials, they are automatically sent to login_success.php, and that's not the way it's supposed to work. Any help would be appreciated, Thanks, Leonard **** login.php <?php session_start(); // Set timeout and kill session if necessary $inactive = 600; if (isset($_SESSION["timeout"])) { // calculate sessions TTL $sessionTTL = time() - $_SESSION["timeout"]; if ($sessionTTL > $inactive) { session_destroy(); header("Location: logout.php"); } } echo "<title>WANIP Login</title>"; if ($_SESSION["authorized"] = true) { header( 'Location: login_success.php' ) ; } else { $_SESSION["authorized"] = false; echo "<table width=300 border=0 align=center cellpadding=0 cellspacing=1 bgcolor=#CCCCCC><tr><form method=post action=checklogin.php><td><table width=100% border=0 cellpadding=3 cellspacing=1 bgcolor=#FFFFFF>"; echo "<tr>"; echo "<td colspan=3><strong>Login </strong></td></tr>"; echo "<tr><td width=78>Username</td><td width=6>:</td><td width=294><input name=myusername type=text id=myusername></td></tr><tr><td>Password</td><td>:</td><td><input name=mypassword type=password id=mypassword></td></tr><tr><td> </td><td> </td><td><input type=submit value=Login></td></tr></table></td></form></tr></table>"; echo "</center>"; echo "<center><a href=index.html>Return</a>"; } ?> **** checklogin.php <?php // Connect to server and select databse. mysql_connect("localhost", "user", "password")or die("cannot connect"); mysql_select_db("wanipusers")or die("cannot select DB"); // Define $myusername and $mypassword $username=$_POST['myusername']; $password=$_POST['mypassword']; echo "$username - $password"; // To protect MySQL injection (more detail about MySQL injection) $username = stripslashes($username); $password = stripslashes($password); $username = mysql_real_escape_string($username); $password = mysql_real_escape_string($password); $sql="SELECT * FROM users WHERE username='$username' and password='$password'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $username and $password, table row must be 1 row if($count==1){ // Register $username, $password and redirect to file "login_success.php" session_register("username"); session_register("password"); header("location:login_success.php"); $_SESSION["authorized"] = true; } else { echo "<center>Incorrect Username and/or Password</center>"; echo "<center><a href=login.php>Return</a> and enter proper credetials</center>"; } ?>