Homer:
I rewrote your studentlogin.php
just change your php code for this one, if you modify the code in Dreamweaver, the help is gone.
this code is different from the one in Dreamweaver.
<?php
session_start();
?>
<?php require_once('Connections/Test.php'); ?>
<?php
$myLogin = "0";
if (isset($HTTP_POST_VARS['username'])) {
$myLogin = (get_magic_quotes_gpc()) ? $HTTP_POST_VARS['username'] : addslashes($HTTP_POST_VARS['username']);
}
$myPasswordLogin = "0";
if (isset($HTTP_POST_VARS['username'])) {
$myPasswordLogin = (get_magic_quotes_gpc()) ? $HTTP_POST_VARS['username'] : addslashes($HTTP_POST_VARS['username']);
}
mysql_select_db($database_Test, $Test);
$query_Login = sprintf("SELECT username, password FROM users WHERE username = '%s' AND password = '%s'", $myLogin,$myPasswordLogin);
$Login = mysql_query($query_Login, $Test) or die(mysql_error());
$row_Login = mysql_fetch_assoc($Login);
$Rows_Login = mysql_num_rows($Login);
if($HTTP_POST_VARS['action']=="login"){
if($Rows_Login==0){
$errorMessage = "Please verify your ID and password";
} else {
//set session variable
session_register("yourvar");
$HTTP_SESSION_VARS['yourvar'] = $HTTP_POST_VARS['username'];
header("Location: userpage.php");
}
}
mysql_free_result($Login);
?>
You can have as many session variables as you want as i did above (yourvar).
Please note the error message that is sending you if you are not the one.
Heres the code for your userpage.php
<?php require_once('Connections/Test.php'); ?>
<?php
// ***
// Just put this piece of code on every page you want to protect
// ***
session_start();
if(!isset($HTTP_SESSION_VARS['yourvar'])){
header("Location: fail.php");
}
?>
<?php
$colname_Recordset1 = "1";
if (isset($HTTP_SESSION_VARS['yourvar'])) {
$colname_Recordset1 = (get_magic_quotes_gpc()) ? $HTTP_SESSION_VARS['yourvar'] : addslashes($HTTP_SESSION_VARS['yourvar']);
}
mysql_select_db($database_Test, $Test);
$query_Recordset1 = sprintf("SELECT username, `state` FROM users WHERE username = '%s'", $colname_Recordset1);
$Recordset1 = mysql_query($query_Recordset1, $c3) or die(mysql_error());
$row_Recordset1 = mysql_fetch_assoc($Recordset1);
$totalRows_Recordset1 = mysql_num_rows($Recordset1);
?>