plonyahu

Ok, I changed the files just a bit since my login page was html and I couldn't add start_session at the top of the login page...Now when I click on submit I get to the membersarea page even if the username and password isn't correct. Also, I can still manually reach the membersarea page. There is no end to my confusion lol. This is the code at the top of my login.php page that contains the login html code after it <?php session_start(); if ($_SESSION["authorized"] = true) { header("Location: membersarea.php"); } else { header("Location: login.php"); } ?> This is my login and connect code <?php session_start(); $connection = mysql_connect('localhost', 'root', 'hp44kw5'); if (!$connection){ die("Database Connection Failed" . mysql_error()); } $select_db = mysql_select_db('login'); if (!$select_db){ die("Database Selection Failed" . mysql_error()); } if (isset($_POST['username']) and isset($_POST['password'])){ $username = $_POST['username']; $password = $_POST['password']; $username = stripslashes($username); $password = stripslashes($password); $username = mysql_real_escape_string($username); $password = mysql_real_escape_string($password); $query = mysql_query("select * from members where password='$password' AND username='$username'", $connection); $result=mysql_query($sql); $count=mysql_num_rows($result); if($count==1){ $_SESSION["authorized"] = true; header("location:membersarea.php"); } else header ("Location: login.php"); } ?> And this is what is at the top of the membersarea.php page <?php session_start(); if ($_SESSION["authorized"] = true) { } else { header("Location: login.php"); } ?> I appreciate your help.

Sorry, I didn't paste that. Now the login is sending me back to login.html and I can still manually visit the membersarea.html login,php <?php session_start(); $connection = mysql_connect('localhost', 'root', 'hp44kw5'); if (!$connection){ die("Database Connection Failed" . mysql_error()); } $select_db = mysql_select_db('login'); if (!$select_db){ die("Database Selection Failed" . mysql_error()); } if (isset($_POST['username']) and isset($_POST['password'])){ $username = $_POST['username']; $password = $_POST['password']; $username = stripslashes($username); $password = stripslashes($password); $username = mysql_real_escape_string($username); $password = mysql_real_escape_string($password); $query = mysql_query("select * from members where password='$password' AND username='$username'", $connection); $result=mysql_query($sql); $count=mysql_num_rows($result); if($count==0){ $_SESSION["authorized"] = true; header("location:membersarea.php"); } else header ("Location: login.html"); } ?> membersarea.php <?php session_start(); if ($_SESSION["authorized"] = true) { } else { header("Location: login.html"); } ?>

Thank you, the login works again now. For some reason I had to also change this if($count==0), However, even with session_start() at the top of the other pages I can still access the pages without logging in. What else can I do? login,php <?php $connection = mysql_connect('localhost', 'root', 'hp44kw5'); if (!$connection){ die("Database Connection Failed" . mysql_error()); } $select_db = mysql_select_db('login'); if (!$select_db){ die("Database Selection Failed" . mysql_error()); } if (isset($_POST['username']) and isset($_POST['password'])){ $username = $_POST['username']; $password = $_POST['password']; $username = stripslashes($username); $password = stripslashes($password); $username = mysql_real_escape_string($username); $password = mysql_real_escape_string($password); $query = mysql_query("select * from members where password='$password' AND username='$username'", $connection); $result=mysql_query($sql); $count=mysql_num_rows($result); if($count==0){ $_SESSION["authorized"] = true; header("location:membersarea.php"); } else header ("Location: login.html"); } ?> membersarea.php <?php session_start(); if ($_SESSION["authorized"] = true) { } else { header("Location: login.html"); } ?>

Hi, I've been going out of my mid for almost a week now trying to figure out how to make this work... I want multiple users to have their own individual usernames and passwords and be able to log in and view certain pages that non-registered guests can't see. I've set up my databases and usernames and passwords. I've actually gotten my login code to work now and then, but in trying to get sessions to work and not allow just anyone to manually type in the addresses of certain pages I've managed to mess that up and it doesn't work now either. I've been to MANY different sites and used examples but just can't get the login to work properly nor figure out how to get the sessions to check for a logged in user. My code so far...I've taken out my real password login,php <?php $connection = mysql_connect('localhost', 'root', 'mypassword'); if (!$connection){ die("Database Connection Failed" . mysql_error()); } $select_db = mysql_select_db('login'); if (!$select_db){ die("Database Selection Failed" . mysql_error()); } if (isset($_POST['username']) and isset($_POST['password'])){ $username = $_POST['username']; $password = $_POST['password']; $username = stripslashes($username); $password = stripslashes($password); $username = mysql_real_escape_string($username); $password = mysql_real_escape_string($password); $query = mysql_query("select * from members where password='$password' AND username='$username'", $connection); $result=mysql_query($sql); $count=mysql_num_rows($result); if($count==1){ session_register("username"); session_register("password"); $_SESSION["authorized"] = true; header("location:membersarea.php"); } else header ("Location: login.html"); } ?> And this is what I put at the top of each secured page... membersarea.php <?php session_start(); if ($_SESSION["authorized"] = true) { } else { header("Location: login.html"); } ?> Thanks in advance!