[SOLVED] session problem

[mike12255]

Im making a sort of admin protected area on my site so after the user enters the info and clicks submit it runs this code:

 

<?php
include("Connect.php");

if(isset($_POST['submit'])){
$name = $_POST['name'];

$pass = md5($_POST['password']);


$sql = "SELECT * FROM accounts WHERE username = '$name' AND password = '$pass'";
$result = mysql_query($sql);
$row = mysql_num_rows($result);

if ($row > 0){
$_SESSION['user'] = $name;
header("Location: index.php");

}else{
header("Location: login.php");
}
}

?>

 

that runs fine and i get directed to the index.php page. When i click on one of the links to go to another page though it sends me back to the login page and acts as if there was no session. The code on these pages is:

 

<?php

session_start();
if (!$_SESSION['user']){
header("Location: login.php");
}
?>

 

anyone know why my users can login but not view the protected pages?

[Daniel0]

Because when setting $_SESSION['user'] = $user, the variable $user is never defined thus it'll always evaluate to FALSE.

 

Also, please take a look at this function (though it is unrelated to this particular problem): mysql_real_escape_string

[mike12255]

i noticed the user issue before you replied actually, if you looks its been updated to an already declared variable.

 

and I want to get my page working before i worry about protecting it.

 

any idea on why it still dosnt work?

[Daniel0]

You also need to call session_start() on the login page.

[mike12255]

heh, can't belive i missed that. Thanks mate