Login Help

[carleihar]

 

login.php:

<?php
session_start();

//Login form (login.php)

include "../includes/db_connect.inc.php";
if(!$_POST['submit'])
{
?>
<html>
<b><Login</b>
<form method="post" action="user_home.php">
Username<input type="text" name="username" maxlength="16">
Password<input type="password" name="password" maxlength="16">
<input type="submit" name="submit" value="Login">
</form>
<a href="register.php">Register Here</a>
</html>

<?php
}
else
{
  $user = mysql_real_escape_string($_POST['username']);
  $pass = mysql_real_escape_string($_POST['password']);

if($user && $pass)
{
$pass = md5($pass); //compare the encrypted password
$sql="SELECT user_id,username FROM `users` WHERE `username`='$user' AND `password`='$pass'";
$query=mysql_query($sql) or die(mysql_error());

    if(mysql_num_rows($query) == 1)
    {
      $row = mysql_fetch_assoc($query); // mysql_fetch_assoc gets the value for each field in the row
      $_SESSION['user_id'] = $row['user_id']; //creates the first session var
      $_SESSION['username'] = $row['username']; // second session var
	  header ('Location: http://liveequian.com/htdocs/pages/user_home.php');

    }
    else
   {
    echo "Username is incorrect.";
    }	
}
else
{			
    echo "Please enter your username and password.";
}
}
?>

 

 

user_home.php:

<?php 
session_start();
//home.php
if($_SESSION['user_id'])
{
echo "Welcome ",$_SESSION['username'] ;
echo '<a href="logout.php">Logout</a>' ;
}
else
{
echo "You don't belong here!";
}
?>

 

 

I'm getting to user_home.php, but it's reporting "You don't belong here!" Help?

 

The columns in my SQL database are user_id, username, password.

[PFMaBiSmAd]

The target of your login form is action="user_home.php"

 

It goes to user_home.php directly without passing through the login code that checks the user/password that is in login.php.