Simple Security Script not working

[kjdaven]

Here is a snippet of my code. If you need more I will post more, but i think the problem lies here and i just can't figure it out.

 

<?php

session_start();

 

function logged_in() {

return isset($_SESSION['user_id']);

}

 

function confirm_logged_in() {

if (!logged_in()) {

header("Locations: login.php");

}

}

?>

<?php

require("constants.php");

 

// 1. Create a database connection

$connection = mysql_connect(DB_SERVER,DB_USER,DB_PASS);

if (!$connection) {

die("Database connection failed: " . mysql_error());

}

 

// 2. Select a database to use

$db_select = mysql_select_db(DB_NAME,$connection);

if (!$db_select) {

die("Database selection failed: " . mysql_error());

}

?>

<?php confirm_logged_in(); ?>

 

basically, the user still gains access to this page even if they haven't logged in. When they log in the script stores their session user_id and username.

 

So i figured I could just check to see if it exists and if the user_id doesn't exist they are redirected to the login page.

 

Any advice?

[premiso]

header("Locations: login.php");

 

It should be Location  and not Locations.

 

header("Location: login.php");

[kjdaven]

If that is the case, which i will try, why doesn't it pop an error instead of just allowing the user to proceed to the page?

[kjdaven]

alright well that worked. thx. i guess since it was in a string thats why it didn't pop an error.