Steps needed to have a working session.

[u214]

Hello guys. I'm in need of help. I want to know who to make a full working session.

 

 

When a player logs in, the session starts. There will be a new button "My Page", he can go there at any time. When he logs off, that button disappears ( Session over ). I'm so bad at explaining stuff. Hope y'all really understood me.

 

This piece of code is used to log the user in:

<?php
session_start();
include("config.php");
if(isset($_SESSION["Username"]))
{
	$user = $_SESSION["Username"];
	$pass = md5($_SESSION["Password"]);
}
else
{
	$user = $_POST["User"];
	$pass = md5($_POST["Password"]);
	$_SESSION['Username'] = $user;
	$_SESSION['Password'] = $pass;

	$escuser = mysql_real_escape_string($user);
	$escpass = mysql_real_escape_string($pass);
}

$result = mysql_query("SELECT * FROM playerinfo WHERE user = '$escuser'");
$num_rows = mysql_num_rows($result);
if($num_rows == 0)
{
	echo('That username does not exist...');
	echo '<a href="http://yu-ki-ko.com/fsns/"">  Go back!</a>';
	unset($_SESSION['Username']);
	unset($_SESSION['Password']);
	die;
}

$row = mysql_fetch_row($result);
if($row[1] !== $escpass)
{
	echo('Wrong Password!...');
	echo '<a href="http://yu-ki-ko.com/fsns/"">  Go Back!</a>';
	unset($_SESSION['Username']);
	unset($_SESSION['Password']);
	die;
}
?>

Not sure if its working properly or not. I'm stuck at that part.

[trq]

Not sure if its working properly or not. I'm stuck at that part.

 

If your unsure of this then what exactly do you want help with?

[spiderwell]

i think what you want is this:

mypage.php is only viewable when logged in.

 

so on that page have the session start, check if the session holds the username and/or hashed password. personally i would suggest just the presence of username in the session is enough to 'pass the test'. if that is found let the page execute, else unset/kill the session and redirect away back to the login