Log-in if statements

[HDFilmMaker2112]

The below is constantly loading the password page no matter what is enter in the password input on the form (on another page). I have checked the $login variable by echoing it and it is carrying the value from the field.

 

<?php
$off="yes";
$login=$_POST['login'];
if($off=="yes" && (!isset($_SESSION['login']) || $_SESSION['login']!="pass")){
    if($login=="" || $_SESSION['login']!="pass"){
    header('Location: ./index2.html');
    exit();
    }
    elseif(!isset($_SESSION['login'])){
    session_start();
    $_SESSION['login']=$login;
    header('Location: ./index.php');
    exit();
    }
}
elseif($off=="no" || $_SESSION['login']=="pass"){
content goes here.
}
?> 

[suzi]

My first feeling is messy code. never write it all at once use a switch statement to check for posts it is cleaner, neater and will always get the job done.  If you have a session make sure you have not only started it

session_start();

but

registered it

session_register("user, pass"); ect.

deal with form data and session data in turn, not as a unit.

[litebearer]

Aside...

session_register() has been deprecated as of 5.3.0 and removed as of 5.4.0

[HDFilmMaker2112]

Can't use session_register... register_globals is turned off on my server.

 

And according to php.net

 

Caution

 

If you want your script to work regardless of register_globals, you need to instead use the $_SESSION array as $_SESSION entries are automatically registered.